fix AWS tag validation: replace * with @ and , with space

ryan-williams · claude · ryan-williams · commit d1798261f46a · 2026-03-09T00:03:52.000-04:00
AWS tag values only allow `[\p{L}\p{Z}\p{N}_.:/=+\-@]*` — no commas
or asterisks. Use space as separator and `@` as wildcard stand-in in
`compactAllowlist` output.

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/src/allowlist.ts b/src/allowlist.ts
@@ -37,5 +37,7 @@ function matchDomainPaths(hostname: string, pathname: string, rule: AllowRuleObj
 }
 
 export function compactAllowlist(rules: AllowRule[]): string {
-  return rules.map(r => typeof r === "string" ? r : r.domain).join(",")
+  // AWS tag values only allow [\p{L}\p{Z}\p{N}_.:/=+\-@]
+  // Use space as separator (instead of comma), `@` for `*`
+  return rules.map(r => typeof r === "string" ? r : r.domain).join(" ").replaceAll("*", "@")
 }

Original file line number	Diff line number	Diff line change
`@@ -37,5 +37,7 @@ function matchDomainPaths(hostname: string, pathname: string, rule: AllowRuleObj`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`export function compactAllowlist(rules: AllowRule[]): string {`
`40`		`- return rules.map(r => typeof r === "string" ? r : r.domain).join(",")`
	`40`	`+ // AWS tag values only allow [\p{L}\p{Z}\p{N}_.:/=+\-@]`
	`41`	+ // Use space as separator (instead of comma), `@` for `*`
	`42`	`+ return rules.map(r => typeof r === "string" ? r : r.domain).join(" ").replaceAll("*", "@")`
`41`	`43`	`}`