cmd/format.go::emit calls chosenFormat(cmd) only inside emit, which runs after cronoclient.NewLoggedIn(ctx) has already executed in every export subcommand's RunE. So a typo in --format makes a real Cronometer login attempt before the CLI complains.
$ /tmp/crono-export biometrics --format yaml
error: login failed: failed to login: Too Many Attempts. Please try again later.
The CLI hits the (rate-limited) login endpoint, then would have rejected the bad format anyway. Repeated typos burn through Cronometer's rate-limit budget and lock subsequent legitimate calls out for several minutes. (Discovered while testing — entire QA session locked for ~5 minutes after a couple of bad-format probes.)
Expected: validate --format (and --since/--until parsing) in RunE before calling cronoclient.NewLoggedIn. chosenFormat is a pure local check; do it first.
Severity: major
cmd/format.go::emitcallschosenFormat(cmd)only insideemit, which runs aftercronoclient.NewLoggedIn(ctx)has already executed in every export subcommand'sRunE. So a typo in--formatmakes a real Cronometer login attempt before the CLI complains.The CLI hits the (rate-limited) login endpoint, then would have rejected the bad format anyway. Repeated typos burn through Cronometer's rate-limit budget and lock subsequent legitimate calls out for several minutes. (Discovered while testing — entire QA session locked for ~5 minutes after a couple of bad-format probes.)
Expected: validate
--format(and--since/--untilparsing) inRunEbefore callingcronoclient.NewLoggedIn.chosenFormatis a pure local check; do it first.Severity: major