Harden workspace-scoped route access#667
Closed
niko4244 wants to merge 98 commits into
Closed
Conversation
- system-monitor-panel: remove explicit number|undefined from recharts Formatter callbacks so ValueType is correctly inferred - super-admin-panel: widen useCallback dep from currentUser?.username to currentUser so React Compiler can verify memoization is safe - office-panel: hoist window.location.pathname out of useMemo body so the Compiler does not infer it as a missing dependency
- gateway-url: convert https:// prefix on localhost to ws:// instead of preserving the HTTP scheme; only preserve explicit ws:// or wss:// - opencode-sessions test: split on /[/\\]/ so filename lookup works on Windows paths (backslash separator) - transcript-opencode test: same split fix for better-sqlite3 mock - paths test: skip POSIX path-value assertions on win32; security/throw tests run on all platforms - config test: skip tests that hardcode /tmp POSIX paths on win32; fix test-4 regex to use path.sep instead of hardcoded forward slash - cron-management-panel: recompute calendar bounds inside useMemo from stable calendarDate state to satisfy React Compiler dep tracking
HUB-STANDARDS.md defines Mission Control as single source of truth, roles for each agent system (Hermes=worker, Claude=interface, Codex=coder), and operating rules (no duplicate routes, no hardcoded secrets, no commits without gate checks). MEMORY-SCHEMA.md documents the shared SQLite schema: agents, sessions, tasks, memory_entries, decisions, checks, git_events, risks tables. MCP-ROUTING-STANDARD.md classifies all commands as read/controlled_write/ dangerous and specifies validation requirements per class. QUALITY-GATES.md documents current vs target gate status per project. CLI-QUICKREF.md documents the full mc command surface. config/model-routes.yaml is the authoritative route registry consolidating routes from HermesDaemon.ps1 and hermes_cli.py into one file.
Eight migrations extend existing tables and add new tables for cross-agent memory. All migrations use CREATE TABLE IF NOT EXISTS and ALTER TABLE ADD COLUMN — no destructive operations, no data deleted. 020: extend agents table (type, provider, source_path, config_path) 021: extend sessions table (v2 fields) 022: extend tasks table 023: create memory_entries (source, category, content, confidence, tags) 024: create decisions (task_id, rationale, alternatives, risk) 025: create checks (task_id, command, status, output_summary) 026: create git_events (task_id, repo, branch, commit_hash, event_type) 027: create risks (task_id, severity, description, mitigation, status)
agent-communication.ts: defines inter-agent permission model — which agents can communicate with which, and what protocol each uses. Consumed by agent-sync, local-agent-sync, agent-templates, chat route, and the agent detail tabs panel. agent-daily-log.ts: builds structured daily log entries from agent activity, consumed by agent-detail-tabs for the activity timeline view. ambient-companion.tsx/ts: surfaces contextual suggestions in the chat panel based on current agent state. Non-critical UI layer. All three modules have companion test files (all passing).
task-routing.ts: classifies every mc command as read/controlled_write/ dangerous and validates that dangerous operations include task_id, reason, affected_path, and rollback_plan before executing. No execution is wired yet — validation layer only. task-dispatch.ts: updated to enforce routing validation before dispatch. Agent execution is blocked without a registered task ID (guard verified live: mc agents run hermes returns blocked status without --task flag). Tests updated to cover new routing classification and guard behavior.
mc-cli.cjs: extended with memory status/sync/query, routes verify,
agents run guard, and system health commands. Commands proxy through
mc-local-bridge to avoid duplicating business logic in the CLI layer.
mc-memory-sync.cjs: dry-run importer scans Claude Code, Hermes, and
Codex state files and shows record counts without writing.
cli-memory.cjs: status (55 records confirmed), sync dry-run, query.
cli-agents.cjs: enforces task_id requirement before Hermes execution.
mc-local-bridge.cjs: routes CLI commands to the correct sub-script.
All commands verified live:
mc memory status → {total:55, by_source:[claude-code:50,hermes:4,...]}
mc memory sync --dry-run → {records_found:52}
mc memory query hermes → 2 results
mc routes verify → 7 routes + authoritative yaml noted
mc agents run hermes 'x' → blocked (no task id)
mc task create 'title' → {task_id:5}
mc system health → {db:PASS, memory:PASS, routes:PASS}
secrets-hardening.md: documents 4 secrets found hardcoded in ~/.claude/settings.local.json (GitHub token, OpenRouter key, Groq key, Hermes adapter token). All secret values redacted in this report — see manual rotation steps. Nothing moved yet; rotation required before hardened .env migration can proceed. hub-consolidation-report.md: full phase 0-8 completion status, current fragmentation map, and recommended next steps for memory unification. integration-status reports: phase 4 (route consolidation), phase 5 (secret hardening), and overall integration status.
Records every 'mc agents run hermes' call to the tasks table regardless of whether it was blocked or allowed, creating an audit trail. Blocked attempts are stored with status='audit_blocked'.
- classifyOutcome returns suggested_confidence (high/medium/low) - cli-agents writes confidence to sourceRef - getPendingOutcomes parses confidence from sourceRef - approveOutcomes supports optional confidenceFilter - CLI supports: approve-all, approve-all success, approve-all high, approve-all success high, approve-all success high --dry-run - Breakdown still computed in dry-run, total_applied returns 0 - scripts/memory-service.cjs: classifyOutcome, getPendingOutcomes, approveOutcomes - scripts/cli-agents.cjs: add suggestion_confidence to logs and sourceRef - scripts/cli-memory.cjs: parse confidence filter and pass to approveOutcomes - scripts/mc-cli.cjs: forward all args after approve-all
- Add source_ref to recallMemory SELECT - Compute confidenceScore from confidence_adjusted:+1/-1 occurrences - Add confidence_score * 0.3 to ranking score - Return confidence_score with scoreEntry
Apply half-life decay to confidence_score for ranking - Compute age in seconds from created_at timestamp - Half-life: 30 days (2,592,000 seconds) - decayFactor = Math.pow(0.5, ageSeconds / halfLifeSeconds) - Use effectiveConfidenceScore for ranking only - Return original confidence_score for inspection
Add learning quality scoring to prevent weak patterns from ranking - Add getLearningQuality() helper to extract quality metadata - Add getLearningQualityBoost() to compute boost/riskPenalty - Apply boost to final score in scoreEntry() - Return effective_confidence_score, confidence_decay_factor, learning_quality_boost - Export new functions for external use
* fix(pr-reviewer): harden diff inspection fallbacks * fix(mc): verify completed runs before reporting success * fix(mc): enforce canonical result schema * fix(mc): add preflight gate before coordinator execution * fix(mc): emit canonical skill-intake result schema * fix(mc): gate approved mc-execute mutations * fix(mc): emit canonical repo-steward statuses * fix(mc): emit canonical systems-curator statuses * fix(mc): canonicalize coordinator summary pass count * chore(lint): remove stale eslint suppressions * fix(lint): stabilize memory graph agent fallback * fix(test): stabilize local capabilities cli test * fix(lint): stabilize exec approval overlay effect * fix(lint): include translation callbacks in dependencies * fix(lint): stabilize agent detail file loading effect * fix(test): harden local capabilities cli json parsing * fix(lint): stabilize memory ui effects * fix(pr-reviewer): scope red flags by file context * fix(pr-reviewer): allowlist bounded local shell execution
* feat(orchestrator): add PR Lifecycle Orchestrator v1 observe-only bot * fix(reviewer): allowlist observe-only script shell-execution false positives
* chore: ignore local OpenCode config * chore: add Mission Control status command * feat(status): add Mission Control status API route
* chore: ignore local OpenCode config
* chore: add Mission Control status command
* feat(ui): add Mission Control status panel with observe-only display
* fix(reviewer): allowlist same-origin internal API reads in UI components
Add classifyNetworkCallAllowance() to reclassify fetch('/api/...') calls
in UI panels as non-production-impacting when the URL is a same-origin
relative path with no external host and no mutation HTTP method.
Blocks remain in place for:
- External URLs (http://, https://)
- Mutation methods (POST, PUT, DELETE, PATCH)
- fetch() inside server-side API route handlers (src/app/api/)
- Dynamic (non-string-literal) URL arguments
Adds 7 scanRedFlags tests covering the new classification rules.
* chore: ignore local OpenCode config * chore: add Mission Control status command * fix(ui): polish mc-status panel
* chore: ignore local OpenCode config * chore: add Mission Control status command * feat(ui): add Governor Status card to Overview dashboard
Author
|
Closing this PR because the branch ancestry included unrelated historical commits. Replaced by clean one-commit PR #668 from niko4244:workspace-scope-hardening-clean. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hardens workspace-scoped API route access by removing silent workspace fallback, enforcing fail-closed workspace context, restricting agent-scoped API keys to their own heartbeat/memory and assigned task surfaces, and adding focused regression coverage for workspace-scope and same-workspace overreach cases.
Validation:
Notes: