7cc4ecc3be
Moves user-roles / users / agent-group-members / user-dms / dropped-messages / user-dm / canAccessAgentGroup into src/modules/permissions/. Module registers a single inbound-gate that owns sender resolution, access decision, unknown-sender policy, and drop-audit recording. Router slimmed from 357 → 179 lines; the inline fallback chain (extractAndUpsertUser / enforceAccess / handleUnknownSender / recordDroppedMessage) is gone — without the permissions module core defaults to allow-all with userId=null. container-runner's admin-ID query is now inline SQL guarded by sqlite_master on user_roles, keeping core free of any import from the permissions module. The container-side formatter falls back to permissionless mode when NANOCLAW_ADMIN_USER_IDS is empty: every sender with an identifiable senderId is treated as admin. Module contract doc formalizes the tier model and the dependency rule (core ← default modules ← optional modules). One transitional violation flagged: src/access.ts (core) imports from the permissions module for its remaining approver-picking helpers; resolves in the planned PR #7 re-tier. Validation: host build clean, 137/137 host tests, 17/17 container tests, typecheck clean, service boots to "NanoClaw running" with permissions module registering its gate and clean SIGTERM shutdown. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
45 lines
1.1 KiB
TypeScript
45 lines
1.1 KiB
TypeScript
export { initDb, initTestDb, getDb, closeDb } from './connection.js';
|
|
export { runMigrations } from './migrations/index.js';
|
|
export {
|
|
createAgentGroup,
|
|
getAgentGroup,
|
|
getAgentGroupByFolder,
|
|
getAllAgentGroups,
|
|
updateAgentGroup,
|
|
deleteAgentGroup,
|
|
} from './agent-groups.js';
|
|
export {
|
|
createMessagingGroup,
|
|
getMessagingGroup,
|
|
getMessagingGroupByPlatform,
|
|
getAllMessagingGroups,
|
|
getMessagingGroupsByChannel,
|
|
updateMessagingGroup,
|
|
deleteMessagingGroup,
|
|
createMessagingGroupAgent,
|
|
getMessagingGroupAgents,
|
|
getMessagingGroupAgent,
|
|
getMessagingGroupAgentByPair,
|
|
updateMessagingGroupAgent,
|
|
deleteMessagingGroupAgent,
|
|
} from './messaging-groups.js';
|
|
export {
|
|
createSession,
|
|
getSession,
|
|
findSession,
|
|
findSessionByAgentGroup,
|
|
getSessionsByAgentGroup,
|
|
getActiveSessions,
|
|
getRunningSessions,
|
|
updateSession,
|
|
deleteSession,
|
|
createPendingQuestion,
|
|
getPendingQuestion,
|
|
deletePendingQuestion,
|
|
createPendingApproval,
|
|
getPendingApproval,
|
|
updatePendingApprovalStatus,
|
|
deletePendingApproval,
|
|
getPendingApprovalsByAction,
|
|
} from './sessions.js';
|