aebcffe180
Add cli_scope column to container_configs with three levels: - disabled: agent never learns about ncl (instructions excluded from CLAUDE.md) and host dispatch rejects any cli_request - group (default): agent can only access groups, sessions, destinations, and members resources, scoped to its own agent group with auto-filled --id/--agent_group_id/--group args. Help output reflects the scope. - global: unrestricted access (current behavior) Enforcement is host-side only — no image rebuild or env var needed. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
11 lines
311 B
TypeScript
11 lines
311 B
TypeScript
import type Database from 'better-sqlite3';
|
|
import type { Migration } from './index.js';
|
|
|
|
export const migration015: Migration = {
|
|
version: 15,
|
|
name: 'cli-scope',
|
|
up(db: Database.Database) {
|
|
db.prepare("ALTER TABLE container_configs ADD COLUMN cli_scope TEXT NOT NULL DEFAULT 'group'").run();
|
|
},
|
|
};
|