jordan/rdev

Fork 0

Commit Graph

Author	SHA1	Message	Date
jordan	4f01015132	feat: implement project access enforcement and management API All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details - Fix no-op RequireProjectAccess middleware to enforce project_ids - Apply project access middleware to all project-scoped routes - Filter GET /projects by allowed project IDs for restricted keys - Add GET /me endpoint with key identity, scopes, and project access info - Add PATCH /keys/{id} for partial key updates (name, scopes, project_ids, allowed_ips, expires_in) - Add GET/POST/DELETE /projects/{id}/access for project-centric access management - Auto-grant creating key access when using POST /project/create-and-build - Accept grant_to_key_ids in create-and-build to grant multiple keys on project creation - Move newProvisionerWithDeps test helper from production code to test file Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-21 15:38:37 -07:00
jordan	538ea57ed4	feat: Add claude-config API, security hardening, and testing infrastructure Claude Config API (v0.6): - Add CRUD endpoints for commands, skills, and agents - Commands/skills/agents stored in /workspace/.claude/ (per-project, in git) - Credentials shared via PVC at /root/.claude/ (shared across pods) - Use base64 encoding for file writes (prevents shell injection) - Add content size limits (1MB max) Security Hardening: - Add sanitize package for command/prompt validation - Add rate limiting middleware (token bucket algorithm) - Add concurrent command limiting - Add input sanitization to all command handlers - Gitignore secrets.yaml and credentials.yaml - Add *.example templates for secrets Testing Infrastructure: - Add testutil package with mocks and fixtures - Add unit tests for auth package (63% coverage) - Add unit tests for executor (47% coverage) - Add handler integration tests (40% coverage) - Add 100% coverage for sanitize, cmdlimit packages - Add 96% coverage for ratelimit package Infrastructure: - Shared Claude credentials PVC (ReadWriteMany) - Reduced workspace PVC size from 20Gi to 5Gi - Add init container cleanup before git clone - Document Longhorn RWX requirements Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-25 01:29:13 -07:00

Author

SHA1

Message

Date

jordan

4f01015132

feat: implement project access enforcement and management API

ci/woodpecker/push/woodpecker Pipeline was successful

Details

- Fix no-op RequireProjectAccess middleware to enforce project_ids
- Apply project access middleware to all project-scoped routes
- Filter GET /projects by allowed project IDs for restricted keys
- Add GET /me endpoint with key identity, scopes, and project access info
- Add PATCH /keys/{id} for partial key updates (name, scopes, project_ids, allowed_ips, expires_in)
- Add GET/POST/DELETE /projects/{id}/access for project-centric access management
- Auto-grant creating key access when using POST /project/create-and-build
- Accept grant_to_key_ids in create-and-build to grant multiple keys on project creation
- Move newProvisionerWithDeps test helper from production code to test file

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-02-21 15:38:37 -07:00

jordan

538ea57ed4

feat: Add claude-config API, security hardening, and testing infrastructure

Claude Config API (v0.6):
- Add CRUD endpoints for commands, skills, and agents
- Commands/skills/agents stored in /workspace/.claude/ (per-project, in git)
- Credentials shared via PVC at /root/.claude/ (shared across pods)
- Use base64 encoding for file writes (prevents shell injection)
- Add content size limits (1MB max)

Security Hardening:
- Add sanitize package for command/prompt validation
- Add rate limiting middleware (token bucket algorithm)
- Add concurrent command limiting
- Add input sanitization to all command handlers
- Gitignore secrets.yaml and credentials.yaml
- Add *.example templates for secrets

Testing Infrastructure:
- Add testutil package with mocks and fixtures
- Add unit tests for auth package (63% coverage)
- Add unit tests for executor (47% coverage)
- Add handler integration tests (40% coverage)
- Add 100% coverage for sanitize, cmdlimit packages
- Add 96% coverage for ratelimit package

Infrastructure:
- Shared Claude credentials PVC (ReadWriteMany)
- Reduced workspace PVC size from 20Gi to 5Gi
- Add init container cleanup before git clone
- Document Longhorn RWX requirements

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-25 01:29:13 -07:00

2 Commits