lakehouse

profit/lakehouse

Fork 0

Commit Graph

Author	SHA1	Message	Date
root	fee094f653	gateway/access: wire get_role + is_enabled into HTTP routes Two of the four #[allow(dead_code)] methods in access.rs were dead because nothing exposed them externally. access.rs itself is fine — list_roles, set_role, can_access all have live callers. But get_role and is_enabled were shaped as public API with no surface to call them through. Fix adds two small routes under /access (where the rest of the access surface lives): GET /access/roles/{agent} Calls AccessControl::get_role(agent). Returns 404 with a clear message when the agent isn't registered so clients distinguish "unknown agent" from "access denied." Part of P13-001 (ops tooling needs per-agent role introspection). GET /access/enabled Calls AccessControl::is_enabled(). Returns {"enabled": bool}. Dashboards + ops tooling poll this to confirm auth posture of the running gateway — distinct from /health which answers "is the process up" vs "is access enforcement on." #[allow(dead_code)] removed from both methods — they have live callers now via these routes, the linter will enforce that going forward. Still #[allow(dead_code)] on access.rs: masked_fields + log_query. Both need cross-crate wiring: - masked_fields wants the agent's role + query response columns, called in response shaping (queryd returning to gateway path) - log_query wants post-execution audit, called after every SQL execution on the gateway boundary Both are P13-001 phase 2 work — need AgentIdentity plumbed through the /query nested router before the call sites make sense. Flagged for follow-up. Workspace warnings still at 0. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-24 14:02:01 -05:00
root	e5b7663c20	Phase 13: Access control — role-based sensitivity enforcement - AccessControl: agent roles with allowed sensitivity levels - 4 default roles: admin (all), recruiter (PII ok), analyst (financial ok), agent (internal only) - Field-level masking: determines which columns to mask per agent based on sensitivity - Query audit log: tracks every query with agent, datasets, PII fields accessed - Endpoints: GET/POST /access/roles, GET /access/audit, POST /access/check - Toggleable via config (auth.enabled) - 100K embedding: supervisor now sustained 125/sec (2.9x vs single pipeline) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-27 09:47:47 -05:00

Author

SHA1

Message

Date

root

fee094f653

gateway/access: wire get_role + is_enabled into HTTP routes

Two of the four #[allow(dead_code)] methods in access.rs were dead
because nothing exposed them externally. access.rs itself is fine —
list_roles, set_role, can_access all have live callers. But get_role
and is_enabled were shaped as public API with no surface to call
them through.

Fix adds two small routes under /access (where the rest of the
access surface lives):

  GET /access/roles/{agent}
    Calls AccessControl::get_role(agent). Returns 404 with a clear
    message when the agent isn't registered so clients distinguish
    "unknown agent" from "access denied." Part of P13-001
    (ops tooling needs per-agent role introspection).

  GET /access/enabled
    Calls AccessControl::is_enabled(). Returns {"enabled": bool}.
    Dashboards + ops tooling poll this to confirm auth posture of
    the running gateway — distinct from /health which answers
    "is the process up" vs "is access enforcement on."

#[allow(dead_code)] removed from both methods — they have live
callers now via these routes, the linter will enforce that going
forward.

Still #[allow(dead_code)] on access.rs: masked_fields + log_query.
Both need cross-crate wiring:
  - masked_fields wants the agent's role + query response columns,
    called in response shaping (queryd returning to gateway path)
  - log_query wants post-execution audit, called after every SQL
    execution on the gateway boundary
Both are P13-001 phase 2 work — need AgentIdentity plumbed through
the /query nested router before the call sites make sense. Flagged
for follow-up.

Workspace warnings still at 0.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-24 14:02:01 -05:00

root

e5b7663c20

Phase 13: Access control — role-based sensitivity enforcement

- AccessControl: agent roles with allowed sensitivity levels
- 4 default roles: admin (all), recruiter (PII ok), analyst (financial ok), agent (internal only)
- Field-level masking: determines which columns to mask per agent based on sensitivity
- Query audit log: tracks every query with agent, datasets, PII fields accessed
- Endpoints: GET/POST /access/roles, GET /access/audit, POST /access/check
- Toggleable via config (auth.enabled)
- 100K embedding: supervisor now sustained 125/sec (2.9x vs single pipeline)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-27 09:47:47 -05:00

2 Commits