profit/lakehouse
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Session infrastructure: OpenRouter + tree-split reducer + observer→LLM Team + scrum_applier #11

Merged
profit merged 118 commits from scrum/auto-apply-19814 into main 2026-04-27 15:55:24 +00:00
Conversation 61 Commits 118 Files Changed 195 +25 -4
2 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit fee094f653 - Show all commits

7
crates/gateway/src/access.rs
View File

@ -93,8 +93,7 @@ impl AccessControl {
self.roles.write().await.insert(role.agent_name.clone(), role); self.roles.write().await.insert(role.agent_name.clone(), role);
} }
/// Get an agent's role. /// Get an agent's role. Called by `GET /access/roles/{agent}`.
#[allow(dead_code)]
pub async fn get_role(&self, agent: &str) -> Option<AgentRole> { pub async fn get_role(&self, agent: &str) -> Option<AgentRole> {
self.roles.read().await.get(agent).cloned() self.roles.read().await.get(agent).cloned()
} }
@ -152,7 +151,9 @@ impl AccessControl {
log[start..].iter().rev().cloned().collect() log[start..].iter().rev().cloned().collect()
} }
#[allow(dead_code)] /// Reports whether access-control enforcement is active.
/// Called by `GET /access/enabled` — ops tooling / dashboards poll
/// this to confirm the auth posture of the running gateway.
pub fn is_enabled(&self) -> bool { pub fn is_enabled(&self) -> bool {
self.enabled self.enabled
} }

22
crates/gateway/src/access_service.rs
View File

@ -1,6 +1,6 @@
use axum::{ use axum::{
Json, Router, Json, Router,
extract::{Query, State}, extract::{Path, Query, State},
http::StatusCode, http::StatusCode,
response::IntoResponse, response::IntoResponse,
routing::{get, post}, routing::{get, post},
@ -13,6 +13,12 @@ pub fn router(ac: AccessControl) -> Router {
Router::new() Router::new()
.route("/roles", get(list_roles)) .route("/roles", get(list_roles))
.route("/roles", post(set_role)) .route("/roles", post(set_role))
// Scrum iter 11 / P13-001 finding: get_role was #[allow(dead_code)]
// because nothing called it — dead until exposed. Route activates it.
// Returns 404 when the agent isn't registered so clients can
// distinguish "missing role" from "access denied."
.route("/roles/{agent}", get(get_role))
.route("/enabled", get(enabled_status))
.route("/audit", get(query_audit)) .route("/audit", get(query_audit))
.route("/check", post(check_access)) .route("/check", post(check_access))
.with_state(ac) .with_state(ac)
@ -60,3 +66,17 @@ async fn check_access(
"allowed": allowed, "allowed": allowed,
})) }))
} }
async fn get_role(
State(ac): State<AccessControl>,
Path(agent): Path<String>,
) -> impl IntoResponse {
match ac.get_role(&agent).await {
Some(role) => Ok(Json(role)),
None => Err((StatusCode::NOT_FOUND, format!("no role registered for agent '{agent}'"))),
}
}
async fn enabled_status(State(ac): State<AccessControl>) -> impl IntoResponse {
Json(serde_json::json!({ "enabled": ac.is_enabled() }))
}