Hynes/Void-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(actions): /api/actions routes (run/pending/approve/reject)

Browse Source 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
root
2026-06-04 21:41:29 +10:00
parent 62113f37e6
commit 3aa8dc578b
3 changed files with 84 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/api/index.js
View File

@@ -29,6 +29,7 @@ import { router as hostRouter } from './routes/host.js';
import { router as speedtestRouter } from './routes/speedtest.js';
import { router as healthRouter } from './routes/health.js';
import { router as securityRouter } from './routes/security.js';
import { router as actionsRouter } from './routes/actions.js';
export function mountApi(app) {
const api = Router();
@@ -41,6 +42,7 @@ export function mountApi(app) {
api.use('/spaces/:space_id/resources', resourcesBySpaceRouter);
api.use('/spaces/:space_id/companion', companionRouter);
api.use('/security', securityRouter);
api.use('/actions', actionsRouter);
api.use('/projects', projectsRouter);
api.use('/projects/:project_id/tasks', tasksByProjectRouter);
api.use('/tasks', tasksRouter);

47
lib/api/routes/actions.js Normal file
View File

@@ -0,0 +1,47 @@
import { Router } from 'express';
import { asyncWrap } from '../errors.js';
import { makeActionService } from '../../actions/service.js';
import { loadActions } from '../../actions/registry.js';
import * as aa from '../../db/repos/agent_actions.js';
// Owner OR an agent with capabilities.act (Little Blue) may run/list. Approve/reject
// are owner-only. The service enforces tier-gating regardless of caller.
function svc() {
return makeActionService({ registry: loadActions(process.env.ACTIONS_CONFIG || undefined) });
}
function canAct(req) {
const a = req.actor;
return a?.kind === 'user' || (a?.kind === 'agent' && a.capabilities?.act);
}
function ownerOnly(req, res, next) {
if (req.actor?.kind === 'user') return next();
return res.status(403).json({ error: { code: 'owner_only', message: 'owner approval required' } });
}
export const router = Router();
router.get('/', asyncWrap(async (req, res) => {
if (!canAct(req)) return res.status(403).json({ error: { code: 'forbidden' } });
res.json({ actions: svc().list() });
}));
router.post('/:id/run', asyncWrap(async (req, res) => {
if (!canAct(req)) return res.status(403).json({ error: { code: 'forbidden' } });
const agent_id = req.actor?.kind === 'agent' ? req.actor.id : null;
res.json(await svc().run(req.params.id, req.actor, agent_id));
}));
router.get('/pending', ownerOnly, asyncWrap(async (_req, res) => {
res.json({ pending: await aa.listPending() });
}));
router.post('/pending/:rowId/approve', ownerOnly, asyncWrap(async (req, res) => {
res.json(await svc().approve(req.params.rowId, req.actor));
}));
router.post('/pending/:rowId/reject', ownerOnly, asyncWrap(async (req, res) => {
res.json(await svc().reject(req.params.rowId, req.actor));
}));
router.get('/recent', ownerOnly, asyncWrap(async (_req, res) => {
res.json({ recent: await aa.recent() });
}));