Hynes/Void-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): grow Yerin's toolset (pending_review, resource_exposure, token_audit)

Browse Source 
Three more read-only tools on securityRegistry:
- pending_review: agent-proposed changes awaiting approval (injection surface)
- resource_exposure: host/url/status attack-surface inventory (resources.listExposure,
  scalar cols only — no monitoring/metadata/credentials)
- token_audit: token label/last_used/revoked, never the hash

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
root
2026-06-02 00:17:45 +10:00
parent aa9cf0917e
commit c45246b918
6 changed files with 118 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/db/repos/resources.js
View File

@@ -29,6 +29,17 @@ export async function listBySpace(space_id) {
return rows;
}
// Attack-surface inventory across all spaces. Scalar columns only — never the
// monitoring/metadata JSON blobs (which can hold connection hints / vault_path).
export async function listExposure() {
const { rows } = await pool.query(
`SELECT id, space_id, slug, name, runtime_type, host, url, version, status,
last_check, maintenance_until
FROM resources ORDER BY name`
);
return rows;
}
export async function update(id, patch, actor) {
const before = await getById(id);
const sets = [], vals = [];