Void-Homelab

Hynes/Void-Homelab

Fork 0

Commit Graph

Author	SHA1	Message	Date
root	56805053f0	feat(api): capability enforcement on writes Add lib/api/cap.js: requireWrite(entity_type) maps HTTP method to action, runs canAct, and tags req.capTier as allow\|suggest\|deny→403. Mutating routes (pages, projects, tasks, refs, resources, source_docs) now check req.capTier and either run the repo (allow) or divert to pending_changes returning 202 (suggest). Owner and worker actors stay on the allow path. requireOwner helper added for Task 11. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-31 21:03:52 +10:00
root	ba782ed690	feat(api): source-docs routes Add lib/api/routes/source_docs.js: scoped POST under a resource, get/patch/delete by id, and POST /:id/resync as a Plan 3 stub gated by ENABLE_RESYNC (503 by default, 202 once workers ship). upstream_url is required by the DB so the zod schema enforces it. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-31 20:56:00 +10:00

Author

SHA1

Message

Date

root

56805053f0

feat(api): capability enforcement on writes

Add lib/api/cap.js: requireWrite(entity_type) maps HTTP method to
action, runs canAct, and tags req.capTier as allow|suggest|deny→403.
Mutating routes (pages, projects, tasks, refs, resources, source_docs)
now check req.capTier and either run the repo (allow) or divert to
pending_changes returning 202 (suggest). Owner and worker actors stay
on the allow path. requireOwner helper added for Task 11.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-31 21:03:52 +10:00

root

ba782ed690

feat(api): source-docs routes

Add lib/api/routes/source_docs.js: scoped POST under a resource,
get/patch/delete by id, and POST /:id/resync as a Plan 3 stub gated
by ENABLE_RESYNC (503 by default, 202 once workers ship). upstream_url
is required by the DB so the zod schema enforces it.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-31 20:56:00 +10:00

2 Commits