Void-Homelab

Hynes/Void-Homelab

Fork 0

Commit Graph

Author	SHA1	Message	Date
root	56805053f0	feat(api): capability enforcement on writes Add lib/api/cap.js: requireWrite(entity_type) maps HTTP method to action, runs canAct, and tags req.capTier as allow\|suggest\|deny→403. Mutating routes (pages, projects, tasks, refs, resources, source_docs) now check req.capTier and either run the repo (allow) or divert to pending_changes returning 202 (suggest). Owner and worker actors stay on the allow path. requireOwner helper added for Task 11. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-31 21:03:52 +10:00
root	a93e3ca20e	feat(api): resources routes + dependencies + change history Add lib/api/routes/resources.js: CRUD scoped to space; dependency add/list/remove (cross-space attempts mapped to 409 conflict via the composite FK); source-docs index per resource; change history via audit.listForEntity. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-31 20:53:10 +10:00

Author

SHA1

Message

Date

root

56805053f0

feat(api): capability enforcement on writes

Add lib/api/cap.js: requireWrite(entity_type) maps HTTP method to
action, runs canAct, and tags req.capTier as allow|suggest|deny→403.
Mutating routes (pages, projects, tasks, refs, resources, source_docs)
now check req.capTier and either run the repo (allow) or divert to
pending_changes returning 202 (suggest). Owner and worker actors stay
on the allow path. requireOwner helper added for Task 11.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-31 21:03:52 +10:00

root

a93e3ca20e

feat(api): resources routes + dependencies + change history

Add lib/api/routes/resources.js: CRUD scoped to space; dependency
add/list/remove (cross-space attempts mapped to 409 conflict via the
composite FK); source-docs index per resource; change history via
audit.listForEntity.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-31 20:53:10 +10:00

2 Commits