hub_vault_access.mjs
sha256:65ccb454656ea5acdea0a10e559b78bcde1eb6ff753ecc2911bc99d1c3d7cadd
feat(calendar): enforce agent context tiers in retrieval AP…
Human
minor
⚠ breaking
3 days ago
| 1 | /** |
| 2 | * Multi-vault (Phase 15): user → vault_ids mapping in data/hub_vault_access.json. |
| 3 | * Format: { "user_id": ["vault_id1", "vault_id2"], ... } |
| 4 | * Users not in the map get ["default"] only. |
| 5 | */ |
| 6 | |
| 7 | import fs from 'fs'; |
| 8 | import path from 'path'; |
| 9 | |
| 10 | const ACCESS_FILE = 'hub_vault_access.json'; |
| 11 | |
| 12 | /** |
| 13 | * @param {string} dataDir - e.g. config.data_dir |
| 14 | * @returns {{ [userId: string]: string[] }} |
| 15 | */ |
| 16 | export function readVaultAccess(dataDir) { |
| 17 | if (!dataDir) return {}; |
| 18 | const filePath = path.join(dataDir, ACCESS_FILE); |
| 19 | try { |
| 20 | if (!fs.existsSync(filePath)) return {}; |
| 21 | const raw = fs.readFileSync(filePath, 'utf8'); |
| 22 | const data = JSON.parse(raw); |
| 23 | const out = {}; |
| 24 | if (data && typeof data === 'object') { |
| 25 | for (const [uid, arr] of Object.entries(data)) { |
| 26 | if (typeof uid === 'string' && uid.trim() && Array.isArray(arr)) { |
| 27 | out[uid.trim()] = arr.filter((v) => typeof v === 'string' && v.trim()).map((v) => v.trim()); |
| 28 | } |
| 29 | } |
| 30 | } |
| 31 | return out; |
| 32 | } catch (_) { |
| 33 | return {}; |
| 34 | } |
| 35 | } |
| 36 | |
| 37 | /** |
| 38 | * @param {string} dataDir |
| 39 | * @param {{ [userId: string]: string[] }} access |
| 40 | */ |
| 41 | export function writeVaultAccess(dataDir, access) { |
| 42 | if (!dataDir) throw new Error('data_dir required'); |
| 43 | const filePath = path.join(dataDir, ACCESS_FILE); |
| 44 | const obj = {}; |
| 45 | for (const [uid, arr] of Object.entries(access)) { |
| 46 | if (typeof uid === 'string' && uid.trim() && Array.isArray(arr)) { |
| 47 | obj[uid.trim()] = arr.filter((v) => typeof v === 'string' && v.trim()).map((v) => v.trim()); |
| 48 | } |
| 49 | } |
| 50 | fs.mkdirSync(dataDir, { recursive: true }); |
| 51 | fs.writeFileSync(filePath, JSON.stringify(obj, null, 2), 'utf8'); |
| 52 | } |
| 53 | |
| 54 | /** |
| 55 | * Get allowed vault IDs for a user. Returns ['default'] if not in map. |
| 56 | * @param {string} dataDir |
| 57 | * @param {string} userId |
| 58 | * @returns {string[]} |
| 59 | */ |
| 60 | export function getAllowedVaultIds(dataDir, userId) { |
| 61 | const access = readVaultAccess(dataDir); |
| 62 | const allowed = access[userId]; |
| 63 | return allowed && allowed.length > 0 ? allowed : ['default']; |
| 64 | } |
File History
2 commits
sha256:65ccb454656ea5acdea0a10e559b78bcde1eb6ff753ecc2911bc99d1c3d7cadd
feat(calendar): enforce agent context tiers in retrieval AP…
Human
minor
⚠
3 days ago
sha256:9103f98c89257ed2b01c237cea895dabb3e85ea337dccb1161c175e4422355b6
docs: accept Calendar Events v0 spec with Phase 0 security …
Human
3 days ago