dataforge/agents_and_robots
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

feat: conectar sistema centralizado de seguridad al launcher y runtime

Browse Source 
- Migrar admin a security/user-groups.yaml (admins group)
- agents.New() ahora acepta acl.ACL pre-resuelta como parámetro;
  elimina construcción interna desde cfg.Security.Roles
- cmd/launcher: carga shellsecurity.Load("security/") al arranque;
  si falla, WARN + política vacía (open access). Para cada agente
  llama pksecurity.ResolveACL y pasa la ACL a agents.New()
- cmd/launcher/registry.go: stores secPolicy en launchDeps para
  que reload() también resuelva ACL centralmente
- shell/matrix/listener.go: elimina invite gating y allowlist check
  basados en AllowedUsers; el control de acceso lo hace el runtime
- internal/config/schema.go: depreca campos Roles y AllowedUsers
  (backward compat, no eliminados)
- agents/*/config.yaml: elimina bloques security.roles y allowed_users
- dev/feature_flags.json: activa centralized-security-groups (enabled: true)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Enmanuel
2026-03-08 20:56:21 +00:00
parent ebd8ea3789
commit 8811d45fd1
9 changed files with 50 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/config/schema.go
+4 -1
View File
@@ -227,7 +227,8 @@ type FiltersCfg struct {
DMRespond bool `yaml:"dm_respond"`
IgnoreBots bool `yaml:"ignore_bots"`
IgnoreUsers []string `yaml:"ignore_users"`
AllowedUsers []string `yaml:"allowed_users"` // allowlist (empty = allow all)
// Deprecated: use security/ centralized groups instead. Kept for backward compatibility.
AllowedUsers []string `yaml:"allowed_users"`
UnauthorizedResponse string `yaml:"unauthorized_response"` // silent (default) | explicit
MinPowerLevel int `yaml:"min_power_level"`
}
@@ -287,6 +288,8 @@ type SSHTargetCfg struct {
// ── Security ──────────────────────────────────────────────────────────────
type SecurityCfg struct {
// Deprecated: use security/ centralized groups instead (see security/user-groups.yaml, permissions.yaml).
// Kept for backward compatibility; will be removed in a future issue.
Roles map[string]RoleCfg `yaml:"roles"`
Audit AuditCfg `yaml:"audit"`
Secrets SecretsCfg `yaml:"secrets"`