dataforge/agents_and_robots
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

feat: integrar RBAC y allowlist de usuarios en runtime y listener

Browse Source 
Cambios en 3 archivos:
- agents/runtime.go: construye ACL desde config de roles, verifica permisos
  antes de ejecutar comandos (command:<name>), interacción LLM (ask) y
  ejecución de tools (tool:<name>). Mensajes denegados se loguean y
  responden al usuario.
- shell/matrix/listener.go: filtra invites y mensajes de usuarios no
  autorizados cuando se configura allowed_users (allowlist vacía = todos).
- internal/config/schema.go: añade campos AllowedUsers y
  UnauthorizedResponse a FiltersCfg para soportar la allowlist en config.

Esto conecta el paquete pkg/acl con el runtime para dar soporte completo
a control de acceso por rol, sin romper la compatibilidad (ACL vacío
permite todo como antes).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Enmanuel
2026-03-07 17:59:09 +00:00
parent 386e4d3dcb
commit b60782959d
3 changed files with 81 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
agents/runtime.go
+41
View File
@@ -15,6 +15,7 @@ import (
"maunium.net/go/mautrix/event"
"github.com/enmanuel/agents/internal/config"
"github.com/enmanuel/agents/pkg/acl"
"github.com/enmanuel/agents/pkg/command"
"github.com/enmanuel/agents/pkg/decision"
coretypes "github.com/enmanuel/agents/pkg/llm"
@@ -60,6 +61,9 @@ type Agent struct {
logger *slog.Logger
cryptoStore io.Closer // non-nil when E2EE is enabled; closed on shutdown
// Access control
acl acl.ACL
// Commands — handlers keyed by canonical name; cmdAliases maps alias → canonical
commands map[string]CommandHandler
cmdAliases map[string]string // alias → canonical name
@@ -209,11 +213,22 @@ func New(cfg *config.AgentConfig, rules []decision.Rule, logger *slog.Logger) (*
}
}
// Build ACL from security roles config
aclRoles := make(map[string]acl.RoleDef, len(cfg.Security.Roles))
for name, r := range cfg.Security.Roles {
aclRoles[name] = acl.RoleDef{Users: r.Users, Actions: r.Actions}
}
agentACL := acl.FromMap(aclRoles)
if !agentACL.Empty() {
logger.Info("acl enabled", "roles", len(cfg.Security.Roles))
}
// Tool registry — register tools enabled in config
toolReg := buildToolRegistry(cfg, sshExec, matrixClient, memStore, kStore, roomCtx, logger)
a := &Agent{
cfg: cfg,
acl: agentACL,
rules: rules,
llm: llmFunc,
matrix: matrixClient,
@@ -497,6 +512,13 @@ func (a *Agent) handleEvent(ctx context.Context, msgCtx decision.MessageContext,
}
if handler, ok := a.commands[cmdName]; ok {
// RBAC check for commands
if !a.acl.CanDo(msgCtx.SenderID, "command:"+cmdName) {
a.logger.Info("command_denied", "command", cmdName, "sender", msgCtx.SenderID)
_ = a.matrix.SendReplyMarkdown(ctx, roomID, msgCtx.EventID,
"No tienes permisos para ejecutar este comando.")
return
}
a.logger.Info("command_executed", "command", cmdName)
reply := handler(ctx, msgCtx)
_ = a.matrix.SendReplyMarkdown(ctx, roomID, msgCtx.EventID, reply)
@@ -520,6 +542,14 @@ func (a *Agent) handleEvent(ctx context.Context, msgCtx decision.MessageContext,
}
// ── Non-command flow ─────────────────────────────────────────────
// RBAC check for LLM access ("ask" action)
if !a.acl.CanDo(msgCtx.SenderID, "ask") {
a.logger.Info("ask_denied", "sender", msgCtx.SenderID)
_ = a.matrix.SendReplyMarkdown(ctx, roomID, msgCtx.EventID,
"No tienes permisos para interactuar con este agente.")
return
}
actions := decision.Evaluate(msgCtx, a.rules)
a.logger.Debug("rules evaluated", "matched_actions", len(actions))
@@ -667,6 +697,17 @@ func (a *Agent) runLLM(ctx context.Context, msgCtx decision.MessageContext) (str
"call_id", tc.ID,
)
// RBAC check for tool execution
if !a.acl.CanDo(msgCtx.SenderID, "tool:"+tc.Name) {
a.logger.Info("tool_denied", "tool", tc.Name, "sender", msgCtx.SenderID)
messages = append(messages, coretypes.Message{
Role: coretypes.RoleTool,
Content: "error: permission denied for tool " + tc.Name,
ToolCallID: tc.ID,
})
continue
}
// Notify the room that a tool is being called
toolNotice := fmt.Sprintf("🔨 <em>%s</em>", tc.Name)
if err := a.matrix.SendMarkdown(ctx, msgCtx.RoomID, toolNotice); err != nil {