gavrielc c6627d32e2 security: authorize create_agent host-side (approval for confined groups) ...

create_agent writes central-DB state (agent_groups, container_configs,
agent_destinations) and scaffolds host filesystem state, but the only
gate lived inside the untrusted container and is bypassed by writing the
outbound system row directly (the "host re-checks permission" comment was
false). Authorize host-side by CLI scope: trusted owner agent groups
(global scope) create sub-agents directly; confined groups require admin
approval via requestApproval. Adds regression tests for the branch.

Alternative to #2383 (which denies confined groups outright); co-authored
from that work.

Co-Authored-By: hinotoi-agent <paperlantern.agent@gmail.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

2026-06-09 22:29:57 +03:00

..

agent-runner

security: authorize create_agent host-side (approval for confined groups)

2026-06-09 22:29:57 +03:00

skills

feat(skills): add whatsapp-formatting container skill

2026-05-19 22:21:54 +10:00

.dockerignore

fix: remaining npm→pnpm gaps + dockerignore for pnpm symlinks

2026-04-17 09:53:00 +03:00

build.sh

feat(setup): per-checkout service name and docker image tag

2026-04-23 10:10:09 +03:00

CLAUDE.md

docs(claude-md): drop host-facing header comment from shared base

2026-04-22 17:47:30 +03:00

Dockerfile

chore: bump claude-code to 2.1.170 and agent SDK to 0.3.170

2026-06-09 21:04:13 +03:00

entrypoint.sh

feat(v2): migrate container runtime to Bun, improve image build surface

2026-04-17 11:38:01 +03:00