mirror of
https://github.com/qwibitai/nanoclaw.git
synced 2026-07-06 18:52:03 +08:00
314b91efc0
Add an optional, directed, per-message require-approval gate on top of an existing agent-to-agent connection. No policy = today's free flow (fully backward compatible). When a policy exists for A→B, each message A sends to B is held, an approval card showing the message goes to B's admins, and the message is delivered on approve / declined on reject. Rejecting one message never blocks the connection. - New `agent_message_policies` table (directed from→to; row exists = require approval; `approvers` JSON, NULL = target admins). Deleted alongside its connection so a stale rule can't reactivate on re-wire. - Gate inside `routeAgentMessage` after the self/`hasDestination` checks: holds the message via `requestApproval` and returns to consume it (like a system action); the held message rides in the approval payload and is re-routed by `applyA2aMessageGate` on approve. Self/internal messages are never gated. - `requestApproval` gains `approverAgentGroupId` / `approverUserIds` and stamps `agent_group_id` on the pending row so the target's admins pass the click-auth gate. - `ncl policies list/set/remove`, operator-only (not in the container cli_scope allowlist); `set` validates named approvers are admins/owners of the target. Reuses the existing requestApproval / pending_approvals / approval-handler spine (same shape as create_agent). Host-only; no container changes. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
17 lines
412 B
TypeScript
17 lines
412 B
TypeScript
/**
|
|
* Resource barrel — imports each resource module for its side-effect
|
|
* `registerResource(...)` call.
|
|
*/
|
|
import './groups.js';
|
|
import './messaging-groups.js';
|
|
import './wirings.js';
|
|
import './users.js';
|
|
import './roles.js';
|
|
import './members.js';
|
|
import './destinations.js';
|
|
import './policies.js';
|
|
import './user-dms.js';
|
|
import './dropped-messages.js';
|
|
import './approvals.js';
|
|
import './sessions.js';
|