Add HMAC auth, user permissions, snake_case rename

Each request is signed with HMAC-SHA256 over timestamp+body using a per-user secret loaded from a --secrets file (never env vars or git). Users have a canApprove list controlling who may approve queued actions. Queue entries track submitted_by for permission checks on approve/deny. Also renames all identifiers to snake_case throughout the codebase. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-07 20:18:41 +00:00
parent f02e2a746d
commit 67c1c3f9a4
11 changed files with 226 additions and 55 deletions
--- a/server/actions.mjs
+++ b/server/actions.mjs
@@ -1,7 +1,7 @@
 // Action registry — defines all available actions, their parameters, and policies.
 // policy: "auto-accept" | "auto-deny" | "queue"

-import { resolvePath, exec } from "./helpers.mjs";
+import { resolve_path, exec } from "./helpers.mjs";

 export const actions = {
 	"list-actions": {
@@ -23,7 +23,7 @@ export const actions = {
 		params: [{ name: "filename", required: true, type: "path" }],
 		policy: "auto-accept",
 		handler: async ({ filename }) => {
-			const resolved = resolvePath(filename);
+			const resolved = resolve_path(filename);
 			await exec("xdg-open", [resolved]);
 			return { opened: resolved };
 		},
@@ -34,7 +34,7 @@ export const actions = {
 		params: [{ name: "path", required: true, type: "path" }],
 		policy: "auto-accept",
 		handler: async ({ path }) => {
-			const resolved = resolvePath(path);
+			const resolved = resolve_path(path);
 			await exec("xdg-open", [resolved]);
 			return { opened: resolved };
 		},
@@ -55,7 +55,7 @@ export const actions = {
 		params: [{ name: "path", required: false, type: "path" }],
 		policy: "queue",
 		handler: async ({ path }) => {
-			const resolved = path ? resolvePath(path) : process.env.HOME;
+			const resolved = path ? resolve_path(path) : process.env.HOME;
 			await exec("xdg-open", [resolved]);
 			return { opened: resolved };
 		},