mikael-lovqvists-claude-agent/claude-code-conduit
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Support wildcard topic in mail permissions

Browse Source 
topic: null in a permission entry now matches any topic, allowing
broad grants without specifying a specific topic. set-mail-permission
topic param is now optional; omitting it stores null (wildcard).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
mikael-lovqvists-claude-agent
2026-03-17 23:00:40 +00:00
parent 64df986a5f
commit d06e11197a
3 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -145,7 +145,7 @@ Built-in actions:
| `open-browser` | queue | `url` (http/https only) | | `open-browser` | queue | `url` (http/https only) |
| `open-terminal` | queue | `path` (optional, defaults to workspace) | | `open-terminal` | queue | `path` (optional, defaults to workspace) |
| `send-email` | auto-accept | `to`, `subject`, `body`, `topic` | | `send-email` | auto-accept | `to`, `subject`, `body`, `topic` |
| `set-mail-permission` | auto-accept | `target_user`, `to`, `topic`, `allow` (bool) | | `set-mail-permission` | auto-accept | `target_user`, `to`, `allow` (bool), `topic` (optional — omit to match any topic) |
| `get-mail-permissions` | auto-accept | `target_user` (optional) | | `get-mail-permissions` | auto-accept | `target_user` (optional) |
`send-email` checks that the caller has a mail permission entry matching `(caller, to, topic)` before sending. Permissions are managed via `set-mail-permission`, which requires the caller to have `canApprove` over the target user — so only humans can grant/revoke permissions for agents. `send-email` checks that the caller has a mail permission entry matching `(caller, to, topic)` before sending. Permissions are managed via `set-mail-permission`, which requires the caller to have `canApprove` over the target user — so only humans can grant/revoke permissions for agents.

4
server/actions.mjs
View File

@@ -92,11 +92,11 @@ export const actions = {
params: [ params: [
{ name: 'target_user', required: true, type: 'string' }, { name: 'target_user', required: true, type: 'string' },
{ name: 'to', required: true, type: 'string' }, { name: 'to', required: true, type: 'string' },
{ name: 'topic', required: true, type: 'string' }, { name: 'topic', required: false, type: 'string' },
{ name: 'allow', required: true, type: 'boolean' }, { name: 'allow', required: true, type: 'boolean' },
], ],
policy: 'auto-accept', policy: 'auto-accept',
handler: ({ target_user, to, topic, allow }, { caller, users, mail_perm_store }) => { handler: ({ target_user, to, topic = null, allow }, { caller, users, mail_perm_store }) => {
if (!check_can_approve(users, caller, target_user)) { if (!check_can_approve(users, caller, target_user)) {
throw new Error(`Not authorized to set mail permissions for '${target_user}'`); throw new Error(`Not authorized to set mail permissions for '${target_user}'`);
} }

2
server/mail_perms.mjs
View File

@@ -23,7 +23,7 @@ export function load_mail_perms(file_path) {
} }
function check(user, to, topic) { function check(user, to, topic) {
return allowed.some(e => e.user === user && e.to === to && e.topic === topic); return allowed.some(e => e.user === user && e.to === to && (e.topic === topic || e.topic === null));
} }
function add(user, to, topic) { function add(user, to, topic) {