- server/policy_overrides.mjs: persistent group/action override store
- Group toggle: disabling a group forces all its actions to auto-deny without
touching individual overrides; re-enabling restores them intact
- Action overrides: cycle auto-accept/queue/auto-deny/clear per action
- Effective policy resolution in index.mjs: group > action override > hardcoded default
- auth.mjs: add check_can_manage_policies (requires canApprove.length > 0)
- Three new endpoints: GET /policies, POST /policies/group/:group, POST /policies/action/:action
- client/conduit.mjs: get_policies, set_group_policy, set_action_policy
- ccc-queue.mjs: policy view (Tab to switch); group/action panel with space/e/←/→
- actions.mjs: group fields on desktop/email/calendar actions; list-actions includes group
- config.example.json: add policy_overrides key
- Bump version to 1.3.0
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Overrides CONDUIT_URL env var. Resolved through load_client_config and
threaded into create_conduit_client as base_url parameter.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Move resolve_queue_item into conduit.mjs factory and have ccc-queue
import from there instead of index.mjs, which auto-executes main().
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- bin/ccc-server, ccc-client, ccc-queue wired up via package.json bin
- client/config.mjs: shared secrets/user resolution from CLI args or
CCC_SECRETS/CCC_USER env vars
- ccc-queue: blessed TUI with two-pane layout (list + detail), polls
every 2s, y/n to approve/deny selected item, r to refresh, q to quit
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remaining args after --secrets/--user are space-joined and parsed as
JSON, so the full action payload is expressed directly rather than
through a custom key=value scheme.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Each request is signed with HMAC-SHA256 over timestamp+body using a
per-user secret loaded from a --secrets file (never env vars or git).
Users have a canApprove list controlling who may approve queued actions.
Queue entries track submitted_by for permission checks on approve/deny.
Also renames all identifiers to snake_case throughout the codebase.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Move resolvePath and exec out of index.mjs into server/helpers.mjs so
actions can import them directly rather than receiving them as arguments.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Supervised action bridge between Claude Code and the host system.
Server accepts structured action requests, applies per-action policies
(auto-accept/auto-deny/queue), and executes approved actions via typed
handlers. Client provides CLI and module interfaces for calling the API.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
