- server/policy_overrides.mjs: persistent group/action override store
- Group toggle: disabling a group forces all its actions to auto-deny without
touching individual overrides; re-enabling restores them intact
- Action overrides: cycle auto-accept/queue/auto-deny/clear per action
- Effective policy resolution in index.mjs: group > action override > hardcoded default
- auth.mjs: add check_can_manage_policies (requires canApprove.length > 0)
- Three new endpoints: GET /policies, POST /policies/group/:group, POST /policies/action/:action
- client/conduit.mjs: get_policies, set_group_policy, set_action_policy
- ccc-queue.mjs: policy view (Tab to switch); group/action panel with space/e/←/→
- actions.mjs: group fields on desktop/email/calendar actions; list-actions includes group
- config.example.json: add policy_overrides key
- Bump version to 1.3.0
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- New server/google_calendar.mjs wrapping googleapis v3 with auto token refresh
- Four new actions: calendar-list-events (auto-accept), calendar-create/update/delete-event (queue)
- bin/ccc-gcal-auth.mjs one-time OAuth2 consent flow helper
- config.example.json updated with google_calendar block
- server/config.mjs, index.mjs wired up following the same pattern as SMTP/mailer
- Bump version to 1.2.0
- Add CLAUDE.md and claude-info/ with architecture reference, feature plans, and contributing checklist
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
topic: null in a permission entry now matches any topic, allowing
broad grants without specifying a specific topic. set-mail-permission
topic param is now optional; omitting it stores null (wildcard).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- actions.mjs no longer imports exec from helpers; uses ctx.exec instead
- index.mjs builds ctx via make_ctx(), which injects dry-run stubs for
exec and mailer_send when --dry-run is active
- Handlers now run fully (including permission checks) in dry-run mode;
only the actual side effects are stubbed out
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
New modules:
- server/mailer.mjs: nodemailer transport wrapper
- server/mail_perms.mjs: runtime permission store, persisted to disk
New actions:
- send-email: checks (caller, to, topic) permission before sending
- set-mail-permission: grant/revoke permissions, gated by canApprove
- get-mail-permissions: list current permissions
Handler signature extended to handler(params, ctx) where ctx carries
caller, users, mail_perm_store and mailer_send. Existing handlers
ignore ctx so the change is backwards-compatible.
SMTP config lives in secrets.json under optional 'smtp' key.
Mail permissions path via --mail-perms or CONDUIT_MAIL_PERMS.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
spawnSync was blocking the event loop until the subprocess exited, so
opening a browser would freeze the server until it closed. Replace with
spawn + unref (detached, stdio ignored) and remove the now-pointless
awaits and async keywords from action handlers.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Parse the URL and reject anything that isn't http/https before passing
to xdg-open, blocking file://, javascript:// and other schemes.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Each request is signed with HMAC-SHA256 over timestamp+body using a
per-user secret loaded from a --secrets file (never env vars or git).
Users have a canApprove list controlling who may approve queued actions.
Queue entries track submitted_by for permission checks on approve/deny.
Also renames all identifiers to snake_case throughout the codebase.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Move resolvePath and exec out of index.mjs into server/helpers.mjs so
actions can import them directly rather than receiving them as arguments.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
