mikael-lovqvists-claude-agent/claude-code-conduit
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
67c1c3f9a4d0ae408261829a4386e4955f777d26
claude-code-conduit/server/secrets.mjs
mikael-lovqvists-claude-agent 67c1c3f9a4 Add HMAC auth, user permissions, snake_case rename 
Each request is signed with HMAC-SHA256 over timestamp+body using a
per-user secret loaded from a --secrets file (never env vars or git).
Users have a canApprove list controlling who may approve queued actions.
Queue entries track submitted_by for permission checks on approve/deny.

Also renames all identifiers to snake_case throughout the codebase.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-07 20:18:41 +00:00

24 lines
596 B
JavaScript
Raw Blame History

import { readFileSync } from "fs";
export function load_secrets(file_path) {
if (!file_path) {
throw new Error("--secrets <path> is required");
}
let raw;
try {
raw = readFileSync(file_path, "utf8");
} catch (err) {
throw new Error(`Cannot read secrets file at ${file_path}: ${err.message}`);
}
let parsed;
try {
parsed = JSON.parse(raw);
} catch (err) {
throw new Error(`Secrets file is not valid JSON: ${err.message}`);
}
if (!parsed.users || typeof parsed.users !== "object") {
throw new Error("Secrets file must have a top-level 'users' object");
}
return parsed;
}
Reference in New Issue View Git Blame Copy Permalink