2026-04-10 20:49:41 +03:00
|
|
|
[package]
|
|
|
|
|
name = "omnigraph-cli"
|
2026-05-10 14:02:28 +00:00
|
|
|
version = "0.4.2"
|
2026-04-10 20:49:41 +03:00
|
|
|
edition = "2024"
|
|
|
|
|
description = "CLI for the Omnigraph graph database."
|
|
|
|
|
license = "MIT"
|
2026-04-14 20:13:00 +03:00
|
|
|
repository = "https://github.com/ModernRelay/omnigraph"
|
|
|
|
|
homepage = "https://github.com/ModernRelay/omnigraph"
|
|
|
|
|
documentation = "https://docs.rs/omnigraph-cli"
|
2026-04-10 20:49:41 +03:00
|
|
|
|
|
|
|
|
[[bin]]
|
|
|
|
|
name = "omnigraph"
|
|
|
|
|
path = "src/main.rs"
|
|
|
|
|
|
|
|
|
|
[dependencies]
|
2026-05-10 14:02:28 +00:00
|
|
|
omnigraph = { package = "omnigraph-engine", path = "../omnigraph", version = "0.4.2" }
|
|
|
|
|
omnigraph-compiler = { path = "../omnigraph-compiler", version = "0.4.2" }
|
policy: CLI policy injection — local writes go through engine enforce (MR-722) (#104)
Closes the CLI side of the policy chassis fan-out. Before this commit,
CLI direct-engine writes bypassed Cedar entirely because the CLI never
called `Omnigraph::with_policy(...)` for non-`policy validate|test|explain`
subcommands. After this commit, every CLI direct-engine writer
(change, load, ingest, branch create/delete/merge, schema apply) opens
the engine via a new `open_local_db_with_policy(uri, &config)` helper
that installs the configured `PolicyEngine` when `policy.file` is set,
and threads the resolved actor through to the `_as` writer methods.
Actor identity resolution:
- New top-level `--as <ACTOR>` global flag on the CLI overrides config.
- New `cli.actor` field in `omnigraph.yaml` provides a default actor.
- Precedence: `--as` > `cli.actor` > None.
- When policy is configured and neither is set, the engine-layer
footgun guard fires and the write is denied — silent bypass via
"I forgot the actor" is exactly what the guard prevents.
- Remote HTTP writes ignore both — bearer-token-resolved server-side.
Helpers added in main.rs:
- `open_local_db_with_policy(uri, &config) -> Result<Omnigraph>` —
opens the DB and installs the PolicyEngine when configured. Without
policy this is identical to a bare `Omnigraph::open`.
- `resolve_cli_actor(cli_as, &config) -> Option<&str>` — implements
the flag > config > None precedence.
Engine: added `load_file_as` to the loader as the actor-aware mirror of
`load_file`, so CLI file-path loads flow through the same enforce gate
as in-memory `load_as` calls.
Test rewrite: `local_cli_policy_tooling_is_end_to_end_while_local_writes_stay_unenforced`
was the explicit assertion of the pre-chassis hole. Renamed and split:
- `local_cli_policy_tooling_is_end_to_end` — sanity for the read-only
policy CLI surfaces (validate/test/explain), unchanged behavior.
- `local_cli_change_enforces_engine_layer_policy` — the new assertion:
policy installed + no actor → footgun-guard denial; `--as act-bruno`
on protected main → Cedar denial; `--as act-ragnor` (admins-write
rule) on main → permit, write committed.
POLICY_E2E_YAML gains an `admins-write` rule so the permit case has
a non-trivial actor to exercise.
docs/user/policy.md updated with `cli.actor` + `--as <ACTOR>` usage.
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-18 04:06:21 +03:00
|
|
|
omnigraph-policy = { path = "../omnigraph-policy", version = "0.4.2" }
|
2026-05-10 14:02:28 +00:00
|
|
|
omnigraph-server = { path = "../omnigraph-server", version = "0.4.2" }
|
2026-04-10 20:49:41 +03:00
|
|
|
clap = { workspace = true }
|
|
|
|
|
color-eyre = { workspace = true }
|
|
|
|
|
serde = { workspace = true }
|
|
|
|
|
serde_json = { workspace = true }
|
|
|
|
|
serde_yaml = { workspace = true }
|
|
|
|
|
tokio = { workspace = true }
|
|
|
|
|
reqwest = { workspace = true, features = ["blocking"] }
|
|
|
|
|
|
|
|
|
|
[dev-dependencies]
|
|
|
|
|
assert_cmd = "2"
|
|
|
|
|
predicates = "3"
|
|
|
|
|
serde_json = { workspace = true }
|
|
|
|
|
tempfile = { workspace = true }
|
2026-04-12 04:01:14 +03:00
|
|
|
lance-index = { workspace = true }
|