mirror of
https://github.com/ModernRelay/omnigraph.git
synced 2026-06-09 01:35:18 +02:00
a275306a15
Closes the CLI side of the policy chassis fan-out. Before this commit, CLI direct-engine writes bypassed Cedar entirely because the CLI never called `Omnigraph::with_policy(...)` for non-`policy validate|test|explain` subcommands. After this commit, every CLI direct-engine writer (change, load, ingest, branch create/delete/merge, schema apply) opens the engine via a new `open_local_db_with_policy(uri, &config)` helper that installs the configured `PolicyEngine` when `policy.file` is set, and threads the resolved actor through to the `_as` writer methods. Actor identity resolution: - New top-level `--as <ACTOR>` global flag on the CLI overrides config. - New `cli.actor` field in `omnigraph.yaml` provides a default actor. - Precedence: `--as` > `cli.actor` > None. - When policy is configured and neither is set, the engine-layer footgun guard fires and the write is denied — silent bypass via "I forgot the actor" is exactly what the guard prevents. - Remote HTTP writes ignore both — bearer-token-resolved server-side. Helpers added in main.rs: - `open_local_db_with_policy(uri, &config) -> Result<Omnigraph>` — opens the DB and installs the PolicyEngine when configured. Without policy this is identical to a bare `Omnigraph::open`. - `resolve_cli_actor(cli_as, &config) -> Option<&str>` — implements the flag > config > None precedence. Engine: added `load_file_as` to the loader as the actor-aware mirror of `load_file`, so CLI file-path loads flow through the same enforce gate as in-memory `load_as` calls. Test rewrite: `local_cli_policy_tooling_is_end_to_end_while_local_writes_stay_unenforced` was the explicit assertion of the pre-chassis hole. Renamed and split: - `local_cli_policy_tooling_is_end_to_end` — sanity for the read-only policy CLI surfaces (validate/test/explain), unchanged behavior. - `local_cli_change_enforces_engine_layer_policy` — the new assertion: policy installed + no actor → footgun-guard denial; `--as act-bruno` on protected main → Cedar denial; `--as act-ragnor` (admins-write rule) on main → permit, write committed. POLICY_E2E_YAML gains an `admins-write` rule so the permit case has a non-trivial actor to exercise. docs/user/policy.md updated with `cli.actor` + `--as <ACTOR>` usage. Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
33 lines
1 KiB
TOML
33 lines
1 KiB
TOML
[package]
|
|
name = "omnigraph-cli"
|
|
version = "0.4.2"
|
|
edition = "2024"
|
|
description = "CLI for the Omnigraph graph database."
|
|
license = "MIT"
|
|
repository = "https://github.com/ModernRelay/omnigraph"
|
|
homepage = "https://github.com/ModernRelay/omnigraph"
|
|
documentation = "https://docs.rs/omnigraph-cli"
|
|
|
|
[[bin]]
|
|
name = "omnigraph"
|
|
path = "src/main.rs"
|
|
|
|
[dependencies]
|
|
omnigraph = { package = "omnigraph-engine", path = "../omnigraph", version = "0.4.2" }
|
|
omnigraph-compiler = { path = "../omnigraph-compiler", version = "0.4.2" }
|
|
omnigraph-policy = { path = "../omnigraph-policy", version = "0.4.2" }
|
|
omnigraph-server = { path = "../omnigraph-server", version = "0.4.2" }
|
|
clap = { workspace = true }
|
|
color-eyre = { workspace = true }
|
|
serde = { workspace = true }
|
|
serde_json = { workspace = true }
|
|
serde_yaml = { workspace = true }
|
|
tokio = { workspace = true }
|
|
reqwest = { workspace = true, features = ["blocking"] }
|
|
|
|
[dev-dependencies]
|
|
assert_cmd = "2"
|
|
predicates = "3"
|
|
serde_json = { workspace = true }
|
|
tempfile = { workspace = true }
|
|
lance-index = { workspace = true }
|