mirror of
https://github.com/ModernRelay/omnigraph.git
synced 2026-06-09 01:35:18 +02:00
eaeacb2385
Address the second implementation-readiness review (7 points): 1. env-token endpoint-binding was not enforceable as written -> replace with a trusted-origin credential model: ambient creds (env/keychain/profile) apply only to servers whose identity came from a trusted layer; login-written creds additionally bind to their issued-for endpoint. 2. project-layer auth: a lower-trust layer may define endpoint-only servers but may not carry an auth: block at all (command = repo-authored RCE) - now a validation rule, not just prose. 3. legacy remote-URI migration: split https://host/graphs/{gid} into endpoint+graph_id so V2's always-/graphs/{id}/ client can't double the prefix. 4. summary realigned with body: enumeration is graph_list-gated, oauth reserved (not first-class), secrets out-of-repo (not 'structurally unreachable'). 5. disambiguate higher-precedence (project wins merges) vs higher-trust (global owns identity) - they run opposite for the project layer. 6. drop top-level 'queries' from the named-resource merge map (per-graph only). 7. mark OMNIGRAPH_BIND proposed, not current; binary honors --bind/server.bind only (lib.rs:899). |
||
|---|---|---|
| .. | ||
| architecture.md | ||
| branch-protection.md | ||
| ci.md | ||
| codeowners.md | ||
| execution.md | ||
| index.md | ||
| invariants.md | ||
| lance.md | ||
| merge.md | ||
| rfc-001-queries-envelope-mcp.md | ||
| rfc-002-config-cli-architecture.md | ||
| rfc-003-mcp-server-surface.md | ||
| schema-lint-v1-plan.md | ||
| testing.md | ||
| writes.md | ||