feat(access): let any member list their own grants (me access mine) (TNT-141)#103
Merged
Conversation
…TNT-141)
`me access ls` enumerates the whole space's grants and stays admin/owner-only.
Add `me access mine` — a self-view of the calling principal's own grants,
usable by any member — mirroring `me group mine`.
- server: grantList gains an ownSelf self-service branch (principalId ===
caller); the principal filter pins results to the caller, so it can't reveal
anyone else's grants. No protocol/engine/SQL change — list_tree_access_grants
already filters by principal.
- cli: createAccessMineCommand (whoami -> grant.list({ principalId: me.id })),
printing tree_path | access. `me access ls` is unchanged.
- tests + docs.
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a self-service way for non-admin space members to inspect their own tree-access grants, aligning access tooling with the existing “self-view” patterns (e.g. me group mine) while keeping whole-space grant enumeration restricted.
Changes:
- Server: relaxes
grant.listauthorization to allow listing grants forprincipalId === caller(and continues to allow listing grants for an owned agent) without admin/path-owner. - CLI: introduces
me access mine, which callswhoamithen lists grants for the caller and prints a simplified table. - Tests/docs: adds integration coverage for the new authorization behavior and documents the new command and scoping rules.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/server/rpc/memory/grant.ts | Adds a self-service authorization branch for listing the caller’s own grants. |
| packages/cli/commands/access.ts | Adds me access mine command to list and display the caller’s grants. |
| packages/server/rpc/memory/management.integration.test.ts | Adds integration tests covering self-service grant listing and permission denials. |
| docs/cli/me-access.md | Documents the new me access mine command and clarifies list scoping. |
| docs/typescript-client.md | Notes self-service behavior when grant.list is scoped to caller/owned agent. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Signed-off-by: John Pruitt <jgpruitt@gmail.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Signed-off-by: John Pruitt <jgpruitt@gmail.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Signed-off-by: John Pruitt <jgpruitt@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
me access lsenumerates the whole space's grants and is therefore admin/owner-only. There was no way for a non-admin member to see the grants they hold. This addsme access mine— a self-view of the calling principal's own grants, usable by any member — mirroring the existingme group mine.Closes TNT-141.
Changes
packages/server/rpc/memory/grant.ts):grantListgains anownSelfself-service branch — a caller may list grants whereprincipalId === ctx.principalIdwithout admin/owner rights. TheprincipalIdpins the SQL filter, so it can never reveal another principal's grants. No protocol/client/engine/SQL changes —grant.listandlist_tree_access_grantsalready filter by principal.packages/cli/commands/access.ts):createAccessMineCommand()mirrorsme group mine—whoami→grant.list({ principalId: me.id })→ prints atree_path | accesstable (principal omitted since it's always you), with an empty-state message.me access lsis unchanged (stays admin/owner-scoped, matchingme group ls).management.integration.test.ts): a non-admin member can list their own grants but isFORBIDDENfor another principal or the whole space; an agent owner can list its agent's grants while a stranger cannot.docs/cli/me-access.md(new section + scoping note) anddocs/typescript-client.md.Design note
Picked ticket option 2 (dedicated
me access mine) over makinglsadaptive, to mirrorme group mine(which is a separate command;me group lshas no self-view fallback). The server relaxation is the mechanism both options would share.Verification
./bun run check:full— 0 failures (647 unit / 938 db / 26 e2e).