mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity
Files
6290fc3d53602497821124d4b1529080ea4412e7
stack/apps/api/src/federation/index.ts
Jason Woltje 004f7828fb
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details
ci/woodpecker/pr/woodpecker Pipeline failed
Details
feat(#273): Implement capability-based authorization for federation 
Add CapabilityGuard infrastructure to enforce capability-based authorization
on federation endpoints. Implements fail-closed security model.

Security properties:
- Deny by default (no capability = deny)
- Only explicit true values grant access
- Connection must exist and be ACTIVE
- All denials logged for audit trail

Implementation:
- Created CapabilityGuard with fail-closed authorization logic
- Added @RequireCapability decorator for marking endpoints
- Added getConnectionById() to ConnectionService
- Added logCapabilityDenied() to AuditService
- 12 comprehensive tests covering all security scenarios

Quality gates:
-  Tests: 12/12 passing
-  Lint: 0 new errors (33 pre-existing)
-  TypeScript: 0 new errors (8 pre-existing)

Refs #273

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-03 19:53:09 -06:00

21 lines
654 B
TypeScript
Raw Blame History

/**
* Federation Module Exports
*/
export * from "./federation.module";
export * from "./federation.service";
export * from "./federation.controller";
export * from "./identity-linking.service";
export * from "./identity-resolution.service";
export * from "./identity-linking.controller";
export * from "./crypto.service";
export * from "./audit.service";
export * from "./query.service";
export * from "./query.controller";
export * from "./command.service";
export * from "./command.controller";
export * from "./guards";
export * from "./types/instance.types";
export * from "./types/identity-linking.types";
export * from "./types/message.types";
Reference in New Issue View Git Blame Copy Permalink