mosaicstack/stack
1
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

fix(M2-005,M2-006): enforce user ownership at repo level for conversations and agents #293

Merged
jason.woltje merged 1 commits from fix/m2-conversations-agents-scope into main 2026-03-21 20:34:12 +00:00
Conversation 0 Commits 1 Files Changed 5 +122 -40
jason.woltje commented 2026-03-21 20:17:54 +00:00
Owner
Copy Link

Summary

  • ConversationsRepo (M2-005): added userId to findById, update, remove, findMessages, and addMessage so every query includes AND userId = ? in the WHERE clause — ownership enforced at the DB level.
  • AgentsRepo (M2-006): added ownerId to remove (required) and update (optional, omitted for admin system-agent path) so DELETE/UPDATE WHERE clause scopes to the requesting user's agents.
  • Controller call sites updated to pass userId/ownerId to the repo methods.
  • Existing resource-ownership unit test updated: findById returns undefined for cross-user access, controller raises 404.
  • All 134 gateway tests pass; typecheck, lint, and format:check green.

Test plan

  • All existing unit tests pass (134/134)
  • pnpm typecheck green
  • pnpm lint green
  • pnpm format:check green

Generated with Claude Code

## Summary - ConversationsRepo (M2-005): added userId to findById, update, remove, findMessages, and addMessage so every query includes AND userId = ? in the WHERE clause — ownership enforced at the DB level. - AgentsRepo (M2-006): added ownerId to remove (required) and update (optional, omitted for admin system-agent path) so DELETE/UPDATE WHERE clause scopes to the requesting user's agents. - Controller call sites updated to pass userId/ownerId to the repo methods. - Existing resource-ownership unit test updated: findById returns undefined for cross-user access, controller raises 404. - All 134 gateway tests pass; typecheck, lint, and format:check green. ## Test plan - All existing unit tests pass (134/134) - pnpm typecheck green - pnpm lint green - pnpm format:check green Generated with Claude Code
jason.woltje added 1 commit 2026-03-21 20:17:55 +00:00
fix(M2-005,M2-006): enforce user ownership at repo level for conversations and agents
All checks were successful
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/push/ci Pipeline was successful
Details
cbea60b3ad 
ConversationsRepo: add userId parameter to findById, update, remove, findMessages,
and addMessage so every query filters by conversations.userId in the WHERE clause.
This prevents cross-user data access even if the controller layer were bypassed.

AgentsRepo: add optional ownerId parameter to update (enforced for user-owned agents,
omitted for admin system-agent path) and required ownerId to remove so the DELETE
WHERE clause always scopes to the requesting user's agents.

Controller call sites updated to pass userId/ownerId to the repo methods. The
resource-ownership unit test updated to reflect that findById now returns undefined
(not a foreign-user object) when ownership is checked at the DB layer.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
jason.woltje merged commit ebf99d9ff7 into main 2026-03-21 20:34:12 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
jason.woltje
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: mosaicstack/stack#293
Delete Branch "fix/m2-conversations-agents-scope"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?