managarten

till/managarten

Fork 0

mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-19 07:41:24 +02:00

Commit graph

Author	SHA1	Message	Date
Till JS	a6d51afbc9	feat(mana-ai): encrypted resolver + tick uses Mission Grant to decrypt scoped inputs Phase 2 of Mission Key-Grant. The tick loop now honours a mission's grant by unwrapping the MDK and passing it + the record allowlist into the resolvers. Encrypted modules (notes, tasks, calendar, journal, kontext) resolve server-side instead of returning null. - crypto/decrypt-value.ts: mirror of webapp AES-GCM wire format (enc:1:<iv>.<ct>) — read-only, server never wraps - db/resolvers/encrypted.ts: factory + 5 concrete resolvers. Scope- violation bumps a metric + writes a structured audit row, decrypt failures same. Zero-decrypt (no grant, or record absent) = silent null, no audit noise. - db/audit.ts: best-effort append to mana_ai.decrypt_audit; write failures never cascade into tick failures. - cron/tick.ts: buildResolverContext unwraps grant per mission; MDK reference only lives for the scope of planOneMission. - ResolverContext plumbed through resolveServerInputs; existing goals resolver unchanged semantically. - Metrics: mana_ai_decrypts_total{table}, mana_ai_grant_skips_total {reason}, mana_ai_grant_scope_violations_total{table} (alert > 0). Missions without a grant still run exactly as before — plaintext resolvers fire, encrypted ones short-circuit to null. No behaviour regression for existing users. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-15 13:42:31 +02:00
Till JS	9a3025fed8	feat(ai,auth): Mission Grant endpoint + unwrap helper + audit table Phase 1 of the Mission Key-Grant rollout. Webapp can now request a wrapped per-mission data key; mana-ai can unwrap and (Phase 2) use it. mana-auth: - POST /api/v1/me/ai-mission-grant — HKDF-derives MDK from the user master key, RSA-OAEP-2048-wraps with the mana-ai public key, returns { wrappedKey, derivation, issuedAt, expiresAt } - MissionGrantService refuses zero-knowledge users (409 ZK_ACTIVE) and returns 503 GRANT_NOT_CONFIGURED when MANA_AI_PUBLIC_KEY_PEM is unset - TTL clamped to [1h, 30d] mana-ai: - configureMissionGrantKey + unwrapMissionGrant with structured failure reasons (not-configured / expired / malformed / wrap-rejected) - mana_ai.decrypt_audit table + RLS policy scoped to app.current_user_id — append-only row per server-side decrypt attempt - MANA_AI_PRIVATE_KEY_PEM env slot; absent = grants silently disabled No existing behaviour changes: missions without a grant run exactly as before. Grant flow is wired end-to-end but unused until Phase 2 lands the encrypted resolver. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-15 13:41:59 +02:00

Author

SHA1

Message

Date

Till JS

a6d51afbc9

feat(mana-ai): encrypted resolver + tick uses Mission Grant to decrypt scoped inputs

Phase 2 of Mission Key-Grant. The tick loop now honours a mission's
grant by unwrapping the MDK and passing it + the record allowlist into
the resolvers. Encrypted modules (notes, tasks, calendar, journal,
kontext) resolve server-side instead of returning null.

- crypto/decrypt-value.ts: mirror of webapp AES-GCM wire format
  (enc:1:<iv>.<ct>) — read-only, server never wraps
- db/resolvers/encrypted.ts: factory + 5 concrete resolvers. Scope-
  violation bumps a metric + writes a structured audit row, decrypt
  failures same. Zero-decrypt (no grant, or record absent) = silent
  null, no audit noise.
- db/audit.ts: best-effort append to mana_ai.decrypt_audit; write
  failures never cascade into tick failures.
- cron/tick.ts: buildResolverContext unwraps grant per mission; MDK
  reference only lives for the scope of planOneMission.
- ResolverContext plumbed through resolveServerInputs; existing goals
  resolver unchanged semantically.
- Metrics: mana_ai_decrypts_total{table}, mana_ai_grant_skips_total
  {reason}, mana_ai_grant_scope_violations_total{table} (alert > 0).

Missions without a grant still run exactly as before — plaintext
resolvers fire, encrypted ones short-circuit to null. No behaviour
regression for existing users.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-15 13:42:31 +02:00

Till JS

9a3025fed8

feat(ai,auth): Mission Grant endpoint + unwrap helper + audit table

Phase 1 of the Mission Key-Grant rollout. Webapp can now request a
wrapped per-mission data key; mana-ai can unwrap and (Phase 2) use it.

mana-auth:
- POST /api/v1/me/ai-mission-grant — HKDF-derives MDK from the user
  master key, RSA-OAEP-2048-wraps with the mana-ai public key, returns
  { wrappedKey, derivation, issuedAt, expiresAt }
- MissionGrantService refuses zero-knowledge users (409 ZK_ACTIVE) and
  returns 503 GRANT_NOT_CONFIGURED when MANA_AI_PUBLIC_KEY_PEM is unset
- TTL clamped to [1h, 30d]

mana-ai:
- configureMissionGrantKey + unwrapMissionGrant with structured failure
  reasons (not-configured / expired / malformed / wrap-rejected)
- mana_ai.decrypt_audit table + RLS policy scoped to
  app.current_user_id — append-only row per server-side decrypt attempt
- MANA_AI_PRIVATE_KEY_PEM env slot; absent = grants silently disabled

No existing behaviour changes: missions without a grant run exactly as
before. Grant flow is wired end-to-end but unused until Phase 2 lands
the encrypted resolver.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-15 13:41:59 +02:00

2 commits