managarten

till/managarten

Fork 0

mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-22 19:26:43 +02:00

Commit graph

Author	SHA1	Message	Date
Till JS	bb3da78d5c	feat(ai): Mission Grant rollout gating — flag, alerts, runbook, user docs Phase 4 — everything needed to flip the Mission Key-Grant feature on safely per deployment. No new behaviour; purely operational plumbing. - PUBLIC_AI_MISSION_GRANTS feature flag (default off). hooks.server.ts injects window.__PUBLIC_AI_MISSION_GRANTS__, api/config.ts exposes isMissionGrantsEnabled(). Grant UI (dialog + status box) and the Workbench "Datenzugriff" tab both hide when the flag is off. - PUBLIC_MANA_AI_URL added to the injection set so the webapp can reach the new audit endpoint from production. - Prometheus alerts (new mana_ai_alerts group): - ManaAIServiceDown (warning, 2m) - ManaAIGrantScopeViolation (critical, 0m) — MUST stay at 0; any increment pages immediately - ManaAIGrantSkipsHigh (warning, 15m) — flags keypair drift - ManaAIPlannerParseFailures (warning, 10m) — prompt/LLM drift - Runbook in docs/plans/ai-mission-key-grant.md: initial keypair gen, leak-response procedure (rotate + invalidate all grants + audit), scope-violation triage. - User-facing doc in apps/docs security.mdx: new "AI Mission Grants" section with the three hard constraints (ZK users blocked, scope changes invalidate cryptographically, revocation is one click) plus an honest threat-model comparison column showing where grants shift the tradeoff. Rollout remaining (not code): generate keypair on Mac Mini, provision MANA_AI_PRIVATE_KEY_PEM + MANA_AI_PUBLIC_KEY_PEM via Docker secrets, flip PUBLIC_AI_MISSION_GRANTS=true starting with till-only. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-15 14:02:47 +02:00
Till JS	6882ffb626	feat(shared-ai): Mission Key-Grant contract + plan for encrypted server-side runs Foundation for Phase 2+ of the Mission Key-Grant flow: lets mana-ai execute missions that depend on encrypted inputs (notes/tasks/events/ journal/kontext) without needing an open browser tab. Opt-in per mission, Zero-Knowledge users excluded. - Canonical HKDF-SHA256 derivation (scope-bound via tables + recordIds in the HKDF info string → scope changes invalidate the grant cryptographically, not just via a runtime check) - Mission.grant field on the shared Mission type - Golden snapshot + drift-guard test so webapp wrap path and mana-auth wrap endpoint can't silently diverge - Ideas backlog at docs/future/AI_AGENTS_IDEAS.md - Full rollout plan at docs/plans/ai-mission-key-grant.md - COMPANION_BRAIN_ARCHITECTURE.md §21 captures the flow + privacy guarantees + non-goals Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-15 13:41:35 +02:00

Author

SHA1

Message

Date

Till JS

bb3da78d5c

feat(ai): Mission Grant rollout gating — flag, alerts, runbook, user docs

Phase 4 — everything needed to flip the Mission Key-Grant feature on
safely per deployment. No new behaviour; purely operational plumbing.

- PUBLIC_AI_MISSION_GRANTS feature flag (default off). hooks.server.ts
  injects window.__PUBLIC_AI_MISSION_GRANTS__, api/config.ts exposes
  isMissionGrantsEnabled(). Grant UI (dialog + status box) and the
  Workbench "Datenzugriff" tab both hide when the flag is off.
- PUBLIC_MANA_AI_URL added to the injection set so the webapp can reach
  the new audit endpoint from production.
- Prometheus alerts (new mana_ai_alerts group):
  - ManaAIServiceDown (warning, 2m)
  - ManaAIGrantScopeViolation (critical, 0m) — MUST stay at 0; any
    increment pages immediately
  - ManaAIGrantSkipsHigh (warning, 15m) — flags keypair drift
  - ManaAIPlannerParseFailures (warning, 10m) — prompt/LLM drift
- Runbook in docs/plans/ai-mission-key-grant.md: initial keypair gen,
  leak-response procedure (rotate + invalidate all grants + audit),
  scope-violation triage.
- User-facing doc in apps/docs security.mdx: new "AI Mission Grants"
  section with the three hard constraints (ZK users blocked, scope
  changes invalidate cryptographically, revocation is one click) plus
  an honest threat-model comparison column showing where grants shift
  the tradeoff.

Rollout remaining (not code): generate keypair on Mac Mini, provision
MANA_AI_PRIVATE_KEY_PEM + MANA_AI_PUBLIC_KEY_PEM via Docker secrets,
flip PUBLIC_AI_MISSION_GRANTS=true starting with till-only.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-15 14:02:47 +02:00

Till JS

6882ffb626

feat(shared-ai): Mission Key-Grant contract + plan for encrypted server-side runs

Foundation for Phase 2+ of the Mission Key-Grant flow: lets mana-ai
execute missions that depend on encrypted inputs (notes/tasks/events/
journal/kontext) without needing an open browser tab. Opt-in per
mission, Zero-Knowledge users excluded.

- Canonical HKDF-SHA256 derivation (scope-bound via tables + recordIds
  in the HKDF info string → scope changes invalidate the grant
  cryptographically, not just via a runtime check)
- Mission.grant field on the shared Mission type
- Golden snapshot + drift-guard test so webapp wrap path and mana-auth
  wrap endpoint can't silently diverge
- Ideas backlog at docs/future/AI_AGENTS_IDEAS.md
- Full rollout plan at docs/plans/ai-mission-key-grant.md
- COMPANION_BRAIN_ARCHITECTURE.md §21 captures the flow + privacy
  guarantees + non-goals

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-15 13:41:35 +02:00

2 commits