AI-Cognitive-Leap/agnes-the-ai-analyst
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
agnes-the-ai-analyst/cli/skills/security.md
ZdenekSrotyr 1563b05f2e refactor(cli): hard-cutover env vars + config dir to AGNES_* 
Task 0.5 of clean-analyst-bootstrap. Greenfield rewrite — no fallback,
no aliases. Existing dev environments lose their cached PAT and must
re-authenticate.

Env var renames (hard cutover):
- DA_CONFIG_DIR    -> AGNES_CONFIG_DIR
- DA_SERVER        -> AGNES_SERVER
- DA_SERVER_URL    -> AGNES_SERVER_URL  (test-only stale ref, not in spec)
- DA_NO_UPDATE_CHECK -> AGNES_NO_UPDATE_CHECK
- DA_LOCAL_DIR     -> AGNES_LOCAL_DIR
- DA_TOKEN         -> AGNES_TOKEN
- DA_STREAM_RETRIES -> AGNES_STREAM_RETRIES

Config dir rename: ~/.config/da/ -> ~/.config/agnes/ (across code,
comments, docstrings, error messages, install templates, dev scripts).

Stale `da X` references in CLI source (and adjacent app/, tests/):
swept docstrings, comments, help text, and error messages where the
verb survives the rewrite (init, pull, push, catalog, status, diagnose,
auth, admin, skills, query, schema, describe, explore, disk-info,
snapshot, login, logout, whoami, server, setup) and replaced `da X`
with `agnes X`. Intentionally kept `da sync`, `da fetch`, `da analyst`,
`da metrics` — those verbs are removed in later tasks; the legacy
strings will be detected by `_LEGACY_STRINGS` (added in Task 2).

Test fixes:
- TestCLIVersion now asserts output starts with `agnes ` (was `da `).

Test results: 2675 passed, 25 skipped (full pytest run, excluding 9
pre-existing test_db.py / test_user_management.py / test_e2e_extract.py
/ test_cli_binary_rename.py failures unrelated to this rename).
2026-05-04 16:35:44 +02:00

2.4 KiB
Raw Blame History

Security — RBAC, permissions, and audit

Access control (v19+)

Two layers, no role hierarchy:

  • Admin system group — god-mode for app-level actions. Members can do anything.
  • resource_grants(group, resource_type, resource_id) — per-group grants on individual resources (tables, marketplace plugins, memory domains).

Every non-admin access requires an explicit grant. There is no is_public shortcut and no implicit Everyone fallback — admins curate access by minting grants on groups the user belongs to.

Managing users

agnes admin add-user user@company.com           # creates a non-admin user
agnes admin list-users
agnes admin remove-user <user-id>

Admin promotion is a separate action — there is no --role admin flag. Add the user to the Admin system group:

agnes admin group list                          # find the Admin group id
agnes admin group add-member <admin-group-id> user@company.com

Removed in v19: agnes admin set-role (use group memberships instead). Old call sites hard-fail with a replacement command in the error message.

Granting table access

agnes admin grant resource-types                # see registered resource types
agnes admin grant create --group <id> --type table --id <table-id>
agnes admin grant list
agnes admin grant delete <grant-id>

The web UI at /admin/access shows the same model: groups on the left, grantable resources on the right, per-row checkboxes plus per-block "Grant all" / "Revoke all" bulk actions.

Audit trail

Every API mutation is logged:

agnes query "SELECT * FROM system.audit_log ORDER BY timestamp DESC LIMIT 20" --remote

Script sandboxing

User scripts run in an isolated subprocess with:

  • Limited environment (no access to secrets)
  • Timeout (default 5 min)
  • Blocked imports (subprocess, shutil, ctypes)
  • Stdout/stderr size cap (64KB)

JWT tokens

  • Session tokens: issued on interactive login (agnes login), valid 24 hours.
  • For long-lived CLI / CI use, create a Personal Access Token via the UI (/tokens → New token) or CLI (agnes auth token create).
  • PATs are revocable and auditable; session tokens are not.
  • Claims: sub (user_id), email, typ, exp, jti. No role claim — admin status derives from user_group_members at request time via app.auth.access.is_user_admin.
  • Set JWT_SECRET_KEY in .env (min 32 chars).