gitmost

vvzvlad/gitmost

Fork 0

Commit Graph

Author	SHA1	Message	Date
claude code agent 227	7705d44fc6	fix(provenance): address #143 re-review — shared resolver + decoupled badge Architecture & design: - Arch A: introduce resolveProvenance() as the single source of truth for deriving a write's actor/aiChatId from the SIGNED identity, and wire it into BOTH transport seams — the REST jwt.strategy and the collab authentication.extension. Previously the collab seam derived actor from the token claim alone and ignored user.isAgent, so a flagged service account's page-content edits over the websocket persisted as lastUpdatedSource='user', drifting from REST. The seams now share one resolver and can't diverge. - Arch B: drop AiAgentBadge's page-history coupling. The generic ui/ badge no longer imports historyAtoms; it exposes an onActivate callback fired after the deep-link, and the history row passes onActivate to close its own modal. Suggestions/warnings: - S1: soften the jwt.strategy provenance comment (applies to every REST write). - S2/suggestion-3: drop the redundant comment-list-item null-aiChatId test (covered by ai-agent-badge.test.tsx). - S3: de-duplicate jwt.strategy.spec test #3 (the no-claim→'user' half duplicated test #2); keep only the signed actor='agent' claim assertion. - W2: add keyboard-activation tests for the badge (Enter/Space, unrelated key). - W3: flip the design doc status to "реализовано (#143)". Tests: - new auth-provenance.decorator.spec.ts unit-tests resolveProvenance + agentSourceFields. - new collab-seam test: is_agent user with no claim → actor='agent' (Arch A regression guard). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-24 00:27:03 +03:00
claude_code	d188c9e876	docs(backlog): add design for AI attribution of MCP-authored comments Document Variant B for showing MCP-created comments (and pages) as AI rather than as the service-account user, reusing the existing agent provenance infrastructure (§15 C3). - Root cause: MCP logs in via a plain service-account token, so provenance.actor stays 'user' and created_source defaults to 'user'; the comment sidebar also renders no AI badge. - B1 (backend): mark the MCP identity as agent via a new users.is_agent flag; jwt.strategy derives req.raw.actor from it (non-spoofable). Relax the provenance aiChatId type to string \| null for external MCP. - B2 (frontend): extend IComment with createdSource/aiChatId, extract a shared AiAgentBadge, render it in comment-list-item. - Includes edge cases, tests, scope decisions, and acceptance criteria.	2026-06-21 20:58:02 +03:00

Author

SHA1

Message

Date

claude code agent 227

7705d44fc6

fix(provenance): address #143 re-review — shared resolver + decoupled badge

Architecture & design:
- Arch A: introduce resolveProvenance() as the single source of truth for
  deriving a write's actor/aiChatId from the SIGNED identity, and wire it into
  BOTH transport seams — the REST jwt.strategy and the collab
  authentication.extension. Previously the collab seam derived actor from the
  token claim alone and ignored user.isAgent, so a flagged service account's
  page-content edits over the websocket persisted as lastUpdatedSource='user',
  drifting from REST. The seams now share one resolver and can't diverge.
- Arch B: drop AiAgentBadge's page-history coupling. The generic ui/ badge no
  longer imports historyAtoms; it exposes an onActivate callback fired after the
  deep-link, and the history row passes onActivate to close its own modal.

Suggestions/warnings:
- S1: soften the jwt.strategy provenance comment (applies to every REST write).
- S2/suggestion-3: drop the redundant comment-list-item null-aiChatId test
  (covered by ai-agent-badge.test.tsx).
- S3: de-duplicate jwt.strategy.spec test #3 (the no-claim→'user' half
  duplicated test #2); keep only the signed actor='agent' claim assertion.
- W2: add keyboard-activation tests for the badge (Enter/Space, unrelated key).
- W3: flip the design doc status to "реализовано (#143)".

Tests:
- new auth-provenance.decorator.spec.ts unit-tests resolveProvenance +
  agentSourceFields.
- new collab-seam test: is_agent user with no claim → actor='agent'
  (Arch A regression guard).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-24 00:27:03 +03:00

claude_code

d188c9e876

docs(backlog): add design for AI attribution of MCP-authored comments

Document Variant B for showing MCP-created comments (and pages) as AI
rather than as the service-account user, reusing the existing agent
provenance infrastructure (§15 C3).

- Root cause: MCP logs in via a plain service-account token, so
  provenance.actor stays 'user' and created_source defaults to 'user';
  the comment sidebar also renders no AI badge.
- B1 (backend): mark the MCP identity as agent via a new users.is_agent
  flag; jwt.strategy derives req.raw.actor from it (non-spoofable).
  Relax the provenance aiChatId type to string | null for external MCP.
- B2 (frontend): extend IComment with createdSource/aiChatId, extract a
  shared AiAgentBadge, render it in comment-list-item.
- Includes edge cases, tests, scope decisions, and acceptance criteria.

2026-06-21 20:58:02 +03:00

2 Commits