security: use 16-char hex system accessor ID from .env
Replaced hardcoded "system-internal" with proper 16-char hex ID loaded from environment, matching dossier ID format. Created actual dossier for system accessor with name "System". Changes: - Generated random 16-char hex: 7b3a3ee1c2776dcd - Added SYSTEM_ACCESSOR_ID to anthropic.env (staging & production) - Created dossier for system accessor (name: "System", email: "system@internal") - Load SystemAccessorID from config in ConfigInit() - Initialize SystemContext after config load with proper ID - Default fallback value in config.go Benefits: - Proper 16-char hex format matches all other dossier IDs - Won't break code expecting 16-char IDs - System operations show as "System" in audit logs - Can be changed via .env without code changes - Has actual dossier entry for referential integrity Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
James
parent
45a6445c3b
commit
b684612797
|
|
@ -33,12 +33,9 @@ type AccessContext struct {
|
|||
IsSystem bool // bypass RBAC (internal operations only)
|
||||
}
|
||||
|
||||
// SystemAccessorID is a reserved ID for internal operations (not a real dossier)
|
||||
// Using "system" prefix makes it impossible to collide with hex dossier IDs
|
||||
const SystemAccessorID = "system-internal"
|
||||
|
||||
// SystemContext is used for internal operations that bypass RBAC
|
||||
var SystemContext = &AccessContext{IsSystem: true, AccessorID: SystemAccessorID}
|
||||
// Initialized in ConfigInit() with SystemAccessorID from config
|
||||
var SystemContext *AccessContext
|
||||
|
||||
// ErrAccessDenied is returned when permission check fails
|
||||
var ErrAccessDenied = fmt.Errorf("access denied")
|
||||
|
|
|
|||
|
|
@ -22,8 +22,9 @@ func Init() error {
|
|||
}
|
||||
|
||||
var (
|
||||
GeminiKey string = ""
|
||||
AnthropicKey string = ""
|
||||
GeminiKey string = ""
|
||||
AnthropicKey string = ""
|
||||
SystemAccessorID string = "7b3a3ee1c2776dcd" // Default fallback
|
||||
)
|
||||
|
||||
func ConfigInit() {
|
||||
|
|
@ -50,6 +51,14 @@ func ConfigInit() {
|
|||
GeminiKey = value
|
||||
case "ANTHROPIC_API_KEY":
|
||||
AnthropicKey = value
|
||||
case "SYSTEM_ACCESSOR_ID":
|
||||
SystemAccessorID = value
|
||||
}
|
||||
}
|
||||
|
||||
// Initialize SystemContext with loaded ID
|
||||
SystemContext = &AccessContext{
|
||||
IsSystem: true,
|
||||
AccessorID: SystemAccessorID,
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue