johan
/
inou
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
47 Commits 1 Branch 0 Tags 299 MiB
Commit Graph

6 Commits

Author SHA1 Message Date
James 75e9ec7722 Refactor: Remove legacy v2, data, roles modules; update auth, queries, translations, portal MCP tools 2026-02-13 15:30:22 -05:00
James 6ba57df6ae refactor: clean up reference data and remove rate limiting 
Reference data simplification (choke point pattern):
- Remove RefSave/RefDelete from lib (import-time only, not runtime)
- Remove LabTestSave*, LabRefSave* from lib/lab_reference.go
- Remove PopulateReferences (LLM-based ref generation)
- Keep only RefQuery() for runtime reads
- Import tools handle their own SQL inserts

Rate limiting removed:
- Delete new_signups table and all rate limit code
- Solved via different approach (not in codebase)

Database consolidation (on staging):
- Moved genotypes table (30K SNPs) to reference.db
- Deleted empty DBs: portal.db, rate_limit.db, snpedia.db, ratelimit.db

Net -293 lines. Runtime code now only reads reference data via RefQuery().

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-11 01:20:18 -05:00
James 6486a52ad9 refactor: complete RBAC redesign with hierarchical permissions 
Simplify access control from 500+ lines to ~50 lines of core logic:
- New permission bitmask (PermRead/Write/Delete/Manage)
- Hierarchical access (dossier → category → entry)
- Single choke points: CheckAccess(), EntryQuery(), DossierQuery()
- All data access now enforced through lib RBAC layer
- Removed complex role templates and permission caching

Also improved NewID() to use UUID v4 + SHA-256 hash for better
randomness distribution (was limited to 0-7 hex start).

Net -210 lines across 28 files. Ready for staging deployment.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-11 00:06:02 -05:00
James e1b40ab872 refactor: unexport raw DB functions, enforce RBAC at data layer 
Rename Query→dbQuery, Save→dbSave, Load→dbLoad, Delete→dbDelete,
Count→dbCount in lib/db_queries.go. Go compiler now prevents any code
outside lib/ from bypassing RBAC checks.

All external callers migrated to RBAC-checked functions:
- EntryCategoryCounts, EntryCount, EntryListByDossier (new)
- LabTestList, LabEntryListForIndex, LabRefLookupAll (new)
- GenomeQuery now requires AccessContext
- EntryDeleteByCategory/EntryDeleteTree now require AccessContext

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-10 02:34:51 -05:00
James c1cd76559d fix: genome query RBAC - use system context for data access 
- Updated all genome functions to accept AccessContext parameter
- GenomeGetExtraction, GenomeGetTiers, GenomeGetTierByCategory,
  GenomeGetVariants, GenomeGetVariantsByTier now pass context to EntryList
- API genome handler uses system context after dossier access check
- Categories endpoint uses system context for counting operations
- Fixes MCP query_genome returning 403/no data errors

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-07 16:31:17 -05:00
Johan 94946baf00 Initial commit 2026-02-01 02:43:27 -05:00