James 45a6445c3b security: replace empty string bypass with explicit system accessor ID ... Changed from empty accessorID bypassing checks to explicit SystemAccessorID for better security and audit trail. Before: accessorID == "" → bypass all checks (security risk) After: accessorID == "system-internal" → bypass (explicit, auditable) Changes: - Added SystemAccessorID constant = "system-internal" - Updated SystemContext to use SystemAccessorID - Updated checkAccess() to check for specific ID - Updated accessorIDFromContext() to return SystemAccessorID - Updated all EntryList calls to use SystemAccessorID - Updated auth.go helpers to use SystemAccessorID Benefits: - Explicit backdoor ID visible in audit logs - No accidental bypass from empty strings - Clear intent for system operations - Can't collide with real hex dossier IDs (uses "system" prefix) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>		2026-02-07 17:20:24 -05:00
..
main.go	security: replace empty string bypass with explicit system accessor ID	2026-02-07 17:20:24 -05:00