Skip to content

document the capability-token model for job console logs#1564

Merged
MattBudz merged 1 commit into
release-5.0.0from
claude-audit/fix-20
Apr 14, 2026
Merged

document the capability-token model for job console logs#1564
MattBudz merged 1 commit into
release-5.0.0from
claude-audit/fix-20

Conversation

@etdsoft

@etdsoft etdsoft commented Apr 14, 2026

Copy link
Copy Markdown
Member

Summary

Adds comments to ConsoleController#status and Log#set_uid recording the design intent: the job UUID (SecureRandom.uuid, 122 bits of entropy) is the authorization primitive for reading a log stream. Logs are not scoped by user or project at the row level; possession of a valid UUID is treated as the authorization to read.

Why

Without these comments, the shape of ConsoleController#status invites future contributors to add row-level scoping that would require a substantial refactor (migration + threading user_id through every call site that creates a Log). The UUID-as-capability design is intentional and the comments flag that.

Check List

  • Commit message has a detailed description of what changed and why.

@etdsoft
document the capability-token model for job console logs
c5632d5 
The job UUID issued by Log#set_uid is the authorization primitive
for ConsoleController#status -- we don't scope Log records by user or
project. Adding comments so future maintainers don't re-litigate.
@MattBudz MattBudz merged commit 2a36e26 into release-5.0.0 Apr 14, 2026
2 checks passed
@MattBudz MattBudz deleted the claude-audit/fix-20 branch April 14, 2026 12:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@etdsoft @MattBudz