You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(runtime): resolve session identity for action body ctx.user (#2701) (#2725)
* chore: bump objectui to 7a68d78f2a0c
chore: release packages (#2304)
objectui@7a68d78f2a0c3c1f99dafd39b75b4f117a24917b
* fix(runtime): resolve session identity for action body ctx.user (#2701)
The POST /actions/:object/:action route called handleActions directly,
bypassing dispatch() → resolveExecutionContext. The action body sandbox's
ctx.user was therefore hard-coded to { id: 'system' }, so handlers could not
branch on the operator's identity/roles or enforce server-side ownership.
- dispatcher-plugin: action routes now dispatch through dispatch() (like the
automation/AI routes), resolving the session identity + per-project kernel
per request before the action body runs.
- http-dispatcher: handleActions builds ctx.user from the request's
ExecutionContext (id, email, positions/roles, permissions, tenantId),
matching the MCP runAction and record-change trigger paths; falls back to a
system principal only for a genuinely anonymous / self-invoked call.
- Tests: 4 regression cases incl. an end-to-end api-key → dispatch → action
pipeline asserting the principal reaches ctx.user (verified red without the fix).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
0 commit comments