@openparachute/vault 0.4.9-rc.9 → 0.5.0-rc.2

package/core/src/types.ts

@@ -1,8 +1,10 @@
 import type { TagFieldSchema, TagRelationship, TagRecord } from "./tag-schemas.js";
+import type { PrunedField } from "./indexed-fields.js";
 
 // ---- Re-exports ----
 
 export type { TagFieldSchema, TagRelationship, TagRecord } from "./tag-schemas.js";
+export type { PrunedField } from "./indexed-fields.js";
 
 // ---- Note ----
 
@@ -278,6 +280,24 @@ export interface Store {
   deleteTagSchema(tag: string): Promise<boolean>;
   getTagSchemaMap(): Promise<Record<string, { description?: string; fields?: Record<string, { type: string; description?: string; enum?: string[]; indexed?: boolean }> }>>;
 
+  // Indexed-field lifecycle — generated columns + indexes on `notes` derived
+  // from tag-declared `indexed: true` fields. See core/src/indexed-fields.ts.
+
+  /**
+   * Prune orphaned `indexed_fields` declarers — declarer tags with no `tags`
+   * row. Fields left with no live declarer are dropped wholesale; co-declared
+   * fields keep their column and lose only the dead declarers. `dryRun`
+   * (default true) returns the plan without mutating.
+   */
+  pruneIndexedFields(opts?: { dryRun?: boolean }): Promise<PrunedField[]>;
+  /**
+   * Replay `declareField` for every `indexed: true` field across all current
+   * tag records, materializing the backing columns + indexes. Idempotent —
+   * used by the import path so a fresh import has the same columns a live
+   * vault would. Returns the count of (tag, field) declarations replayed.
+   */
+  reconcileDeclaredIndexes(): Promise<number>;
+
   // Tag records — full v14 identity row (description + fields + typed
   // relationships + parent_names + timestamps). See
   // parachute-patterns/patterns/tag-data-model.md.
@@ -322,6 +342,14 @@ export interface Store {
   addAttachment(noteId: string, path: string, mimeType: string, metadata?: Record<string, unknown>): Promise<Attachment>;
   getAttachments(noteId: string): Promise<Attachment[]>;
   getAttachment(attachmentId: string): Promise<Attachment | null>;
+  /**
+   * Reverse-lookup attachment rows by their vault-internal relative `path`
+   * (`<date>/<filename>`). Returns every row sharing that path (a single
+   * on-disk asset can be referenced by >1 row). Used by the raw
+   * `/api/storage/<date>/<file>` serve path to map a requested file back to
+   * its owning note(s) for tag-scope enforcement.
+   */
+  getAttachmentsByPath(path: string): Promise<Attachment[]>;
   setAttachmentMetadata(attachmentId: string, metadata: Record<string, unknown>): Promise<void>;
   deleteAttachment(noteId: string, attachmentId: string): Promise<{ deleted: boolean; path: string | null; orphaned: boolean }>;
   listAttachmentsByTranscribeStatus(status: "pending" | "failed" | "done", limit?: number): Promise<Attachment[]>;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openparachute/vault",
-  "version": "0.4.9-rc.9",
+  "version": "0.5.0-rc.2",
   "description": "Agent-native knowledge graph. Notes, tags, links over MCP.",
   "module": "src/cli.ts",
   "type": "module",
@@ -27,7 +27,7 @@
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.12.1",
-    "@openparachute/scope-guard": "^0.3.0",
+    "@openparachute/scope-guard": "^0.4.0-rc.2",
     "jose": "^6.2.2",
     "otpauth": "^9.5.0",
     "qrcode-terminal": "^0.12.0"

package/src/auth-hub-jwt.test.ts

@@ -105,6 +105,13 @@ interface SignOpts {
    * a hub-minted admin token; provide `["<name>"]` for a non-admin user.
    */
   vaultScope?: string[];
+  /**
+   * `permissions` claim (auth-unification arc, C0). Undefined → omit
+   * entirely (today's hub-JWT shape → unscoped). Provide
+   * `{ scoped_tags: [...] }` for a tag-scoped token, or a deliberately
+   * malformed value to exercise the fail-closed path.
+   */
+  permissions?: unknown;
 }
 
 async function signJwt(kp: Keypair, opts: SignOpts): Promise<string> {
@@ -115,6 +122,7 @@ async function signJwt(kp: Keypair, opts: SignOpts): Promise<string> {
     client_id: "test-client",
   };
   if (opts.vaultScope !== undefined) payload.vault_scope = opts.vaultScope;
+  if (opts.permissions !== undefined) payload.permissions = opts.permissions;
   return await new SignJWT(payload)
     .setProtectedHeader({ alg: "RS256", kid: kp.kid })
     .setIssuer(opts.iss)
@@ -183,7 +191,7 @@ describe("authenticateVaultRequest — hub JWT integration", () => {
     const config = readVaultConfig("journal")!;
     const store = getVaultStore("journal");
 
-    const result = await authenticateVaultRequest(bearer(token), config, store.db);
+    const result = await authenticateVaultRequest(bearer(token), config);
     expect("error" in result).toBe(false);
     if (!("error" in result)) {
       expect(result.permission).toBe("full");
@@ -202,7 +210,7 @@ describe("authenticateVaultRequest — hub JWT integration", () => {
     const config = readVaultConfig("journal")!;
     const store = getVaultStore("journal");
 
-    const result = await authenticateVaultRequest(bearer(token), config, store.db);
+    const result = await authenticateVaultRequest(bearer(token), config);
     expect("error" in result).toBe(false);
     if (!("error" in result)) expect(result.permission).toBe("read");
   });
@@ -217,7 +225,7 @@ describe("authenticateVaultRequest — hub JWT integration", () => {
     const config = readVaultConfig("journal")!;
     const store = getVaultStore("journal");
 
-    const result = await authenticateVaultRequest(bearer(token), config, store.db);
+    const result = await authenticateVaultRequest(bearer(token), config);
     expect("error" in result).toBe(true);
     if ("error" in result) {
       expect(result.error.status).toBe(401);
@@ -287,7 +295,7 @@ describe("authenticateVaultRequest — hub JWT integration", () => {
     // this scenario, not a stderr inspection. Pattern carries to scribe/agent.
     const warnSpy = spyOn(console, "warn").mockImplementation(() => {});
     try {
-      const result = await authenticateVaultRequest(bearer(token), config, store.db);
+      const result = await authenticateVaultRequest(bearer(token), config);
       expect("error" in result).toBe(true);
       if ("error" in result) {
         expect(result.error.status).toBe(401);
@@ -323,7 +331,7 @@ describe("authenticateVaultRequest — hub JWT integration", () => {
     const config = readVaultConfig("journal")!;
     const store = getVaultStore("journal");
 
-    const result = await authenticateVaultRequest(bearer(token), config, store.db);
+    const result = await authenticateVaultRequest(bearer(token), config);
     expect("error" in result).toBe(false);
     if (!("error" in result)) {
       expect(result.permission).toBe("full");
@@ -345,7 +353,7 @@ describe("authenticateVaultRequest — hub JWT integration", () => {
     const config = readVaultConfig("aaron")!;
     const store = getVaultStore("aaron");
 
-    const result = await authenticateVaultRequest(bearer(token), config, store.db);
+    const result = await authenticateVaultRequest(bearer(token), config);
     expect("error" in result).toBe(false);
     if (!("error" in result)) {
       expect(result.permission).toBe("full");
@@ -374,7 +382,7 @@ describe("authenticateVaultRequest — hub JWT integration", () => {
     const bobConfig = readVaultConfig("bob")!;
     const bobStore = getVaultStore("bob");
 
-    const result = await authenticateVaultRequest(bearer(token), bobConfig, bobStore.db);
+    const result = await authenticateVaultRequest(bearer(token), bobConfig);
     expect("error" in result).toBe(true);
     if ("error" in result) {
       expect(result.error.status).toBe(403);
@@ -418,7 +426,7 @@ describe("authenticateVaultRequest — hub JWT integration", () => {
     const config = readVaultConfig("work")!;
     const store = getVaultStore("work");
 
-    const result = await authenticateVaultRequest(bearer(token), config, store.db);
+    const result = await authenticateVaultRequest(bearer(token), config);
     expect("error" in result).toBe(false);
     if (!("error" in result)) {
       expect(result.permission).toBe("full");
@@ -444,7 +452,7 @@ describe("authenticateVaultRequest — hub JWT integration", () => {
     const config = readVaultConfig("legacy")!;
     const store = getVaultStore("legacy");
 
-    const result = await authenticateVaultRequest(bearer(token), config, store.db);
+    const result = await authenticateVaultRequest(bearer(token), config);
     expect("error" in result).toBe(false);
     if (!("error" in result)) {
       expect(result.permission).toBe("full");
@@ -469,7 +477,7 @@ describe("authenticateVaultRequest — hub JWT integration", () => {
     const config = readVaultConfig("aaron")!;
     const store = getVaultStore("aaron");
 
-    const result = await authenticateVaultRequest(bearer(token), config, store.db);
+    const result = await authenticateVaultRequest(bearer(token), config);
     expect("error" in result).toBe(true);
     if ("error" in result) {
       // 401, not 403 — broad-scope rejection takes precedence.
@@ -497,7 +505,7 @@ describe("authenticateVaultRequest — hub JWT integration", () => {
 
     const warnSpy = spyOn(console, "warn").mockImplementation(() => {});
     try {
-      const result = await authenticateVaultRequest(bearer(token), config, store.db);
+      const result = await authenticateVaultRequest(bearer(token), config);
       expect("error" in result).toBe(true);
       if ("error" in result) {
         expect(result.error.status).toBe(401);
@@ -518,3 +526,175 @@ describe("authenticateVaultRequest — hub JWT integration", () => {
     }
   });
 });
+
+describe("authenticateVaultRequest — hub JWT tag-scoping (auth-unification C0)", () => {
+  // Helper: pull a successful AuthResult out of authenticateVaultRequest,
+  // failing the test loudly if auth returned an error Response.
+  async function authOk(
+    token: string,
+    vaultName: string,
+  ): Promise<import("./auth.ts").AuthResult> {
+    const config = readVaultConfig(vaultName)!;
+    const store = getVaultStore(vaultName);
+    const result = await authenticateVaultRequest(bearer(token), config);
+    if ("error" in result) {
+      const body = await result.error.json();
+      throw new Error(`expected AuthResult, got ${result.error.status}: ${JSON.stringify(body)}`);
+    }
+    return result;
+  }
+
+  test("permissions.scoped_tags:[health] → AuthResult.scoped_tags=[health]; query-notes enforces (health visible, work hidden)", async () => {
+    seedVault("journal");
+    const store = getVaultStore("journal");
+    // Seed two notes: one tagged health, one tagged work.
+    await store.createNote("blood pressure log", { path: "h1", tags: ["health"] });
+    await store.createNote("quarterly OKRs", { path: "w1", tags: ["work"] });
+
+    const token = await signJwt(kp, {
+      iss: fixture.origin,
+      aud: "vault.journal",
+      scope: "vault:journal:read",
+      permissions: { scoped_tags: ["health"] },
+    });
+
+    const auth = await authOk(token, "journal");
+    // The READ side: the allowlist is lifted off the validated token.
+    expect(auth.scoped_tags).toEqual(["health"]);
+
+    // End-to-end enforcement: the tag-scope-wrapped query-notes tool must
+    // hide the `work` note and surface the `health` note.
+    const { generateScopedMcpTools } = await import("./mcp-tools.ts");
+    const tools = generateScopedMcpTools("journal", auth);
+    const query = tools.find((t) => t.name === "query-notes")!;
+    const result = (await query.execute({})) as any;
+    const notes = Array.isArray(result) ? result : result.notes;
+    const paths = notes.map((n: any) => n.path).sort();
+    expect(paths).toEqual(["h1"]);
+    expect(paths).not.toContain("w1");
+  });
+
+  test("no permissions claim → scoped_tags=null (unscoped, full vault — regression: unchanged)", async () => {
+    seedVault("journal");
+    const store = getVaultStore("journal");
+    await store.createNote("a", { path: "h1", tags: ["health"] });
+    await store.createNote("b", { path: "w1", tags: ["work"] });
+
+    const token = await signJwt(kp, {
+      iss: fixture.origin,
+      aud: "vault.journal",
+      scope: "vault:journal:read",
+      // permissions intentionally omitted — today's hub-JWT shape
+    });
+
+    const auth = await authOk(token, "journal");
+    expect(auth.scoped_tags).toBeNull();
+
+    const { generateScopedMcpTools } = await import("./mcp-tools.ts");
+    const tools = generateScopedMcpTools("journal", auth);
+    const query = tools.find((t) => t.name === "query-notes")!;
+    const result = (await query.execute({})) as any;
+    const notes = Array.isArray(result) ? result : result.notes;
+    const paths = notes.map((n: any) => n.path).sort();
+    // Unscoped: BOTH notes visible.
+    expect(paths).toEqual(["h1", "w1"]);
+  });
+
+  test("permissions present but scoped_tags absent → scoped_tags=null (unscoped)", async () => {
+    seedVault("journal");
+    const token = await signJwt(kp, {
+      iss: fixture.origin,
+      aud: "vault.journal",
+      scope: "vault:journal:read",
+      permissions: { some_other_perm: true },
+    });
+    const auth = await authOk(token, "journal");
+    expect(auth.scoped_tags).toBeNull();
+  });
+
+  test("permissions.scoped_tags:null → scoped_tags=null (explicit unscoped)", async () => {
+    seedVault("journal");
+    const token = await signJwt(kp, {
+      iss: fixture.origin,
+      aud: "vault.journal",
+      scope: "vault:journal:read",
+      permissions: { scoped_tags: null },
+    });
+    const auth = await authOk(token, "journal");
+    expect(auth.scoped_tags).toBeNull();
+  });
+
+  // ---- Fail-closed cases: present-but-malformed scoped_tags MUST 401, ----
+  // ---- never silently widen to full-vault. ----
+  for (const [label, badValue] of [
+    ["a string", "health"],
+    ["a number", 42],
+    ["an object", { health: true }],
+    ["an array with a non-string", ["health", 5]],
+    ["an array with an empty string", ["health", ""]],
+    ["an empty array", []],
+  ] as Array<[string, unknown]>) {
+    test(`malformed scoped_tags (${label}) → 401 fail-closed (does NOT widen to full vault)`, async () => {
+      seedVault("journal");
+      const token = await signJwt(kp, {
+        iss: fixture.origin,
+        aud: "vault.journal",
+        scope: "vault:journal:read",
+        permissions: { scoped_tags: badValue },
+      });
+      const config = readVaultConfig("journal")!;
+      const store = getVaultStore("journal");
+
+      const warnSpy = spyOn(console, "warn").mockImplementation(() => {});
+      try {
+        const result = await authenticateVaultRequest(bearer(token), config);
+        // The whole request is rejected — NOT served with scoped_tags=null
+        // (full vault) or scoped_tags=[] (also full vault on the MCP path).
+        expect("error" in result).toBe(true);
+        if ("error" in result) {
+          expect(result.error.status).toBe(401);
+          const body = (await result.error.json()) as { error: string; message: string };
+          expect(body.error).toBe("Unauthorized");
+          expect(body.message).toContain("malformed tag-scope");
+        }
+        // Audit log carries the diagnostic.
+        expect(warnSpy).toHaveBeenCalled();
+      } finally {
+        warnSpy.mockRestore();
+      }
+    });
+  }
+});
+
+// ---------------------------------------------------------------------------
+// pvt_* DROP (vault#282 Stage 2 — BREAKING). pvt_* tokens were the only
+// non-JWT, non-YAML credential vault used to mint + validate. At 0.5.0 the
+// mint + validation were removed entirely: a pvt_*-prefixed bearer is no
+// longer JWT-shaped (skips authenticateHubJwt) and matches no surviving
+// credential, so it 401s. The hub JWT — the migration target — keeps working.
+// ---------------------------------------------------------------------------
+
+describe("pvt_* DROP (vault#282 Stage 2 — unvalidatable)", () => {
+  test("a pvt_* bearer is 401-rejected on the per-vault hub-JWT surface", async () => {
+    seedVault("journal");
+    const config = readVaultConfig("journal")!;
+    const pvt = "pvt_deadbeefdeadbeefdeadbeefdeadbeef";
+
+    const result = await authenticateVaultRequest(bearer(pvt), config);
+    expect("error" in result).toBe(true);
+    if ("error" in result) expect(result.error.status).toBe(401);
+  });
+
+  test("a real hub JWT still authenticates (migration target works)", async () => {
+    seedVault("journal");
+    const token = await signJwt(kp, {
+      iss: fixture.origin,
+      aud: "vault.journal",
+      scope: "vault:journal:write",
+    });
+    const config = readVaultConfig("journal")!;
+
+    const result = await authenticateVaultRequest(bearer(token), config);
+    expect("error" in result).toBe(false);
+  });
+});

package/src/auth-status.ts

@@ -8,11 +8,18 @@
  *
  * What gets exposed:
  *   - `initialized` — at least one vault exists
- *   - `auth_modes`  — accepted bearer formats (pvt_*, hub-issued JWT)
+ *   - `auth_modes`  — accepted bearer formats. As of 0.5.0 (vault#282 Stage 2)
+ *     vault is a pure hub resource-server: the only first-class user
+ *     credential is a hub-issued JWT, so this is `["hub_jwt"]`. (The
+ *     server-wide VAULT_AUTH_TOKEN operator bearer + legacy YAML api_keys
+ *     still authenticate, but they're operator/legacy channels, not the
+ *     advertised first-contact mode.)
  *   - `vaults`      — list of `{ name, url }` for client-side dispatch
  *   - `hasOwnerPassword`, `hasTotp` — OAuth consent prerequisites
- *   - `hasTokens`   — boolean | null. `null` ≈ "we couldn't read all DBs,
- *     don't trust this answer"; `true`/`false` are honest yes/no signals.
+ *   - `hasTokens`   — boolean | null. Probes the vestigial `tokens` table for
+ *     any leftover pre-0.5.0 rows (the table is kept inert as the YAML-import
+ *     landing zone + a future-cosmetic-drop target). `null` ≈ "we couldn't
+ *     read all DBs, don't trust this answer"; `true`/`false` are honest yes/no.
  *
  * What is deliberately NOT exposed: token counts, hashes, descriptions,
  * timestamps, owner-password hash, totp secret, backup codes. The endpoint
@@ -26,7 +33,7 @@ import { listVaults, readGlobalConfig, vaultDbPath } from "./config.ts";
 
 export interface AuthStatusResponse {
   initialized: boolean;
-  auth_modes: ("pvt_token" | "hub_jwt")[];
+  auth_modes: "hub_jwt"[];
   vaults: { name: string; url: string }[];
   hasOwnerPassword: boolean;
   hasTotp: boolean;
@@ -77,7 +84,7 @@ export function buildAuthStatus(): AuthStatusResponse {
   const vaultNames = listVaults();
   return {
     initialized: vaultNames.length > 0,
-    auth_modes: ["pvt_token", "hub_jwt"],
+    auth_modes: ["hub_jwt"],
     vaults: vaultNames.map((name) => ({ name, url: `/vault/${name}` })),
     hasOwnerPassword: typeof globalConfig.owner_password_hash === "string"
       && globalConfig.owner_password_hash.length > 0,