feat(hero): wire hero_proc_log, HERO_SOCKET_DIR, 0660 perms, claim auth #16

Merged

ashraf merged 2 commits from development_hero_primitives into main 2026-04-22 14:32:31 +00:00

Conversation 0 Commits 2 Files changed 16 +446 -59

ashraf commented 2026-04-21 12:26:17 +00:00

Member

Copy link

Summary

• Replace stderr tracing init in both binaries with hero_proc_sdk::HeroLogger sources (hero_livekit_server, hero_livekit_ui).
• Resolve socket paths through HERO_SOCKET_DIR per hero_sockets §7.1 (UI, examples, Makefile).
• UI swaps its custom UDS accept loop for a bind_unix_socket helper that chmods ui.sock to 0660 after bind (hero_sockets §2 + §7.2).
• UI /rpc proxy forwards X-Hero-Context, X-Hero-Claims, X-Forwarded-Prefix to the backend rpc.sock.
• New AuthorizedOsisLivekit wrapper enforces claim-based authorization on privileged LiveKitService.* methods per herolib_openrpc_authorize pattern matching; read methods stay open. The server registers the wrapper via register_domain instead of register::<OsisLivekit>.
• 10 new unit tests in authz.rs cover rule-matching, trusted-mode bypass, and authorization branches.

Related Issue

Closes #13

Changes

Workspace + Cargo manifests

• Cargo.toml — added hero_proc_sdk (git, development branch) to [workspace.dependencies].
• crates/hero_livekit_server/Cargo.toml — added hero_proc_sdk.
• crates/hero_livekit_ui/Cargo.toml — added hero_proc_sdk; removed tracing-subscriber.

UI binary — crates/hero_livekit_ui/src/main.rs

• Hardcoded SERVICE_SOCKET / UI_SOCKET constants replaced with HERO_SOCKET_DIR resolver.
• Custom serve_unix accept loop replaced with bind_unix_socket helper (0660 chmod).
• tracing_subscriber init removed; HeroLogger::new("hero_livekit_ui").await? owns startup logging.
• rpc_proxy_handler + forward_rpc read and inject the three Hero headers.

Server binary — crates/hero_livekit_server/src/main.rs

• HeroLogger::new("hero_livekit_server").await? at startup.
• OServer::run_cli closure hand-constructs OsisLivekit via OsisDomainInit::create, wraps in AuthorizedOsisLivekit, registers via register_domain.

Authorization wrapper — crates/hero_livekit_server/src/livekit/server/authz.rs (new, 300 LoC)

• AuthorizedOsisLivekit(Arc<OsisLivekit>, Arc<HeroLogger>) implementing OsisAppRpcHandler.
• Privileged methods: livekitservice.{install, configure, start, stop, restart, create_room, delete_room, remove_participant}.
• Rule set: ["admin", "admin.*", "hero_livekit.admin", "hero_livekit.*"].
• Missing X-Hero-Claims = trusted mode (full access) per hero_context §4.3.
• Denied calls log via HeroLogger (authz component) and return RpcError::Operation("PermissionDenied: ...").

Examples, Makefile, docs

• examples/basic_usage.rs and examples/health.rs — SOCKET_PATH const + dirs::home_dir() resolver replaced with HERO_SOCKET_DIR/HOME cascade.
• Makefile — SOCKET_DIR := $(HERO_SOCKET_DIR)/hero_livekit; export HERO_SOCKET_DIR.
• README.md, docs/api.md, docs/architecture.md, docs/configuration.md, docs/ui.md — literal paths replaced with $HERO_SOCKET_DIR/hero_livekit/..., default-fallback note added.

Test Results

• cargo check --workspace — PASS
• cargo test --workspace — 30 passed, 0 failed, 3 ignored (pre-existing rustdoc examples)
• New coverage: 10 unit tests in authz.rs (rule_matches_*, privileged_methods_have_rules, open_methods_have_no_rules, trusted_mode_bypasses_rules, empty_rules_authorizes_any_context, matching_claim_authorizes, non_matching_claim_denies, empty_claim_list_denies).

Compatibility

• HERO_SOCKET_DIR is the only new env var; when unset, resolved paths match previous defaults exactly, so existing .claude/settings.json allowlist entries continue to work.
• Operators overriding HERO_SOCKET_DIR must reapprove commands referencing the new paths.

Out of scope

• Resource-level (per-room) policies — current rules are method-level.
• A HERO_SOCKET_DIR-agnostic parallel block in .claude/settings.json — additive, non-blocking.

## Summary - Replace stderr tracing init in both binaries with `hero_proc_sdk::HeroLogger` sources (`hero_livekit_server`, `hero_livekit_ui`). - Resolve socket paths through `HERO_SOCKET_DIR` per `hero_sockets` §7.1 (UI, examples, Makefile). - UI swaps its custom UDS accept loop for a `bind_unix_socket` helper that chmods `ui.sock` to `0660` after bind (`hero_sockets` §2 + §7.2). - UI `/rpc` proxy forwards `X-Hero-Context`, `X-Hero-Claims`, `X-Forwarded-Prefix` to the backend `rpc.sock`. - New `AuthorizedOsisLivekit` wrapper enforces claim-based authorization on privileged `LiveKitService.*` methods per `herolib_openrpc_authorize` pattern matching; read methods stay open. The server registers the wrapper via `register_domain` instead of `register::<OsisLivekit>`. - 10 new unit tests in `authz.rs` cover rule-matching, trusted-mode bypass, and authorization branches. ## Related Issue Closes https://forge.ourworld.tf/lhumina_code/hero_livekit/issues/13 ## Changes ### Workspace + Cargo manifests - `Cargo.toml` — added `hero_proc_sdk` (git, development branch) to `[workspace.dependencies]`. - `crates/hero_livekit_server/Cargo.toml` — added `hero_proc_sdk`. - `crates/hero_livekit_ui/Cargo.toml` — added `hero_proc_sdk`; removed `tracing-subscriber`. ### UI binary — `crates/hero_livekit_ui/src/main.rs` - Hardcoded `SERVICE_SOCKET` / `UI_SOCKET` constants replaced with `HERO_SOCKET_DIR` resolver. - Custom `serve_unix` accept loop replaced with `bind_unix_socket` helper (0660 chmod). - `tracing_subscriber` init removed; `HeroLogger::new("hero_livekit_ui").await?` owns startup logging. - `rpc_proxy_handler` + `forward_rpc` read and inject the three Hero headers. ### Server binary — `crates/hero_livekit_server/src/main.rs` - `HeroLogger::new("hero_livekit_server").await?` at startup. - `OServer::run_cli` closure hand-constructs `OsisLivekit` via `OsisDomainInit::create`, wraps in `AuthorizedOsisLivekit`, registers via `register_domain`. ### Authorization wrapper — `crates/hero_livekit_server/src/livekit/server/authz.rs` (new, 300 LoC) - `AuthorizedOsisLivekit(Arc<OsisLivekit>, Arc<HeroLogger>)` implementing `OsisAppRpcHandler`. - Privileged methods: `livekitservice.{install, configure, start, stop, restart, create_room, delete_room, remove_participant}`. - Rule set: `["admin", "admin.*", "hero_livekit.admin", "hero_livekit.*"]`. - Missing `X-Hero-Claims` = trusted mode (full access) per `hero_context` §4.3. - Denied calls log via `HeroLogger` (`authz` component) and return `RpcError::Operation("PermissionDenied: ...")`. ### Examples, Makefile, docs - `examples/basic_usage.rs` and `examples/health.rs` — `SOCKET_PATH` const + `dirs::home_dir()` resolver replaced with `HERO_SOCKET_DIR`/`HOME` cascade. - `Makefile` — `SOCKET_DIR := $(HERO_SOCKET_DIR)/hero_livekit`; `export HERO_SOCKET_DIR`. - `README.md`, `docs/api.md`, `docs/architecture.md`, `docs/configuration.md`, `docs/ui.md` — literal paths replaced with `$HERO_SOCKET_DIR/hero_livekit/...`, default-fallback note added. ## Test Results - `cargo check --workspace` — PASS - `cargo test --workspace` — 30 passed, 0 failed, 3 ignored (pre-existing rustdoc examples) - New coverage: 10 unit tests in `authz.rs` (`rule_matches_*`, `privileged_methods_have_rules`, `open_methods_have_no_rules`, `trusted_mode_bypasses_rules`, `empty_rules_authorizes_any_context`, `matching_claim_authorizes`, `non_matching_claim_denies`, `empty_claim_list_denies`). ## Compatibility - `HERO_SOCKET_DIR` is the only new env var; when unset, resolved paths match previous defaults exactly, so existing `.claude/settings.json` allowlist entries continue to work. - Operators overriding `HERO_SOCKET_DIR` must reapprove commands referencing the new paths. ## Out of scope - Resource-level (per-room) policies — current rules are method-level. - A `HERO_SOCKET_DIR`-agnostic parallel block in `.claude/settings.json` — additive, non-blocking.

ashraf added 1 commit 2026-04-21 12:26:17 +00:00

feat(hero): wire hero_proc_log, HERO_SOCKET_DIR, 0660 perms, claim auth ... 7d21c6ae45

- Replace stderr tracing init in both binaries with hero_proc_sdk::HeroLogger
  sources (hero_livekit_server, hero_livekit_ui).
- Resolve socket paths through HERO_SOCKET_DIR per hero_sockets §7.1 in UI,
  examples, and Makefile.
- UI swaps its custom UDS accept loop for a bind_unix_socket helper that
  chmods ui.sock to 0660 after bind (hero_sockets §2 + §7.2).
- UI /rpc proxy forwards X-Hero-Context, X-Hero-Claims, X-Forwarded-Prefix
  to the backend rpc.sock.
- New AuthorizedOsisLivekit wrapper enforces claim-based authorization on
  privileged LiveKitService.* methods per herolib_openrpc_authorize pattern
  matching; read methods stay open. Server registers the wrapper via
  register_domain instead of register::<OsisLivekit>.
- 10 new unit tests in authz.rs cover rule-matching, trusted-mode bypass,
  and authorization branches.

#13

ashraf referenced this pull request 2026-04-21 12:26:27 +00:00

Wire hero_proc_log + HERO_SOCKET_DIR + 0660 perms + hero_context claim auth #13

ashraf added 1 commit 2026-04-22 10:19:05 +00:00

better handling to make stop ... cff92ee6ca

Signed-off-by: Ashraf Fouda <ashraf.m.fouda@gmail.com>

ashraf referenced this pull request 2026-04-22 11:05:59 +00:00

Add nu_service.nu, .claude/, CLAUDE.md, hero_do_hero_livekit Rhai binary #12

ashraf referenced this pull request 2026-04-22 11:59:50 +00:00

Add nu_service.nu, .claude/, CLAUDE.md, hero_do_hero_livekit Rhai binary #12

ashraf merged commit cff92ee6ca into main 2026-04-22 14:32:31 +00:00

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

lhumina_code/hero_livekit!16

No description provided.