From 37e430b09d3d6bf1a78353e10e2fe7fc928e5c96 Mon Sep 17 00:00:00 2001 From: "glm-5.2" Date: Sun, 28 Jun 2026 22:03:40 +0000 Subject: [PATCH] tasks: mark call/services-list-accesscontrol-filtered complete --- tasks/call/services-list-accesscontrol-filtered.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/call/services-list-accesscontrol-filtered.md b/tasks/call/services-list-accesscontrol-filtered.md index 15ccd82..8efd078 100644 --- a/tasks/call/services-list-accesscontrol-filtered.md +++ b/tasks/call/services-list-accesscontrol-filtered.md @@ -1,7 +1,7 @@ --- id: call/services-list-accesscontrol-filtered name: Filter services/list by AccessControl::check(peer_identity) and add services/list-peers opt-in (ADR-029 ยง6) -status: pending +status: completed depends_on: [call/retire-remote-safe] scope: narrow risk: medium @@ -119,4 +119,4 @@ with `peer_id` attribution, and filters by the calling peer's authorization. ## Summary -> To be filled on completion \ No newline at end of file +Filtered services/list by AccessControl::check(ctx.identity) (op with default ACL listed to any peer; op with required_scopes hidden from unauthorized peers; Internal ops still excluded by list_operations). Added services/list-peers opt-in op that attributes ops by peer_id via context.env.peer_ids()/peer_operations() and filters by the calling peer's authorization. Added PeerId type + peer_ids/peer_contains/peer_operations default-impls to OperationEnv trait (work as stubs until PeerCompositeEnv is wired). Added AccessResult::is_allowed() helper. 6 new unit tests cover authorized/unauthorized/default-ACL filtering and list-peers peer_id attribution + ACL filtering. 205 unit + 2 integration tests pass, clippy clean, fmt clean. \ No newline at end of file