lhumina_code/hero_os
22
0
Fork 0
Code Issues 28 Pull requests 1 Projects 1 Releases Packages Wiki Activity Actions

hero_collab: Slack feature parity — auth integration with hero_proxy #34

New issue
Closed
opened 2026-04-14 12:09:57 +00:00 by sameh-farouk · 0 comments
sameh-farouk commented 2026-04-14 12:09:57 +00:00
Member
Copy link

Summary

hero_collab is being developed as a Slack alternative for the Hero OS ecosystem. A comprehensive implementation plan has been created and Phase 0 (bug fixes) is complete. Phase 1 (authentication) requires integration with hero_proxy.

Full plan and progress: lhumina_code/hero_collab#9

Auth Integration with hero_proxy

hero_collab needs to read the identity headers that hero_proxy injects after authentication:

  • X-Hero-User — the authenticated username/email (injected by hero_proxy after OAuth, signature, or IP-match auth)
  • X-Hero-Context — the user's context ID (from users.context column in hero_proxy DB)
  • X-Hero-Claims — comma-separated permissions resolved via hero_proxy's group→role→claims BFS

How it works

Browser → hero_proxy (auth, port 9997) → hero_router (port 9988) → hero_collab_ui (ui.sock)
                                                                   → hero_collab_server (rpc.sock)

hero_proxy strips spoofed X-Hero-* headers, authenticates the user, then injects trusted headers. hero_collab reads and trusts these headers, maps X-Hero-User to a local collab user, and injects the user ID as caller_id for its existing permission system.

Related hero_proxy work

  • hero_proxy#8 — [Phase 1] Auth gateway (OAuth enforcement, identity injection) — tracks the auth infrastructure hero_collab depends on
  • hero_proxy#23 — Context injection from authenticated user identity — already implemented and closed

What hero_collab needs from the ecosystem

  1. hero_proxy running with auth configured — OAuth provider or IP-based auto-login for the hero_collab domain route
  2. hero_proxy users.list RPC — hero_collab will call this to populate invite/member-add dropdowns with system users
  3. WebSocket through hero_router — needs hero_router with WS tunnel support (commit d1632cd, already in development branch)

Current status

  • Phase 0 (bug fixes): Complete and pushed
  • Phase 1 (auth): 🔄 Starting — installing hero_proxy, verifying header flow
  • WebSocket: hero_router has support but connection drops after handshake — investigating
## Summary hero_collab is being developed as a Slack alternative for the Hero OS ecosystem. A comprehensive implementation plan has been created and Phase 0 (bug fixes) is complete. Phase 1 (authentication) requires integration with hero_proxy. **Full plan and progress:** https://forge.ourworld.tf/lhumina_code/hero_collab/issues/9 ## Auth Integration with hero_proxy hero_collab needs to read the identity headers that hero_proxy injects after authentication: - `X-Hero-User` — the authenticated username/email (injected by hero_proxy after OAuth, signature, or IP-match auth) - `X-Hero-Context` — the user's context ID (from `users.context` column in hero_proxy DB) - `X-Hero-Claims` — comma-separated permissions resolved via hero_proxy's group→role→claims BFS ### How it works ``` Browser → hero_proxy (auth, port 9997) → hero_router (port 9988) → hero_collab_ui (ui.sock) → hero_collab_server (rpc.sock) ``` hero_proxy strips spoofed `X-Hero-*` headers, authenticates the user, then injects trusted headers. hero_collab reads and trusts these headers, maps `X-Hero-User` to a local collab user, and injects the user ID as `caller_id` for its existing permission system. ### Related hero_proxy work - hero_proxy#8 — [Phase 1] Auth gateway (OAuth enforcement, identity injection) — tracks the auth infrastructure hero_collab depends on - hero_proxy#23 — Context injection from authenticated user identity — already implemented and closed ### What hero_collab needs from the ecosystem 1. **hero_proxy running with auth configured** — OAuth provider or IP-based auto-login for the hero_collab domain route 2. **hero_proxy `users.list` RPC** — hero_collab will call this to populate invite/member-add dropdowns with system users 3. **WebSocket through hero_router** — needs hero_router with WS tunnel support (commit d1632cd, already in development branch) ### Current status - Phase 0 (bug fixes): ✅ Complete and pushed - Phase 1 (auth): 🔄 Starting — installing hero_proxy, verifying header flow - WebSocket: hero_router has support but connection drops after handshake — investigating
sameh-farouk 2026-04-14 12:09:57 +00:00
  • closed this issue
  • added the
    type_task
         label
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
development
35-unified-window-chrome
development_auth_fixes
development_fixes_v2
development_fixes
development_30
development_16
development_mik2
main
v0.1.3
v0.1.2
v0.1.1
v0.1.0
v0.0.1-rc1
Labels
Clear labels   
prio_critical

   
prio_low

   
type_bug

   
type_contact

   
type_issue

   
type_lead

   
type_question

   
type_story

   
type_task
No labels
prio_critical
prio_low
type_bug
type_contact
type_issue
type_lead
type_question
type_story
type_task
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
lhumina_code/hero_os#34
No description provided.