hero_agent: replace hardcoded anonymous user with real auth identity #92

New issue

Open

opened 2026-03-26 00:18:14 +00:00 by mik-tf · 0 comments

mik-tf commented 2026-03-26 00:18:14 +00:00

Owner

Copy link

Context

Deferred from #45 (Phase 3: User Identity).

The OSIS storage migration is complete (v0.7.2-dev), but all operations use hardcoded "anonymous" as the user_id. This means:

• All users share the same conversations, memories, audit log
• No per-user data isolation
• No scoping of OSIS queries by authenticated user

What needs to happen

1. Extract real user from auth session — hero_agent routes currently default to "anonymous". Need middleware or helper to extract user identity from the auth token/session (hero_auth provides SSO sessions)
2. Pass user_id through the stack — routes.rs → agent.handle_message() → osis_store.*() — the plumbing exists (user_sid parameter) but is always "anonymous"
3. Scope OSIS queries — list_conversations(), list_memories(), get_stats() already filter by user_id — just needs real values
4. Test multi-user isolation — create conversations as user A, verify user B cannot see them

Files to modify

File	Change
hero_agent_server/src/routes.rs	Extract user from auth session instead of hardcoding "anonymous"
hero_agent_server/src/main.rs	Add auth middleware or session extraction

Related

• #45 — OSIS migration (completed)
• #91 — Full SQLite removal (completed)

Signed-off-by: mik-tf

## Context Deferred from https://forge.ourworld.tf/lhumina_code/home/issues/45 (Phase 3: User Identity). The OSIS storage migration is complete (v0.7.2-dev), but all operations use hardcoded `"anonymous"` as the user_id. This means: - All users share the same conversations, memories, audit log - No per-user data isolation - No scoping of OSIS queries by authenticated user ## What needs to happen 1. **Extract real user from auth session** — hero_agent routes currently default to `"anonymous"`. Need middleware or helper to extract user identity from the auth token/session (hero_auth provides SSO sessions) 2. **Pass user_id through the stack** — `routes.rs` → `agent.handle_message()` → `osis_store.*()` — the plumbing exists (`user_sid` parameter) but is always `"anonymous"` 3. **Scope OSIS queries** — `list_conversations()`, `list_memories()`, `get_stats()` already filter by `user_id` — just needs real values 4. **Test multi-user isolation** — create conversations as user A, verify user B cannot see them ## Files to modify | File | Change | |------|--------| | `hero_agent_server/src/routes.rs` | Extract user from auth session instead of hardcoding `"anonymous"` | | `hero_agent_server/src/main.rs` | Add auth middleware or session extraction | ## Related - https://forge.ourworld.tf/lhumina_code/home/issues/45 — OSIS migration (completed) - https://forge.ourworld.tf/lhumina_code/home/issues/91 — Full SQLite removal (completed) Signed-off-by: mik-tf

mik-tf referenced this issue 2026-03-26 00:18:26 +00:00

AI conversations should be stored in OSIS (per-context, per-user, persistent) #45

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

development

main

No results found.

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

lhumina_code/home#92

No description provided.