Spaces:
Running
Running
Upload folder using huggingface_hub
Browse files- .env.example +3 -0
- AGENTS.md +1 -0
- PLANS.md +2 -1
- TASKS.md +3 -3
- docs/PASSWORD_MANAGER_SCOPE.md +27 -0
- docs/TROUBLESHOOTING.md +6 -0
.env.example
CHANGED
|
@@ -18,3 +18,6 @@ SSH_PRIVATE_KEY=
|
|
| 18 |
SSH_PUBLIC_KEY=
|
| 19 |
SSH_KNOWN_HOSTS=
|
| 20 |
|
|
|
|
|
|
|
|
|
|
|
|
| 18 |
SSH_PUBLIC_KEY=
|
| 19 |
SSH_KNOWN_HOSTS=
|
| 20 |
|
| 21 |
+
# Optional: Provider CLI auth (prefer env vars, not files)
|
| 22 |
+
GEMINI_API_KEY=
|
| 23 |
+
ANTHROPIC_API_KEY=
|
AGENTS.md
CHANGED
|
@@ -44,6 +44,7 @@ uvicorn main:app --reload --host 0.0.0.0 --port 7860
|
|
| 44 |
- High-risk features are gated by Supabase auth and flags (`ENABLE_TERMINAL`, `ENABLE_CODEX`, `ENABLE_MCP`, `ENABLE_INDEXING`). Keep defaults conservative and document changes in `SECURITY.md`.
|
| 45 |
|
| 46 |
## Deployment notes (HF Spaces)
|
|
|
|
| 47 |
- Port: `7860`
|
| 48 |
- Persistence: `/data` is used for `~/.codex`, `~/.ssh`, and a default workspace directory when available.
|
| 49 |
- Web terminals often require device auth flows; avoid localhost callback assumptions.
|
|
|
|
| 44 |
- High-risk features are gated by Supabase auth and flags (`ENABLE_TERMINAL`, `ENABLE_CODEX`, `ENABLE_MCP`, `ENABLE_INDEXING`). Keep defaults conservative and document changes in `SECURITY.md`.
|
| 45 |
|
| 46 |
## Deployment notes (HF Spaces)
|
| 47 |
+
|
| 48 |
- Port: `7860`
|
| 49 |
- Persistence: `/data` is used for `~/.codex`, `~/.ssh`, and a default workspace directory when available.
|
| 50 |
- Web terminals often require device auth flows; avoid localhost callback assumptions.
|
PLANS.md
CHANGED
|
@@ -70,6 +70,8 @@ This file is the repo-level roadmap for `autonomy-labs`. It’s intentionally op
|
|
| 70 |
- GitHub repo indexing (branch/path filters, token support via Secrets)
|
| 71 |
- Build a jobs UI: progress, retries, errors, and access controls.
|
| 72 |
|
|
|
|
|
|
|
| 73 |
## P3 — P2P pubsub chat + account manager
|
| 74 |
- Implement account manager concepts:
|
| 75 |
- identities/devices, room/topic membership, permissions, moderation tools
|
|
@@ -84,4 +86,3 @@ This file is the repo-level roadmap for `autonomy-labs`. It’s intentionally op
|
|
| 84 |
- Add lint/tests + CI:
|
| 85 |
- Python: `ruff`, `pytest`
|
| 86 |
- basic security smoke tests for endpoint gating
|
| 87 |
-
|
|
|
|
| 70 |
- GitHub repo indexing (branch/path filters, token support via Secrets)
|
| 71 |
- Build a jobs UI: progress, retries, errors, and access controls.
|
| 72 |
|
| 73 |
+
Note: see `docs/PASSWORD_MANAGER_SCOPE.md` for the current (non-vault) stance and recommended path forward.
|
| 74 |
+
|
| 75 |
## P3 — P2P pubsub chat + account manager
|
| 76 |
- Implement account manager concepts:
|
| 77 |
- identities/devices, room/topic membership, permissions, moderation tools
|
|
|
|
| 86 |
- Add lint/tests + CI:
|
| 87 |
- Python: `ruff`, `pytest`
|
| 88 |
- basic security smoke tests for endpoint gating
|
|
|
TASKS.md
CHANGED
|
@@ -27,8 +27,8 @@ Legend:
|
|
| 27 |
|
| 28 |
## P2 — Provider auth parity (Codex/Gemini/Claude)
|
| 29 |
- [x] Codex auth file generation from env/secrets (`~/.codex/.auth.json` and `~/.codex/auth.json`).
|
| 30 |
-
- [
|
| 31 |
-
- [
|
| 32 |
- [x] Optional SSH key support via Secrets (`SSH_PRIVATE_KEY`, `SSH_PUBLIC_KEY`, `SSH_KNOWN_HOSTS`).
|
| 33 |
|
| 34 |
## P2 — Codex workspace directory (UI)
|
|
@@ -49,7 +49,7 @@ Legend:
|
|
| 49 |
- [x] Import/export `mcp.json` via UI with validation.
|
| 50 |
|
| 51 |
## P3 — RAG + indexing (docs/web/GitHub) + “password manager”
|
| 52 |
-
- [
|
| 53 |
- [x] Document upload indexing connector (MVP: text-only, keyword search).
|
| 54 |
- [ ] Website crawler indexing (depth/allowlist/robots/rate limits).
|
| 55 |
- [ ] GitHub repo indexing connector (branch/path filters + token support).
|
|
|
|
| 27 |
|
| 28 |
## P2 — Provider auth parity (Codex/Gemini/Claude)
|
| 29 |
- [x] Codex auth file generation from env/secrets (`~/.codex/.auth.json` and `~/.codex/auth.json`).
|
| 30 |
+
- [x] Gemini auth (env-only via `GEMINI_API_KEY`, documented).
|
| 31 |
+
- [x] Claude auth (env-only via `ANTHROPIC_API_KEY`, documented).
|
| 32 |
- [x] Optional SSH key support via Secrets (`SSH_PRIVATE_KEY`, `SSH_PUBLIC_KEY`, `SSH_KNOWN_HOSTS`).
|
| 33 |
|
| 34 |
## P2 — Codex workspace directory (UI)
|
|
|
|
| 49 |
- [x] Import/export `mcp.json` via UI with validation.
|
| 50 |
|
| 51 |
## P3 — RAG + indexing (docs/web/GitHub) + “password manager”
|
| 52 |
+
- [x] Clarify “password manager” scope and threat model (`docs/PASSWORD_MANAGER_SCOPE.md`).
|
| 53 |
- [x] Document upload indexing connector (MVP: text-only, keyword search).
|
| 54 |
- [ ] Website crawler indexing (depth/allowlist/robots/rate limits).
|
| 55 |
- [ ] GitHub repo indexing connector (branch/path filters + token support).
|
docs/PASSWORD_MANAGER_SCOPE.md
ADDED
|
@@ -0,0 +1,27 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
# “Password manager” scope (clarification)
|
| 2 |
+
|
| 3 |
+
This repo currently **does not implement a password manager / secure vault**.
|
| 4 |
+
|
| 5 |
+
## Why this matters
|
| 6 |
+
|
| 7 |
+
A real password manager is a high-risk feature. To do it safely you need:
|
| 8 |
+
- client-side encryption (or a trusted enclave) and a clear key-derivation strategy
|
| 9 |
+
- strict access controls and auditing
|
| 10 |
+
- safe handling of backups/exports
|
| 11 |
+
- threat modeling for the deployment environment (HF Spaces, browser clients, admin operators)
|
| 12 |
+
|
| 13 |
+
## What we can safely support first (recommended)
|
| 14 |
+
|
| 15 |
+
**Indexed private notes / secrets references** (lower risk than storing raw credentials):
|
| 16 |
+
- store *non-sensitive* snippets and references (e.g., “service X uses token Y stored in HF secret Z”)
|
| 17 |
+
- use the existing RAG indexing pipeline for retrieval
|
| 18 |
+
- keep actual secrets in HF Spaces Secrets or Supabase (never in git)
|
| 19 |
+
|
| 20 |
+
## If you want a real vault
|
| 21 |
+
|
| 22 |
+
We should treat it as a separate milestone:
|
| 23 |
+
1. Define threat model (who can read, what happens if admin/host is compromised).
|
| 24 |
+
2. Choose encryption strategy (client-side keys vs server-managed keys).
|
| 25 |
+
3. Add UX for create/unlock/lock, rotate keys, and recovery.
|
| 26 |
+
4. Add audit logging, rate limiting, and tests.
|
| 27 |
+
|
docs/TROUBLESHOOTING.md
CHANGED
|
@@ -19,6 +19,12 @@ If you use env-based token auth, set one of:
|
|
| 19 |
Notes:
|
| 20 |
- You do not need to provide `last_refresh` as a Secret; it is written automatically.
|
| 21 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22 |
## RAG endpoints return 403 (“Indexing is disabled”)
|
| 23 |
|
| 24 |
Set `ENABLE_INDEXING=1` in your environment and restart the container.
|
|
|
|
| 19 |
Notes:
|
| 20 |
- You do not need to provide `last_refresh` as a Secret; it is written automatically.
|
| 21 |
|
| 22 |
+
## Gemini / Claude CLI authentication
|
| 23 |
+
|
| 24 |
+
This repo prefers env-based auth for provider CLIs (keep tokens out of git and UI):
|
| 25 |
+
- Gemini: `GEMINI_API_KEY`
|
| 26 |
+
- Claude: `ANTHROPIC_API_KEY`
|
| 27 |
+
|
| 28 |
## RAG endpoints return 403 (“Indexing is disabled”)
|
| 29 |
|
| 30 |
Set `ENABLE_INDEXING=1` in your environment and restart the container.
|