Follow-up from #1884 (closed) / #1878 / ADR-0049.
#1884 enforced agent access + permissions in the chat route, but visibility (global/organization/private) is still not enforced. The route's RouteUserContext carries userId/roles/permissions but no tenant id, and the agent has no owner field — so a correct gate (organization = same tenant; private = owner only) can't be decided at the route layer today.
Needed
- Add tenant id (and, for
private, an agent owner/creator) to the authenticated request context via the auth middleware.
- Then gate the chat route:
global → open; organization → caller tenant must match agent.tenantId; private → owner only.
Until then, enforcing a partial/guessed version was intentionally avoided (would risk both lock-out and false security). See agent-access.ts for the documented gap.
Follow-up from #1884 (closed) / #1878 / ADR-0049.
#1884 enforced agent
access+permissionsin the chat route, butvisibility(global/organization/private) is still not enforced. The route'sRouteUserContextcarriesuserId/roles/permissionsbut no tenant id, and the agent has no owner field — so a correct gate (organization = same tenant; private = owner only) can't be decided at the route layer today.Needed
private, an agent owner/creator) to the authenticated request context via the auth middleware.global→ open;organization→ caller tenant must matchagent.tenantId;private→ owner only.Until then, enforcing a partial/guessed version was intentionally avoided (would risk both lock-out and false security). See
agent-access.tsfor the documented gap.