Add optional project scope to API tokens, allowing tokens to be restricted to a specific project and optionally its sub-projects. This builds on the existing API token system by adding two new fields: project_id and include_sub_projects. Key changes: - Database migration adding project_id and include_sub_projects columns - ProjectScopedAuth wrapper type implementing web.Auth with scope info - AuthUnwrapper interface for transparent auth type unwrapping - Scope enforcement in project/task permission checks and list queries - Middleware resolves scoped project IDs (with recursive CTE for sub-projects) - Frontend: project selector in token creation form, scope display in list - Tests for scope resolution, permission enforcement, and token creation https://claude.ai/code/session_015JjPNeSkwxYQNCeMf2PYTi |
||
|---|---|---|
| .. | ||
| auth | ||
| avatar | ||
| background | ||
| dump | ||
| keyvalue | ||
| migration | ||