Skip to content

feat(#573): multi-agent UI scoping — REST API user_id filtering and ownership guards#734

Merged
chubes4 merged 1 commit intomainfrom
feature/573-multi-agent-ui-scoping
Mar 8, 2026
Merged

feat(#573): multi-agent UI scoping — REST API user_id filtering and ownership guards#734
chubes4 merged 1 commit intomainfrom
feature/573-multi-agent-ui-scoping

Conversation

@chubes4
Copy link
Member

@chubes4 chubes4 commented Mar 8, 2026

Summary

Adds server-side user scoping to all pipeline, flow, and job REST endpoints so each user sees only their own data in WP-Admin. Admins see everything by default with an optional ?user_id=X filter.

  • Non-admins: always scoped to their own data — can't see or modify other users' pipelines/flows/jobs
  • Admins: see all by default, can filter by ?user_id=X for a specific user
  • Mutations: all update/delete/duplicate endpoints verify ownership before executing
  • Single-agent mode: user_id=0 resources remain accessible to anyone with the capability (backward compatible)

What Changed

File Change
inc/Abilities/PermissionHelper.php Added resolve_scoped_user_id() and owns_resource() methods
inc/Api/Pipelines/Pipelines.php GET scoped, POST stamps user_id, PATCH/DELETE verify ownership, memory-file endpoints verify ownership
inc/Api/Flows/Flows.php GET scoped, POST stamps user_id, PATCH/DELETE/duplicate verify ownership, memory-file endpoints verify ownership
inc/Api/Jobs.php GET scoped by user_id

How It Works

Query Scoping (GET endpoints)

// PermissionHelper::resolve_scoped_user_id($request)
// Non-admin → returns their user_id (always scoped)
// Admin + no ?user_id → returns null (all users)
// Admin + ?user_id=5 → returns 5 (filtered)

The resolved user_id is passed to the existing abilities (GetPipelinesAbility, GetFlowsAbility, GetJobsAbility) which already accept user_id and pass it to the DB layer. No DB or abilities changes needed.

Ownership Guards (mutation endpoints)

// PermissionHelper::owns_resource($resource_user_id)
// user_id=0 (single-agent) → always true
// Admin → always true
// Owner match → true
// Otherwise → false (403)

React Frontend

No React changes in this PR. The frontend doesn't need to send user_id — the server auto-injects scoping from the authenticated user. A future PR can add an admin user-filter dropdown, but the scoping works transparently without it.

Test Results

Tests: 764, Passed: 761, Failed: 0, Skipped: 3

Architecture Note

The existing pattern from Api/AgentFiles.php was the model — it already had resolve_scoped_user_id() and ownership checks. This PR extends the same pattern to pipelines, flows, and jobs using a centralized PermissionHelper instead of per-class methods.

Closes #573

@chubes4
feat(#573): multi-agent UI scoping — REST API user_id filtering and o…
fa31564 
…wnership guards

Add server-side user scoping to all pipeline, flow, and job REST endpoints
so each user sees only their own data in WP-Admin by default.

New PermissionHelper methods:
- resolve_scoped_user_id(): non-admins always get their own user_id;
  admins see all by default, or filter by ?user_id=X
- owns_resource(): checks if acting user owns a resource (by user_id on
  the record), allows admins and single-agent mode (user_id 0)

Pipeline REST API:
- GET scoped by user_id (passed to GetPipelinesAbility)
- POST stamps user_id from acting_user_id()
- PATCH/DELETE verify ownership before executing
- Memory-file GET/PUT verify ownership

Flow REST API:
- GET scoped by user_id (passed to GetFlowsAbility)
- POST stamps user_id from acting_user_id()
- PATCH/DELETE/duplicate verify ownership before executing
- Memory-file GET/PUT verify ownership

Jobs REST API:
- GET scoped by user_id (passed to GetJobsAbility)

DB and Abilities layers already supported user_id — this PR wires
the REST endpoints to actually use it.

Closes #573
@github-actions
Copy link

github-actions bot commented Mar 8, 2026
edited
Loading

Homeboy Results — data-machine

Lint

Tooling versions

  • Homeboy CLI: homeboy 0.71.0
  • Extension: wordpress from https://github.com/Extra-Chill/homeboy-extensions
  • Extension revision: unknown
  • Action: Extra-Chill/homeboy-action@v1

ℹ️ PR test scope resolved to full for compatibility with installed Homeboy CLI

lint (changed files only)

  • PHPStan: PHPSTAN SUMMARY: 203 errors at level 5

Test

Tooling versions

  • Homeboy CLI: homeboy 0.71.0
  • Extension: wordpress from https://github.com/Extra-Chill/homeboy-extensions
  • Extension revision: unknown
  • Action: Extra-Chill/homeboy-action@v1

⚡ PR test scope resolved to changed

test

  • PHPCS: LINT SUMMARY: 52 errors, 35 warnings
  • Fixable: 83 | Files with issues: 11 of 367
Top violations 
  WordPress.Arrays.ArrayDeclarationSpacing.ArrayItemNoNewLine    51
  Generic.Formatting.MultipleStatementAlignment.NotSameWarning    16
  WordPress.Arrays.MultipleStatementAlignment.DoubleArrowNotAligned    15
  Generic.CodeAnalysis.UnusedFunctionParameter.Found          3
  Universal.NamingConventions.NoReservedKeywordParameterNames.matchFound     1
- PHPStan: PHPSTAN SUMMARY: 203 errors at level 5 - Tests: 582, Assertions: 2346, Skipped: 3.

Audit

Tooling versions

  • Homeboy CLI: homeboy 0.71.0
  • Extension: wordpress from https://github.com/Extra-Chill/homeboy-extensions
  • Extension revision: unknown
  • Action: Extra-Chill/homeboy-action@v1

ℹ️ PR test scope resolved to full for compatibility with installed Homeboy CLI

audit (changed files only)

  • Actionable audit summary:
  • Alignment score: 0.698
  • Severity counts: info: 2, unknown: 76, warning: 7
  • Drift increased: no
  • Outliers in current run: 76
  • Parsed outlier entries: 76
  • Top actionable findings:
    1. inc/Abilities/PermissionHelper.php — naming_mismatch — Helper-like name does not match convention suffix 'Abilities': PermissionHelper
    2. inc/Abilities/PermissionHelper.php — missing_import — Missing import: DataMachine\Abilities\PermissionHelper
    3. inc/Api/Flows/Flows.php — duplicate_function — Duplicate function register — also in inc/Api/AgentFiles.php, inc/Api/AgentPing.php, inc/Api/Analytics.php, inc/Api/Auth.php, inc/Api/Chat/Chat.php, inc/Api/Execute.php, inc/Api/FlowFiles.php, inc/Api/Flows/FlowQueue.php, inc/Api/Flows/FlowSteps.php, inc/Api/Handlers.php, inc/Api/InternalLinks.php, inc/Api/Jobs.php, inc/Api/Logs.php, inc/Api/Pipelines/PipelineFlows.php, inc/Api/Pipelines/PipelineSteps.php, inc/Api/Pipelines/Pipelines.php, inc/Api/ProcessedItems.php, inc/Api/Providers.php, inc/Api/Settings.php, inc/Api/StepTypes.php, inc/Api/Tools.php, inc/Api/WebhookTrigger.php
    4. inc/Api/Jobs.php — duplicate_function — Duplicate function register — also in inc/Api/AgentFiles.php, inc/Api/AgentPing.php, inc/Api/Analytics.php, inc/Api/Auth.php, inc/Api/Chat/Chat.php, inc/Api/Execute.php, inc/Api/FlowFiles.php, inc/Api/Flows/FlowQueue.php, inc/Api/Flows/FlowSteps.php, inc/Api/Flows/Flows.php, inc/Api/Handlers.php, inc/Api/InternalLinks.php, inc/Api/Logs.php, inc/Api/Pipelines/PipelineFlows.php, inc/Api/Pipelines/PipelineSteps.php, inc/Api/Pipelines/Pipelines.php, inc/Api/ProcessedItems.php, inc/Api/Providers.php, inc/Api/Settings.php, inc/Api/StepTypes.php, inc/Api/Tools.php, inc/Api/WebhookTrigger.php
    5. inc/Api/Pipelines/Pipelines.php — duplicate_function — Duplicate function register — also in inc/Api/AgentFiles.php, inc/Api/AgentPing.php, inc/Api/Analytics.php, inc/Api/Auth.php, inc/Api/Chat/Chat.php, inc/Api/Execute.php, inc/Api/FlowFiles.php, inc/Api/Flows/FlowQueue.php, inc/Api/Flows/FlowSteps.php, inc/Api/Flows/Flows.php, inc/Api/Handlers.php, inc/Api/InternalLinks.php, inc/Api/Jobs.php, inc/Api/Logs.php, inc/Api/Pipelines/PipelineFlows.php, inc/Api/Pipelines/PipelineSteps.php, inc/Api/ProcessedItems.php, inc/Api/Providers.php, inc/Api/Settings.php, inc/Api/StepTypes.php, inc/Api/Tools.php, inc/Api/WebhookTrigger.php

Homeboy Action v1

@chubes4 chubes4 mentioned this pull request Mar 8, 2026
Closed
@chubes4 chubes4 merged commit 488a222 into main Mar 8, 2026
3 checks passed
@chubes4 chubes4 deleted the feature/573-multi-agent-ui-scoping branch March 8, 2026 16:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Multi-agent: WP-Admin UI scoping — users see their own pipelines, flows, jobs, and agent files

1 participant

@chubes4