emcli

steve/emcli

Fork 0

Commit Graph

Author	SHA1	Message	Date
steve	7039371f70	docs(spec): agent-readable account list (reduced JSON view) Let an agent holding only EMCLI_KEY discover accounts via `account list`, exposing name/from/can_send (not host/username); admin keeps the full text table. account add/edit/remove stay admin-only. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-23 21:29:07 +01:00
steve	852bb1dc5b	docs: design for send-as From address field Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-23 20:06:38 +01:00
steve	2bc2c1b50e	docs(spec): two-key privilege separation design Enforce the agent/admin trust boundary with two env keys (EMCLI_ADMIN_KEY, EMCLI_KEY) via envelope encryption: one DEK wrapped per role. Admin commands unwrap the admin slot only (no agent fallback), so a forced agent holding EMCLI_KEY cannot authorize config changes. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-22 22:34:26 +01:00

Author

SHA1

Message

Date

steve

7039371f70

docs(spec): agent-readable account list (reduced JSON view)

Let an agent holding only EMCLI_KEY discover accounts via `account list`,
exposing name/from/can_send (not host/username); admin keeps the full
text table. account add/edit/remove stay admin-only.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-23 21:29:07 +01:00

steve

852bb1dc5b

docs: design for send-as From address field

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-23 20:06:38 +01:00

steve

2bc2c1b50e

docs(spec): two-key privilege separation design

Enforce the agent/admin trust boundary with two env keys (EMCLI_ADMIN_KEY,
EMCLI_KEY) via envelope encryption: one DEK wrapped per role. Admin commands
unwrap the admin slot only (no agent fallback), so a forced agent holding
EMCLI_KEY cannot authorize config changes.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-22 22:34:26 +01:00

3 Commits