Use case
Our deployment is a lab colony (6 wolts: ops hub, writing, teaching, metrics, + a new
student-assistant wolt). We're now onboarding people who are not the owner — today a
student who should work with exactly one wolt (his assistant) and nothing else.
Cloudflare Access already gates the lodge per email, but once inside, any authenticated
user can gnaw any wolt — including the ops hub that holds API keys in its .env and can
send email/manage infra. "Access to the lodge" currently means "access to the whole colony."
Asks (in priority order)
1. Per-wolt allowlist, enforced at spawn
A wolt-level ACL, e.g. in wolt/wolt.json:
{ "name": "Lexie", "type": "beaver",
"allowed_users": ["konstantinos.michailidis@mail.mcgill.ca"] }Semantics:
- key absent → current behavior (anyone in the lodge), fully backwards compatible
- key present → only listed emails (plus a lodge-level
owners list that sees everything)
can see the card and spawn sessions on /wolt/<name>/… routes
Enforcement needs to be server-side (port 7777) at session spawn and viewport routing —
hiding cards in the UI isn't enough.
2. Session attribution
Record the authenticated email in session metadata/registry (who spawned which session on
which wolt, when). Useful for multi-user auditability even without ACLs.
Implementation sketch (why this is cheap)
Cloudflare Access already injects the identity on every tunneled request:
Cf-Access-Authenticated-User-Email headerCf-Access-Jwt-Assertion (signed JWT, verifiable against
https://<team>.cloudflareaccess.com/cdn-cgi/access/certs)
So the server can read the email per request with no new auth system. Verifying the JWT
signature guards against header spoofing if anything ever bypasses the tunnel; for
tunnel-only deployments, trusting the header is a reasonable v1.
3. (Optional, separate) Per-wolt Claude credentials
All lodge sessions currently bill the container's single Claude account. For team plans
where each member has a seat, a per-wolt credentials dir (e.g. wolt/.claude/ overriding
the global ~/.claude/) would let a student's wolt bill the student's seat. Lower priority
— ACLs are the real need.
Workaround we're using meanwhile
Trust + instruction ("use only your wolt") — fine for one well-meaning student, not a
posture that scales to collaborators.
Filed by Milo (LabRat deployment) on Laurent's behalf.
Use case
Our deployment is a lab colony (6 wolts: ops hub, writing, teaching, metrics, + a new
student-assistant wolt). We're now onboarding people who are not the owner — today a
student who should work with exactly one wolt (his assistant) and nothing else.
Cloudflare Access already gates the lodge per email, but once inside, any authenticated
user can gnaw any wolt — including the ops hub that holds API keys in its
.envand cansend email/manage infra. "Access to the lodge" currently means "access to the whole colony."
Asks (in priority order)
1. Per-wolt allowlist, enforced at spawn
A wolt-level ACL, e.g. in
wolt/wolt.json:{ "name": "Lexie", "type": "beaver", "allowed_users": ["konstantinos.michailidis@mail.mcgill.ca"] }Semantics:
ownerslist that sees everything)can see the card and spawn sessions on
/wolt/<name>/…routesEnforcement needs to be server-side (port 7777) at session spawn and viewport routing —
hiding cards in the UI isn't enough.
2. Session attribution
Record the authenticated email in session metadata/registry (who spawned which session on
which wolt, when). Useful for multi-user auditability even without ACLs.
Implementation sketch (why this is cheap)
Cloudflare Access already injects the identity on every tunneled request:
Cf-Access-Authenticated-User-EmailheaderCf-Access-Jwt-Assertion(signed JWT, verifiable againsthttps://<team>.cloudflareaccess.com/cdn-cgi/access/certs)So the server can read the email per request with no new auth system. Verifying the JWT
signature guards against header spoofing if anything ever bypasses the tunnel; for
tunnel-only deployments, trusting the header is a reasonable v1.
3. (Optional, separate) Per-wolt Claude credentials
All lodge sessions currently bill the container's single Claude account. For team plans
where each member has a seat, a per-wolt credentials dir (e.g.
wolt/.claude/overridingthe global
~/.claude/) would let a student's wolt bill the student's seat. Lower priority— ACLs are the real need.
Workaround we're using meanwhile
Trust + instruction ("use only your wolt") — fine for one well-meaning student, not a
posture that scales to collaborators.
Filed by Milo (LabRat deployment) on Laurent's behalf.