fix(agent): revert operator-sees-all, restore per-user isolation

Operators now only see their own instances (same as regular users). Admin role retains superuser view. Orphaned running instances were reassigned to hailin via DB update. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-09 09:58:00 -07:00 · 2026-03-09 09:58:00 -07:00 · 233c1c77b2
parent 4f9f456f85
commit 233c1c77b2
1 changed files with 2 additions and 2 deletions
--- a/packages/services/agent-service/src/interfaces/rest/controllers/agent-instance.controller.ts
+++ b/packages/services/agent-service/src/interfaces/rest/controllers/agent-instance.controller.ts
@ -34,8 +34,8 @@ export class AgentInstanceController {
    const jwt = this.decodeJwt(req.headers?.['authorization'] as string | undefined);
    const userId = jwt?.sub;
    const roles: string[] = jwt?.roles ?? [];
-    // Admins and operators see all instances; regular users only see their own
-    if (!userId || roles.includes('admin') || roles.includes('operator')) {
+    // Admins see all instances; regular users only see their own
+    if (!userId || roles.includes('admin')) {
      return this.instanceRepo.findAll();
    }
    const instances = await this.instanceRepo.findByUserId(userId);