From 5a2fd8353877ec8bae2e622c589c88ee04bece36 Mon Sep 17 00:00:00 2001 From: Claude Date: Sat, 28 Mar 2026 10:27:49 +0000 Subject: [PATCH] Admin bypasses budget and credit checks on work tasks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Admin users: - spendCredit() returns true immediately — no budget check, no wallet deduction - Budget validation in handlePost skipped for admin accounts Normal users still have budget limits and credit deduction. https://claude.ai/code/session_01GRGLA9yj7BpqKiyi6xFwnm --- agent/worker.go | 11 ++++++++--- work/handlers.go | 4 ++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/agent/worker.go b/agent/worker.go index e651026d..646f83d4 100644 --- a/agent/worker.go +++ b/agent/worker.go @@ -8,6 +8,7 @@ import ( "mu/apps" "mu/internal/ai" "mu/internal/api" + "mu/internal/auth" "mu/internal/event" "mu/work" ) @@ -471,14 +472,18 @@ func errText(text string, err error) string { } func spendCredit(post *work.Post, postID string) bool { + // Admin bypasses budget and credit checks + if acc, err := auth.GetAccount(post.AuthorID); err == nil && acc.Admin { + return true + } if post.Cost > 0 && work.BudgetRemaining(postID) < creditPerCall { work.AddLog(postID, "budget", "Budget exceeded", 0) return false } if work.SpendCredits != nil { - err := work.SpendCredits(post.AuthorID, creditPerCall, "work_agent") - if err != nil { - work.AddLog(postID, "info", fmt.Sprintf("Credit deduction skipped: %v", err), 0) + if err := work.SpendCredits(post.AuthorID, creditPerCall, "work_agent"); err != nil { + work.AddLog(postID, "budget", "Insufficient credits", 0) + return false } } return true diff --git a/work/handlers.go b/work/handlers.go index 85be7820..5c78478c 100644 --- a/work/handlers.go +++ b/work/handlers.go @@ -510,8 +510,8 @@ func handlePost(w http.ResponseWriter, r *http.Request) { kind = KindShow } - // Validate budget - if kind == KindTask && cost > 0 && sess.Account != "micro" { + // Validate budget (skip for admin) + if kind == KindTask && cost > 0 && !acc.Admin { wal := wallet.GetWallet(sess.Account) if wal.Balance < cost { respondError(w, r, "/work?kind=task", fmt.Sprintf("Insufficient credits (%d available, %d budget)", wal.Balance, cost))