release(secrets-mcp): v0.3.1

- MCP: secrets_find, secrets_overview; secrets_get id-only; id on update/delete/history/rollback - Add meta_obj/secrets_obj; delete guard; env_map/instructions updates - Core: resolve_entry_by_id; get_*_by_id validates entry + tenant before decrypt Made-with: Cursor
2026-03-26 17:35:56 +08:00
parent 409fd78a35
commit beade4503d
5 changed files with 426 additions and 66 deletions
--- a/crates/secrets-core/src/service/search.rs
+++ b/crates/secrets-core/src/service/search.rs
@@ -208,6 +208,36 @@ pub async fn fetch_secrets_for_entries(
    Ok(map)
 }

+/// Resolve exactly one entry by its UUID primary key.
+///
+/// Returns an error if the entry does not exist or does not belong to the given user.
+pub async fn resolve_entry_by_id(
+    pool: &PgPool,
+    id: Uuid,
+    user_id: Option<Uuid>,
+) -> Result<crate::models::Entry> {
+    let row: Option<EntryRaw> = if let Some(uid) = user_id {
+        sqlx::query_as(
+            "SELECT id, user_id, folder, type, name, notes, tags, metadata, version, \
+             created_at, updated_at FROM entries WHERE id = $1 AND user_id = $2",
+        )
+        .bind(id)
+        .bind(uid)
+        .fetch_optional(pool)
+        .await?
+    } else {
+        sqlx::query_as(
+            "SELECT id, user_id, folder, type, name, notes, tags, metadata, version, \
+             created_at, updated_at FROM entries WHERE id = $1 AND user_id IS NULL",
+        )
+        .bind(id)
+        .fetch_optional(pool)
+        .await?
+    };
+    row.map(Entry::from)
+        .ok_or_else(|| anyhow::anyhow!("Entry with id '{}' not found", id))
+}
+
 /// Resolve exactly one entry by name, with optional folder for disambiguation.
 ///
 /// - If `folder` is provided: exact `(folder, name)` match.