pub fn resolve_admin_agent_ids(admin_cfg: Option<&AdminConfig>) -> Vec<String>Expand description
#976 (2026-05-20) — resolve the admin-allowlist with env-var
precedence over the config-file [admin].agent_ids block.
AI_MEMORY_ADMIN_AGENT_IDS is a comma-separated list of agent_ids.
The wildcard * is honoured (every authenticated caller becomes
admin — appropriate for test daemons + container deploys that
receive the admin allowlist from orchestration secrets instead of a
shipped config.toml). Same validate_agent_id filter as the config
path; malformed entries are dropped with a warn log so a single
typo cannot lock the operator out.
Returns the config-file allowlist when the env var is absent or empty; returns an empty Vec when neither source provides agent_ids (closes every admin-class endpoint by default — the secure posture per the post-#946 NHI contract).