feat(acl): redesign ACL with conversation scope selector (#297)

Backend
- New subject kinds: all / channel_identity / channel_type
- Source scope fields on bot_acl_rules: source_channel,
  source_conversation_type, source_conversation_id, source_thread_id
- Fix source_scope_check constraint: resolve source_channel server-side
  (channel_type → subject_channel_type; channel_identity → DB lookup)
- Add GET /bots/:id/acl/channel-types/:type/conversations to list
  observed conversations by platform type
- ListObservedConversations: include private/DM chats, normalise
  conversation_type; COALESCE(name, handle) for display name
- enrichConversationAvatar: persist entry.Name → conversation_name
  (keeps Telegram group titles current on every message)
- Unify Priority type to int32 across Go types to match DB INTEGER;
  remove all int/int32 casts in service layer
- Fix duplicate nil guard in Evaluate; drop dead SourceScope.Channel field
- Migration 0048_acl_redesign

Frontend
- Drag-and-drop rule priority reordering (SortableJS/useSortable);
  fix reorder: compute new order from oldIndex/newIndex directly,
  not from the array (which useSortable syncs after onEnd)
- Conversation scope selector: searchable popover backed by observed
  conversations (by identity or platform type); collapsible manual-ID fallback
- Display: name as primary label, stable channel·type·id always shown
  as subtitle for verification
- bot-terminal: accessibility fix on close-tab button (keyboard events)
- i18n: drag-to-reorder, conversation source, manual IDs (en/zh)

Tests: update fakeChatACL to Evaluate interface; fix SourceScope literals.
SDK/spec regenerated.

internal/db/sqlc/messages.sql.go

@@ -993,15 +993,19 @@ SELECT
   r.channel_type AS channel,
   CASE
     WHEN LOWER(COALESCE(r.conversation_type, '')) IN ('thread', 'topic') THEN 'thread'
+    WHEN LOWER(COALESCE(r.conversation_type, '')) IN ('p2p', 'private', 'direct', 'dm') THEN 'private'
     ELSE 'group'
   END AS conversation_type,
   r.external_conversation_id AS conversation_id,
   COALESCE(r.external_thread_id, '') AS thread_id,
-  COALESCE(r.metadata->>'conversation_name', '')::text AS conversation_name,
+  COALESCE(
+    NULLIF(TRIM(COALESCE(r.metadata->>'conversation_name', '')), ''),
+    NULLIF(TRIM(COALESCE(r.metadata->>'conversation_handle', '')), ''),
+    ''
+  )::text AS conversation_name,
   rr.last_observed_at
 FROM observed_routes rr
 JOIN bot_channel_routes r ON r.id = rr.route_id
-WHERE LOWER(COALESCE(r.conversation_type, '')) NOT IN ('', 'p2p', 'private', 'direct', 'dm')
 GROUP BY
   r.id,
   r.channel_type,
@@ -1056,6 +1060,92 @@ func (q *Queries) ListObservedConversationsByChannelIdentity(ctx context.Context
 	return items, nil
 }
 
+const listObservedConversationsByChannelType = `-- name: ListObservedConversationsByChannelType :many
+WITH observed_routes AS (
+  SELECT
+    s.route_id,
+    MAX(m.created_at)::timestamptz AS last_observed_at
+  FROM bot_history_messages m
+  JOIN bot_sessions s ON s.id = m.session_id
+  JOIN bot_channel_routes r ON r.id = s.route_id
+  WHERE m.bot_id = $1
+    AND LOWER(TRIM(r.channel_type)) = LOWER(TRIM($2))
+    AND s.route_id IS NOT NULL
+  GROUP BY s.route_id
+)
+SELECT
+  r.id AS route_id,
+  r.channel_type AS channel,
+  CASE
+    WHEN LOWER(COALESCE(r.conversation_type, '')) IN ('thread', 'topic') THEN 'thread'
+    WHEN LOWER(COALESCE(r.conversation_type, '')) IN ('p2p', 'private', 'direct', 'dm') THEN 'private'
+    ELSE 'group'
+  END AS conversation_type,
+  r.external_conversation_id AS conversation_id,
+  COALESCE(r.external_thread_id, '') AS thread_id,
+  COALESCE(
+    NULLIF(TRIM(COALESCE(r.metadata->>'conversation_name', '')), ''),
+    NULLIF(TRIM(COALESCE(r.metadata->>'conversation_handle', '')), ''),
+    ''
+  )::text AS conversation_name,
+  rr.last_observed_at
+FROM observed_routes rr
+JOIN bot_channel_routes r ON r.id = rr.route_id
+GROUP BY
+  r.id,
+  r.channel_type,
+  r.conversation_type,
+  r.external_conversation_id,
+  r.external_thread_id,
+  r.metadata,
+  rr.last_observed_at
+ORDER BY rr.last_observed_at DESC
+`
+
+type ListObservedConversationsByChannelTypeParams struct {
+	BotID       pgtype.UUID `json:"bot_id"`
+	ChannelType string      `json:"channel_type"`
+}
+
+type ListObservedConversationsByChannelTypeRow struct {
+	RouteID          pgtype.UUID        `json:"route_id"`
+	Channel          string             `json:"channel"`
+	ConversationType string             `json:"conversation_type"`
+	ConversationID   string             `json:"conversation_id"`
+	ThreadID         string             `json:"thread_id"`
+	ConversationName string             `json:"conversation_name"`
+	LastObservedAt   pgtype.Timestamptz `json:"last_observed_at"`
+}
+
+// Routes on this platform type where the bot has seen at least one message (any sender).
+func (q *Queries) ListObservedConversationsByChannelType(ctx context.Context, arg ListObservedConversationsByChannelTypeParams) ([]ListObservedConversationsByChannelTypeRow, error) {
+	rows, err := q.db.Query(ctx, listObservedConversationsByChannelType, arg.BotID, arg.ChannelType)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var items []ListObservedConversationsByChannelTypeRow
+	for rows.Next() {
+		var i ListObservedConversationsByChannelTypeRow
+		if err := rows.Scan(
+			&i.RouteID,
+			&i.Channel,
+			&i.ConversationType,
+			&i.ConversationID,
+			&i.ThreadID,
+			&i.ConversationName,
+			&i.LastObservedAt,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, i)
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
 const listUncompactedMessagesBySession = `-- name: ListUncompactedMessagesBySession :many
 SELECT id, bot_id, session_id, role, content, usage, sender_channel_identity_id, compact_id, created_at
 FROM bot_history_messages