From 839e63acda882a3449cec11f5bccf8dd63e009c6 Mon Sep 17 00:00:00 2001
From: BBQ <35603386+HoneyBBQ@users.noreply.github.com>
Date: Sat, 14 Mar 2026 17:15:41 +0800
Subject: [PATCH] feat(access): add guest chat ACL (#235)

---
 apps/web/src/i18n/locales/en.json             |   60 +
 apps/web/src/i18n/locales/zh.json             |   60 +
 .../src/pages/bots/components/bot-access.vue  | 1170 +++++++++++++++++
 .../pages/bots/components/bot-settings.vue    |   19 -
 apps/web/src/pages/bots/detail.vue            |    2 +
 cmd/agent/main.go                             |   11 +-
 cmd/memoh/serve.go                            |   11 +-
 db/migrations/0001_init.down.sql              |    1 +
 db/migrations/0001_init.up.sql                |   65 +-
 .../0031_chat_acl_remove_bot_members.down.sql |   43 +
 .../0031_chat_acl_remove_bot_members.up.sql   |   53 +
 .../0032_source_aware_acl_scope.down.sql      |   52 +
 .../0032_source_aware_acl_scope.up.sql        |   69 +
 db/queries/acl.sql                            |  136 ++
 db/queries/bots.sql                           |   39 +-
 db/queries/channel_identities.sql             |   26 +
 db/queries/conversations.sql                  |   80 +-
 db/queries/messages.sql                       |   22 +
 db/queries/preauth.sql                        |   18 -
 db/queries/settings.sql                       |    6 +-
 db/queries/users.sql                          |   13 +
 devenv/docker-compose.yml                     |   44 +-
 internal/accounts/service.go                  |   22 +
 internal/acl/service.go                       |  474 +++++++
 internal/acl/service_test.go                  |  389 ++++++
 internal/acl/types.go                         |  131 ++
 internal/bots/service.go                      |  213 +--
 internal/bots/service_test.go                 |   98 +-
 internal/bots/types.go                        |   26 -
 internal/channel/adapters/discord/discord.go  |    4 +-
 internal/channel/adapters/feishu/inbound.go   |   22 +-
 .../channel/adapters/feishu/sender_profile.go |    9 +-
 internal/channel/adapters/qq/qq.go            |    2 +-
 internal/channel/adapters/qq/receive.go       |   20 +-
 internal/channel/adapters/qq/receive_test.go  |   12 +-
 .../channel/adapters/telegram/telegram.go     |   18 +-
 internal/channel/adapters/wecom/inbound.go    |    4 +-
 internal/channel/adapters/wecom/wecom.go      |    2 +-
 internal/channel/identities/service.go        |   38 +
 internal/channel/identities/types.go          |    7 +
 internal/channel/inbound/channel.go           |   52 +-
 internal/channel/inbound/channel_test.go      |  197 ++-
 internal/channel/inbound/identity.go          |  116 +-
 internal/channel/inbound/identity_test.go     |  248 ++--
 internal/channel/inbound_test.go              |    4 +-
 internal/channel/manager_integration_test.go  |    2 +-
 internal/channel/route/service.go             |   29 +-
 internal/channel/types.go                     |   29 +-
 internal/command/handler.go                   |    9 +-
 internal/command/handler_test.go              |   21 +-
 internal/conversation/service.go              |  134 +-
 internal/db/sqlc/acl.sql.go                   |  415 ++++++
 internal/db/sqlc/bots.sql.go                  |  194 +--
 internal/db/sqlc/channel_identities.sql.go    |   80 ++
 internal/db/sqlc/conversations.sql.go         |  131 +-
 internal/db/sqlc/messages.sql.go              |   66 +
 internal/db/sqlc/models.go                    |   35 +-
 internal/db/sqlc/preauth.sql.go               |   91 --
 internal/db/sqlc/settings.sql.go              |   36 +-
 internal/db/sqlc/users.sql.go                 |   53 +
 internal/handlers/acl.go                      |  322 +++++
 internal/handlers/containerd.go               |    6 +-
 internal/handlers/heartbeat.go                |    2 +-
 internal/handlers/inbox.go                    |    2 +-
 internal/handlers/local_channel.go            |    6 +-
 internal/handlers/mcp.go                      |    2 +-
 internal/handlers/mcp_oauth.go                |    2 +-
 internal/handlers/memory.go                   |    2 +-
 internal/handlers/message.go                  |    4 +-
 internal/handlers/preauth.go                  |   72 -
 internal/handlers/schedule.go                 |    2 +-
 internal/handlers/settings.go                 |    2 +-
 internal/handlers/subagent.go                 |    2 +-
 internal/handlers/token_usage.go              |    2 +-
 internal/handlers/users.go                    |  108 +-
 internal/policy/service.go                    |   41 +-
 internal/preauth/service.go                   |  107 --
 internal/preauth/types.go                     |   14 -
 internal/settings/service.go                  |   55 +-
 packages/sdk/src/@pinia/colada.gen.ts         |  214 ++-
 packages/sdk/src/index.ts                     |    4 +-
 packages/sdk/src/sdk.gen.ts                   |  107 +-
 packages/sdk/src/types.gen.ts                 |  605 ++++++---
 spec/docs.go                                  |  873 +++++++++---
 spec/swagger.json                             |  873 +++++++++---
 spec/swagger.yaml                             |  578 ++++++--
 86 files changed, 6886 insertions(+), 2554 deletions(-)
 create mode 100644 apps/web/src/pages/bots/components/bot-access.vue
 create mode 100644 db/migrations/0031_chat_acl_remove_bot_members.down.sql
 create mode 100644 db/migrations/0031_chat_acl_remove_bot_members.up.sql
 create mode 100644 db/migrations/0032_source_aware_acl_scope.down.sql
 create mode 100644 db/migrations/0032_source_aware_acl_scope.up.sql
 create mode 100644 db/queries/acl.sql
 delete mode 100644 db/queries/preauth.sql
 create mode 100644 internal/acl/service.go
 create mode 100644 internal/acl/service_test.go
 create mode 100644 internal/acl/types.go
 create mode 100644 internal/db/sqlc/acl.sql.go
 delete mode 100644 internal/db/sqlc/preauth.sql.go
 create mode 100644 internal/handlers/acl.go
 delete mode 100644 internal/handlers/preauth.go
 delete mode 100644 internal/preauth/service.go
 delete mode 100644 internal/preauth/types.go

diff --git a/apps/web/src/i18n/locales/en.json b/apps/web/src/i18n/locales/en.json
index 459ff9b5..326feabe 100644
--- a/apps/web/src/i18n/locales/en.json
+++ b/apps/web/src/i18n/locales/en.json
@@ -559,6 +559,7 @@
       "skills": "Skills",
       "email": "Email",
       "files": "Files",
+      "access": "Access",
       "terminal": "Terminal",
       "settings": "Settings"
     },
@@ -767,6 +768,65 @@
       "deleteBotDescription": "Deleting this bot cannot be undone. Proceed with caution.",
       "deleteBot": "Delete Bot"
     },
+    "access": {
+      "title": "Access Control",
+      "subtitle": "Guest chat trigger access is controlled by allow guest, whitelist, and blacklist together.",
+      "allowGuestDescription": "When enabled, guests may trigger chat by default. Blacklist rules still take precedence.",
+      "saveGuestAccess": "Save Guest Access",
+      "guestAccessSaved": "Guest access updated",
+      "guestRulesTitle": "Rule Summary",
+      "guestRulesDescription": "Owners and members always bypass these rules. The rules below only apply to guest chat triggers.",
+      "whitelistTitle": "Whitelist",
+      "whitelistDescription": "Whitelisted guests can still trigger chat even when guest access is not open.",
+      "blacklistTitle": "Blacklist",
+      "blacklistDescription": "Blacklisted guests are denied chat trigger even when guest access is open.",
+      "userSelector": "Select User",
+      "identitySelector": "Select Platform Identity",
+      "selectUser": "Search and select a user",
+      "selectIdentity": "Search and select a platform identity",
+      "searchUser": "Search users",
+      "searchIdentity": "Search platform identities",
+      "noUserCandidates": "No user candidates",
+      "noIdentityCandidates": "No platform identity candidates",
+      "userId": "User ID",
+      "userIdPlaceholder": "Enter user ID",
+      "channelIdentityId": "Channel Identity ID",
+      "channelIdentityIdPlaceholder": "Enter channel identity ID",
+      "addWhitelist": "Add to Whitelist",
+      "addBlacklist": "Add to Blacklist",
+      "clearSelection": "Clear Selection",
+      "whitelistEmpty": "No whitelist rules yet",
+      "blacklistEmpty": "No blacklist rules yet",
+      "validation": "Fill exactly one subject: user_id or channel_identity_id",
+      "validationConversationRequiresChannel": "Select a source platform before restricting by conversation or thread ID",
+      "validationThreadRequiresConversation": "Thread ID requires a conversation ID",
+      "whitelistSaved": "Whitelist updated",
+      "blacklistSaved": "Blacklist updated",
+      "saveFailed": "Failed to save access rule",
+      "deleteSuccess": "Rule deleted",
+      "deleteFailed": "Failed to delete rule",
+      "sourceScopeTitle": "Source Scope",
+      "sourceScopeDescription": "Optionally restrict a rule to a platform, conversation type, or specific conversation/thread.",
+      "sourceChannel": "Source Platform",
+      "anyChannel": "Any platform",
+      "conversationType": "Conversation Type",
+      "anyConversationType": "Any conversation type",
+      "privateConversationType": "Private",
+      "groupConversationType": "Group",
+      "threadConversationType": "Thread",
+      "observedConversation": "Observed Conversation",
+      "selectObservedConversation": "Select an observed conversation",
+      "searchObservedConversation": "Search observed conversations",
+      "noObservedConversations": "No observed conversations",
+      "selectIdentityFirst": "Select a platform identity first to load observed conversations",
+      "observedConversationHint": "Choosing an observed conversation auto-fills the platform, conversation ID, and thread ID.",
+      "conversationId": "Conversation ID",
+      "conversationIdPlaceholder": "Enter conversation ID",
+      "threadId": "Thread ID",
+      "threadIdPlaceholder": "Enter thread ID",
+      "clearScope": "Clear Scope",
+      "lastObserved": "Last seen"
+    },
     "channels": {
       "title": "Platforms",
       "addChannel": "Add Platform",
diff --git a/apps/web/src/i18n/locales/zh.json b/apps/web/src/i18n/locales/zh.json
index ac848fa2..165e3b61 100644
--- a/apps/web/src/i18n/locales/zh.json
+++ b/apps/web/src/i18n/locales/zh.json
@@ -555,6 +555,7 @@
       "skills": "技能",
       "email": "邮件",
       "files": "文件",
+      "access": "访问控制",
       "terminal": "终端",
       "settings": "设置"
     },
@@ -763,6 +764,65 @@
       "deleteBotDescription": "删除此 Bot 后无法恢复，请谨慎操作。",
       "deleteBot": "删除 Bot"
     },
+    "access": {
+      "title": "访问控制",
+      "subtitle": "游客聊天触发权限由 allow guest、白名单和黑名单共同决定。",
+      "allowGuestDescription": "开启后，游客默认可触发聊天；黑名单仍然会优先阻止。",
+      "saveGuestAccess": "保存游客访问设置",
+      "guestAccessSaved": "游客访问设置已保存",
+      "guestRulesTitle": "规则说明",
+      "guestRulesDescription": "Owner 和成员始终可用；这里的规则只作用于游客的聊天触发。",
+      "whitelistTitle": "白名单",
+      "whitelistDescription": "当未开放游客时，白名单中的游客仍可触发聊天。",
+      "blacklistTitle": "黑名单",
+      "blacklistDescription": "即使已开放游客，黑名单中的游客也会被拒绝触发聊天。",
+      "userSelector": "选择用户",
+      "identitySelector": "选择平台身份",
+      "selectUser": "搜索并选择用户",
+      "selectIdentity": "搜索并选择平台身份",
+      "searchUser": "搜索用户",
+      "searchIdentity": "搜索平台身份",
+      "noUserCandidates": "暂无可选用户",
+      "noIdentityCandidates": "暂无可选平台身份",
+      "userId": "用户 ID",
+      "userIdPlaceholder": "输入用户 ID",
+      "channelIdentityId": "Channel Identity ID",
+      "channelIdentityIdPlaceholder": "输入 channel identity ID",
+      "addWhitelist": "添加到白名单",
+      "addBlacklist": "添加到黑名单",
+      "clearSelection": "清空选择",
+      "whitelistEmpty": "暂无白名单规则",
+      "blacklistEmpty": "暂无黑名单规则",
+      "validation": "请只填写一个主体：user_id 或 channel_identity_id",
+      "validationConversationRequiresChannel": "按会话或线程限制时，请先选择来源平台",
+      "validationThreadRequiresConversation": "填写线程 ID 前必须先填写会话 ID",
+      "whitelistSaved": "白名单已更新",
+      "blacklistSaved": "黑名单已更新",
+      "saveFailed": "保存访问规则失败",
+      "deleteSuccess": "规则已删除",
+      "deleteFailed": "删除规则失败",
+      "sourceScopeTitle": "来源范围",
+      "sourceScopeDescription": "可选地将规则限制到某个平台、会话类型或指定会话/线程。",
+      "sourceChannel": "来源平台",
+      "anyChannel": "任意平台",
+      "conversationType": "会话类型",
+      "anyConversationType": "任意会话类型",
+      "privateConversationType": "私聊",
+      "groupConversationType": "群聊",
+      "threadConversationType": "线程",
+      "observedConversation": "历史会话",
+      "selectObservedConversation": "选择一个历史会话",
+      "searchObservedConversation": "搜索历史会话",
+      "noObservedConversations": "暂无历史会话",
+      "selectIdentityFirst": "请先选择平台身份以加载历史会话",
+      "observedConversationHint": "选择历史会话后会自动填充平台、会话 ID 和线程 ID。",
+      "conversationId": "会话 ID",
+      "conversationIdPlaceholder": "输入会话 ID",
+      "threadId": "线程 ID",
+      "threadIdPlaceholder": "输入线程 ID",
+      "clearScope": "清空范围",
+      "lastObserved": "最近出现"
+    },
     "channels": {
       "title": "平台",
       "addChannel": "添加平台",
diff --git a/apps/web/src/pages/bots/components/bot-access.vue b/apps/web/src/pages/bots/components/bot-access.vue
new file mode 100644
index 00000000..e7031676
--- /dev/null
+++ b/apps/web/src/pages/bots/components/bot-access.vue
@@ -0,0 +1,1170 @@
+<template>
+  <div class="max-w-3xl mx-auto space-y-6">
+    <div class="space-y-1">
+      <h2 class="text-lg font-semibold text-foreground">
+        {{ $t('bots.access.title') }}
+      </h2>
+      <p class="text-sm text-muted-foreground">
+        {{ $t('bots.access.subtitle') }}
+      </p>
+    </div>
+
+    <section class="rounded-lg border border-border bg-card p-4 space-y-4">
+      <div class="flex items-start justify-between gap-4">
+        <div class="space-y-1">
+          <p class="text-sm font-medium text-foreground">
+            {{ $t('bots.settings.allowGuest') }}
+          </p>
+          <p class="text-sm text-muted-foreground">
+            {{ $t('bots.access.allowGuestDescription') }}
+          </p>
+          <p
+            v-if="isPersonalBot"
+            class="text-xs text-muted-foreground"
+          >
+            {{ $t('bots.settings.allowGuestPersonalHint') }}
+          </p>
+        </div>
+        <Switch
+          :model-value="allowGuestDraft"
+          :disabled="isPersonalBot || isSavingGuestAccess"
+          @update:model-value="(val) => allowGuestDraft = !!val"
+        />
+      </div>
+      <div class="flex justify-end">
+        <Button
+          :disabled="isPersonalBot || !hasGuestAccessChanges || isSavingGuestAccess"
+          @click="handleSaveGuestAccess"
+        >
+          <Spinner
+            v-if="isSavingGuestAccess"
+            class="mr-1.5"
+          />
+          {{ $t('bots.access.saveGuestAccess') }}
+        </Button>
+      </div>
+    </section>
+
+    <div class="rounded-lg border border-border bg-card p-4 space-y-2">
+      <p class="text-sm font-medium text-foreground">
+        {{ $t('bots.access.guestRulesTitle') }}
+      </p>
+      <p class="text-sm text-muted-foreground">
+        {{ $t('bots.access.guestRulesDescription') }}
+      </p>
+    </div>
+
+    <section class="rounded-lg border border-border bg-card p-4 space-y-4">
+      <div>
+        <h3 class="text-base font-semibold text-foreground">
+          {{ $t('bots.access.whitelistTitle') }}
+        </h3>
+        <p class="text-sm text-muted-foreground">
+          {{ $t('bots.access.whitelistDescription') }}
+        </p>
+      </div>
+
+      <div class="grid gap-3 md:grid-cols-2">
+        <div class="space-y-2">
+          <Label>{{ $t('bots.access.userSelector') }}</Label>
+          <SearchableSelectPopover
+            v-model="whitelistSelection.userId"
+            :options="userOptions"
+            :placeholder="$t('bots.access.selectUser')"
+            :aria-label="$t('bots.access.selectUser')"
+            :search-placeholder="$t('bots.access.searchUser')"
+            :search-aria-label="$t('bots.access.searchUser')"
+            :empty-text="$t('bots.access.noUserCandidates')"
+          >
+            <template #option-label="{ option }">
+              <div class="flex min-w-0 items-center gap-2 text-left">
+                <Avatar class="size-7 shrink-0">
+                  <AvatarImage
+                    v-if="candidateAvatar(option.meta as AclUserCandidate | undefined)"
+                    :src="candidateAvatar(option.meta as AclUserCandidate | undefined)"
+                    :alt="option.label"
+                  />
+                  <AvatarFallback class="text-[10px]">
+                    {{ initials(option.label) }}
+                  </AvatarFallback>
+                </Avatar>
+                <div class="min-w-0">
+                  <div class="truncate">
+                    {{ option.label }}
+                  </div>
+                  <div class="truncate text-xs text-muted-foreground">
+                    {{ option.description }}
+                  </div>
+                </div>
+              </div>
+            </template>
+            <template #option-suffix>
+              <span />
+            </template>
+          </SearchableSelectPopover>
+        </div>
+        <div class="space-y-2">
+          <Label>{{ $t('bots.access.identitySelector') }}</Label>
+          <SearchableSelectPopover
+            v-model="whitelistSelection.channelIdentityId"
+            :options="identityOptions"
+            :placeholder="$t('bots.access.selectIdentity')"
+            :aria-label="$t('bots.access.selectIdentity')"
+            :search-placeholder="$t('bots.access.searchIdentity')"
+            :search-aria-label="$t('bots.access.searchIdentity')"
+            :empty-text="$t('bots.access.noIdentityCandidates')"
+          >
+            <template #option-label="{ option }">
+              <div class="flex min-w-0 items-center gap-2 text-left">
+                <Avatar class="size-7 shrink-0">
+                  <AvatarImage
+                    v-if="identityAvatar(option.meta as AclChannelIdentityCandidate | undefined)"
+                    :src="identityAvatar(option.meta as AclChannelIdentityCandidate | undefined)"
+                    :alt="option.label"
+                  />
+                  <AvatarFallback class="text-[10px]">
+                    {{ initials(option.label) }}
+                  </AvatarFallback>
+                </Avatar>
+                <div class="min-w-0">
+                  <div class="truncate">
+                    {{ option.label }}
+                  </div>
+                  <div class="truncate text-xs text-muted-foreground">
+                    {{ option.description }}
+                  </div>
+                </div>
+              </div>
+            </template>
+            <template #option-suffix>
+              <span />
+            </template>
+          </SearchableSelectPopover>
+        </div>
+      </div>
+
+      <div class="rounded-md border border-border bg-muted/40 p-4 space-y-3">
+        <div class="space-y-1">
+          <p class="text-sm font-medium text-foreground">
+            {{ $t('bots.access.sourceScopeTitle') }}
+          </p>
+          <p class="text-xs text-muted-foreground">
+            {{ $t('bots.access.sourceScopeDescription') }}
+          </p>
+        </div>
+
+        <div class="grid gap-3 md:grid-cols-2">
+          <div class="space-y-2">
+            <Label>{{ $t('bots.access.sourceChannel') }}</Label>
+            <div
+              v-if="whitelistSelection.channelIdentityId"
+              class="flex h-9 items-center rounded-md border border-border bg-background px-3 text-sm text-foreground"
+            >
+              {{ whitelistSelection.sourceChannel || $t('bots.access.anyChannel') }}
+            </div>
+            <NativeSelect
+              v-else
+              v-model="whitelistSelection.sourceChannel"
+              class="h-9 w-full text-sm"
+            >
+              <option value="">
+                {{ $t('bots.access.anyChannel') }}
+              </option>
+              <option
+                v-for="channel in knownChannels"
+                :key="channel"
+                :value="channel"
+              >
+                {{ channel }}
+              </option>
+            </NativeSelect>
+          </div>
+
+          <div class="space-y-2">
+            <Label>{{ $t('bots.access.conversationType') }}</Label>
+            <NativeSelect
+              v-model="whitelistSelection.sourceConversationType"
+              class="h-9 w-full text-sm"
+            >
+              <option value="">
+                {{ $t('bots.access.anyConversationType') }}
+              </option>
+              <option value="private">
+                {{ $t('bots.access.privateConversationType') }}
+              </option>
+              <option value="group">
+                {{ $t('bots.access.groupConversationType') }}
+              </option>
+              <option value="thread">
+                {{ $t('bots.access.threadConversationType') }}
+              </option>
+            </NativeSelect>
+          </div>
+
+          <div class="space-y-2 md:col-span-2">
+            <Label>{{ $t('bots.access.observedConversation') }}</Label>
+            <SearchableSelectPopover
+              v-if="whitelistSelection.channelIdentityId"
+              v-model="whitelistSelection.observedConversationRouteId"
+              :options="whitelistObservedConversationOptions"
+              :placeholder="$t('bots.access.selectObservedConversation')"
+              :aria-label="$t('bots.access.selectObservedConversation')"
+              :search-placeholder="$t('bots.access.searchObservedConversation')"
+              :search-aria-label="$t('bots.access.searchObservedConversation')"
+              :empty-text="$t('bots.access.noObservedConversations')"
+            />
+            <div
+              v-else
+              class="flex h-9 items-center rounded-md border border-border bg-background px-3 text-sm text-muted-foreground"
+            >
+              {{ $t('bots.access.selectIdentityFirst') }}
+            </div>
+            <p class="text-xs text-muted-foreground">
+              <template v-if="isLoadingWhitelistObserved">
+                {{ $t('common.loading') }}
+              </template>
+              <template v-else>
+                {{ $t('bots.access.observedConversationHint') }}
+              </template>
+            </p>
+          </div>
+
+          <div class="space-y-2">
+            <Label>{{ $t('bots.access.conversationId') }}</Label>
+            <Input
+              v-model="whitelistSelection.sourceConversationId"
+              :placeholder="$t('bots.access.conversationIdPlaceholder')"
+            />
+          </div>
+
+          <div class="space-y-2">
+            <Label>{{ $t('bots.access.threadId') }}</Label>
+            <Input
+              v-model="whitelistSelection.sourceThreadId"
+              :placeholder="$t('bots.access.threadIdPlaceholder')"
+            />
+          </div>
+        </div>
+
+        <div class="flex justify-end">
+          <Button
+            variant="outline"
+            @click="clearSourceScope(whitelistSelection)"
+          >
+            {{ $t('bots.access.clearScope') }}
+          </Button>
+        </div>
+      </div>
+
+      <div class="flex justify-end gap-2">
+        <Button
+          variant="outline"
+          @click="resetSelection(whitelistSelection)"
+        >
+          {{ $t('bots.access.clearSelection') }}
+        </Button>
+        <Button
+          :disabled="isSavingWhitelist"
+          @click="handleAddWhitelist"
+        >
+          <Spinner
+            v-if="isSavingWhitelist"
+            class="mr-1.5"
+          />
+          {{ $t('bots.access.addWhitelist') }}
+        </Button>
+      </div>
+
+      <Separator />
+
+      <div
+        v-if="isLoadingWhitelist"
+        class="text-sm text-muted-foreground"
+      >
+        {{ $t('common.loading') }}
+      </div>
+      <div
+        v-else-if="whitelist.length === 0"
+        class="text-sm text-muted-foreground"
+      >
+        {{ $t('bots.access.whitelistEmpty') }}
+      </div>
+      <div
+        v-else
+        class="space-y-2"
+      >
+        <div
+          v-for="item in whitelist"
+          :key="item.id"
+          class="flex items-center justify-between gap-3 rounded-md border border-border px-3 py-2"
+        >
+          <div class="flex min-w-0 items-center gap-3">
+            <div class="relative shrink-0">
+              <Avatar class="size-9 shrink-0">
+                <AvatarImage
+                  v-if="ruleAvatar(item)"
+                  :src="ruleAvatar(item)"
+                  :alt="formatRuleLabel(item)"
+                />
+                <AvatarFallback class="text-xs">
+                  {{ initials(formatRuleLabel(item)) }}
+                </AvatarFallback>
+              </Avatar>
+              <ChannelBadge
+                v-if="rulePlatform(item)"
+                :platform="rulePlatform(item)"
+              />
+            </div>
+            <div class="min-w-0">
+              <div class="truncate text-sm font-medium text-foreground">
+                {{ formatRuleLabel(item) }}
+              </div>
+              <div class="truncate text-xs text-muted-foreground">
+                {{ formatRuleMeta(item) }}
+              </div>
+            </div>
+          </div>
+          <Button
+            variant="outline"
+            size="sm"
+            :disabled="deletingRuleId === item.id"
+            @click="handleDeleteWhitelist(item.id)"
+          >
+            {{ $t('common.delete') }}
+          </Button>
+        </div>
+      </div>
+    </section>
+
+    <section class="rounded-lg border border-border bg-card p-4 space-y-4">
+      <div>
+        <h3 class="text-base font-semibold text-foreground">
+          {{ $t('bots.access.blacklistTitle') }}
+        </h3>
+        <p class="text-sm text-muted-foreground">
+          {{ $t('bots.access.blacklistDescription') }}
+        </p>
+      </div>
+
+      <div class="grid gap-3 md:grid-cols-2">
+        <div class="space-y-2">
+          <Label>{{ $t('bots.access.userSelector') }}</Label>
+          <SearchableSelectPopover
+            v-model="blacklistSelection.userId"
+            :options="userOptions"
+            :placeholder="$t('bots.access.selectUser')"
+            :aria-label="$t('bots.access.selectUser')"
+            :search-placeholder="$t('bots.access.searchUser')"
+            :search-aria-label="$t('bots.access.searchUser')"
+            :empty-text="$t('bots.access.noUserCandidates')"
+          >
+            <template #option-label="{ option }">
+              <div class="flex min-w-0 items-center gap-2 text-left">
+                <Avatar class="size-7 shrink-0">
+                  <AvatarImage
+                    v-if="candidateAvatar(option.meta as AclUserCandidate | undefined)"
+                    :src="candidateAvatar(option.meta as AclUserCandidate | undefined)"
+                    :alt="option.label"
+                  />
+                  <AvatarFallback class="text-[10px]">
+                    {{ initials(option.label) }}
+                  </AvatarFallback>
+                </Avatar>
+                <div class="min-w-0">
+                  <div class="truncate">
+                    {{ option.label }}
+                  </div>
+                  <div class="truncate text-xs text-muted-foreground">
+                    {{ option.description }}
+                  </div>
+                </div>
+              </div>
+            </template>
+            <template #option-suffix>
+              <span />
+            </template>
+          </SearchableSelectPopover>
+        </div>
+        <div class="space-y-2">
+          <Label>{{ $t('bots.access.identitySelector') }}</Label>
+          <SearchableSelectPopover
+            v-model="blacklistSelection.channelIdentityId"
+            :options="identityOptions"
+            :placeholder="$t('bots.access.selectIdentity')"
+            :aria-label="$t('bots.access.selectIdentity')"
+            :search-placeholder="$t('bots.access.searchIdentity')"
+            :search-aria-label="$t('bots.access.searchIdentity')"
+            :empty-text="$t('bots.access.noIdentityCandidates')"
+          >
+            <template #option-label="{ option }">
+              <div class="flex min-w-0 items-center gap-2 text-left">
+                <Avatar class="size-7 shrink-0">
+                  <AvatarImage
+                    v-if="identityAvatar(option.meta as AclChannelIdentityCandidate | undefined)"
+                    :src="identityAvatar(option.meta as AclChannelIdentityCandidate | undefined)"
+                    :alt="option.label"
+                  />
+                  <AvatarFallback class="text-[10px]">
+                    {{ initials(option.label) }}
+                  </AvatarFallback>
+                </Avatar>
+                <div class="min-w-0">
+                  <div class="truncate">
+                    {{ option.label }}
+                  </div>
+                  <div class="truncate text-xs text-muted-foreground">
+                    {{ option.description }}
+                  </div>
+                </div>
+              </div>
+            </template>
+            <template #option-suffix>
+              <span />
+            </template>
+          </SearchableSelectPopover>
+        </div>
+      </div>
+
+      <div class="rounded-md border border-border bg-muted/40 p-4 space-y-3">
+        <div class="space-y-1">
+          <p class="text-sm font-medium text-foreground">
+            {{ $t('bots.access.sourceScopeTitle') }}
+          </p>
+          <p class="text-xs text-muted-foreground">
+            {{ $t('bots.access.sourceScopeDescription') }}
+          </p>
+        </div>
+
+        <div class="grid gap-3 md:grid-cols-2">
+          <div class="space-y-2">
+            <Label>{{ $t('bots.access.sourceChannel') }}</Label>
+            <div
+              v-if="blacklistSelection.channelIdentityId"
+              class="flex h-9 items-center rounded-md border border-border bg-background px-3 text-sm text-foreground"
+            >
+              {{ blacklistSelection.sourceChannel || $t('bots.access.anyChannel') }}
+            </div>
+            <NativeSelect
+              v-else
+              v-model="blacklistSelection.sourceChannel"
+              class="h-9 w-full text-sm"
+            >
+              <option value="">
+                {{ $t('bots.access.anyChannel') }}
+              </option>
+              <option
+                v-for="channel in knownChannels"
+                :key="channel"
+                :value="channel"
+              >
+                {{ channel }}
+              </option>
+            </NativeSelect>
+          </div>
+
+          <div class="space-y-2">
+            <Label>{{ $t('bots.access.conversationType') }}</Label>
+            <NativeSelect
+              v-model="blacklistSelection.sourceConversationType"
+              class="h-9 w-full text-sm"
+            >
+              <option value="">
+                {{ $t('bots.access.anyConversationType') }}
+              </option>
+              <option value="private">
+                {{ $t('bots.access.privateConversationType') }}
+              </option>
+              <option value="group">
+                {{ $t('bots.access.groupConversationType') }}
+              </option>
+              <option value="thread">
+                {{ $t('bots.access.threadConversationType') }}
+              </option>
+            </NativeSelect>
+          </div>
+
+          <div class="space-y-2 md:col-span-2">
+            <Label>{{ $t('bots.access.observedConversation') }}</Label>
+            <SearchableSelectPopover
+              v-if="blacklistSelection.channelIdentityId"
+              v-model="blacklistSelection.observedConversationRouteId"
+              :options="blacklistObservedConversationOptions"
+              :placeholder="$t('bots.access.selectObservedConversation')"
+              :aria-label="$t('bots.access.selectObservedConversation')"
+              :search-placeholder="$t('bots.access.searchObservedConversation')"
+              :search-aria-label="$t('bots.access.searchObservedConversation')"
+              :empty-text="$t('bots.access.noObservedConversations')"
+            />
+            <div
+              v-else
+              class="flex h-9 items-center rounded-md border border-border bg-background px-3 text-sm text-muted-foreground"
+            >
+              {{ $t('bots.access.selectIdentityFirst') }}
+            </div>
+            <p class="text-xs text-muted-foreground">
+              <template v-if="isLoadingBlacklistObserved">
+                {{ $t('common.loading') }}
+              </template>
+              <template v-else>
+                {{ $t('bots.access.observedConversationHint') }}
+              </template>
+            </p>
+          </div>
+
+          <div class="space-y-2">
+            <Label>{{ $t('bots.access.conversationId') }}</Label>
+            <Input
+              v-model="blacklistSelection.sourceConversationId"
+              :placeholder="$t('bots.access.conversationIdPlaceholder')"
+            />
+          </div>
+
+          <div class="space-y-2">
+            <Label>{{ $t('bots.access.threadId') }}</Label>
+            <Input
+              v-model="blacklistSelection.sourceThreadId"
+              :placeholder="$t('bots.access.threadIdPlaceholder')"
+            />
+          </div>
+        </div>
+
+        <div class="flex justify-end">
+          <Button
+            variant="outline"
+            @click="clearSourceScope(blacklistSelection)"
+          >
+            {{ $t('bots.access.clearScope') }}
+          </Button>
+        </div>
+      </div>
+
+      <div class="flex justify-end gap-2">
+        <Button
+          variant="outline"
+          @click="resetSelection(blacklistSelection)"
+        >
+          {{ $t('bots.access.clearSelection') }}
+        </Button>
+        <Button
+          :disabled="isSavingBlacklist"
+          @click="handleAddBlacklist"
+        >
+          <Spinner
+            v-if="isSavingBlacklist"
+            class="mr-1.5"
+          />
+          {{ $t('bots.access.addBlacklist') }}
+        </Button>
+      </div>
+
+      <Separator />
+
+      <div
+        v-if="isLoadingBlacklist"
+        class="text-sm text-muted-foreground"
+      >
+        {{ $t('common.loading') }}
+      </div>
+      <div
+        v-else-if="blacklist.length === 0"
+        class="text-sm text-muted-foreground"
+      >
+        {{ $t('bots.access.blacklistEmpty') }}
+      </div>
+      <div
+        v-else
+        class="space-y-2"
+      >
+        <div
+          v-for="item in blacklist"
+          :key="item.id"
+          class="flex items-center justify-between gap-3 rounded-md border border-border px-3 py-2"
+        >
+          <div class="flex min-w-0 items-center gap-3">
+            <div class="relative shrink-0">
+              <Avatar class="size-9 shrink-0">
+                <AvatarImage
+                  v-if="ruleAvatar(item)"
+                  :src="ruleAvatar(item)"
+                  :alt="formatRuleLabel(item)"
+                />
+                <AvatarFallback class="text-xs">
+                  {{ initials(formatRuleLabel(item)) }}
+                </AvatarFallback>
+              </Avatar>
+              <ChannelBadge
+                v-if="rulePlatform(item)"
+                :platform="rulePlatform(item)"
+              />
+            </div>
+            <div class="min-w-0">
+              <div class="truncate text-sm font-medium text-foreground">
+                {{ formatRuleLabel(item) }}
+              </div>
+              <div class="truncate text-xs text-muted-foreground">
+                {{ formatRuleMeta(item) }}
+              </div>
+            </div>
+          </div>
+          <Button
+            variant="outline"
+            size="sm"
+            :disabled="deletingRuleId === item.id"
+            @click="handleDeleteBlacklist(item.id)"
+          >
+            {{ $t('common.delete') }}
+          </Button>
+        </div>
+      </div>
+    </section>
+  </div>
+</template>
+
+<script setup lang="ts">
+import { computed, reactive, ref, watch } from 'vue'
+import { Avatar, AvatarFallback, AvatarImage, Button, Input, Label, NativeSelect, Separator, Spinner, Switch } from '@memoh/ui'
+import { useQuery, useMutation, useQueryCache } from '@pinia/colada'
+import { toast } from 'vue-sonner'
+import { useI18n } from 'vue-i18n'
+import {
+  getBotsByBotIdAccessChannelIdentities,
+  getBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversations,
+  getBotsByBotIdAccessUsers,
+  deleteBotsByBotIdBlacklistByRuleId,
+  deleteBotsByBotIdWhitelistByRuleId,
+  getBotsByBotIdBlacklist,
+  getBotsByBotIdSettings,
+  getBotsByBotIdWhitelist,
+  putBotsByBotIdBlacklist,
+  putBotsByBotIdSettings,
+  putBotsByBotIdWhitelist,
+} from '@memoh/sdk'
+import type {
+  AclChannelIdentityCandidate,
+  AclObservedConversationCandidate,
+  AclRule,
+  AclSourceScope,
+  AclUpsertRuleRequest,
+  AclUserCandidate,
+} from '@memoh/sdk'
+import SearchableSelectPopover from '@/components/searchable-select-popover/index.vue'
+import type { SearchableSelectOption } from '@/components/searchable-select-popover/index.vue'
+import { resolveApiErrorMessage } from '@/utils/api-error'
+import { formatRelativeTime } from '@/utils/date-time'
+import ChannelBadge from '@/components/chat-list/channel-badge/index.vue'
+
+const props = defineProps<{
+  botId: string
+  botType?: string
+}>()
+
+const { t } = useI18n()
+const queryCache = useQueryCache()
+const deletingRuleId = ref('')
+const allowGuestDraft = ref(false)
+
+const isPersonalBot = computed(() => props.botType === 'personal')
+
+type RuleSelection = {
+  userId: string
+  channelIdentityId: string
+  observedConversationRouteId: string
+  sourceChannel: string
+  sourceConversationType: string
+  sourceConversationId: string
+  sourceThreadId: string
+}
+
+const commonChannels = ['discord', 'feishu', 'qq', 'telegram', 'wecom', 'web', 'cli']
+
+function createSelection(): RuleSelection {
+  return {
+    userId: '',
+    channelIdentityId: '',
+    observedConversationRouteId: '',
+    sourceChannel: '',
+    sourceConversationType: '',
+    sourceConversationId: '',
+    sourceThreadId: '',
+  }
+}
+
+const whitelistSelection = reactive(createSelection())
+const blacklistSelection = reactive(createSelection())
+
+function identityChannelById(id: string): string {
+  const matched = identities.value.find(item => item.id === id)
+  return matched?.channel || ''
+}
+
+function bindSelectionWatchers(selection: RuleSelection) {
+  watch(() => selection.userId, (value) => {
+    if (value) {
+      selection.channelIdentityId = ''
+      selection.observedConversationRouteId = ''
+      selection.sourceChannel = ''
+    }
+  })
+  watch(() => selection.channelIdentityId, (value, previous) => {
+    if (value) {
+      selection.userId = ''
+      selection.sourceChannel = identityChannelById(value)
+    }
+    else if (previous) {
+      selection.sourceChannel = ''
+    }
+    if (value !== previous) {
+      selection.observedConversationRouteId = ''
+      selection.sourceConversationId = ''
+      selection.sourceThreadId = ''
+    }
+  })
+}
+
+bindSelectionWatchers(whitelistSelection)
+bindSelectionWatchers(blacklistSelection)
+
+const { data: settings } = useQuery({
+  key: () => ['bot-settings', props.botId],
+  query: async () => {
+    const { data } = await getBotsByBotIdSettings({
+      path: { bot_id: props.botId },
+      throwOnError: true,
+    })
+    return data
+  },
+  enabled: () => !!props.botId,
+})
+
+watch(settings, (value) => {
+  allowGuestDraft.value = !!value?.allow_guest
+}, { immediate: true })
+
+const { data: whitelistData, isLoading: isLoadingWhitelist } = useQuery({
+  key: () => ['bot-whitelist', props.botId],
+  query: async () => {
+    const { data } = await getBotsByBotIdWhitelist({
+      path: { bot_id: props.botId },
+      throwOnError: true,
+    })
+    return data
+  },
+  enabled: () => !!props.botId,
+})
+
+const { data: blacklistData, isLoading: isLoadingBlacklist } = useQuery({
+  key: () => ['bot-blacklist', props.botId],
+  query: async () => {
+    const { data } = await getBotsByBotIdBlacklist({
+      path: { bot_id: props.botId },
+      throwOnError: true,
+    })
+    return data
+  },
+  enabled: () => !!props.botId,
+})
+
+const { data: userCandidates } = useQuery({
+  key: () => ['bot-access-users', props.botId],
+  query: async () => {
+    const { data } = await getBotsByBotIdAccessUsers({
+      path: { bot_id: props.botId },
+      query: { limit: 100 },
+      throwOnError: true,
+    })
+    return data
+  },
+  enabled: () => !!props.botId,
+})
+
+const { data: identityCandidates } = useQuery({
+  key: () => ['bot-access-identities', props.botId],
+  query: async () => {
+    const { data } = await getBotsByBotIdAccessChannelIdentities({
+      path: { bot_id: props.botId },
+      query: { limit: 100 },
+      throwOnError: true,
+    })
+    return data
+  },
+  enabled: () => !!props.botId,
+})
+
+const whitelist = computed(() => whitelistData.value?.items ?? [])
+const blacklist = computed(() => blacklistData.value?.items ?? [])
+const users = computed(() => userCandidates.value?.items ?? [])
+const identities = computed(() => identityCandidates.value?.items ?? [])
+
+const whitelistIdentityId = computed(() => whitelistSelection.channelIdentityId.trim())
+const blacklistIdentityId = computed(() => blacklistSelection.channelIdentityId.trim())
+
+const { data: whitelistObservedData, isLoading: isLoadingWhitelistObserved } = useQuery({
+  key: () => ['bot-access-observed-conversations', props.botId, whitelistIdentityId.value],
+  query: async () => {
+    const { data } = await getBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversations({
+      path: {
+        bot_id: props.botId,
+        channel_identity_id: whitelistIdentityId.value,
+      },
+      throwOnError: true,
+    })
+    return data
+  },
+  enabled: () => !!props.botId && !!whitelistIdentityId.value,
+})
+
+const { data: blacklistObservedData, isLoading: isLoadingBlacklistObserved } = useQuery({
+  key: () => ['bot-access-observed-conversations', props.botId, blacklistIdentityId.value],
+  query: async () => {
+    const { data } = await getBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversations({
+      path: {
+        bot_id: props.botId,
+        channel_identity_id: blacklistIdentityId.value,
+      },
+      throwOnError: true,
+    })
+    return data
+  },
+  enabled: () => !!props.botId && !!blacklistIdentityId.value,
+})
+
+const whitelistObservedConversations = computed(() => whitelistObservedData.value?.items ?? [])
+const blacklistObservedConversations = computed(() => blacklistObservedData.value?.items ?? [])
+
+const userOptions = computed<SearchableSelectOption[]>(() =>
+  users.value.map(item => ({
+    value: item.id || '',
+    label: item.display_name || item.username || item.id || '',
+    description: item.username || item.email || item.id || '',
+    keywords: [item.display_name ?? '', item.username ?? '', item.email ?? '', item.id ?? ''],
+    meta: item,
+  })),
+)
+
+const identityOptions = computed<SearchableSelectOption[]>(() =>
+  identities.value.map(item => ({
+    value: item.id || '',
+    label: item.display_name || item.linked_display_name || item.channel_subject_id || item.id || '',
+    description: formatIdentityCandidateMeta(item),
+    group: item.channel || 'identity',
+    groupLabel: item.channel || 'identity',
+    keywords: [
+      item.display_name ?? '',
+      item.linked_display_name ?? '',
+      item.linked_username ?? '',
+      item.channel_subject_id ?? '',
+      item.id ?? '',
+    ],
+    meta: item,
+  })),
+)
+
+const knownChannels = computed(() => {
+  const values = new Set<string>(commonChannels)
+  for (const item of identities.value) {
+    if (item.channel) values.add(item.channel)
+  }
+  for (const item of whitelist.value) {
+    if (item.source_scope?.channel) values.add(item.source_scope.channel)
+  }
+  for (const item of blacklist.value) {
+    if (item.source_scope?.channel) values.add(item.source_scope.channel)
+  }
+  for (const item of whitelistObservedConversations.value) {
+    if (item.channel) values.add(item.channel)
+  }
+  for (const item of blacklistObservedConversations.value) {
+    if (item.channel) values.add(item.channel)
+  }
+  return Array.from(values).filter(Boolean).sort()
+})
+
+const hasGuestAccessChanges = computed(() =>
+  allowGuestDraft.value !== !!settings.value?.allow_guest,
+)
+
+const { mutateAsync: saveGuestAccess, isLoading: isSavingGuestAccess } = useMutation({
+  mutation: async () => {
+    const { data } = await putBotsByBotIdSettings({
+      path: { bot_id: props.botId },
+      body: { allow_guest: allowGuestDraft.value },
+      throwOnError: true,
+    })
+    return data
+  },
+  onSettled: () => {
+    queryCache.invalidateQueries({ key: ['bot-settings', props.botId] })
+  },
+})
+
+const { mutateAsync: saveWhitelist, isLoading: isSavingWhitelist } = useMutation({
+  mutation: async (body: AclUpsertRuleRequest) => {
+    const { data } = await putBotsByBotIdWhitelist({
+      path: { bot_id: props.botId },
+      body,
+      throwOnError: true,
+    })
+    return data
+  },
+  onSettled: () => {
+    queryCache.invalidateQueries({ key: ['bot-whitelist', props.botId] })
+  },
+})
+
+const { mutateAsync: saveBlacklist, isLoading: isSavingBlacklist } = useMutation({
+  mutation: async (body: AclUpsertRuleRequest) => {
+    const { data } = await putBotsByBotIdBlacklist({
+      path: { bot_id: props.botId },
+      body,
+      throwOnError: true,
+    })
+    return data
+  },
+  onSettled: () => {
+    queryCache.invalidateQueries({ key: ['bot-blacklist', props.botId] })
+  },
+})
+
+function buildSourceScope(selection: RuleSelection): AclSourceScope | undefined {
+  const channel = selection.sourceChannel.trim()
+  const conversation_type = selection.sourceConversationType.trim()
+  const conversation_id = selection.sourceConversationId.trim()
+  const thread_id = selection.sourceThreadId.trim()
+  if (!channel && !conversation_type && !conversation_id && !thread_id) {
+    return undefined
+  }
+  return { channel, conversation_type, conversation_id, thread_id }
+}
+
+function normalizePayload(selection: RuleSelection): AclUpsertRuleRequest | null {
+  const user_id = selection.userId.trim()
+  const channel_identity_id = selection.channelIdentityId.trim()
+  if ((user_id && channel_identity_id) || (!user_id && !channel_identity_id)) {
+    toast.error(t('bots.access.validation'))
+    return null
+  }
+  if (selection.sourceThreadId.trim() && !selection.sourceConversationId.trim()) {
+    toast.error(t('bots.access.validationThreadRequiresConversation'))
+    return null
+  }
+  if ((selection.sourceConversationId.trim() || selection.sourceThreadId.trim()) && !selection.sourceChannel.trim()) {
+    toast.error(t('bots.access.validationConversationRequiresChannel'))
+    return null
+  }
+  const source_scope = buildSourceScope(selection)
+  return { user_id, channel_identity_id, source_scope }
+}
+
+async function handleSaveGuestAccess() {
+  try {
+    await saveGuestAccess()
+    toast.success(t('bots.access.guestAccessSaved'))
+  }
+  catch (error) {
+    toast.error(resolveApiErrorMessage(error, t('bots.access.saveFailed')))
+  }
+}
+
+async function handleAddWhitelist() {
+  const payload = normalizePayload(whitelistSelection)
+  if (!payload) return
+  try {
+    await saveWhitelist(payload)
+    resetSelection(whitelistSelection)
+    toast.success(t('bots.access.whitelistSaved'))
+  }
+  catch (error) {
+    toast.error(resolveApiErrorMessage(error, t('bots.access.saveFailed')))
+  }
+}
+
+async function handleAddBlacklist() {
+  const payload = normalizePayload(blacklistSelection)
+  if (!payload) return
+  try {
+    await saveBlacklist(payload)
+    resetSelection(blacklistSelection)
+    toast.success(t('bots.access.blacklistSaved'))
+  }
+  catch (error) {
+    toast.error(resolveApiErrorMessage(error, t('bots.access.saveFailed')))
+  }
+}
+
+async function handleDeleteWhitelist(ruleId: string) {
+  deletingRuleId.value = ruleId
+  try {
+    await deleteBotsByBotIdWhitelistByRuleId({
+      path: { bot_id: props.botId, rule_id: ruleId },
+      throwOnError: true,
+    })
+    queryCache.invalidateQueries({ key: ['bot-whitelist', props.botId] })
+    toast.success(t('bots.access.deleteSuccess'))
+  }
+  catch (error) {
+    toast.error(resolveApiErrorMessage(error, t('bots.access.deleteFailed')))
+  }
+  finally {
+    deletingRuleId.value = ''
+  }
+}
+
+async function handleDeleteBlacklist(ruleId: string) {
+  deletingRuleId.value = ruleId
+  try {
+    await deleteBotsByBotIdBlacklistByRuleId({
+      path: { bot_id: props.botId, rule_id: ruleId },
+      throwOnError: true,
+    })
+    queryCache.invalidateQueries({ key: ['bot-blacklist', props.botId] })
+    toast.success(t('bots.access.deleteSuccess'))
+  }
+  catch (error) {
+    toast.error(resolveApiErrorMessage(error, t('bots.access.deleteFailed')))
+  }
+  finally {
+    deletingRuleId.value = ''
+  }
+}
+
+function resetSelection(selection: RuleSelection) {
+  Object.assign(selection, createSelection())
+}
+
+function clearSourceScope(selection: RuleSelection) {
+  selection.observedConversationRouteId = ''
+  selection.sourceChannel = selection.channelIdentityId ? identityChannelById(selection.channelIdentityId) : ''
+  selection.sourceConversationType = ''
+  selection.sourceConversationId = ''
+  selection.sourceThreadId = ''
+}
+
+function formatRuleLabel(item: AclRule): string {
+  if (item.subject_kind === 'user') {
+    return item.user_display_name || item.user_username || item.user_id || '-'
+  }
+  return item.channel_identity_display_name || item.linked_user_display_name || item.channel_identity_id || '-'
+}
+
+function formatRuleMeta(item: AclRule): string {
+  const scope = formatRuleScope(item.source_scope)
+  if (item.subject_kind === 'user') {
+    const base = item.user_username || item.user_id || ''
+    return scope ? `${base} · ${scope}` : base
+  }
+  const channel = item.channel_type || 'channel'
+  const subject = item.channel_subject_id || item.channel_identity_id || ''
+  const linked = item.linked_user_display_name || item.linked_user_username
+  const base = linked ? `${channel}: ${subject} · ${linked}` : `${channel}: ${subject}`
+  return scope ? `${base} · ${scope}` : base
+}
+
+function rulePlatform(item: AclRule): string {
+  return item.source_scope?.channel || item.channel_type || ''
+}
+
+function formatIdentityCandidateMeta(item: AclChannelIdentityCandidate): string {
+  const subject = item.channel_subject_id || item.id || ''
+  const linked = item.linked_display_name || item.linked_username
+  return linked ? `${item.channel}: ${subject} · ${linked}` : `${item.channel}: ${subject}`
+}
+
+function ruleAvatar(item: AclRule): string {
+  if (item.subject_kind === 'user') {
+    return item.user_avatar_url || ''
+  }
+  return item.channel_identity_avatar_url || item.linked_user_avatar_url || ''
+}
+
+function candidateAvatar(item?: AclUserCandidate): string {
+  return item?.avatar_url || ''
+}
+
+function identityAvatar(item?: AclChannelIdentityCandidate): string {
+  return item?.avatar_url || item?.linked_avatar_url || ''
+}
+
+function formatRuleScope(scope?: AclSourceScope): string {
+  if (!scope) return ''
+  const parts = [
+    scope.channel || '',
+    scope.conversation_type || '',
+    scope.conversation_id || '',
+    scope.thread_id ? `thread:${scope.thread_id}` : '',
+  ].filter(Boolean)
+  return parts.join(' · ')
+}
+
+function formatObservedConversationLabel(item: AclObservedConversationCandidate): string {
+  return item.conversation_name || item.conversation_id || item.thread_id || item.route_id || '-'
+}
+
+function formatObservedConversationMeta(item: AclObservedConversationCandidate): string {
+  const parts = [
+    item.channel || '',
+    item.conversation_type || '',
+    item.conversation_id || '',
+    item.thread_id ? `thread:${item.thread_id}` : '',
+  ].filter(Boolean)
+  const lastObserved = formatRelativeTime(item.last_observed_at, { fallback: '' })
+  if (lastObserved) {
+    parts.push(`${t('bots.access.lastObserved')}: ${lastObserved}`)
+  }
+  return parts.join(' · ')
+}
+
+function toObservedConversationOptions(items: AclObservedConversationCandidate[]): SearchableSelectOption[] {
+  return items.map(item => ({
+    value: item.route_id || '',
+    label: formatObservedConversationLabel(item),
+    description: formatObservedConversationMeta(item),
+    group: item.channel || 'conversation',
+    groupLabel: item.channel || 'conversation',
+    keywords: [
+      item.channel ?? '',
+      item.conversation_name ?? '',
+      item.conversation_id ?? '',
+      item.thread_id ?? '',
+      item.route_id ?? '',
+    ],
+    meta: item,
+  }))
+}
+
+const whitelistObservedConversationOptions = computed(() =>
+  toObservedConversationOptions(whitelistObservedConversations.value),
+)
+
+const blacklistObservedConversationOptions = computed(() =>
+  toObservedConversationOptions(blacklistObservedConversations.value),
+)
+
+function applyObservedConversation(selection: RuleSelection, conversations: AclObservedConversationCandidate[], routeId: string) {
+  const matched = conversations.find(item => item.route_id === routeId)
+  if (!matched) return
+  selection.sourceChannel = matched.channel || ''
+  selection.sourceConversationType = matched.conversation_type || ''
+  selection.sourceConversationId = matched.conversation_id || ''
+  selection.sourceThreadId = matched.thread_id || ''
+}
+
+watch(() => whitelistSelection.observedConversationRouteId, (routeId) => {
+  if (!routeId) return
+  applyObservedConversation(whitelistSelection, whitelistObservedConversations.value, routeId)
+})
+
+watch(() => blacklistSelection.observedConversationRouteId, (routeId) => {
+  if (!routeId) return
+  applyObservedConversation(blacklistSelection, blacklistObservedConversations.value, routeId)
+})
+
+function initials(value: string): string {
+  return value
+    .trim()
+    .split(/\s+/)
+    .slice(0, 2)
+    .map(part => part[0] ?? '')
+    .join('')
+    .toUpperCase() || '?'
+}
+</script>
diff --git a/apps/web/src/pages/bots/components/bot-settings.vue b/apps/web/src/pages/bots/components/bot-settings.vue
index 071d8053..c22fec3e 100644
--- a/apps/web/src/pages/bots/components/bot-settings.vue
+++ b/apps/web/src/pages/bots/components/bot-settings.vue
@@ -258,18 +258,6 @@
       </div>
     </template>
 
-    <!-- Allow Guest: only for public bot -->
-    <template v-if="isPublicBot">
-      <div class="flex items-center justify-between">
-        <Label>{{ $t('bots.settings.allowGuest') }}</Label>
-        <Switch
-          :model-value="form.allow_guest"
-          @update:model-value="(val) => form.allow_guest = !!val"
-        />
-      </div>
-      <Separator />
-    </template>
-
     <!-- Save -->
     <div class="flex justify-end">
       <Button
@@ -352,8 +340,6 @@ const props = defineProps<{
   botType?: string
 }>()
 
-const isPublicBot = computed(() => props.botType === 'public')
-
 const { t } = useI18n()
 const router = useRouter()
 
@@ -567,7 +553,6 @@ const form = reactive({
   max_context_load_time: 0,
   max_context_tokens: 0,
   language: '',
-  allow_guest: false,
   reasoning_enabled: false,
   reasoning_effort: 'medium',
 })
@@ -582,7 +567,6 @@ watch(settings, (val) => {
     form.max_context_load_time = val.max_context_load_time ?? 0
     form.max_context_tokens = val.max_context_tokens ?? 0
     form.language = val.language ?? ''
-    form.allow_guest = val.allow_guest ?? false
     form.reasoning_enabled = val.reasoning_enabled ?? false
     form.reasoning_effort = val.reasoning_effort || 'medium'
   }
@@ -602,9 +586,6 @@ const hasChanges = computed(() => {
     || form.language !== (s.language ?? '')
     || form.reasoning_enabled !== (s.reasoning_enabled ?? false)
     || form.reasoning_effort !== (s.reasoning_effort || 'medium')
-  if (isPublicBot.value) {
-    changed = changed || form.allow_guest !== (s.allow_guest ?? false)
-  }
   return changed
 })
 
diff --git a/apps/web/src/pages/bots/detail.vue b/apps/web/src/pages/bots/detail.vue
index 00159bfd..75afe32b 100644
--- a/apps/web/src/pages/bots/detail.vue
+++ b/apps/web/src/pages/bots/detail.vue
@@ -250,6 +250,7 @@ import BotSchedule from './components/bot-schedule.vue'
 import BotContainer from './components/bot-container.vue'
 import BotTerminal from './components/bot-terminal.vue'
 import BotFiles from './components/bot-files.vue'
+import BotAccess from './components/bot-access.vue'
 import { resolveApiErrorMessage } from '@/utils/api-error'
 import { useAvatarInitials } from '@/composables/useAvatarInitials'
 import { useSyncedQueryParam } from '@/composables/useSyncedQueryParam'
@@ -289,6 +290,7 @@ const tabList = computed(() => {
     { value: 'schedule', label: 'bots.tabs.schedule', component: BotSchedule, params: { 'bot-id': bot_id } },
     { value: 'history', label: 'bots.tabs.history', component: BotHistory, params: { 'bot-id': bot_id } },
     { value: 'skills', label: 'bots.tabs.skills', component: BotSkills, params: { 'bot-id': bot_id } },
+    { value: 'access', label: 'bots.tabs.access', component: BotAccess, params: { 'bot-id': bot_id, 'bot-type': bot.value?.type } },
     { value: 'settings', label: 'bots.tabs.settings', component: BotSettings, params: { 'bot-id': bot_id, 'bot-type': bot.value?.type } }
   ]
 })
diff --git a/cmd/agent/main.go b/cmd/agent/main.go
index eba041d3..58f43a2d 100644
--- a/cmd/agent/main.go
+++ b/cmd/agent/main.go
@@ -21,6 +21,7 @@ import (
 
 	dbembed "github.com/memohai/memoh/db"
 	"github.com/memohai/memoh/internal/accounts"
+	"github.com/memohai/memoh/internal/acl"
 	"github.com/memohai/memoh/internal/bind"
 	"github.com/memohai/memoh/internal/boot"
 	"github.com/memohai/memoh/internal/bots"
@@ -79,7 +80,6 @@ import (
 	"github.com/memohai/memoh/internal/message/event"
 	"github.com/memohai/memoh/internal/models"
 	"github.com/memohai/memoh/internal/policy"
-	"github.com/memohai/memoh/internal/preauth"
 	"github.com/memohai/memoh/internal/providers"
 	"github.com/memohai/memoh/internal/schedule"
 	"github.com/memohai/memoh/internal/searchproviders"
@@ -168,12 +168,12 @@ func runServe() {
 			models.NewService,
 			bots.NewService,
 			accounts.NewService,
+			acl.NewService,
 			settings.NewService,
 			providers.NewService,
 			searchproviders.NewService,
 			browsercontexts.NewService,
 			policy.NewService,
-			preauth.NewService,
 			mcp.NewConnectionService,
 			subagent.NewService,
 			conversation.NewService,
@@ -231,7 +231,7 @@ func runServe() {
 			provideServerHandler(handlers.NewSearchProvidersHandler),
 			provideServerHandler(handlers.NewModelsHandler),
 			provideServerHandler(handlers.NewSettingsHandler),
-			provideServerHandler(handlers.NewPreauthHandler),
+			provideServerHandler(handlers.NewACLHandler),
 			provideServerHandler(handlers.NewBindHandler),
 			provideServerHandler(handlers.NewScheduleHandler),
 			provideServerHandler(handlers.NewHeartbeatHandler),
@@ -446,8 +446,8 @@ func provideChannelRouter(
 	resolver *flow.Resolver,
 	identityService *identities.Service,
 	botService *bots.Service,
+	aclService *acl.Service,
 	policyService *policy.Service,
-	preauthService *preauth.Service,
 	bindService *bind.Service,
 	mediaService *media.Service,
 	inboxService *inbox.Service,
@@ -480,7 +480,8 @@ func provideChannelRouter(
 	qqAdapter.SetChannelIdentityResolver(identityService)
 	qqAdapter.SetRouteResolver(routeService)
 
-	processor := inbound.NewChannelInboundProcessor(log, registry, routeService, msgService, resolver, identityService, botService, policyService, preauthService, bindService, rc.JwtSecret, 5*time.Minute)
+	processor := inbound.NewChannelInboundProcessor(log, registry, routeService, msgService, resolver, identityService, policyService, bindService, rc.JwtSecret, 5*time.Minute)
+	processor.SetACLService(aclService)
 	processor.SetMediaService(mediaService)
 	processor.SetStreamObserver(local.NewRouteHubBroadcaster(hub))
 	processor.SetInboxService(inboxService)
diff --git a/cmd/memoh/serve.go b/cmd/memoh/serve.go
index 520780ca..f0951355 100644
--- a/cmd/memoh/serve.go
+++ b/cmd/memoh/serve.go
@@ -21,6 +21,7 @@ import (
 	"golang.org/x/crypto/bcrypt"
 
 	"github.com/memohai/memoh/internal/accounts"
+	"github.com/memohai/memoh/internal/acl"
 	"github.com/memohai/memoh/internal/auth"
 	"github.com/memohai/memoh/internal/bind"
 	"github.com/memohai/memoh/internal/boot"
@@ -81,7 +82,6 @@ import (
 	"github.com/memohai/memoh/internal/message/event"
 	"github.com/memohai/memoh/internal/models"
 	"github.com/memohai/memoh/internal/policy"
-	"github.com/memohai/memoh/internal/preauth"
 	"github.com/memohai/memoh/internal/providers"
 	"github.com/memohai/memoh/internal/schedule"
 	"github.com/memohai/memoh/internal/searchproviders"
@@ -111,11 +111,11 @@ func runServe() {
 			models.NewService,
 			bots.NewService,
 			accounts.NewService,
+			acl.NewService,
 			settings.NewService,
 			providers.NewService,
 			searchproviders.NewService,
 			policy.NewService,
-			preauth.NewService,
 			mcp.NewConnectionService,
 			subagent.NewService,
 			conversation.NewService,
@@ -159,7 +159,7 @@ func runServe() {
 			provideServerHandler(handlers.NewSearchProvidersHandler),
 			provideServerHandler(handlers.NewModelsHandler),
 			provideServerHandler(handlers.NewSettingsHandler),
-			provideServerHandler(handlers.NewPreauthHandler),
+			provideServerHandler(handlers.NewACLHandler),
 			provideServerHandler(handlers.NewBindHandler),
 			provideServerHandler(handlers.NewScheduleHandler),
 			provideServerHandler(handlers.NewHeartbeatHandler),
@@ -342,7 +342,7 @@ func provideChannelRegistry(log *slog.Logger, hub *local.RouteHub, mediaService
 	return registry
 }
 
-func provideChannelRouter(log *slog.Logger, registry *channel.Registry, hub *local.RouteHub, routeService *route.DBService, msgService *message.DBService, resolver *flow.Resolver, identityService *identities.Service, botService *bots.Service, policyService *policy.Service, preauthService *preauth.Service, bindService *bind.Service, mediaService *media.Service, inboxService *inbox.Service, ttsService *ttspkg.Service, settingsService *settings.Service, subagentService *subagent.Service, scheduleService *schedule.Service, mcpConnService *mcp.ConnectionService, modelsService *models.Service, providersService *providers.Service, memProvService *memprovider.Service, searchProvService *searchproviders.Service, browserCtxService *browsercontexts.Service, emailService *emailpkg.Service, emailOutboxService *emailpkg.OutboxService, heartbeatService *heartbeat.Service, queries *dbsqlc.Queries, containerdHandler *handlers.ContainerdHandler, manager *mcp.Manager, rc *boot.RuntimeConfig) *inbound.ChannelInboundProcessor {
+func provideChannelRouter(log *slog.Logger, registry *channel.Registry, hub *local.RouteHub, routeService *route.DBService, msgService *message.DBService, resolver *flow.Resolver, identityService *identities.Service, botService *bots.Service, aclService *acl.Service, policyService *policy.Service, bindService *bind.Service, mediaService *media.Service, inboxService *inbox.Service, ttsService *ttspkg.Service, settingsService *settings.Service, subagentService *subagent.Service, scheduleService *schedule.Service, mcpConnService *mcp.ConnectionService, modelsService *models.Service, providersService *providers.Service, memProvService *memprovider.Service, searchProvService *searchproviders.Service, browserCtxService *browsercontexts.Service, emailService *emailpkg.Service, emailOutboxService *emailpkg.OutboxService, heartbeatService *heartbeat.Service, queries *dbsqlc.Queries, containerdHandler *handlers.ContainerdHandler, manager *mcp.Manager, rc *boot.RuntimeConfig) *inbound.ChannelInboundProcessor {
 	adapter, ok := registry.Get(qq.Type)
 	if !ok {
 		panic("qq adapter not registered")
@@ -353,7 +353,8 @@ func provideChannelRouter(log *slog.Logger, registry *channel.Registry, hub *loc
 	}
 	qqAdapter.SetChannelIdentityResolver(identityService)
 	qqAdapter.SetRouteResolver(routeService)
-	processor := inbound.NewChannelInboundProcessor(log, registry, routeService, msgService, resolver, identityService, botService, policyService, preauthService, bindService, rc.JwtSecret, 5*time.Minute)
+	processor := inbound.NewChannelInboundProcessor(log, registry, routeService, msgService, resolver, identityService, policyService, bindService, rc.JwtSecret, 5*time.Minute)
+	processor.SetACLService(aclService)
 	processor.SetMediaService(mediaService)
 	processor.SetStreamObserver(local.NewRouteHubBroadcaster(hub))
 	processor.SetInboxService(inboxService)
diff --git a/db/migrations/0001_init.down.sql b/db/migrations/0001_init.down.sql
index 9c2d3298..aa30486f 100644
--- a/db/migrations/0001_init.down.sql
+++ b/db/migrations/0001_init.down.sql
@@ -12,6 +12,7 @@ DROP TABLE IF EXISTS bot_history_messages;
 DROP TABLE IF EXISTS bot_channel_routes;
 DROP TABLE IF EXISTS channel_identity_bind_codes;
 DROP TABLE IF EXISTS bot_preauth_keys;
+DROP TABLE IF EXISTS bot_acl_rules;
 DROP TABLE IF EXISTS bot_channel_configs;
 DROP TABLE IF EXISTS mcp_connections;
 DROP TABLE IF EXISTS bot_members;
diff --git a/db/migrations/0001_init.up.sql b/db/migrations/0001_init.up.sql
index 8de90d2d..b738f4fd 100644
--- a/db/migrations/0001_init.up.sql
+++ b/db/migrations/0001_init.up.sql
@@ -163,7 +163,6 @@ CREATE TABLE IF NOT EXISTS bots (
   max_context_load_time INTEGER NOT NULL DEFAULT 1440,
   max_context_tokens INTEGER NOT NULL DEFAULT 0,
   language TEXT NOT NULL DEFAULT 'auto',
-  allow_guest BOOLEAN NOT NULL DEFAULT false,
   reasoning_enabled BOOLEAN NOT NULL DEFAULT false,
   reasoning_effort TEXT NOT NULL DEFAULT 'medium',
   max_inbox_items INTEGER NOT NULL DEFAULT 50,
@@ -186,16 +185,52 @@ CREATE TABLE IF NOT EXISTS bots (
 
 CREATE INDEX IF NOT EXISTS idx_bots_owner_user_id ON bots(owner_user_id);
 
-CREATE TABLE IF NOT EXISTS bot_members (
+CREATE TABLE IF NOT EXISTS bot_acl_rules (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
   bot_id UUID NOT NULL REFERENCES bots(id) ON DELETE CASCADE,
-  user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
-  role TEXT NOT NULL DEFAULT 'member',
+  action TEXT NOT NULL,
+  effect TEXT NOT NULL,
+  subject_kind TEXT NOT NULL,
+  user_id UUID REFERENCES users(id) ON DELETE CASCADE,
+  channel_identity_id UUID REFERENCES channel_identities(id) ON DELETE CASCADE,
+  source_channel TEXT,
+  source_conversation_type TEXT,
+  source_conversation_id TEXT,
+  source_thread_id TEXT,
+  created_by_user_id UUID REFERENCES users(id) ON DELETE SET NULL,
   created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
-  CONSTRAINT bot_members_role_check CHECK (role IN ('owner', 'admin', 'member')),
-  CONSTRAINT bot_members_unique UNIQUE (bot_id, user_id)
+  updated_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+  CONSTRAINT bot_acl_rules_action_check CHECK (action IN ('chat.trigger')),
+  CONSTRAINT bot_acl_rules_effect_check CHECK (effect IN ('allow', 'deny')),
+  CONSTRAINT bot_acl_rules_subject_kind_check CHECK (subject_kind IN ('guest_all', 'user', 'channel_identity')),
+  CONSTRAINT bot_acl_rules_source_conversation_type_check CHECK (
+    source_conversation_type IS NULL OR source_conversation_type IN ('private', 'group', 'thread')
+  ),
+  CONSTRAINT bot_acl_rules_source_scope_check CHECK (
+    (source_conversation_id IS NULL AND source_thread_id IS NULL)
+    OR source_channel IS NOT NULL
+  ),
+  CONSTRAINT bot_acl_rules_source_thread_check CHECK (
+    source_thread_id IS NULL OR source_conversation_id IS NOT NULL
+  ),
+  CONSTRAINT bot_acl_rules_subject_value_check CHECK (
+    (subject_kind = 'guest_all' AND user_id IS NULL AND channel_identity_id IS NULL) OR
+    (subject_kind = 'user' AND user_id IS NOT NULL AND channel_identity_id IS NULL) OR
+    (subject_kind = 'channel_identity' AND user_id IS NULL AND channel_identity_id IS NOT NULL)
+  ),
+  CONSTRAINT bot_acl_rules_unique_user UNIQUE NULLS NOT DISTINCT (
+    bot_id, action, effect, subject_kind, user_id,
+    source_channel, source_conversation_type, source_conversation_id, source_thread_id
+  ),
+  CONSTRAINT bot_acl_rules_unique_channel_identity UNIQUE NULLS NOT DISTINCT (
+    bot_id, action, effect, subject_kind, channel_identity_id,
+    source_channel, source_conversation_type, source_conversation_id, source_thread_id
+  )
 );
 
-CREATE INDEX IF NOT EXISTS idx_bot_members_user_id ON bot_members(user_id);
+CREATE INDEX IF NOT EXISTS idx_bot_acl_rules_bot_id ON bot_acl_rules(bot_id);
+CREATE INDEX IF NOT EXISTS idx_bot_acl_rules_user_id ON bot_acl_rules(user_id);
+CREATE INDEX IF NOT EXISTS idx_bot_acl_rules_channel_identity_id ON bot_acl_rules(channel_identity_id);
 
 CREATE TABLE IF NOT EXISTS mcp_connections (
   id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
@@ -266,20 +301,6 @@ CREATE UNIQUE INDEX IF NOT EXISTS idx_bot_channel_external_identity
 
 CREATE INDEX IF NOT EXISTS idx_bot_channel_bot_id ON bot_channel_configs(bot_id);
 
-CREATE TABLE IF NOT EXISTS bot_preauth_keys (
-  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
-  bot_id UUID NOT NULL REFERENCES bots(id) ON DELETE CASCADE,
-  token TEXT NOT NULL,
-  issued_by_user_id UUID REFERENCES users(id) ON DELETE SET NULL,
-  expires_at TIMESTAMPTZ,
-  used_at TIMESTAMPTZ,
-  created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
-  CONSTRAINT bot_preauth_keys_unique UNIQUE (token)
-);
-
-CREATE INDEX IF NOT EXISTS idx_bot_preauth_keys_bot_id ON bot_preauth_keys(bot_id);
-CREATE INDEX IF NOT EXISTS idx_bot_preauth_keys_expires ON bot_preauth_keys(expires_at);
-
 -- channel_identity_bind_codes: one-time codes for channel identity->user linking
 CREATE TABLE IF NOT EXISTS channel_identity_bind_codes (
   id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
@@ -338,6 +359,8 @@ CREATE INDEX IF NOT EXISTS idx_bot_history_messages_source_lookup
   ON bot_history_messages(channel_type, source_message_id);
 CREATE INDEX IF NOT EXISTS idx_bot_history_messages_reply_lookup
   ON bot_history_messages(channel_type, source_reply_to_message_id);
+CREATE INDEX IF NOT EXISTS idx_bot_history_messages_identity_route_created
+  ON bot_history_messages(bot_id, sender_channel_identity_id, route_id, created_at DESC);
 
 CREATE TABLE IF NOT EXISTS containers (
   id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
diff --git a/db/migrations/0031_chat_acl_remove_bot_members.down.sql b/db/migrations/0031_chat_acl_remove_bot_members.down.sql
new file mode 100644
index 00000000..114ca9fc
--- /dev/null
+++ b/db/migrations/0031_chat_acl_remove_bot_members.down.sql
@@ -0,0 +1,43 @@
+-- 0031_chat_acl_remove_bot_members
+-- Restore allow_guest, preauth, and bot_members, then drop bot ACL rules.
+
+ALTER TABLE bots ADD COLUMN IF NOT EXISTS allow_guest BOOLEAN NOT NULL DEFAULT false;
+
+UPDATE bots
+SET allow_guest = true
+WHERE type = 'public'
+  AND EXISTS (
+    SELECT 1
+    FROM bot_acl_rules r
+    WHERE r.bot_id = bots.id
+      AND r.action = 'chat.trigger'
+      AND r.effect = 'allow'
+      AND r.subject_kind = 'guest_all'
+  );
+
+CREATE TABLE IF NOT EXISTS bot_preauth_keys (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  bot_id UUID NOT NULL REFERENCES bots(id) ON DELETE CASCADE,
+  token TEXT NOT NULL,
+  issued_by_user_id UUID REFERENCES users(id) ON DELETE SET NULL,
+  expires_at TIMESTAMPTZ,
+  used_at TIMESTAMPTZ,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+  CONSTRAINT bot_preauth_keys_unique UNIQUE (token)
+);
+
+CREATE INDEX IF NOT EXISTS idx_bot_preauth_keys_bot_id ON bot_preauth_keys(bot_id);
+CREATE INDEX IF NOT EXISTS idx_bot_preauth_keys_expires ON bot_preauth_keys(expires_at);
+
+CREATE TABLE IF NOT EXISTS bot_members (
+  bot_id UUID NOT NULL REFERENCES bots(id) ON DELETE CASCADE,
+  user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+  role TEXT NOT NULL DEFAULT 'member',
+  created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+  CONSTRAINT bot_members_role_check CHECK (role IN ('owner', 'admin', 'member')),
+  CONSTRAINT bot_members_unique UNIQUE (bot_id, user_id)
+);
+
+CREATE INDEX IF NOT EXISTS idx_bot_members_user_id ON bot_members(user_id);
+
+DROP TABLE IF EXISTS bot_acl_rules;
diff --git a/db/migrations/0031_chat_acl_remove_bot_members.up.sql b/db/migrations/0031_chat_acl_remove_bot_members.up.sql
new file mode 100644
index 00000000..42276ce4
--- /dev/null
+++ b/db/migrations/0031_chat_acl_remove_bot_members.up.sql
@@ -0,0 +1,53 @@
+-- 0031_chat_acl_remove_bot_members
+-- Add bot ACL rules, migrate allow_guest into ACL, and remove legacy bot sharing tables.
+
+CREATE TABLE IF NOT EXISTS bot_acl_rules (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  bot_id UUID NOT NULL REFERENCES bots(id) ON DELETE CASCADE,
+  action TEXT NOT NULL,
+  effect TEXT NOT NULL,
+  subject_kind TEXT NOT NULL,
+  user_id UUID REFERENCES users(id) ON DELETE CASCADE,
+  channel_identity_id UUID REFERENCES channel_identities(id) ON DELETE CASCADE,
+  created_by_user_id UUID REFERENCES users(id) ON DELETE SET NULL,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+  updated_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+  CONSTRAINT bot_acl_rules_action_check CHECK (action IN ('chat.trigger')),
+  CONSTRAINT bot_acl_rules_effect_check CHECK (effect IN ('allow', 'deny')),
+  CONSTRAINT bot_acl_rules_subject_kind_check CHECK (subject_kind IN ('guest_all', 'user', 'channel_identity')),
+  CONSTRAINT bot_acl_rules_subject_value_check CHECK (
+    (subject_kind = 'guest_all' AND user_id IS NULL AND channel_identity_id IS NULL) OR
+    (subject_kind = 'user' AND user_id IS NOT NULL AND channel_identity_id IS NULL) OR
+    (subject_kind = 'channel_identity' AND user_id IS NULL AND channel_identity_id IS NOT NULL)
+  ),
+  CONSTRAINT bot_acl_rules_unique_user UNIQUE NULLS NOT DISTINCT (bot_id, action, effect, subject_kind, user_id),
+  CONSTRAINT bot_acl_rules_unique_channel_identity UNIQUE NULLS NOT DISTINCT (bot_id, action, effect, subject_kind, channel_identity_id)
+);
+
+CREATE INDEX IF NOT EXISTS idx_bot_acl_rules_bot_id ON bot_acl_rules(bot_id);
+CREATE INDEX IF NOT EXISTS idx_bot_acl_rules_user_id ON bot_acl_rules(user_id);
+CREATE INDEX IF NOT EXISTS idx_bot_acl_rules_channel_identity_id ON bot_acl_rules(channel_identity_id);
+
+DO $$
+BEGIN
+  IF EXISTS (
+    SELECT 1
+    FROM information_schema.columns c
+    WHERE c.table_schema = 'public'
+      AND c.table_name = 'bots'
+      AND c.column_name = 'allow_guest'
+  ) THEN
+    EXECUTE $migrate$
+      INSERT INTO bot_acl_rules (bot_id, action, effect, subject_kind, created_by_user_id)
+      SELECT b.id, 'chat.trigger', 'allow', 'guest_all', b.owner_user_id
+      FROM bots b
+      WHERE b.type = 'public'
+        AND b.allow_guest = true
+      ON CONFLICT DO NOTHING
+    $migrate$;
+  END IF;
+END $$;
+
+ALTER TABLE bots DROP COLUMN IF EXISTS allow_guest;
+DROP TABLE IF EXISTS bot_preauth_keys;
+DROP TABLE IF EXISTS bot_members;
diff --git a/db/migrations/0032_source_aware_acl_scope.down.sql b/db/migrations/0032_source_aware_acl_scope.down.sql
new file mode 100644
index 00000000..f8228f2c
--- /dev/null
+++ b/db/migrations/0032_source_aware_acl_scope.down.sql
@@ -0,0 +1,52 @@
+-- 0032_source_aware_acl_scope
+-- Drop source-aware ACL scope fields after ensuring no scoped rules remain.
+
+DO $$
+BEGIN
+  IF EXISTS (
+    SELECT 1
+    FROM bot_acl_rules
+    WHERE source_channel IS NOT NULL
+       OR source_conversation_type IS NOT NULL
+       OR source_conversation_id IS NOT NULL
+       OR source_thread_id IS NOT NULL
+  ) THEN
+    RAISE EXCEPTION 'cannot rollback 0032_source_aware_acl_scope while scoped ACL rules exist';
+  END IF;
+END $$;
+
+DROP INDEX IF EXISTS idx_bot_history_messages_identity_route_created;
+
+ALTER TABLE bot_acl_rules
+  DROP CONSTRAINT IF EXISTS bot_acl_rules_unique_user,
+  DROP CONSTRAINT IF EXISTS bot_acl_rules_unique_channel_identity,
+  DROP CONSTRAINT IF EXISTS bot_acl_rules_source_conversation_type_check,
+  DROP CONSTRAINT IF EXISTS bot_acl_rules_source_scope_check,
+  DROP CONSTRAINT IF EXISTS bot_acl_rules_source_thread_check;
+
+DO $$
+BEGIN
+  IF NOT EXISTS (
+    SELECT 1 FROM pg_constraint WHERE conname = 'bot_acl_rules_unique_user'
+  ) THEN
+    ALTER TABLE bot_acl_rules
+      ADD CONSTRAINT bot_acl_rules_unique_user UNIQUE NULLS NOT DISTINCT (
+        bot_id, action, effect, subject_kind, user_id
+      );
+  END IF;
+
+  IF NOT EXISTS (
+    SELECT 1 FROM pg_constraint WHERE conname = 'bot_acl_rules_unique_channel_identity'
+  ) THEN
+    ALTER TABLE bot_acl_rules
+      ADD CONSTRAINT bot_acl_rules_unique_channel_identity UNIQUE NULLS NOT DISTINCT (
+        bot_id, action, effect, subject_kind, channel_identity_id
+      );
+  END IF;
+END $$;
+
+ALTER TABLE bot_acl_rules
+  DROP COLUMN IF EXISTS source_channel,
+  DROP COLUMN IF EXISTS source_conversation_type,
+  DROP COLUMN IF EXISTS source_conversation_id,
+  DROP COLUMN IF EXISTS source_thread_id;
diff --git a/db/migrations/0032_source_aware_acl_scope.up.sql b/db/migrations/0032_source_aware_acl_scope.up.sql
new file mode 100644
index 00000000..9acd4c68
--- /dev/null
+++ b/db/migrations/0032_source_aware_acl_scope.up.sql
@@ -0,0 +1,69 @@
+-- 0032_source_aware_acl_scope
+-- Add source-aware scope fields to bot ACL rules and index observed conversations.
+
+ALTER TABLE bot_acl_rules
+  ADD COLUMN IF NOT EXISTS source_channel TEXT,
+  ADD COLUMN IF NOT EXISTS source_conversation_type TEXT,
+  ADD COLUMN IF NOT EXISTS source_conversation_id TEXT,
+  ADD COLUMN IF NOT EXISTS source_thread_id TEXT;
+
+ALTER TABLE bot_acl_rules
+  DROP CONSTRAINT IF EXISTS bot_acl_rules_unique_user,
+  DROP CONSTRAINT IF EXISTS bot_acl_rules_unique_channel_identity,
+  DROP CONSTRAINT IF EXISTS bot_acl_rules_source_conversation_type_check,
+  DROP CONSTRAINT IF EXISTS bot_acl_rules_source_scope_check,
+  DROP CONSTRAINT IF EXISTS bot_acl_rules_source_thread_check;
+
+DO $$
+BEGIN
+  IF NOT EXISTS (
+    SELECT 1 FROM pg_constraint WHERE conname = 'bot_acl_rules_source_conversation_type_check'
+  ) THEN
+    ALTER TABLE bot_acl_rules
+      ADD CONSTRAINT bot_acl_rules_source_conversation_type_check CHECK (
+        source_conversation_type IS NULL OR source_conversation_type IN ('private', 'group', 'thread')
+      );
+  END IF;
+
+  IF NOT EXISTS (
+    SELECT 1 FROM pg_constraint WHERE conname = 'bot_acl_rules_source_scope_check'
+  ) THEN
+    ALTER TABLE bot_acl_rules
+      ADD CONSTRAINT bot_acl_rules_source_scope_check CHECK (
+        (source_conversation_id IS NULL AND source_thread_id IS NULL)
+        OR source_channel IS NOT NULL
+      );
+  END IF;
+
+  IF NOT EXISTS (
+    SELECT 1 FROM pg_constraint WHERE conname = 'bot_acl_rules_source_thread_check'
+  ) THEN
+    ALTER TABLE bot_acl_rules
+      ADD CONSTRAINT bot_acl_rules_source_thread_check CHECK (
+        source_thread_id IS NULL OR source_conversation_id IS NOT NULL
+      );
+  END IF;
+
+  IF NOT EXISTS (
+    SELECT 1 FROM pg_constraint WHERE conname = 'bot_acl_rules_unique_user'
+  ) THEN
+    ALTER TABLE bot_acl_rules
+      ADD CONSTRAINT bot_acl_rules_unique_user UNIQUE NULLS NOT DISTINCT (
+        bot_id, action, effect, subject_kind, user_id,
+        source_channel, source_conversation_type, source_conversation_id, source_thread_id
+      );
+  END IF;
+
+  IF NOT EXISTS (
+    SELECT 1 FROM pg_constraint WHERE conname = 'bot_acl_rules_unique_channel_identity'
+  ) THEN
+    ALTER TABLE bot_acl_rules
+      ADD CONSTRAINT bot_acl_rules_unique_channel_identity UNIQUE NULLS NOT DISTINCT (
+        bot_id, action, effect, subject_kind, channel_identity_id,
+        source_channel, source_conversation_type, source_conversation_id, source_thread_id
+      );
+  END IF;
+END $$;
+
+CREATE INDEX IF NOT EXISTS idx_bot_history_messages_identity_route_created
+  ON bot_history_messages(bot_id, sender_channel_identity_id, route_id, created_at DESC);
diff --git a/db/queries/acl.sql b/db/queries/acl.sql
new file mode 100644
index 00000000..bd46406e
--- /dev/null
+++ b/db/queries/acl.sql
@@ -0,0 +1,136 @@
+-- name: UpsertBotACLGuestAllAllowRule :one
+INSERT INTO bot_acl_rules (bot_id, action, effect, subject_kind, created_by_user_id)
+VALUES ($1, 'chat.trigger', 'allow', 'guest_all', $2)
+ON CONFLICT ON CONSTRAINT bot_acl_rules_unique_user
+DO UPDATE SET
+  created_by_user_id = COALESCE(EXCLUDED.created_by_user_id, bot_acl_rules.created_by_user_id),
+  updated_at = now()
+RETURNING id, bot_id, action, effect, subject_kind, user_id, channel_identity_id, source_channel, source_conversation_type, source_conversation_id, source_thread_id, created_by_user_id, created_at, updated_at;
+
+-- name: UpsertBotACLUserRule :one
+INSERT INTO bot_acl_rules (
+  bot_id, action, effect, subject_kind, user_id,
+  source_channel, source_conversation_type, source_conversation_id, source_thread_id,
+  created_by_user_id
+)
+VALUES (
+  $1, 'chat.trigger', $2, 'user', $3,
+  sqlc.narg(source_channel)::text,
+  sqlc.narg(source_conversation_type)::text,
+  sqlc.narg(source_conversation_id)::text,
+  sqlc.narg(source_thread_id)::text,
+  $4
+)
+ON CONFLICT ON CONSTRAINT bot_acl_rules_unique_user
+DO UPDATE SET
+  created_by_user_id = COALESCE(EXCLUDED.created_by_user_id, bot_acl_rules.created_by_user_id),
+  updated_at = now()
+RETURNING id, bot_id, action, effect, subject_kind, user_id, channel_identity_id, source_channel, source_conversation_type, source_conversation_id, source_thread_id, created_by_user_id, created_at, updated_at;
+
+-- name: UpsertBotACLChannelIdentityRule :one
+INSERT INTO bot_acl_rules (
+  bot_id, action, effect, subject_kind, channel_identity_id,
+  source_channel, source_conversation_type, source_conversation_id, source_thread_id,
+  created_by_user_id
+)
+VALUES (
+  $1, 'chat.trigger', $2, 'channel_identity', $3,
+  sqlc.narg(source_channel)::text,
+  sqlc.narg(source_conversation_type)::text,
+  sqlc.narg(source_conversation_id)::text,
+  sqlc.narg(source_thread_id)::text,
+  $4
+)
+ON CONFLICT ON CONSTRAINT bot_acl_rules_unique_channel_identity
+DO UPDATE SET
+  created_by_user_id = COALESCE(EXCLUDED.created_by_user_id, bot_acl_rules.created_by_user_id),
+  updated_at = now()
+RETURNING id, bot_id, action, effect, subject_kind, user_id, channel_identity_id, source_channel, source_conversation_type, source_conversation_id, source_thread_id, created_by_user_id, created_at, updated_at;
+
+-- name: DeleteBotACLGuestAllAllowRule :exec
+DELETE FROM bot_acl_rules
+WHERE bot_id = $1
+  AND action = 'chat.trigger'
+  AND effect = 'allow'
+  AND subject_kind = 'guest_all';
+
+-- name: DeleteBotACLRuleByID :exec
+DELETE FROM bot_acl_rules
+WHERE id = $1;
+
+-- name: HasBotACLGuestAllAllowRule :one
+SELECT EXISTS (
+  SELECT 1
+  FROM bot_acl_rules
+  WHERE bot_id = $1
+    AND action = 'chat.trigger'
+    AND effect = 'allow'
+    AND subject_kind = 'guest_all'
+) AS allowed;
+
+-- name: HasBotACLUserRule :one
+SELECT EXISTS (
+  SELECT 1
+  FROM bot_acl_rules
+  WHERE bot_id = $1
+    AND action = 'chat.trigger'
+    AND effect = $2
+    AND subject_kind = 'user'
+    AND user_id = $3
+    AND (source_channel IS NULL OR source_channel = sqlc.narg(source_channel)::text)
+    AND (source_conversation_type IS NULL OR source_conversation_type = sqlc.narg(source_conversation_type)::text)
+    AND (source_conversation_id IS NULL OR source_conversation_id = sqlc.narg(source_conversation_id)::text)
+    AND (source_thread_id IS NULL OR source_thread_id = sqlc.narg(source_thread_id)::text)
+) AS matched;
+
+-- name: HasBotACLChannelIdentityRule :one
+SELECT EXISTS (
+  SELECT 1
+  FROM bot_acl_rules
+  WHERE bot_id = $1
+    AND action = 'chat.trigger'
+    AND effect = $2
+    AND subject_kind = 'channel_identity'
+    AND channel_identity_id = $3
+    AND (source_channel IS NULL OR source_channel = sqlc.narg(source_channel)::text)
+    AND (source_conversation_type IS NULL OR source_conversation_type = sqlc.narg(source_conversation_type)::text)
+    AND (source_conversation_id IS NULL OR source_conversation_id = sqlc.narg(source_conversation_id)::text)
+    AND (source_thread_id IS NULL OR source_thread_id = sqlc.narg(source_thread_id)::text)
+) AS matched;
+
+-- name: ListBotACLSubjectRulesByEffect :many
+SELECT
+  r.id,
+  r.bot_id,
+  r.action,
+  r.effect,
+  r.subject_kind,
+  r.user_id,
+  r.channel_identity_id,
+  r.source_channel,
+  r.source_conversation_type,
+  r.source_conversation_id,
+  r.source_thread_id,
+  r.created_by_user_id,
+  r.created_at,
+  r.updated_at,
+  u.username AS user_username,
+  u.display_name AS user_display_name,
+  u.avatar_url AS user_avatar_url,
+  ci.channel_type,
+  ci.channel_subject_id,
+  ci.display_name AS channel_identity_display_name,
+  ci.avatar_url AS channel_identity_avatar_url,
+  linked.id AS linked_user_id,
+  linked.username AS linked_user_username,
+  linked.display_name AS linked_user_display_name,
+  linked.avatar_url AS linked_user_avatar_url
+FROM bot_acl_rules r
+LEFT JOIN users u ON u.id = r.user_id
+LEFT JOIN channel_identities ci ON ci.id = r.channel_identity_id
+LEFT JOIN users linked ON linked.id = ci.user_id
+WHERE r.bot_id = $1
+  AND r.action = 'chat.trigger'
+  AND r.effect = $2
+  AND r.subject_kind IN ('user', 'channel_identity')
+ORDER BY r.created_at DESC;
diff --git a/db/queries/bots.sql b/db/queries/bots.sql
index 9def1de4..8b29d122 100644
--- a/db/queries/bots.sql
+++ b/db/queries/bots.sql
@@ -1,26 +1,19 @@
 -- name: CreateBot :one
 INSERT INTO bots (owner_user_id, type, display_name, avatar_url, is_active, metadata, status)
 VALUES ($1, $2, $3, $4, $5, $6, $7)
-RETURNING id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, max_inbox_items, language, allow_guest, reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at;
+RETURNING id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, max_inbox_items, language, reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at;
 
 -- name: GetBotByID :one
-SELECT id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, max_inbox_items, language, allow_guest, reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at
+SELECT id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, max_inbox_items, language, reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at
 FROM bots
 WHERE id = $1;
 
 -- name: ListBotsByOwner :many
-SELECT id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, max_inbox_items, language, allow_guest, reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at
+SELECT id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, max_inbox_items, language, reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at
 FROM bots
 WHERE owner_user_id = $1
 ORDER BY created_at DESC;
 
--- name: ListBotsByMember :many
-SELECT b.id, b.owner_user_id, b.type, b.display_name, b.avatar_url, b.is_active, b.status, b.max_context_load_time, b.max_context_tokens, b.max_inbox_items, b.language, b.allow_guest, b.reasoning_enabled, b.reasoning_effort, b.chat_model_id, b.search_provider_id, b.memory_provider_id, b.heartbeat_enabled, b.heartbeat_interval, b.heartbeat_prompt, b.metadata, b.created_at, b.updated_at
-FROM bots b
-JOIN bot_members m ON m.bot_id = b.id
-WHERE m.user_id = $1
-ORDER BY b.created_at DESC;
-
 -- name: UpdateBotProfile :one
 UPDATE bots
 SET display_name = $2,
@@ -29,14 +22,14 @@ SET display_name = $2,
     metadata = $5,
     updated_at = now()
 WHERE id = $1
-RETURNING id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, max_inbox_items, language, allow_guest, reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at;
+RETURNING id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, max_inbox_items, language, reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at;
 
 -- name: UpdateBotOwner :one
 UPDATE bots
 SET owner_user_id = $2,
     updated_at = now()
 WHERE id = $1
-RETURNING id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, max_inbox_items, language, allow_guest, reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at;
+RETURNING id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, max_inbox_items, language, reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at;
 
 -- name: UpdateBotStatus :exec
 UPDATE bots
@@ -47,28 +40,6 @@ WHERE id = $1;
 -- name: DeleteBotByID :exec
 DELETE FROM bots WHERE id = $1;
 
--- name: UpsertBotMember :one
-INSERT INTO bot_members (bot_id, user_id, role)
-VALUES ($1, $2, $3)
-ON CONFLICT (bot_id, user_id) DO UPDATE SET
-  role = EXCLUDED.role
-RETURNING bot_id, user_id, role, created_at;
-
--- name: ListBotMembers :many
-SELECT bot_id, user_id, role, created_at
-FROM bot_members
-WHERE bot_id = $1
-ORDER BY created_at DESC;
-
--- name: GetBotMember :one
-SELECT bot_id, user_id, role, created_at
-FROM bot_members
-WHERE bot_id = $1 AND user_id = $2
-LIMIT 1;
-
--- name: DeleteBotMember :exec
-DELETE FROM bot_members WHERE bot_id = $1 AND user_id = $2;
-
 -- name: ListHeartbeatEnabledBots :many
 SELECT id, owner_user_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt
 FROM bots
diff --git a/db/queries/channel_identities.sql b/db/queries/channel_identities.sql
index cb345456..cef7e909 100644
--- a/db/queries/channel_identities.sql
+++ b/db/queries/channel_identities.sql
@@ -37,6 +37,32 @@ FROM channel_identities
 WHERE user_id = $1
 ORDER BY created_at DESC;
 
+-- name: SearchChannelIdentities :many
+SELECT
+  ci.id,
+  ci.user_id,
+  ci.channel_type,
+  ci.channel_subject_id,
+  ci.display_name,
+  ci.avatar_url,
+  ci.metadata,
+  ci.created_at,
+  ci.updated_at,
+  u.username AS linked_username,
+  u.display_name AS linked_display_name,
+  u.avatar_url AS linked_avatar_url
+FROM channel_identities ci
+LEFT JOIN users u ON u.id = ci.user_id
+WHERE
+  sqlc.arg(query)::text = ''
+  OR ci.channel_type ILIKE '%' || sqlc.arg(query)::text || '%'
+  OR ci.channel_subject_id ILIKE '%' || sqlc.arg(query)::text || '%'
+  OR COALESCE(ci.display_name, '') ILIKE '%' || sqlc.arg(query)::text || '%'
+  OR COALESCE(u.username, '') ILIKE '%' || sqlc.arg(query)::text || '%'
+  OR COALESCE(u.display_name, '') ILIKE '%' || sqlc.arg(query)::text || '%'
+ORDER BY ci.updated_at DESC
+LIMIT sqlc.arg(limit_count);
+
 -- name: SetChannelIdentityLinkedUser :one
 UPDATE channel_identities
 SET user_id = $2, updated_at = now()
diff --git a/db/queries/conversations.sql b/db/queries/conversations.sql
index 2a611613..1125cd9f 100644
--- a/db/queries/conversations.sql
+++ b/db/queries/conversations.sql
@@ -44,10 +44,9 @@ SELECT
   b.created_at,
   b.updated_at
 FROM bots b
-LEFT JOIN bot_members bm ON bm.bot_id = b.id AND bm.user_id = sqlc.arg(user_id)
 LEFT JOIN models chat_models ON chat_models.id = b.chat_model_id
 WHERE b.id = sqlc.arg(bot_id)
-  AND (b.owner_user_id = sqlc.arg(user_id) OR bm.user_id IS NOT NULL)
+  AND b.owner_user_id = sqlc.arg(user_id)
 ORDER BY b.updated_at DESC;
 
 -- name: ListVisibleChatsByBotAndUser :many
@@ -69,24 +68,19 @@ SELECT
   END)::text AS participant_role,
   NULL::timestamptz AS last_observed_at
 FROM bots b
-LEFT JOIN bot_members bm ON bm.bot_id = b.id AND bm.user_id = sqlc.arg(user_id)
 LEFT JOIN models chat_models ON chat_models.id = b.chat_model_id
 WHERE b.id = sqlc.arg(bot_id)
-  AND (b.owner_user_id = sqlc.arg(user_id) OR bm.user_id IS NOT NULL)
+  AND b.owner_user_id = sqlc.arg(user_id)
 ORDER BY b.updated_at DESC;
 
 -- name: GetChatReadAccessByUser :one
 SELECT
   'participant'::text AS access_mode,
-  (CASE
-    WHEN b.owner_user_id = sqlc.arg(user_id) THEN 'owner'
-    ELSE COALESCE(bm.role, ''::text)
-  END)::text AS participant_role,
+  'owner'::text AS participant_role,
   NULL::timestamptz AS last_observed_at
 FROM bots b
-LEFT JOIN bot_members bm ON bm.bot_id = b.id AND bm.user_id = sqlc.arg(user_id)
 WHERE b.id = sqlc.arg(chat_id)
-  AND (b.owner_user_id = sqlc.arg(user_id) OR bm.user_id IS NOT NULL)
+  AND b.owner_user_id = sqlc.arg(user_id)
 LIMIT 1;
 
 -- name: ListThreadsByParent :many
@@ -141,66 +135,26 @@ WITH deleted_messages AS (
 DELETE FROM bot_channel_routes bcr
 WHERE bcr.bot_id = sqlc.arg(chat_id);
 
--- chat_participants
-
--- name: AddChatParticipant :one
-INSERT INTO bot_members (bot_id, user_id, role)
-VALUES (sqlc.arg(chat_id), sqlc.arg(user_id), sqlc.arg(role))
-ON CONFLICT (bot_id, user_id) DO UPDATE SET role = EXCLUDED.role
-RETURNING bot_id AS chat_id, user_id, role, created_at AS joined_at;
-
 -- name: GetChatParticipant :one
-WITH owner_participant AS (
-  SELECT b.id AS chat_id, b.owner_user_id AS user_id, 'owner'::text AS role, b.created_at AS joined_at
-  FROM bots b
-  WHERE b.id = sqlc.arg(chat_id) AND b.owner_user_id = sqlc.arg(user_id)
-),
-member_participant AS (
-  SELECT bm.bot_id AS chat_id, bm.user_id, bm.role, bm.created_at AS joined_at
-  FROM bot_members bm
-  WHERE bm.bot_id = sqlc.arg(chat_id) AND bm.user_id = sqlc.arg(user_id)
-)
-SELECT chat_id, user_id, role, joined_at
-FROM (
-  SELECT * FROM owner_participant
-  UNION ALL
-  SELECT * FROM member_participant
-) p
-ORDER BY CASE WHEN role = 'owner' THEN 0 ELSE 1 END
+SELECT b.id AS chat_id, b.owner_user_id AS user_id, 'owner'::text AS role, b.created_at AS joined_at
+FROM bots b
+WHERE b.id = sqlc.arg(chat_id) AND b.owner_user_id = sqlc.arg(user_id)
 LIMIT 1;
 
 -- name: ListChatParticipants :many
-WITH owner_participant AS (
-  SELECT b.id AS chat_id, b.owner_user_id AS user_id, 'owner'::text AS role, b.created_at AS joined_at
-  FROM bots b
-  WHERE b.id = sqlc.arg(chat_id)
-),
-member_participant AS (
-  SELECT bm.bot_id AS chat_id, bm.user_id, bm.role, bm.created_at AS joined_at
-  FROM bot_members bm
-  WHERE bm.bot_id = sqlc.arg(chat_id)
-    AND bm.user_id <> (SELECT owner_user_id FROM bots WHERE id = sqlc.arg(chat_id))
-)
-SELECT chat_id, user_id, role, joined_at
-FROM (
-  SELECT * FROM owner_participant
-  UNION ALL
-  SELECT * FROM member_participant
-) p
+SELECT b.id AS chat_id, b.owner_user_id AS user_id, 'owner'::text AS role, b.created_at AS joined_at
+FROM bots b
+WHERE b.id = sqlc.arg(chat_id)
 ORDER BY joined_at ASC;
 
 -- name: RemoveChatParticipant :exec
-DELETE FROM bot_members
-WHERE bot_id = sqlc.arg(chat_id)
-  AND user_id = sqlc.arg(user_id)
-  AND user_id <> (SELECT owner_user_id FROM bots WHERE id = sqlc.arg(chat_id));
-
--- name: CopyParticipantsToChat :exec
-INSERT INTO bot_members (bot_id, user_id, role)
-SELECT sqlc.arg(chat_id_2), bm.user_id, bm.role
-FROM bot_members bm
-WHERE bm.bot_id = sqlc.arg(chat_id)
-ON CONFLICT (bot_id, user_id) DO NOTHING;
+SELECT 1
+WHERE EXISTS (
+  SELECT 1
+  FROM bots b
+  WHERE b.id = sqlc.arg(chat_id)
+    AND b.owner_user_id = sqlc.arg(user_id)
+);
 
 -- chat_settings
 
diff --git a/db/queries/messages.sql b/db/queries/messages.sql
index 0abfda5f..92f67ba0 100644
--- a/db/queries/messages.sql
+++ b/db/queries/messages.sql
@@ -162,3 +162,25 @@ LIMIT sqlc.arg(max_count);
 -- name: DeleteMessagesByBot :exec
 DELETE FROM bot_history_messages
 WHERE bot_id = sqlc.arg(bot_id);
+
+-- name: ListObservedConversationsByChannelIdentity :many
+SELECT
+  r.id AS route_id,
+  r.channel_type AS channel,
+  COALESCE(r.conversation_type, '') AS conversation_type,
+  r.external_conversation_id AS conversation_id,
+  COALESCE(r.external_thread_id, '') AS thread_id,
+  COALESCE(r.metadata->>'conversation_name', '')::text AS conversation_name,
+  MAX(m.created_at)::timestamptz AS last_observed_at
+FROM bot_history_messages m
+JOIN bot_channel_routes r ON r.id = m.route_id
+WHERE m.bot_id = sqlc.arg(bot_id)
+  AND m.sender_channel_identity_id = sqlc.arg(channel_identity_id)
+GROUP BY
+  r.id,
+  r.channel_type,
+  r.conversation_type,
+  r.external_conversation_id,
+  r.external_thread_id,
+  r.metadata
+ORDER BY MAX(m.created_at) DESC;
diff --git a/db/queries/preauth.sql b/db/queries/preauth.sql
deleted file mode 100644
index 75d781f4..00000000
--- a/db/queries/preauth.sql
+++ /dev/null
@@ -1,18 +0,0 @@
--- name: CreateBotPreauthKey :one
-INSERT INTO bot_preauth_keys (bot_id, token, issued_by_user_id, expires_at)
-VALUES ($1, $2, $3, $4)
-RETURNING id, bot_id, token, issued_by_user_id, expires_at, used_at, created_at;
-
--- name: GetBotPreauthKey :one
-SELECT id, bot_id, token, issued_by_user_id, expires_at, used_at, created_at
-FROM bot_preauth_keys
-WHERE token = $1
-  AND used_at IS NULL
-  AND (expires_at IS NULL OR expires_at > now())
-LIMIT 1;
-
--- name: MarkBotPreauthKeyUsed :one
-UPDATE bot_preauth_keys
-SET used_at = now()
-WHERE id = $1
-RETURNING id, bot_id, token, issued_by_user_id, expires_at, used_at, created_at;
diff --git a/db/queries/settings.sql b/db/queries/settings.sql
index 137ca911..578a772f 100644
--- a/db/queries/settings.sql
+++ b/db/queries/settings.sql
@@ -5,7 +5,6 @@ SELECT
   bots.max_context_tokens,
   bots.max_inbox_items,
   bots.language,
-  bots.allow_guest,
   bots.reasoning_enabled,
   bots.reasoning_effort,
   bots.heartbeat_enabled,
@@ -33,7 +32,6 @@ WITH updated AS (
       max_context_tokens = sqlc.arg(max_context_tokens),
       max_inbox_items = sqlc.arg(max_inbox_items),
       language = sqlc.arg(language),
-      allow_guest = sqlc.arg(allow_guest),
       reasoning_enabled = sqlc.arg(reasoning_enabled),
       reasoning_effort = sqlc.arg(reasoning_effort),
       heartbeat_enabled = sqlc.arg(heartbeat_enabled),
@@ -47,7 +45,7 @@ WITH updated AS (
       browser_context_id = COALESCE(sqlc.narg(browser_context_id)::uuid, bots.browser_context_id),
       updated_at = now()
   WHERE bots.id = sqlc.arg(id)
-  RETURNING bots.id, bots.max_context_load_time, bots.max_context_tokens, bots.max_inbox_items, bots.language, bots.allow_guest, bots.reasoning_enabled, bots.reasoning_effort, bots.heartbeat_enabled, bots.heartbeat_interval, bots.heartbeat_prompt, bots.chat_model_id, bots.heartbeat_model_id, bots.search_provider_id, bots.memory_provider_id, bots.tts_model_id, bots.browser_context_id
+  RETURNING bots.id, bots.max_context_load_time, bots.max_context_tokens, bots.max_inbox_items, bots.language, bots.reasoning_enabled, bots.reasoning_effort, bots.heartbeat_enabled, bots.heartbeat_interval, bots.heartbeat_prompt, bots.chat_model_id, bots.heartbeat_model_id, bots.search_provider_id, bots.memory_provider_id, bots.tts_model_id, bots.browser_context_id
 )
 SELECT
   updated.id AS bot_id,
@@ -55,7 +53,6 @@ SELECT
   updated.max_context_tokens,
   updated.max_inbox_items,
   updated.language,
-  updated.allow_guest,
   updated.reasoning_enabled,
   updated.reasoning_effort,
   updated.heartbeat_enabled,
@@ -81,7 +78,6 @@ SET max_context_load_time = 1440,
     max_context_tokens = 0,
     max_inbox_items = 50,
     language = 'auto',
-    allow_guest = false,
     reasoning_enabled = false,
     reasoning_effort = 'medium',
     heartbeat_enabled = false,
diff --git a/db/queries/users.sql b/db/queries/users.sql
index 11f6b634..6b6b526b 100644
--- a/db/queries/users.sql
+++ b/db/queries/users.sql
@@ -64,6 +64,19 @@ SELECT * FROM users
 WHERE username IS NOT NULL
 ORDER BY created_at DESC;
 
+-- name: SearchAccounts :many
+SELECT *
+FROM users
+WHERE username IS NOT NULL
+  AND (
+    sqlc.arg(query)::text = ''
+    OR username ILIKE '%' || sqlc.arg(query)::text || '%'
+    OR COALESCE(display_name, '') ILIKE '%' || sqlc.arg(query)::text || '%'
+    OR COALESCE(email, '') ILIKE '%' || sqlc.arg(query)::text || '%'
+  )
+ORDER BY last_login_at DESC NULLS LAST, created_at DESC
+LIMIT sqlc.arg(limit_count);
+
 -- name: UpdateAccountProfile :one
 UPDATE users
 SET display_name = $2,
diff --git a/devenv/docker-compose.yml b/devenv/docker-compose.yml
index 8bd54b04..eb4fb3f4 100644
--- a/devenv/docker-compose.yml
+++ b/devenv/docker-compose.yml
@@ -137,28 +137,28 @@ services:
         condition: service_healthy
     restart: unless-stopped
 
-  browser:
-    build:
-      context: ..
-      dockerfile: devenv/Dockerfile.browser
-      args:
-        BROWSER_CORES: ${BROWSER_CORES:-chromium,firefox}
-    container_name: memoh-dev-browser
-    working_dir: /workspace/apps/browser
-    command: ["bun", "run", "--watch", "src/index.ts"]
-    environment:
-      - BROWSER_CORES=${BROWSER_CORES:-chromium,firefox}
-    volumes:
-      - ..:/workspace
-      - node_modules:/workspace/node_modules
-    ports:
-      - "8083:8083"
-    depends_on:
-      deps:
-        condition: service_completed_successfully
-      server:
-        condition: service_healthy
-    restart: unless-stopped
+  # browser:
+  #   build:
+  #     context: ..
+  #     dockerfile: devenv/Dockerfile.browser
+  #     args:
+  #       BROWSER_CORES: ${BROWSER_CORES:-chromium,firefox}
+  #   container_name: memoh-dev-browser
+  #   working_dir: /workspace/apps/browser
+  #   command: ["bun", "run", "--watch", "src/index.ts"]
+  #   environment:
+  #     - BROWSER_CORES=${BROWSER_CORES:-chromium,firefox}
+  #   volumes:
+  #     - ..:/workspace
+  #     - node_modules:/workspace/node_modules
+  #   ports:
+  #     - "8083:8083"
+  #   depends_on:
+  #     deps:
+  #       condition: service_completed_successfully
+  #     server:
+  #       condition: service_healthy
+  #   restart: unless-stopped
 
   sparse:
     build:
diff --git a/internal/accounts/service.go b/internal/accounts/service.go
index 28116b6d..5df2afb3 100644
--- a/internal/accounts/service.go
+++ b/internal/accounts/service.go
@@ -104,6 +104,28 @@ func (s *Service) ListAccounts(ctx context.Context) ([]Account, error) {
 	return items, nil
 }
 
+// SearchAccounts returns account candidates for UI search.
+func (s *Service) SearchAccounts(ctx context.Context, query string, limit int) ([]Account, error) {
+	if s.queries == nil {
+		return nil, errors.New("account queries not configured")
+	}
+	if limit <= 0 {
+		limit = 50
+	}
+	rows, err := s.queries.SearchAccounts(ctx, sqlc.SearchAccountsParams{
+		Query:      strings.TrimSpace(query),
+		LimitCount: int32(limit),
+	})
+	if err != nil {
+		return nil, err
+	}
+	items := make([]Account, 0, len(rows))
+	for _, row := range rows {
+		items = append(items, toAccount(row))
+	}
+	return items, nil
+}
+
 // IsAdmin checks if the user has admin role.
 func (s *Service) IsAdmin(ctx context.Context, userID string) (bool, error) {
 	if s.queries == nil {
diff --git a/internal/acl/service.go b/internal/acl/service.go
new file mode 100644
index 00000000..6a3af264
--- /dev/null
+++ b/internal/acl/service.go
@@ -0,0 +1,474 @@
+package acl
+
+import (
+	"context"
+	"errors"
+	"log/slog"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/jackc/pgx/v5/pgtype"
+
+	"github.com/memohai/memoh/internal/bots"
+	"github.com/memohai/memoh/internal/db"
+	"github.com/memohai/memoh/internal/db/sqlc"
+)
+
+var (
+	ErrInvalidRuleSubject = errors.New("exactly one of user_id or channel_identity_id is required")
+	ErrInvalidSourceScope = errors.New("invalid source scope")
+)
+
+type Service struct {
+	queries *sqlc.Queries
+	bots    *bots.Service
+	logger  *slog.Logger
+}
+
+func NewService(log *slog.Logger, queries *sqlc.Queries, botService *bots.Service) *Service {
+	if log == nil {
+		log = slog.Default()
+	}
+	return &Service{
+		queries: queries,
+		bots:    botService,
+		logger:  log.With(slog.String("service", "acl")),
+	}
+}
+
+func (s *Service) AllowGuestEnabled(ctx context.Context, botID string) (bool, error) {
+	if s == nil || s.queries == nil {
+		return false, errors.New("acl queries not configured")
+	}
+	pgBotID, err := db.ParseUUID(botID)
+	if err != nil {
+		return false, err
+	}
+	return s.queries.HasBotACLGuestAllAllowRule(ctx, pgBotID)
+}
+
+func (s *Service) SetAllowGuest(ctx context.Context, botID, createdByUserID string, enabled bool) error {
+	if s == nil || s.queries == nil {
+		return errors.New("acl queries not configured")
+	}
+	pgBotID, err := db.ParseUUID(botID)
+	if err != nil {
+		return err
+	}
+	if enabled {
+		_, err = s.queries.UpsertBotACLGuestAllAllowRule(ctx, sqlc.UpsertBotACLGuestAllAllowRuleParams{
+			BotID:           pgBotID,
+			CreatedByUserID: optionalUUID(createdByUserID),
+		})
+		return err
+	}
+	return s.queries.DeleteBotACLGuestAllAllowRule(ctx, pgBotID)
+}
+
+func (s *Service) ListWhitelist(ctx context.Context, botID string) ([]Rule, error) {
+	return s.listByEffect(ctx, botID, EffectAllow)
+}
+
+func (s *Service) ListBlacklist(ctx context.Context, botID string) ([]Rule, error) {
+	return s.listByEffect(ctx, botID, EffectDeny)
+}
+
+func (s *Service) AddWhitelistEntry(ctx context.Context, botID, createdByUserID string, req UpsertRuleRequest) (Rule, error) {
+	return s.upsertEntry(ctx, botID, createdByUserID, EffectAllow, req)
+}
+
+func (s *Service) AddBlacklistEntry(ctx context.Context, botID, createdByUserID string, req UpsertRuleRequest) (Rule, error) {
+	return s.upsertEntry(ctx, botID, createdByUserID, EffectDeny, req)
+}
+
+func (s *Service) DeleteRule(ctx context.Context, ruleID string) error {
+	if s == nil || s.queries == nil {
+		return errors.New("acl queries not configured")
+	}
+	pgRuleID, err := db.ParseUUID(ruleID)
+	if err != nil {
+		return err
+	}
+	return s.queries.DeleteBotACLRuleByID(ctx, pgRuleID)
+}
+
+func (s *Service) CanPerformChatTrigger(ctx context.Context, req ChatTriggerRequest) (bool, error) {
+	if s == nil {
+		return false, errors.New("acl service not configured")
+	}
+	botID := strings.TrimSpace(req.BotID)
+	userID := strings.TrimSpace(req.UserID)
+	channelIdentityID := strings.TrimSpace(req.ChannelIdentityID)
+	sourceScope, err := normalizeSourceScope(req.SourceScope)
+	if err != nil {
+		return false, err
+	}
+	if s.queries == nil || s.bots == nil {
+		return false, errors.New("acl service not configured")
+	}
+
+	bot, err := s.bots.Get(ctx, botID)
+	if err != nil {
+		return false, err
+	}
+	if userID != "" && strings.TrimSpace(bot.OwnerUserID) == userID {
+		return true, nil
+	}
+
+	pgBotID, err := db.ParseUUID(botID)
+	if err != nil {
+		return false, err
+	}
+	if userID != "" {
+		matched, err := s.queries.HasBotACLUserRule(ctx, sqlc.HasBotACLUserRuleParams{
+			BotID:                  pgBotID,
+			Effect:                 EffectDeny,
+			UserID:                 optionalUUID(userID),
+			SourceChannel:          optionalText(sourceScope.Channel),
+			SourceConversationType: optionalText(sourceScope.ConversationType),
+			SourceConversationID:   optionalText(sourceScope.ConversationID),
+			SourceThreadID:         optionalText(sourceScope.ThreadID),
+		})
+		if err != nil {
+			return false, err
+		}
+		if matched {
+			return false, nil
+		}
+	}
+	if channelIdentityID != "" {
+		matched, err := s.queries.HasBotACLChannelIdentityRule(ctx, sqlc.HasBotACLChannelIdentityRuleParams{
+			BotID:                  pgBotID,
+			Effect:                 EffectDeny,
+			ChannelIdentityID:      optionalUUID(channelIdentityID),
+			SourceChannel:          optionalText(sourceScope.Channel),
+			SourceConversationType: optionalText(sourceScope.ConversationType),
+			SourceConversationID:   optionalText(sourceScope.ConversationID),
+			SourceThreadID:         optionalText(sourceScope.ThreadID),
+		})
+		if err != nil {
+			return false, err
+		}
+		if matched {
+			return false, nil
+		}
+	}
+	if userID != "" {
+		matched, err := s.queries.HasBotACLUserRule(ctx, sqlc.HasBotACLUserRuleParams{
+			BotID:                  pgBotID,
+			Effect:                 EffectAllow,
+			UserID:                 optionalUUID(userID),
+			SourceChannel:          optionalText(sourceScope.Channel),
+			SourceConversationType: optionalText(sourceScope.ConversationType),
+			SourceConversationID:   optionalText(sourceScope.ConversationID),
+			SourceThreadID:         optionalText(sourceScope.ThreadID),
+		})
+		if err != nil {
+			return false, err
+		}
+		if matched {
+			return true, nil
+		}
+	}
+	if channelIdentityID != "" {
+		matched, err := s.queries.HasBotACLChannelIdentityRule(ctx, sqlc.HasBotACLChannelIdentityRuleParams{
+			BotID:                  pgBotID,
+			Effect:                 EffectAllow,
+			ChannelIdentityID:      optionalUUID(channelIdentityID),
+			SourceChannel:          optionalText(sourceScope.Channel),
+			SourceConversationType: optionalText(sourceScope.ConversationType),
+			SourceConversationID:   optionalText(sourceScope.ConversationID),
+			SourceThreadID:         optionalText(sourceScope.ThreadID),
+		})
+		if err != nil {
+			return false, err
+		}
+		if matched {
+			return true, nil
+		}
+	}
+	return s.queries.HasBotACLGuestAllAllowRule(ctx, pgBotID)
+}
+
+func (s *Service) ListObservedConversationsByChannelIdentity(ctx context.Context, botID, channelIdentityID string) ([]ObservedConversationCandidate, error) {
+	if s == nil || s.queries == nil {
+		return nil, errors.New("acl queries not configured")
+	}
+	pgBotID, err := db.ParseUUID(botID)
+	if err != nil {
+		return nil, err
+	}
+	pgChannelIdentityID, err := db.ParseUUID(channelIdentityID)
+	if err != nil {
+		return nil, err
+	}
+	rows, err := s.queries.ListObservedConversationsByChannelIdentity(ctx, sqlc.ListObservedConversationsByChannelIdentityParams{
+		BotID:             pgBotID,
+		ChannelIdentityID: pgChannelIdentityID,
+	})
+	if err != nil {
+		return nil, err
+	}
+	items := make([]ObservedConversationCandidate, 0, len(rows))
+	for _, row := range rows {
+		items = append(items, ObservedConversationCandidate{
+			RouteID:          row.RouteID.String(),
+			Channel:          strings.TrimSpace(row.Channel),
+			ConversationType: strings.TrimSpace(row.ConversationType),
+			ConversationID:   strings.TrimSpace(row.ConversationID),
+			ThreadID:         strings.TrimSpace(row.ThreadID),
+			ConversationName: strings.TrimSpace(row.ConversationName),
+			LastObservedAt:   timeFromPg(row.LastObservedAt),
+		})
+	}
+	return items, nil
+}
+
+func (s *Service) listByEffect(ctx context.Context, botID, effect string) ([]Rule, error) {
+	if s == nil || s.queries == nil {
+		return nil, errors.New("acl queries not configured")
+	}
+	pgBotID, err := db.ParseUUID(botID)
+	if err != nil {
+		return nil, err
+	}
+	rows, err := s.queries.ListBotACLSubjectRulesByEffect(ctx, sqlc.ListBotACLSubjectRulesByEffectParams{
+		BotID:  pgBotID,
+		Effect: effect,
+	})
+	if err != nil {
+		return nil, err
+	}
+	items := make([]Rule, 0, len(rows))
+	for _, row := range rows {
+		items = append(items, toRule(row))
+	}
+	return items, nil
+}
+
+func (s *Service) upsertEntry(ctx context.Context, botID, createdByUserID, effect string, req UpsertRuleRequest) (Rule, error) {
+	if s == nil || s.queries == nil {
+		return Rule{}, errors.New("acl queries not configured")
+	}
+	pgBotID, err := db.ParseUUID(botID)
+	if err != nil {
+		return Rule{}, err
+	}
+	userID := strings.TrimSpace(req.UserID)
+	channelIdentityID := strings.TrimSpace(req.ChannelIdentityID)
+	sourceScope, err := normalizeOptionalSourceScope(req.SourceScope)
+	if err != nil {
+		return Rule{}, err
+	}
+	if (userID == "" && channelIdentityID == "") || (userID != "" && channelIdentityID != "") {
+		return Rule{}, ErrInvalidRuleSubject
+	}
+	if userID != "" {
+		row, err := s.queries.UpsertBotACLUserRule(ctx, sqlc.UpsertBotACLUserRuleParams{
+			BotID:                  pgBotID,
+			Effect:                 effect,
+			UserID:                 optionalUUID(userID),
+			SourceChannel:          optionalText(sourceScope.Channel),
+			SourceConversationType: optionalText(sourceScope.ConversationType),
+			SourceConversationID:   optionalText(sourceScope.ConversationID),
+			SourceThreadID:         optionalText(sourceScope.ThreadID),
+			CreatedByUserID:        optionalUUID(createdByUserID),
+		})
+		if err != nil {
+			return Rule{}, err
+		}
+		return ruleFromWriteRow(
+			row.ID,
+			row.BotID,
+			row.Action,
+			row.Effect,
+			row.SubjectKind,
+			row.UserID,
+			row.ChannelIdentityID,
+			row.SourceChannel,
+			row.SourceConversationType,
+			row.SourceConversationID,
+			row.SourceThreadID,
+			row.CreatedAt,
+			row.UpdatedAt,
+		), nil
+	}
+	sourceScope, err = s.normalizeChannelIdentitySourceScope(ctx, channelIdentityID, sourceScope)
+	if err != nil {
+		return Rule{}, err
+	}
+	row, err := s.queries.UpsertBotACLChannelIdentityRule(ctx, sqlc.UpsertBotACLChannelIdentityRuleParams{
+		BotID:                  pgBotID,
+		Effect:                 effect,
+		ChannelIdentityID:      optionalUUID(channelIdentityID),
+		SourceChannel:          optionalText(sourceScope.Channel),
+		SourceConversationType: optionalText(sourceScope.ConversationType),
+		SourceConversationID:   optionalText(sourceScope.ConversationID),
+		SourceThreadID:         optionalText(sourceScope.ThreadID),
+		CreatedByUserID:        optionalUUID(createdByUserID),
+	})
+	if err != nil {
+		return Rule{}, err
+	}
+	return ruleFromWriteRow(
+		row.ID,
+		row.BotID,
+		row.Action,
+		row.Effect,
+		row.SubjectKind,
+		row.UserID,
+		row.ChannelIdentityID,
+		row.SourceChannel,
+		row.SourceConversationType,
+		row.SourceConversationID,
+		row.SourceThreadID,
+		row.CreatedAt,
+		row.UpdatedAt,
+	), nil
+}
+
+func toRule(row sqlc.ListBotACLSubjectRulesByEffectRow) Rule {
+	rule := Rule{
+		ID:                         uuid.UUID(row.ID.Bytes).String(),
+		BotID:                      uuid.UUID(row.BotID.Bytes).String(),
+		Action:                     row.Action,
+		Effect:                     row.Effect,
+		SubjectKind:                row.SubjectKind,
+		UserUsername:               strings.TrimSpace(row.UserUsername.String),
+		UserDisplayName:            strings.TrimSpace(row.UserDisplayName.String),
+		UserAvatarURL:              strings.TrimSpace(row.UserAvatarUrl.String),
+		ChannelType:                strings.TrimSpace(row.ChannelType.String),
+		ChannelSubjectID:           strings.TrimSpace(row.ChannelSubjectID.String),
+		ChannelIdentityDisplayName: strings.TrimSpace(row.ChannelIdentityDisplayName.String),
+		ChannelIdentityAvatarURL:   strings.TrimSpace(row.ChannelIdentityAvatarUrl.String),
+		LinkedUserUsername:         strings.TrimSpace(row.LinkedUserUsername.String),
+		LinkedUserDisplayName:      strings.TrimSpace(row.LinkedUserDisplayName.String),
+		LinkedUserAvatarURL:        strings.TrimSpace(row.LinkedUserAvatarUrl.String),
+		CreatedAt:                  timeFromPg(row.CreatedAt),
+		UpdatedAt:                  timeFromPg(row.UpdatedAt),
+	}
+	rule.SourceScope = sourceScopeFromPg(row.SourceChannel, row.SourceConversationType, row.SourceConversationID, row.SourceThreadID)
+	if row.UserID.Valid {
+		rule.UserID = uuid.UUID(row.UserID.Bytes).String()
+	}
+	if row.ChannelIdentityID.Valid {
+		rule.ChannelIdentityID = uuid.UUID(row.ChannelIdentityID.Bytes).String()
+	}
+	if row.LinkedUserID.Valid {
+		rule.LinkedUserID = uuid.UUID(row.LinkedUserID.Bytes).String()
+	}
+	return rule
+}
+
+func optionalUUID(value string) pgtype.UUID {
+	parsed, err := db.ParseUUID(strings.TrimSpace(value))
+	if err != nil {
+		return pgtype.UUID{}
+	}
+	return parsed
+}
+
+func optionalText(value string) pgtype.Text {
+	value = strings.TrimSpace(value)
+	if value == "" {
+		return pgtype.Text{}
+	}
+	return pgtype.Text{String: value, Valid: true}
+}
+
+func normalizeSourceScope(scope SourceScope) (SourceScope, error) {
+	normalized := scope.Normalize()
+	if normalized.ThreadID != "" && normalized.ConversationID == "" {
+		return SourceScope{}, ErrInvalidSourceScope
+	}
+	if (normalized.ConversationID != "" || normalized.ThreadID != "") && normalized.Channel == "" {
+		return SourceScope{}, ErrInvalidSourceScope
+	}
+	return normalized, nil
+}
+
+func normalizeOptionalSourceScope(scope *SourceScope) (SourceScope, error) {
+	if scope == nil {
+		return SourceScope{}, nil
+	}
+	normalized, err := normalizeSourceScope(*scope)
+	if err != nil {
+		return SourceScope{}, err
+	}
+	return normalized, nil
+}
+
+func (s *Service) normalizeChannelIdentitySourceScope(ctx context.Context, channelIdentityID string, sourceScope SourceScope) (SourceScope, error) {
+	channelIdentityID = strings.TrimSpace(channelIdentityID)
+	if channelIdentityID == "" {
+		return sourceScope, nil
+	}
+	if s == nil || s.queries == nil {
+		return SourceScope{}, errors.New("acl queries not configured")
+	}
+	pgChannelIdentityID, err := db.ParseUUID(channelIdentityID)
+	if err != nil {
+		return SourceScope{}, err
+	}
+	identityRow, err := s.queries.GetChannelIdentityByID(ctx, pgChannelIdentityID)
+	if err != nil {
+		return SourceScope{}, err
+	}
+	sourceScope.Channel = strings.TrimSpace(identityRow.ChannelType)
+	return normalizeSourceScope(sourceScope)
+}
+
+func sourceScopeFromPg(channelValue, conversationTypeValue, conversationIDValue, threadIDValue pgtype.Text) *SourceScope {
+	scope := SourceScope{
+		Channel:          strings.TrimSpace(channelValue.String),
+		ConversationType: strings.TrimSpace(conversationTypeValue.String),
+		ConversationID:   strings.TrimSpace(conversationIDValue.String),
+		ThreadID:         strings.TrimSpace(threadIDValue.String),
+	}
+	if scope.IsZero() {
+		return nil
+	}
+	return &scope
+}
+
+func ruleFromWriteRow(
+	id pgtype.UUID,
+	botID pgtype.UUID,
+	action string,
+	effect string,
+	subjectKind string,
+	userID pgtype.UUID,
+	channelIdentityID pgtype.UUID,
+	sourceChannel pgtype.Text,
+	sourceConversationType pgtype.Text,
+	sourceConversationID pgtype.Text,
+	sourceThreadID pgtype.Text,
+	createdAt pgtype.Timestamptz,
+	updatedAt pgtype.Timestamptz,
+) Rule {
+	rule := Rule{
+		ID:          uuid.UUID(id.Bytes).String(),
+		BotID:       uuid.UUID(botID.Bytes).String(),
+		Action:      action,
+		Effect:      effect,
+		SubjectKind: subjectKind,
+		SourceScope: sourceScopeFromPg(sourceChannel, sourceConversationType, sourceConversationID, sourceThreadID),
+		CreatedAt:   timeFromPg(createdAt),
+		UpdatedAt:   timeFromPg(updatedAt),
+	}
+	if userID.Valid {
+		rule.UserID = uuid.UUID(userID.Bytes).String()
+	}
+	if channelIdentityID.Valid {
+		rule.ChannelIdentityID = uuid.UUID(channelIdentityID.Bytes).String()
+	}
+	return rule
+}
+
+func timeFromPg(value pgtype.Timestamptz) time.Time {
+	if value.Valid {
+		return value.Time
+	}
+	return time.Time{}
+}
diff --git a/internal/acl/service_test.go b/internal/acl/service_test.go
new file mode 100644
index 00000000..2c943e3a
--- /dev/null
+++ b/internal/acl/service_test.go
@@ -0,0 +1,389 @@
+package acl
+
+import (
+	"context"
+	"errors"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/jackc/pgx/v5"
+	"github.com/jackc/pgx/v5/pgconn"
+	"github.com/jackc/pgx/v5/pgtype"
+
+	"github.com/memohai/memoh/internal/bots"
+	"github.com/memohai/memoh/internal/db/sqlc"
+)
+
+type fakeDBTX struct {
+	queryRowFunc func(ctx context.Context, sql string, args ...any) pgx.Row
+	queryFunc    func(ctx context.Context, sql string, args ...any) (pgx.Rows, error)
+	execFunc     func(ctx context.Context, sql string, args ...any) (pgconn.CommandTag, error)
+}
+
+func (f *fakeDBTX) Exec(ctx context.Context, sql string, args ...any) (pgconn.CommandTag, error) {
+	if f.execFunc != nil {
+		return f.execFunc(ctx, sql, args...)
+	}
+	return pgconn.CommandTag{}, nil
+}
+
+func (f *fakeDBTX) Query(ctx context.Context, sql string, args ...any) (pgx.Rows, error) {
+	if f.queryFunc != nil {
+		return f.queryFunc(ctx, sql, args...)
+	}
+	return &fakeRows{}, nil
+}
+
+func (f *fakeDBTX) QueryRow(ctx context.Context, sql string, args ...any) pgx.Row {
+	if f.queryRowFunc != nil {
+		return f.queryRowFunc(ctx, sql, args...)
+	}
+	return &fakeRow{scanFunc: func(_ ...any) error { return pgx.ErrNoRows }}
+}
+
+type fakeRow struct {
+	scanFunc func(dest ...any) error
+}
+
+func (r *fakeRow) Scan(dest ...any) error {
+	if r.scanFunc == nil {
+		return pgx.ErrNoRows
+	}
+	return r.scanFunc(dest...)
+}
+
+func makeBotRow(botID, ownerUserID pgtype.UUID) *fakeRow {
+	return &fakeRow{
+		scanFunc: func(dest ...any) error {
+			*dest[0].(*pgtype.UUID) = botID
+			*dest[1].(*pgtype.UUID) = ownerUserID
+			*dest[2].(*string) = bots.BotTypePublic
+			*dest[3].(*pgtype.Text) = pgtype.Text{String: "bot", Valid: true}
+			*dest[4].(*pgtype.Text) = pgtype.Text{}
+			*dest[5].(*bool) = true
+			*dest[6].(*string) = bots.BotStatusReady
+			*dest[7].(*int32) = 30
+			*dest[8].(*int32) = 0
+			*dest[9].(*int32) = 50
+			*dest[10].(*string) = "auto"
+			*dest[11].(*bool) = false
+			*dest[12].(*string) = "medium"
+			*dest[13].(*pgtype.UUID) = pgtype.UUID{}
+			*dest[14].(*pgtype.UUID) = pgtype.UUID{}
+			*dest[15].(*pgtype.UUID) = pgtype.UUID{}
+			*dest[16].(*bool) = false
+			*dest[17].(*int32) = 30
+			*dest[18].(*string) = ""
+			*dest[19].(*[]byte) = []byte(`{}`)
+			*dest[20].(*pgtype.Timestamptz) = pgtype.Timestamptz{}
+			*dest[21].(*pgtype.Timestamptz) = pgtype.Timestamptz{}
+			return nil
+		},
+	}
+}
+
+func makeBoolRow(value bool) *fakeRow {
+	return &fakeRow{
+		scanFunc: func(dest ...any) error {
+			*dest[0].(*bool) = value
+			return nil
+		},
+	}
+}
+
+type fakeRows struct {
+	rows    []func(dest ...any) error
+	idx     int
+	lastErr error
+}
+
+func (*fakeRows) Close()                                       {}
+func (r *fakeRows) Err() error                                 { return r.lastErr }
+func (*fakeRows) CommandTag() pgconn.CommandTag                { return pgconn.CommandTag{} }
+func (*fakeRows) FieldDescriptions() []pgconn.FieldDescription { return nil }
+func (r *fakeRows) Next() bool {
+	if r.idx >= len(r.rows) {
+		return false
+	}
+	r.idx++
+	return true
+}
+
+func (r *fakeRows) Scan(dest ...any) error {
+	if r.idx == 0 || r.idx > len(r.rows) {
+		return errors.New("scan called without next")
+	}
+	scan := r.rows[r.idx-1]
+	if scan == nil {
+		return nil
+	}
+	return scan(dest...)
+}
+func (*fakeRows) Values() ([]any, error) { return nil, nil }
+func (*fakeRows) RawValues() [][]byte    { return nil }
+func (*fakeRows) Conn() *pgx.Conn        { return nil }
+
+func textFromArg(value any) string {
+	switch v := value.(type) {
+	case pgtype.Text:
+		return strings.TrimSpace(v.String)
+	case *pgtype.Text:
+		if v == nil {
+			return ""
+		}
+		return strings.TrimSpace(v.String)
+	case string:
+		return strings.TrimSpace(v)
+	default:
+		return ""
+	}
+}
+
+func scopeMatches(rule *SourceScope, args ...any) bool {
+	if rule == nil {
+		return false
+	}
+	scope := rule.Normalize()
+	return (scope.Channel == "" || scope.Channel == textFromArg(args[3])) &&
+		(scope.ConversationType == "" || scope.ConversationType == textFromArg(args[4])) &&
+		(scope.ConversationID == "" || scope.ConversationID == textFromArg(args[5])) &&
+		(scope.ThreadID == "" || scope.ThreadID == textFromArg(args[6]))
+}
+
+func TestCanPerformChatTrigger(t *testing.T) {
+	botUUID := pgtype.UUID{Bytes: uuid.MustParse("11111111-1111-1111-1111-111111111111"), Valid: true}
+	ownerUUID := pgtype.UUID{Bytes: uuid.MustParse("22222222-2222-2222-2222-222222222222"), Valid: true}
+	userUUID := pgtype.UUID{Bytes: uuid.MustParse("44444444-4444-4444-4444-444444444444"), Valid: true}
+	channelIdentityUUID := pgtype.UUID{Bytes: uuid.MustParse("55555555-5555-5555-5555-555555555555"), Valid: true}
+
+	tests := []struct {
+		name              string
+		userID            string
+		channelIdentityID string
+		sourceScope       SourceScope
+		denyUserScope     *SourceScope
+		allowUserScope    *SourceScope
+		denyChannelScope  *SourceScope
+		allowChannelScope *SourceScope
+		allowGuestAll     bool
+		wantAllowed       bool
+	}{
+		{name: "owner bypass", userID: ownerUUID.String(), wantAllowed: true},
+		{name: "deny user wins", userID: userUUID.String(), denyUserScope: &SourceScope{}, allowGuestAll: true, wantAllowed: false},
+		{name: "allow user", userID: userUUID.String(), allowUserScope: &SourceScope{}, wantAllowed: true},
+		{name: "deny channel wins", channelIdentityID: channelIdentityUUID.String(), denyChannelScope: &SourceScope{}, allowGuestAll: true, wantAllowed: false},
+		{name: "allow channel identity", channelIdentityID: channelIdentityUUID.String(), allowChannelScope: &SourceScope{}, wantAllowed: true},
+		{
+			name:           "scoped allow user private",
+			userID:         userUUID.String(),
+			sourceScope:    SourceScope{Channel: "feishu", ConversationType: "private", ConversationID: "chat-1"},
+			allowUserScope: &SourceScope{Channel: "feishu", ConversationType: "private", ConversationID: "chat-1"},
+			wantAllowed:    true,
+		},
+		{
+			name:           "scoped allow user does not match other conversation",
+			userID:         userUUID.String(),
+			sourceScope:    SourceScope{Channel: "feishu", ConversationType: "private", ConversationID: "chat-2"},
+			allowUserScope: &SourceScope{Channel: "feishu", ConversationType: "private", ConversationID: "chat-1"},
+			wantAllowed:    false,
+		},
+		{
+			name:              "scoped deny overrides guest fallback",
+			channelIdentityID: channelIdentityUUID.String(),
+			sourceScope:       SourceScope{Channel: "telegram", ConversationType: "group", ConversationID: "group-1"},
+			denyChannelScope:  &SourceScope{Channel: "telegram", ConversationType: "group", ConversationID: "group-1"},
+			allowGuestAll:     true,
+			wantAllowed:       false,
+		},
+		{
+			name:              "scoped deny does not block different source",
+			channelIdentityID: channelIdentityUUID.String(),
+			sourceScope:       SourceScope{Channel: "telegram", ConversationType: "group", ConversationID: "group-2"},
+			denyChannelScope:  &SourceScope{Channel: "telegram", ConversationType: "group", ConversationID: "group-1"},
+			allowGuestAll:     true,
+			wantAllowed:       true,
+		},
+		{name: "guest_all fallback", allowGuestAll: true, wantAllowed: true},
+		{name: "default deny", wantAllowed: false},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			db := &fakeDBTX{
+				queryRowFunc: func(_ context.Context, sql string, args ...any) pgx.Row {
+					switch {
+					case strings.Contains(sql, "FROM bots"):
+						return makeBotRow(botUUID, ownerUUID)
+					case strings.Contains(sql, "subject_kind = 'user'"):
+						effect := args[1].(string)
+						if effect == EffectDeny {
+							return makeBoolRow(scopeMatches(tt.denyUserScope, args...))
+						}
+						return makeBoolRow(scopeMatches(tt.allowUserScope, args...))
+					case strings.Contains(sql, "subject_kind = 'channel_identity'"):
+						effect := args[1].(string)
+						if effect == EffectDeny {
+							return makeBoolRow(scopeMatches(tt.denyChannelScope, args...))
+						}
+						return makeBoolRow(scopeMatches(tt.allowChannelScope, args...))
+					case strings.Contains(sql, "subject_kind = 'guest_all'"):
+						return makeBoolRow(tt.allowGuestAll)
+					default:
+						return &fakeRow{scanFunc: func(_ ...any) error { return pgx.ErrNoRows }}
+					}
+				},
+			}
+
+			queries := sqlc.New(db)
+			botService := bots.NewService(nil, queries)
+			service := NewService(nil, queries, botService)
+			allowed, err := service.CanPerformChatTrigger(context.Background(), ChatTriggerRequest{
+				BotID:             botUUID.String(),
+				UserID:            tt.userID,
+				ChannelIdentityID: tt.channelIdentityID,
+				SourceScope:       tt.sourceScope,
+			})
+			if err != nil {
+				t.Fatalf("unexpected error: %v", err)
+			}
+			if allowed != tt.wantAllowed {
+				t.Fatalf("expected allowed=%v, got %v", tt.wantAllowed, allowed)
+			}
+		})
+	}
+}
+
+func TestCanPerformChatTriggerRejectsInvalidScope(t *testing.T) {
+	service := NewService(nil, nil, nil)
+	_, err := service.CanPerformChatTrigger(context.Background(), ChatTriggerRequest{
+		BotID: "bot-1",
+		SourceScope: SourceScope{
+			Channel:  "feishu",
+			ThreadID: "thread-1",
+		},
+	})
+	if !errors.Is(err, ErrInvalidSourceScope) {
+		t.Fatalf("expected invalid source scope error, got %v", err)
+	}
+}
+
+func TestListObservedConversationsByChannelIdentity(t *testing.T) {
+	botUUID := pgtype.UUID{Bytes: uuid.MustParse("11111111-1111-1111-1111-111111111111"), Valid: true}
+	channelIdentityUUID := pgtype.UUID{Bytes: uuid.MustParse("55555555-5555-5555-5555-555555555555"), Valid: true}
+	routeUUID := pgtype.UUID{Bytes: uuid.MustParse("66666666-6666-6666-6666-666666666666"), Valid: true}
+	now := time.Now().UTC()
+
+	db := &fakeDBTX{
+		queryFunc: func(_ context.Context, sql string, _ ...any) (pgx.Rows, error) {
+			if !strings.Contains(sql, "ListObservedConversationsByChannelIdentity") &&
+				!strings.Contains(sql, "FROM bot_history_messages m") {
+				return &fakeRows{}, nil
+			}
+			return &fakeRows{
+				rows: []func(dest ...any) error{
+					func(dest ...any) error {
+						*dest[0].(*pgtype.UUID) = routeUUID
+						*dest[1].(*string) = "feishu"
+						*dest[2].(*string) = "group"
+						*dest[3].(*string) = "chat-1"
+						*dest[4].(*string) = "thread-1"
+						*dest[5].(*string) = "Team Chat"
+						*dest[6].(*pgtype.Timestamptz) = pgtype.Timestamptz{Time: now, Valid: true}
+						return nil
+					},
+				},
+			}, nil
+		},
+	}
+
+	service := NewService(nil, sqlc.New(db), nil)
+	items, err := service.ListObservedConversationsByChannelIdentity(context.Background(), botUUID.String(), channelIdentityUUID.String())
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if len(items) != 1 {
+		t.Fatalf("expected one observed conversation, got %d", len(items))
+	}
+	if items[0].RouteID != routeUUID.String() {
+		t.Fatalf("unexpected route id: %s", items[0].RouteID)
+	}
+	if items[0].ConversationID != "chat-1" || items[0].ThreadID != "thread-1" {
+		t.Fatalf("unexpected conversation scope: %+v", items[0])
+	}
+	if items[0].ConversationName != "Team Chat" {
+		t.Fatalf("unexpected conversation name: %q", items[0].ConversationName)
+	}
+}
+
+func TestAddWhitelistEntryChannelIdentityForcesIdentityChannel(t *testing.T) {
+	botUUID := pgtype.UUID{Bytes: uuid.MustParse("11111111-1111-1111-1111-111111111111"), Valid: true}
+	ruleUUID := pgtype.UUID{Bytes: uuid.MustParse("77777777-7777-7777-7777-777777777777"), Valid: true}
+	channelIdentityUUID := pgtype.UUID{Bytes: uuid.MustParse("55555555-5555-5555-5555-555555555555"), Valid: true}
+	createdByUUID := pgtype.UUID{Bytes: uuid.MustParse("88888888-8888-8888-8888-888888888888"), Valid: true}
+	now := time.Now().UTC()
+
+	db := &fakeDBTX{
+		queryRowFunc: func(_ context.Context, sql string, args ...any) pgx.Row {
+			switch {
+			case strings.Contains(sql, "FROM channel_identities"):
+				return &fakeRow{
+					scanFunc: func(dest ...any) error {
+						*dest[0].(*pgtype.UUID) = channelIdentityUUID
+						*dest[1].(*pgtype.UUID) = pgtype.UUID{}
+						*dest[2].(*string) = "feishu"
+						*dest[3].(*string) = "ou_123"
+						*dest[4].(*pgtype.Text) = pgtype.Text{String: "Tester", Valid: true}
+						*dest[5].(*pgtype.Text) = pgtype.Text{}
+						*dest[6].(*[]byte) = []byte(`{}`)
+						*dest[7].(*pgtype.Timestamptz) = pgtype.Timestamptz{Time: now, Valid: true}
+						*dest[8].(*pgtype.Timestamptz) = pgtype.Timestamptz{Time: now, Valid: true}
+						return nil
+					},
+				}
+			case strings.Contains(sql, "INSERT INTO bot_acl_rules"):
+				if got := textFromArg(args[4]); got != "feishu" {
+					t.Fatalf("expected source_channel to be normalized to feishu, got %q", got)
+				}
+				return &fakeRow{
+					scanFunc: func(dest ...any) error {
+						*dest[0].(*pgtype.UUID) = ruleUUID
+						*dest[1].(*pgtype.UUID) = botUUID
+						*dest[2].(*string) = ActionChatTrigger
+						*dest[3].(*string) = EffectAllow
+						*dest[4].(*string) = SubjectKindChannelIdentity
+						*dest[5].(*pgtype.UUID) = pgtype.UUID{}
+						*dest[6].(*pgtype.UUID) = channelIdentityUUID
+						*dest[7].(*pgtype.Text) = pgtype.Text{String: "feishu", Valid: true}
+						*dest[8].(*pgtype.Text) = pgtype.Text{String: "group", Valid: true}
+						*dest[9].(*pgtype.Text) = pgtype.Text{String: "chat-1", Valid: true}
+						*dest[10].(*pgtype.Text) = pgtype.Text{}
+						*dest[11].(*pgtype.UUID) = createdByUUID
+						*dest[12].(*pgtype.Timestamptz) = pgtype.Timestamptz{Time: now, Valid: true}
+						*dest[13].(*pgtype.Timestamptz) = pgtype.Timestamptz{Time: now, Valid: true}
+						return nil
+					},
+				}
+			default:
+				return &fakeRow{scanFunc: func(_ ...any) error { return pgx.ErrNoRows }}
+			}
+		},
+	}
+
+	service := NewService(nil, sqlc.New(db), nil)
+	rule, err := service.AddWhitelistEntry(context.Background(), botUUID.String(), createdByUUID.String(), UpsertRuleRequest{
+		ChannelIdentityID: channelIdentityUUID.String(),
+		SourceScope: &SourceScope{
+			Channel:          "telegram",
+			ConversationType: "group",
+			ConversationID:   "chat-1",
+		},
+	})
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if rule.SourceScope == nil || rule.SourceScope.Channel != "feishu" {
+		t.Fatalf("expected normalized source scope channel feishu, got %+v", rule.SourceScope)
+	}
+}
diff --git a/internal/acl/types.go b/internal/acl/types.go
new file mode 100644
index 00000000..78589dd2
--- /dev/null
+++ b/internal/acl/types.go
@@ -0,0 +1,131 @@
+package acl
+
+import (
+	"strings"
+	"time"
+
+	"github.com/memohai/memoh/internal/channel"
+)
+
+const (
+	ActionChatTrigger = "chat.trigger"
+
+	EffectAllow = "allow"
+	EffectDeny  = "deny"
+
+	SubjectKindGuestAll        = "guest_all"
+	SubjectKindUser            = "user"
+	SubjectKindChannelIdentity = "channel_identity"
+)
+
+type Rule struct {
+	ID                         string       `json:"id"`
+	BotID                      string       `json:"bot_id"`
+	Action                     string       `json:"action"`
+	Effect                     string       `json:"effect"`
+	SubjectKind                string       `json:"subject_kind"`
+	UserID                     string       `json:"user_id,omitempty"`
+	ChannelIdentityID          string       `json:"channel_identity_id,omitempty"`
+	SourceScope                *SourceScope `json:"source_scope,omitempty"`
+	UserUsername               string       `json:"user_username,omitempty"`
+	UserDisplayName            string       `json:"user_display_name,omitempty"`
+	UserAvatarURL              string       `json:"user_avatar_url,omitempty"`
+	ChannelType                string       `json:"channel_type,omitempty"`
+	ChannelSubjectID           string       `json:"channel_subject_id,omitempty"`
+	ChannelIdentityDisplayName string       `json:"channel_identity_display_name,omitempty"`
+	ChannelIdentityAvatarURL   string       `json:"channel_identity_avatar_url,omitempty"`
+	LinkedUserID               string       `json:"linked_user_id,omitempty"`
+	LinkedUserUsername         string       `json:"linked_user_username,omitempty"`
+	LinkedUserDisplayName      string       `json:"linked_user_display_name,omitempty"`
+	LinkedUserAvatarURL        string       `json:"linked_user_avatar_url,omitempty"`
+	CreatedAt                  time.Time    `json:"created_at"`
+	UpdatedAt                  time.Time    `json:"updated_at"`
+}
+
+type ListRulesResponse struct {
+	Items []Rule `json:"items"`
+}
+
+type SourceScope struct {
+	Channel          string `json:"channel,omitempty"`
+	ConversationType string `json:"conversation_type,omitempty"`
+	ConversationID   string `json:"conversation_id,omitempty"`
+	ThreadID         string `json:"thread_id,omitempty"`
+}
+
+type UpsertRuleRequest struct {
+	UserID            string       `json:"user_id,omitempty"`
+	ChannelIdentityID string       `json:"channel_identity_id,omitempty"`
+	SourceScope       *SourceScope `json:"source_scope,omitempty"`
+}
+
+type ChatTriggerRequest struct {
+	BotID             string
+	UserID            string
+	ChannelIdentityID string
+	SourceScope       SourceScope
+}
+
+type UserCandidate struct {
+	ID          string `json:"id"`
+	Username    string `json:"username"`
+	DisplayName string `json:"display_name"`
+	AvatarURL   string `json:"avatar_url,omitempty"`
+	Email       string `json:"email,omitempty"`
+}
+
+type UserCandidateListResponse struct {
+	Items []UserCandidate `json:"items"`
+}
+
+type ChannelIdentityCandidate struct {
+	ID                string `json:"id"`
+	UserID            string `json:"user_id,omitempty"`
+	Channel           string `json:"channel"`
+	ChannelSubjectID  string `json:"channel_subject_id"`
+	DisplayName       string `json:"display_name,omitempty"`
+	AvatarURL         string `json:"avatar_url,omitempty"`
+	LinkedUsername    string `json:"linked_username,omitempty"`
+	LinkedDisplayName string `json:"linked_display_name,omitempty"`
+	LinkedAvatarURL   string `json:"linked_avatar_url,omitempty"`
+}
+
+type ChannelIdentityCandidateListResponse struct {
+	Items []ChannelIdentityCandidate `json:"items"`
+}
+
+type ObservedConversationCandidate struct {
+	RouteID          string    `json:"route_id"`
+	Channel          string    `json:"channel"`
+	ConversationType string    `json:"conversation_type,omitempty"`
+	ConversationID   string    `json:"conversation_id"`
+	ThreadID         string    `json:"thread_id,omitempty"`
+	ConversationName string    `json:"conversation_name,omitempty"`
+	LastObservedAt   time.Time `json:"last_observed_at"`
+}
+
+type ObservedConversationCandidateListResponse struct {
+	Items []ObservedConversationCandidate `json:"items"`
+}
+
+func (s SourceScope) Normalize() SourceScope {
+	scope := SourceScope{
+		Channel:        strings.TrimSpace(s.Channel),
+		ConversationID: strings.TrimSpace(s.ConversationID),
+		ThreadID:       strings.TrimSpace(s.ThreadID),
+	}
+	if raw := strings.TrimSpace(s.ConversationType); raw != "" {
+		scope.ConversationType = channel.NormalizeConversationType(raw)
+	}
+	if scope.ThreadID != "" && scope.ConversationType == "" {
+		scope.ConversationType = channel.ConversationTypeThread
+	}
+	return scope
+}
+
+func (s SourceScope) IsZero() bool {
+	return strings.TrimSpace(s.Channel) == "" &&
+		strings.TrimSpace(s.ConversationType) == "" &&
+		strings.TrimSpace(s.ConversationID) == "" &&
+		strings.TrimSpace(s.ThreadID) == ""
+}
diff --git a/internal/bots/service.go b/internal/bots/service.go
index a9b462fa..69b9b5c1 100644
--- a/internal/bots/service.go
+++ b/internal/bots/service.go
@@ -38,8 +38,7 @@ var (
 
 // AccessPolicy controls bot access behavior.
 type AccessPolicy struct {
-	AllowPublicMember bool
-	AllowGuest        bool
+	AllowGuest bool
 }
 
 // NewService creates a new bot service.
@@ -87,12 +86,7 @@ func (s *Service) AuthorizeAccess(ctx context.Context, userID, botID string, isA
 		return bot, nil
 	}
 	if bot.Type == BotTypePublic {
-		if policy.AllowPublicMember {
-			if _, err := s.GetMember(ctx, botID, userID); err == nil {
-				return bot, nil
-			}
-		}
-		if policy.AllowGuest && bot.AllowGuest {
+		if policy.AllowGuest {
 			return bot, nil
 		}
 	}
@@ -209,57 +203,9 @@ func (s *Service) ListByOwner(ctx context.Context, ownerUserID string) ([]Bot, e
 	return items, nil
 }
 
-// ListByMember returns bots where the user is a member.
-func (s *Service) ListByMember(ctx context.Context, channelIdentityID string) ([]Bot, error) {
-	if s.queries == nil {
-		return nil, errors.New("bot queries not configured")
-	}
-	memberUUID, err := db.ParseUUID(channelIdentityID)
-	if err != nil {
-		return nil, err
-	}
-	rows, err := s.queries.ListBotsByMember(ctx, memberUUID)
-	if err != nil {
-		return nil, err
-	}
-	items := make([]Bot, 0, len(rows))
-	for _, row := range rows {
-		item, err := toBot(asSQLCBot(row))
-		if err != nil {
-			return nil, err
-		}
-		if err := s.attachCheckSummary(ctx, &item, asSQLCBot(row)); err != nil {
-			return nil, err
-		}
-		items = append(items, item)
-	}
-	return items, nil
-}
-
-// ListAccessible returns all bots the user can access (owned or member).
+// ListAccessible returns all bots owned by the user.
 func (s *Service) ListAccessible(ctx context.Context, channelIdentityID string) ([]Bot, error) {
-	owned, err := s.ListByOwner(ctx, channelIdentityID)
-	if err != nil {
-		return nil, err
-	}
-	members, err := s.ListByMember(ctx, channelIdentityID)
-	if err != nil {
-		return nil, err
-	}
-	seen := map[string]Bot{}
-	for _, item := range owned {
-		seen[item.ID] = item
-	}
-	for _, item := range members {
-		if _, ok := seen[item.ID]; !ok {
-			seen[item.ID] = item
-		}
-	}
-	items := make([]Bot, 0, len(seen))
-	for _, item := range seen {
-		items = append(items, item)
-	}
-	return items, nil
+	return s.ListByOwner(ctx, channelIdentityID)
 }
 
 // Update updates bot profile fields.
@@ -485,118 +431,6 @@ func (s *Service) ensureUserExists(ctx context.Context, userID pgtype.UUID) erro
 	return nil
 }
 
-// UpsertMember creates or updates a bot membership.
-func (s *Service) UpsertMember(ctx context.Context, botID string, req UpsertMemberRequest) (BotMember, error) {
-	if s.queries == nil {
-		return BotMember{}, errors.New("bot queries not configured")
-	}
-	botUUID, err := db.ParseUUID(botID)
-	if err != nil {
-		return BotMember{}, err
-	}
-	memberUUID, err := db.ParseUUID(req.UserID)
-	if err != nil {
-		return BotMember{}, err
-	}
-	role, err := normalizeMemberRole(req.Role)
-	if err != nil {
-		return BotMember{}, err
-	}
-	row, err := s.queries.UpsertBotMember(ctx, sqlc.UpsertBotMemberParams{
-		BotID:  botUUID,
-		UserID: memberUUID,
-		Role:   role,
-	})
-	if err != nil {
-		return BotMember{}, err
-	}
-	return toBotMember(row), nil
-}
-
-// ListMembers returns all members of a bot.
-func (s *Service) ListMembers(ctx context.Context, botID string) ([]BotMember, error) {
-	if s.queries == nil {
-		return nil, errors.New("bot queries not configured")
-	}
-	botUUID, err := db.ParseUUID(botID)
-	if err != nil {
-		return nil, err
-	}
-	rows, err := s.queries.ListBotMembers(ctx, botUUID)
-	if err != nil {
-		return nil, err
-	}
-	items := make([]BotMember, 0, len(rows))
-	for _, row := range rows {
-		items = append(items, toBotMember(row))
-	}
-	return items, nil
-}
-
-// GetMember returns a specific bot member.
-func (s *Service) GetMember(ctx context.Context, botID, channelIdentityID string) (BotMember, error) {
-	if s.queries == nil {
-		return BotMember{}, errors.New("bot queries not configured")
-	}
-	botUUID, err := db.ParseUUID(botID)
-	if err != nil {
-		return BotMember{}, err
-	}
-	memberUUID, err := db.ParseUUID(channelIdentityID)
-	if err != nil {
-		return BotMember{}, err
-	}
-	row, err := s.queries.GetBotMember(ctx, sqlc.GetBotMemberParams{
-		BotID:  botUUID,
-		UserID: memberUUID,
-	})
-	if err != nil {
-		return BotMember{}, err
-	}
-	return toBotMember(row), nil
-}
-
-// DeleteMember removes a member from a bot.
-func (s *Service) DeleteMember(ctx context.Context, botID, channelIdentityID string) error {
-	if s.queries == nil {
-		return errors.New("bot queries not configured")
-	}
-	botUUID, err := db.ParseUUID(botID)
-	if err != nil {
-		return err
-	}
-	memberUUID, err := db.ParseUUID(channelIdentityID)
-	if err != nil {
-		return err
-	}
-	return s.queries.DeleteBotMember(ctx, sqlc.DeleteBotMemberParams{
-		BotID:  botUUID,
-		UserID: memberUUID,
-	})
-}
-
-// UpsertMemberSimple creates or updates a bot membership with a direct channel identity ID and role.
-// This satisfies the router.BotMemberService interface.
-func (s *Service) UpsertMemberSimple(ctx context.Context, botID, channelIdentityID, role string) error {
-	_, err := s.UpsertMember(ctx, botID, UpsertMemberRequest{
-		UserID: channelIdentityID,
-		Role:   role,
-	})
-	return err
-}
-
-// IsMember checks if a user is a member of a bot.
-func (s *Service) IsMember(ctx context.Context, botID, channelIdentityID string) (bool, error) {
-	_, err := s.GetMember(ctx, botID, channelIdentityID)
-	if err != nil {
-		if errors.Is(err, pgx.ErrNoRows) {
-			return false, nil
-		}
-		return false, err
-	}
-	return true, nil
-}
-
 func normalizeBotType(raw string) (string, error) {
 	normalized := strings.ToLower(strings.TrimSpace(raw))
 	if normalized == "" {
@@ -610,35 +444,20 @@ func normalizeBotType(raw string) (string, error) {
 	}
 }
 
-func normalizeMemberRole(raw string) (string, error) {
-	role := strings.ToLower(strings.TrimSpace(raw))
-	if role == "" {
-		return MemberRoleMember, nil
-	}
-	switch role {
-	case MemberRoleOwner, MemberRoleAdmin, MemberRoleMember:
-		return role, nil
-	default:
-		return "", fmt.Errorf("invalid member role: %s", raw)
-	}
-}
-
 func asSQLCBot(v any) sqlc.Bot {
 	switch r := v.(type) {
 	case sqlc.Bot:
 		return r
 	case sqlc.CreateBotRow:
-		return sqlc.Bot{ID: r.ID, OwnerUserID: r.OwnerUserID, Type: r.Type, DisplayName: r.DisplayName, AvatarUrl: r.AvatarUrl, IsActive: r.IsActive, Status: r.Status, MaxContextLoadTime: r.MaxContextLoadTime, MaxContextTokens: r.MaxContextTokens, MaxInboxItems: r.MaxInboxItems, Language: r.Language, AllowGuest: r.AllowGuest, ChatModelID: r.ChatModelID, SearchProviderID: r.SearchProviderID, MemoryProviderID: r.MemoryProviderID, Metadata: r.Metadata, CreatedAt: r.CreatedAt, UpdatedAt: r.UpdatedAt}
+		return sqlc.Bot{ID: r.ID, OwnerUserID: r.OwnerUserID, Type: r.Type, DisplayName: r.DisplayName, AvatarUrl: r.AvatarUrl, IsActive: r.IsActive, Status: r.Status, MaxContextLoadTime: r.MaxContextLoadTime, MaxContextTokens: r.MaxContextTokens, MaxInboxItems: r.MaxInboxItems, Language: r.Language, ReasoningEnabled: r.ReasoningEnabled, ReasoningEffort: r.ReasoningEffort, ChatModelID: r.ChatModelID, SearchProviderID: r.SearchProviderID, MemoryProviderID: r.MemoryProviderID, HeartbeatEnabled: r.HeartbeatEnabled, HeartbeatInterval: r.HeartbeatInterval, HeartbeatPrompt: r.HeartbeatPrompt, Metadata: r.Metadata, CreatedAt: r.CreatedAt, UpdatedAt: r.UpdatedAt}
 	case sqlc.GetBotByIDRow:
-		return sqlc.Bot{ID: r.ID, OwnerUserID: r.OwnerUserID, Type: r.Type, DisplayName: r.DisplayName, AvatarUrl: r.AvatarUrl, IsActive: r.IsActive, Status: r.Status, MaxContextLoadTime: r.MaxContextLoadTime, MaxContextTokens: r.MaxContextTokens, MaxInboxItems: r.MaxInboxItems, Language: r.Language, AllowGuest: r.AllowGuest, ChatModelID: r.ChatModelID, SearchProviderID: r.SearchProviderID, MemoryProviderID: r.MemoryProviderID, Metadata: r.Metadata, CreatedAt: r.CreatedAt, UpdatedAt: r.UpdatedAt}
+		return sqlc.Bot{ID: r.ID, OwnerUserID: r.OwnerUserID, Type: r.Type, DisplayName: r.DisplayName, AvatarUrl: r.AvatarUrl, IsActive: r.IsActive, Status: r.Status, MaxContextLoadTime: r.MaxContextLoadTime, MaxContextTokens: r.MaxContextTokens, MaxInboxItems: r.MaxInboxItems, Language: r.Language, ReasoningEnabled: r.ReasoningEnabled, ReasoningEffort: r.ReasoningEffort, ChatModelID: r.ChatModelID, SearchProviderID: r.SearchProviderID, MemoryProviderID: r.MemoryProviderID, HeartbeatEnabled: r.HeartbeatEnabled, HeartbeatInterval: r.HeartbeatInterval, HeartbeatPrompt: r.HeartbeatPrompt, Metadata: r.Metadata, CreatedAt: r.CreatedAt, UpdatedAt: r.UpdatedAt}
 	case sqlc.ListBotsByOwnerRow:
-		return sqlc.Bot{ID: r.ID, OwnerUserID: r.OwnerUserID, Type: r.Type, DisplayName: r.DisplayName, AvatarUrl: r.AvatarUrl, IsActive: r.IsActive, Status: r.Status, MaxContextLoadTime: r.MaxContextLoadTime, MaxContextTokens: r.MaxContextTokens, MaxInboxItems: r.MaxInboxItems, Language: r.Language, AllowGuest: r.AllowGuest, ChatModelID: r.ChatModelID, SearchProviderID: r.SearchProviderID, MemoryProviderID: r.MemoryProviderID, Metadata: r.Metadata, CreatedAt: r.CreatedAt, UpdatedAt: r.UpdatedAt}
-	case sqlc.ListBotsByMemberRow:
-		return sqlc.Bot{ID: r.ID, OwnerUserID: r.OwnerUserID, Type: r.Type, DisplayName: r.DisplayName, AvatarUrl: r.AvatarUrl, IsActive: r.IsActive, Status: r.Status, MaxContextLoadTime: r.MaxContextLoadTime, MaxContextTokens: r.MaxContextTokens, MaxInboxItems: r.MaxInboxItems, Language: r.Language, AllowGuest: r.AllowGuest, ChatModelID: r.ChatModelID, SearchProviderID: r.SearchProviderID, MemoryProviderID: r.MemoryProviderID, Metadata: r.Metadata, CreatedAt: r.CreatedAt, UpdatedAt: r.UpdatedAt}
+		return sqlc.Bot{ID: r.ID, OwnerUserID: r.OwnerUserID, Type: r.Type, DisplayName: r.DisplayName, AvatarUrl: r.AvatarUrl, IsActive: r.IsActive, Status: r.Status, MaxContextLoadTime: r.MaxContextLoadTime, MaxContextTokens: r.MaxContextTokens, MaxInboxItems: r.MaxInboxItems, Language: r.Language, ReasoningEnabled: r.ReasoningEnabled, ReasoningEffort: r.ReasoningEffort, ChatModelID: r.ChatModelID, SearchProviderID: r.SearchProviderID, MemoryProviderID: r.MemoryProviderID, HeartbeatEnabled: r.HeartbeatEnabled, HeartbeatInterval: r.HeartbeatInterval, HeartbeatPrompt: r.HeartbeatPrompt, Metadata: r.Metadata, CreatedAt: r.CreatedAt, UpdatedAt: r.UpdatedAt}
 	case sqlc.UpdateBotProfileRow:
-		return sqlc.Bot{ID: r.ID, OwnerUserID: r.OwnerUserID, Type: r.Type, DisplayName: r.DisplayName, AvatarUrl: r.AvatarUrl, IsActive: r.IsActive, Status: r.Status, MaxContextLoadTime: r.MaxContextLoadTime, MaxContextTokens: r.MaxContextTokens, MaxInboxItems: r.MaxInboxItems, Language: r.Language, AllowGuest: r.AllowGuest, ChatModelID: r.ChatModelID, SearchProviderID: r.SearchProviderID, MemoryProviderID: r.MemoryProviderID, Metadata: r.Metadata, CreatedAt: r.CreatedAt, UpdatedAt: r.UpdatedAt}
+		return sqlc.Bot{ID: r.ID, OwnerUserID: r.OwnerUserID, Type: r.Type, DisplayName: r.DisplayName, AvatarUrl: r.AvatarUrl, IsActive: r.IsActive, Status: r.Status, MaxContextLoadTime: r.MaxContextLoadTime, MaxContextTokens: r.MaxContextTokens, MaxInboxItems: r.MaxInboxItems, Language: r.Language, ReasoningEnabled: r.ReasoningEnabled, ReasoningEffort: r.ReasoningEffort, ChatModelID: r.ChatModelID, SearchProviderID: r.SearchProviderID, MemoryProviderID: r.MemoryProviderID, HeartbeatEnabled: r.HeartbeatEnabled, HeartbeatInterval: r.HeartbeatInterval, HeartbeatPrompt: r.HeartbeatPrompt, Metadata: r.Metadata, CreatedAt: r.CreatedAt, UpdatedAt: r.UpdatedAt}
 	case sqlc.UpdateBotOwnerRow:
-		return sqlc.Bot{ID: r.ID, OwnerUserID: r.OwnerUserID, Type: r.Type, DisplayName: r.DisplayName, AvatarUrl: r.AvatarUrl, IsActive: r.IsActive, Status: r.Status, MaxContextLoadTime: r.MaxContextLoadTime, MaxContextTokens: r.MaxContextTokens, MaxInboxItems: r.MaxInboxItems, Language: r.Language, AllowGuest: r.AllowGuest, ChatModelID: r.ChatModelID, SearchProviderID: r.SearchProviderID, MemoryProviderID: r.MemoryProviderID, Metadata: r.Metadata, CreatedAt: r.CreatedAt, UpdatedAt: r.UpdatedAt}
+		return sqlc.Bot{ID: r.ID, OwnerUserID: r.OwnerUserID, Type: r.Type, DisplayName: r.DisplayName, AvatarUrl: r.AvatarUrl, IsActive: r.IsActive, Status: r.Status, MaxContextLoadTime: r.MaxContextLoadTime, MaxContextTokens: r.MaxContextTokens, MaxInboxItems: r.MaxInboxItems, Language: r.Language, ReasoningEnabled: r.ReasoningEnabled, ReasoningEffort: r.ReasoningEffort, ChatModelID: r.ChatModelID, SearchProviderID: r.SearchProviderID, MemoryProviderID: r.MemoryProviderID, HeartbeatEnabled: r.HeartbeatEnabled, HeartbeatInterval: r.HeartbeatInterval, HeartbeatPrompt: r.HeartbeatPrompt, Metadata: r.Metadata, CreatedAt: r.CreatedAt, UpdatedAt: r.UpdatedAt}
 	default:
 		return sqlc.Bot{}
 	}
@@ -672,7 +491,6 @@ func toBot(row sqlc.Bot) (Bot, error) {
 		DisplayName:     displayName,
 		AvatarURL:       avatarURL,
 		IsActive:        row.IsActive,
-		AllowGuest:      row.AllowGuest,
 		Status:          strings.TrimSpace(row.Status),
 		CheckState:      BotCheckStateUnknown,
 		CheckIssueCount: 0,
@@ -682,19 +500,6 @@ func toBot(row sqlc.Bot) (Bot, error) {
 	}, nil
 }
 
-func toBotMember(row sqlc.BotMember) BotMember {
-	createdAt := time.Time{}
-	if row.CreatedAt.Valid {
-		createdAt = row.CreatedAt.Time
-	}
-	return BotMember{
-		BotID:     row.BotID.String(),
-		UserID:    row.UserID.String(),
-		Role:      row.Role,
-		CreatedAt: createdAt,
-	}
-}
-
 func decodeMetadata(payload []byte) (map[string]any, error) {
 	if len(payload) == 0 {
 		return map[string]any{}, nil
diff --git a/internal/bots/service_test.go b/internal/bots/service_test.go
index 0298ace2..c01930bf 100644
--- a/internal/bots/service_test.go
+++ b/internal/bots/service_test.go
@@ -42,13 +42,13 @@ func (d *fakeDBTX) QueryRow(ctx context.Context, sql string, args ...any) pgx.Ro
 
 // makeBotRow creates a fakeRow that populates a sqlc.Bot via Scan.
 // Column order: id, owner_user_id, type, display_name, avatar_url, is_active, status,
-// max_context_load_time, max_context_tokens, max_inbox_items, language, allow_guest,
+// max_context_load_time, max_context_tokens, max_inbox_items, language,
 // reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id,
 // heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at.
 func makeBotRow(botID, ownerUserID pgtype.UUID, botType string, allowGuest bool) *fakeRow {
 	return &fakeRow{
 		scanFunc: func(dest ...any) error {
-			if len(dest) < 23 {
+			if len(dest) < 22 {
 				return pgx.ErrNoRows
 			}
 			*dest[0].(*pgtype.UUID) = botID
@@ -62,42 +62,23 @@ func makeBotRow(botID, ownerUserID pgtype.UUID, botType string, allowGuest bool)
 			*dest[8].(*int32) = 4096 // MaxContextTokens
 			*dest[9].(*int32) = 10   // MaxInboxItems
 			*dest[10].(*string) = "en"
-			*dest[11].(*bool) = allowGuest
-			*dest[12].(*bool) = false                // ReasoningEnabled
-			*dest[13].(*string) = "medium"           // ReasoningEffort
-			*dest[14].(*pgtype.UUID) = pgtype.UUID{} // ChatModelID
-			*dest[15].(*pgtype.UUID) = pgtype.UUID{} // SearchProviderID
-			*dest[16].(*pgtype.UUID) = pgtype.UUID{} // MemoryProviderID
-			*dest[17].(*bool) = false                // HeartbeatEnabled
-			*dest[18].(*int32) = 30                  // HeartbeatInterval
-			*dest[19].(*string) = ""                 // HeartbeatPrompt
-			*dest[20].(*[]byte) = []byte(`{}`)
+			_ = allowGuest
+			*dest[11].(*bool) = false                // ReasoningEnabled
+			*dest[12].(*string) = "medium"           // ReasoningEffort
+			*dest[13].(*pgtype.UUID) = pgtype.UUID{} // ChatModelID
+			*dest[14].(*pgtype.UUID) = pgtype.UUID{} // SearchProviderID
+			*dest[15].(*pgtype.UUID) = pgtype.UUID{} // MemoryProviderID
+			*dest[16].(*bool) = false                // HeartbeatEnabled
+			*dest[17].(*int32) = 30                  // HeartbeatInterval
+			*dest[18].(*string) = ""                 // HeartbeatPrompt
+			*dest[19].(*[]byte) = []byte(`{}`)
+			*dest[20].(*pgtype.Timestamptz) = pgtype.Timestamptz{}
 			*dest[21].(*pgtype.Timestamptz) = pgtype.Timestamptz{}
-			*dest[22].(*pgtype.Timestamptz) = pgtype.Timestamptz{}
 			return nil
 		},
 	}
 }
 
-func makeMemberRow(botID, userID pgtype.UUID) *fakeRow {
-	return &fakeRow{
-		scanFunc: func(dest ...any) error {
-			if len(dest) < 4 {
-				return pgx.ErrNoRows
-			}
-			*dest[0].(*pgtype.UUID) = botID
-			*dest[1].(*pgtype.UUID) = userID
-			*dest[2].(*string) = MemberRoleMember
-			*dest[3].(*pgtype.Timestamptz) = pgtype.Timestamptz{}
-			return nil
-		},
-	}
-}
-
-func makeNoRow() *fakeRow {
-	return &fakeRow{scanFunc: func(_ ...any) error { return pgx.ErrNoRows }}
-}
-
 func mustParseUUID(s string) pgtype.UUID {
 	var u pgtype.UUID
 	_ = u.Scan(s)
@@ -108,12 +89,9 @@ func TestAuthorizeAccess(t *testing.T) {
 	ownerUUID := mustParseUUID("00000000-0000-0000-0000-000000000001")
 	botUUID := mustParseUUID("00000000-0000-0000-0000-000000000002")
 	strangerUUID := mustParseUUID("00000000-0000-0000-0000-000000000003")
-	memberUUID := mustParseUUID("00000000-0000-0000-0000-000000000004")
-
 	ownerID := ownerUUID.String()
 	botID := botUUID.String()
 	strangerID := strangerUUID.String()
-	memberID := memberUUID.String()
 
 	tests := []struct {
 		name      string
@@ -122,7 +100,6 @@ func TestAuthorizeAccess(t *testing.T) {
 		policy    AccessPolicy
 		botType   string
 		allowGst  bool
-		isMember  bool
 		wantErr   bool
 		wantErrIs error
 	}{
@@ -146,50 +123,21 @@ func TestAuthorizeAccess(t *testing.T) {
 			userID:    strangerID,
 			policy:    AccessPolicy{AllowGuest: false},
 			botType:   BotTypePublic,
-			allowGst:  true,
 			wantErr:   true,
 			wantErrIs: ErrBotAccessDenied,
 		},
 		{
-			name:      "stranger denied when bot guest disabled",
-			userID:    strangerID,
-			policy:    AccessPolicy{AllowGuest: true},
-			botType:   BotTypePublic,
-			allowGst:  false,
-			wantErr:   true,
-			wantErrIs: ErrBotAccessDenied,
-		},
-		{
-			name:     "stranger allowed when policy and bot both allow guest",
-			userID:   strangerID,
-			policy:   AccessPolicy{AllowGuest: true},
-			botType:  BotTypePublic,
-			allowGst: true,
-			wantErr:  false,
+			name:    "stranger allowed when policy allows guest",
+			userID:  strangerID,
+			policy:  AccessPolicy{AllowGuest: true},
+			botType: BotTypePublic,
+			wantErr: false,
 		},
 		{
 			name:      "guest not allowed on personal bot",
 			userID:    strangerID,
 			policy:    AccessPolicy{AllowGuest: true},
 			botType:   BotTypePersonal,
-			allowGst:  true,
-			wantErr:   true,
-			wantErrIs: ErrBotAccessDenied,
-		},
-		{
-			name:     "member allowed with AllowPublicMember policy",
-			userID:   memberID,
-			policy:   AccessPolicy{AllowPublicMember: true},
-			botType:  BotTypePublic,
-			isMember: true,
-			wantErr:  false,
-		},
-		{
-			name:      "non-member denied with AllowPublicMember policy",
-			userID:    strangerID,
-			policy:    AccessPolicy{AllowPublicMember: true},
-			botType:   BotTypePublic,
-			isMember:  false,
 			wantErr:   true,
 			wantErrIs: ErrBotAccessDenied,
 		},
@@ -199,14 +147,8 @@ func TestAuthorizeAccess(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			db := &fakeDBTX{
 				queryRowFunc: func(_ context.Context, _ string, args ...any) pgx.Row {
-					// Route to bot or member row based on query.
-					if len(args) == 1 {
-						return makeBotRow(botUUID, ownerUUID, tt.botType, tt.allowGst)
-					}
-					if tt.isMember {
-						return makeMemberRow(botUUID, memberUUID)
-					}
-					return makeNoRow()
+					_ = args
+					return makeBotRow(botUUID, ownerUUID, tt.botType, tt.allowGst)
 				},
 			}
 			svc := NewService(nil, sqlc.New(db))
diff --git a/internal/bots/types.go b/internal/bots/types.go
index ef4b2a1e..a5600d45 100644
--- a/internal/bots/types.go
+++ b/internal/bots/types.go
@@ -13,7 +13,6 @@ type Bot struct {
 	DisplayName     string         `json:"display_name"`
 	AvatarURL       string         `json:"avatar_url,omitempty"`
 	IsActive        bool           `json:"is_active"`
-	AllowGuest      bool           `json:"allow_guest"`
 	Status          string         `json:"status"`
 	CheckState      string         `json:"check_state"`
 	CheckIssueCount int32          `json:"check_issue_count"`
@@ -22,14 +21,6 @@ type Bot struct {
 	UpdatedAt       time.Time      `json:"updated_at"`
 }
 
-// BotMember represents a bot membership record.
-type BotMember struct {
-	BotID     string    `json:"bot_id"`
-	UserID    string    `json:"user_id"`
-	Role      string    `json:"role"`
-	CreatedAt time.Time `json:"created_at"`
-}
-
 // BotCheck represents one resource check row for a bot.
 type BotCheck struct {
 	ID       string         `json:"id"`
@@ -64,22 +55,11 @@ type TransferBotRequest struct {
 	OwnerUserID string `json:"owner_user_id"`
 }
 
-// UpsertMemberRequest is the input for upserting a bot member.
-type UpsertMemberRequest struct {
-	UserID string `json:"user_id"`
-	Role   string `json:"role,omitempty"`
-}
-
 // ListBotsResponse wraps a list of bots.
 type ListBotsResponse struct {
 	Items []Bot `json:"items"`
 }
 
-// ListMembersResponse wraps a list of bot members.
-type ListMembersResponse struct {
-	Items []BotMember `json:"items"`
-}
-
 // ListChecksResponse wraps a list of bot checks.
 type ListChecksResponse struct {
 	Items []BotCheck `json:"items"`
@@ -130,9 +110,3 @@ const (
 	BotCheckTypeMCPConnection   = "mcp.connection"
 	BotCheckTypeChannelConn     = "channel.connection"
 )
-
-const (
-	MemberRoleOwner  = "owner"
-	MemberRoleAdmin  = "admin"
-	MemberRoleMember = "member"
-)
diff --git a/internal/channel/adapters/discord/discord.go b/internal/channel/adapters/discord/discord.go
index 1428c73c..c1a3044d 100644
--- a/internal/channel/adapters/discord/discord.go
+++ b/internal/channel/adapters/discord/discord.go
@@ -169,9 +169,9 @@ func (a *DiscordAdapter) Connect(ctx context.Context, cfg channel.ChannelConfig,
 
 		rawText := text
 		attachments := a.collectAttachments(m.Message)
-		chatType := "direct"
+		chatType := channel.ConversationTypePrivate
 		if m.GuildID != "" {
-			chatType = "guild"
+			chatType = channel.ConversationTypeGroup
 		}
 
 		// Prepend quoted message context so the AI can see what is being replied to,
diff --git a/internal/channel/adapters/feishu/inbound.go b/internal/channel/adapters/feishu/inbound.go
index bd2b3e80..e1ad217b 100644
--- a/internal/channel/adapters/feishu/inbound.go
+++ b/internal/channel/adapters/feishu/inbound.go
@@ -110,18 +110,20 @@ func extractFeishuInbound(event *larkim.P2MessageReceiveV1, botOpenID string, lo
 		}
 	}
 	chatID := ""
-	chatType := ""
+	chatTypeRaw := ""
+	chatType := channel.ConversationTypePrivate
 	if message.ChatId != nil {
 		chatID = strings.TrimSpace(*message.ChatId)
 	}
 	if message.ChatType != nil {
-		chatType = strings.TrimSpace(*message.ChatType)
+		chatTypeRaw = strings.TrimSpace(*message.ChatType)
+		chatType = normalizeFeishuConversationType(chatTypeRaw)
 	}
 	replyTo := senderOpenID
 	if replyTo == "" {
 		replyTo = senderID
 	}
-	if chatType != "" && chatType != "p2p" && chatID != "" {
+	if chatID != "" && chatType != channel.ConversationTypePrivate {
 		replyTo = "chat_id:" + chatID
 	}
 	attrs := map[string]string{}
@@ -151,7 +153,8 @@ func extractFeishuInbound(event *larkim.P2MessageReceiveV1, botOpenID string, lo
 		ReceivedAt: time.Now().UTC(),
 		Source:     "feishu",
 		Metadata: map[string]any{
-			"is_mentioned": isMentioned,
+			"is_mentioned":  isMentioned,
+			"raw_chat_type": chatTypeRaw,
 		},
 	}
 }
@@ -374,6 +377,17 @@ func stringValue(raw any) string {
 	return fmt.Sprint(raw)
 }
 
+func normalizeFeishuConversationType(chatType string) string {
+	switch strings.ToLower(strings.TrimSpace(chatType)) {
+	case "p2p":
+		return channel.ConversationTypePrivate
+	case "group":
+		return channel.ConversationTypeGroup
+	default:
+		return channel.ConversationTypeGroup
+	}
+}
+
 // resolveFeishuReceiveID parses target (open_id:/user_id:/chat_id: prefix) and returns receiveID and receiveType.
 func resolveFeishuReceiveID(raw string) (string, string, error) {
 	if raw == "" {
diff --git a/internal/channel/adapters/feishu/sender_profile.go b/internal/channel/adapters/feishu/sender_profile.go
index fb81702a..057a9eb4 100644
--- a/internal/channel/adapters/feishu/sender_profile.go
+++ b/internal/channel/adapters/feishu/sender_profile.go
@@ -18,6 +18,7 @@ import (
 type feishuSenderProfile struct {
 	displayName string
 	username    string
+	avatarURL   string
 }
 
 const feishuChatMembersPageSize = 100
@@ -63,7 +64,7 @@ func (a *FeishuAdapter) enrichSenderProfile(ctx context.Context, cfg channel.Cha
 			)
 		}
 	}
-	if strings.TrimSpace(profile.displayName) == "" && strings.TrimSpace(profile.username) == "" {
+	if strings.TrimSpace(profile.displayName) == "" && strings.TrimSpace(profile.username) == "" && strings.TrimSpace(profile.avatarURL) == "" {
 		profile = fallbackSenderProfile(openID, userID)
 	}
 	applySenderProfile(msg, profile)
@@ -152,6 +153,7 @@ func lookupSenderProfileFromContact(ctx context.Context, client *lark.Client, op
 	return feishuSenderProfile{
 		displayName: displayName,
 		username:    username,
+		avatarURL:   feishuAvatarURL(resp.Data.User.Avatar),
 	}, nil
 }
 
@@ -270,4 +272,9 @@ func applySenderProfile(msg *channel.InboundMessage, profile feishuSenderProfile
 	if username != "" && strings.TrimSpace(msg.Sender.Attributes["username"]) == "" {
 		msg.Sender.Attributes["username"] = username
 	}
+	if avatarURL := strings.TrimSpace(profile.avatarURL); avatarURL != "" {
+		if strings.TrimSpace(msg.Sender.Attributes["avatar_url"]) == "" {
+			msg.Sender.Attributes["avatar_url"] = avatarURL
+		}
+	}
 }
diff --git a/internal/channel/adapters/qq/qq.go b/internal/channel/adapters/qq/qq.go
index 8da6d3f1..07787df9 100644
--- a/internal/channel/adapters/qq/qq.go
+++ b/internal/channel/adapters/qq/qq.go
@@ -94,7 +94,7 @@ func (*QQAdapter) Descriptor() channel.Descriptor {
 			Media:          true,
 			Reply:          true,
 			BlockStreaming: true,
-			ChatTypes:      []string{"direct", "group", "channel"},
+			ChatTypes:      []string{channel.ConversationTypePrivate, channel.ConversationTypeGroup, channel.ConversationTypeThread},
 		},
 		OutboundPolicy: channel.OutboundPolicy{
 			TextChunkLimit:      defaultChunkLimit,
diff --git a/internal/channel/adapters/qq/receive.go b/internal/channel/adapters/qq/receive.go
index 68b707ab..1377d2e6 100644
--- a/internal/channel/adapters/qq/receive.go
+++ b/internal/channel/adapters/qq/receive.go
@@ -431,7 +431,7 @@ func eventToInboundMessage(event InboundEvent, botID string) (channel.InboundMes
 			},
 			Conversation: channel.Conversation{
 				ID:   subjectID,
-				Type: "direct",
+				Type: channel.ConversationTypePrivate,
 			},
 			ReceivedAt: parseTimestamp(payload.Timestamp),
 			Source:     "qq",
@@ -468,7 +468,7 @@ func eventToInboundMessage(event InboundEvent, botID string) (channel.InboundMes
 			},
 			Conversation: channel.Conversation{
 				ID:   groupID,
-				Type: "group",
+				Type: channel.ConversationTypeGroup,
 			},
 			ReceivedAt: parseTimestamp(payload.Timestamp),
 			Source:     "qq",
@@ -488,6 +488,15 @@ func eventToInboundMessage(event InboundEvent, botID string) (channel.InboundMes
 		if subjectID == "" || channelID == "" {
 			return channel.InboundMessage{}, false
 		}
+		conversationID := channelID
+		conversationType := channel.ConversationTypeGroup
+		threadID := ""
+		guildID := strings.TrimSpace(payload.GuildID)
+		if guildID != "" {
+			conversationID = guildID
+			threadID = channelID
+			conversationType = channel.ConversationTypeThread
+		}
 		return channel.InboundMessage{
 			Channel: Type,
 			BotID:   strings.TrimSpace(botID),
@@ -508,14 +517,15 @@ func eventToInboundMessage(event InboundEvent, botID string) (channel.InboundMes
 				},
 			},
 			Conversation: channel.Conversation{
-				ID:   channelID,
-				Type: "channel",
+				ID:       conversationID,
+				Type:     conversationType,
+				ThreadID: threadID,
 			},
 			ReceivedAt: parseTimestamp(payload.Timestamp),
 			Source:     "qq",
 			Metadata: map[string]any{
 				"is_mentioned": true,
-				"guild_id":     strings.TrimSpace(payload.GuildID),
+				"guild_id":     guildID,
 				"channel_id":   channelID,
 			},
 		}, true
diff --git a/internal/channel/adapters/qq/receive_test.go b/internal/channel/adapters/qq/receive_test.go
index 41306539..e077db54 100644
--- a/internal/channel/adapters/qq/receive_test.go
+++ b/internal/channel/adapters/qq/receive_test.go
@@ -45,7 +45,7 @@ func TestEventToInboundMessageC2C(t *testing.T) {
 	if msg.ReplyTarget != "c2c:user-openid" {
 		t.Fatalf("unexpected reply target: %s", msg.ReplyTarget)
 	}
-	if msg.Conversation.Type != "direct" {
+	if msg.Conversation.Type != channel.ConversationTypePrivate {
 		t.Fatalf("unexpected conversation type: %s", msg.Conversation.Type)
 	}
 	if msg.Sender.SubjectID != "user-openid" {
@@ -90,7 +90,7 @@ func TestEventToInboundMessageGroupAt(t *testing.T) {
 	if msg.Conversation.ID != "group-openid" {
 		t.Fatalf("unexpected conversation id: %s", msg.Conversation.ID)
 	}
-	if msg.Conversation.Type != "group" {
+	if msg.Conversation.Type != channel.ConversationTypeGroup {
 		t.Fatalf("unexpected conversation type: %s", msg.Conversation.Type)
 	}
 	if msg.Sender.SubjectID != "member-openid" {
@@ -124,9 +124,15 @@ func TestEventToInboundMessageChannelAt(t *testing.T) {
 	if msg.ReplyTarget != "channel:channel-1" {
 		t.Fatalf("unexpected reply target: %s", msg.ReplyTarget)
 	}
-	if msg.Conversation.Type != "channel" {
+	if msg.Conversation.Type != channel.ConversationTypeThread {
 		t.Fatalf("unexpected conversation type: %s", msg.Conversation.Type)
 	}
+	if msg.Conversation.ID != "guild-1" {
+		t.Fatalf("unexpected conversation id: %s", msg.Conversation.ID)
+	}
+	if msg.Conversation.ThreadID != "channel-1" {
+		t.Fatalf("unexpected thread id: %s", msg.Conversation.ThreadID)
+	}
 	if msg.Sender.DisplayName != "alice" {
 		t.Fatalf("unexpected sender display name: %s", msg.Sender.DisplayName)
 	}
diff --git a/internal/channel/adapters/telegram/telegram.go b/internal/channel/adapters/telegram/telegram.go
index b6a0017b..dc1165ba 100644
--- a/internal/channel/adapters/telegram/telegram.go
+++ b/internal/channel/adapters/telegram/telegram.go
@@ -510,11 +510,13 @@ func (a *TelegramAdapter) toInboundTelegramMessage(
 	}
 	subjectID, displayName, attrs := resolveTelegramSender(raw)
 	chatID := ""
-	chatType := ""
+	chatTypeRaw := ""
+	chatType := channel.ConversationTypePrivate
 	chatName := ""
 	if raw.Chat != nil {
 		chatID = strconv.FormatInt(raw.Chat.ID, 10)
-		chatType = strings.TrimSpace(raw.Chat.Type)
+		chatTypeRaw = strings.TrimSpace(raw.Chat.Type)
+		chatType = normalizeTelegramConversationType(chatTypeRaw)
 		chatName = strings.TrimSpace(raw.Chat.Title)
 	}
 	replyRef := buildTelegramReplyRef(raw, chatID)
@@ -532,6 +534,7 @@ func (a *TelegramAdapter) toInboundTelegramMessage(
 		"is_mentioned":    isMentioned,
 		"is_reply_to_bot": isReplyToBot,
 		"raw_text":        rawText,
+		"raw_chat_type":   chatTypeRaw,
 	}
 	for key, value := range metadata {
 		meta[key] = value
@@ -734,6 +737,17 @@ func parseReplyToMessageID(reply *channel.ReplyRef) int {
 	return value
 }
 
+func normalizeTelegramConversationType(chatType string) string {
+	switch strings.ToLower(strings.TrimSpace(chatType)) {
+	case "private":
+		return channel.ConversationTypePrivate
+	case "group", "supergroup", "channel":
+		return channel.ConversationTypeGroup
+	default:
+		return channel.ConversationTypeGroup
+	}
+}
+
 func sendTelegramText(bot *tgbotapi.BotAPI, target string, text string, replyTo int, parseMode string) error {
 	_, _, err := sendTelegramTextReturnMessage(bot, target, text, replyTo, parseMode)
 	return err
diff --git a/internal/channel/adapters/wecom/inbound.go b/internal/channel/adapters/wecom/inbound.go
index 43ac2a60..16de5871 100644
--- a/internal/channel/adapters/wecom/inbound.go
+++ b/internal/channel/adapters/wecom/inbound.go
@@ -282,9 +282,9 @@ func resolveDeliveryTarget(chatID, userID string) string {
 
 func normalizeConversationType(chatType string) string {
 	if strings.EqualFold(strings.TrimSpace(chatType), "group") {
-		return "group"
+		return channel.ConversationTypeGroup
 	}
-	return "private"
+	return channel.ConversationTypePrivate
 }
 
 func parseCreateTime(ts int64) time.Time {
diff --git a/internal/channel/adapters/wecom/wecom.go b/internal/channel/adapters/wecom/wecom.go
index a5a479bf..66d14ddf 100644
--- a/internal/channel/adapters/wecom/wecom.go
+++ b/internal/channel/adapters/wecom/wecom.go
@@ -55,7 +55,7 @@ func (*WeComAdapter) Descriptor() channel.Descriptor {
 			Reply:          true,
 			Streaming:      true,
 			BlockStreaming: true,
-			ChatTypes:      []string{"private", "group"},
+			ChatTypes:      []string{channel.ConversationTypePrivate, channel.ConversationTypeGroup},
 		},
 		ConfigSchema: channel.ConfigSchema{
 			Version: 1,
diff --git a/internal/channel/identities/service.go b/internal/channel/identities/service.go
index 4a67cbcb..c34e54ce 100644
--- a/internal/channel/identities/service.go
+++ b/internal/channel/identities/service.go
@@ -191,6 +191,44 @@ func (s *Service) ListCanonicalChannelIdentities(ctx context.Context, channelIde
 	return result, nil
 }
 
+// Search returns locally observed channel identities for UI search.
+func (s *Service) Search(ctx context.Context, query string, limit int) ([]SearchResult, error) {
+	if s.queries == nil {
+		return nil, errors.New("channel identity queries not configured")
+	}
+	if limit <= 0 {
+		limit = 50
+	}
+	rows, err := s.queries.SearchChannelIdentities(ctx, sqlc.SearchChannelIdentitiesParams{
+		Query:      strings.TrimSpace(query),
+		LimitCount: int32(limit),
+	})
+	if err != nil {
+		return nil, err
+	}
+	items := make([]SearchResult, 0, len(rows))
+	for _, row := range rows {
+		item := SearchResult{
+			ChannelIdentity: toChannelIdentity(sqlc.ChannelIdentity{
+				ID:               row.ID,
+				UserID:           row.UserID,
+				ChannelType:      row.ChannelType,
+				ChannelSubjectID: row.ChannelSubjectID,
+				DisplayName:      row.DisplayName,
+				AvatarUrl:        row.AvatarUrl,
+				Metadata:         row.Metadata,
+				CreatedAt:        row.CreatedAt,
+				UpdatedAt:        row.UpdatedAt,
+			}),
+			LinkedUsername:    strings.TrimSpace(row.LinkedUsername.String),
+			LinkedDisplayName: strings.TrimSpace(row.LinkedDisplayName.String),
+			LinkedAvatarURL:   strings.TrimSpace(row.LinkedAvatarUrl.String),
+		}
+		items = append(items, item)
+	}
+	return items, nil
+}
+
 // ListUserChannelIdentities lists all channel identities linked to a user.
 func (s *Service) ListUserChannelIdentities(ctx context.Context, userID string) ([]ChannelIdentity, error) {
 	if s.queries == nil {
diff --git a/internal/channel/identities/types.go b/internal/channel/identities/types.go
index 52c5728f..84e4e923 100644
--- a/internal/channel/identities/types.go
+++ b/internal/channel/identities/types.go
@@ -14,3 +14,10 @@ type ChannelIdentity struct {
 	CreatedAt        time.Time      `json:"created_at"`
 	UpdatedAt        time.Time      `json:"updated_at"`
 }
+
+type SearchResult struct {
+	ChannelIdentity
+	LinkedUsername    string `json:"linked_username,omitempty"`
+	LinkedDisplayName string `json:"linked_display_name,omitempty"`
+	LinkedAvatarURL   string `json:"linked_avatar_url,omitempty"`
+}
diff --git a/internal/channel/inbound/channel.go b/internal/channel/inbound/channel.go
index fea67f40..15c741f3 100644
--- a/internal/channel/inbound/channel.go
+++ b/internal/channel/inbound/channel.go
@@ -16,6 +16,7 @@ import (
 	"time"
 	"unicode"
 
+	"github.com/memohai/memoh/internal/acl"
 	"github.com/memohai/memoh/internal/attachment"
 	"github.com/memohai/memoh/internal/auth"
 	"github.com/memohai/memoh/internal/channel"
@@ -47,6 +48,10 @@ type channelReactor interface {
 	React(ctx context.Context, botID string, channelType channel.ChannelType, req channel.ReactRequest) error
 }
 
+type chatACL interface {
+	CanPerformChatTrigger(ctx context.Context, req acl.ChatTriggerRequest) (bool, error)
+}
+
 type mediaIngestor interface {
 	Ingest(ctx context.Context, input media.IngestInput) (media.Asset, error)
 	// GetByStorageKey resolves an asset by reading its sidecar JSON.
@@ -81,6 +86,7 @@ type ChannelInboundProcessor struct {
 	jwtSecret        string
 	tokenTTL         time.Duration
 	identity         *IdentityResolver
+	acl              chatACL
 	observer         channel.StreamObserver
 	ttsService       ttsSynthesizer
 	ttsModelResolver ttsModelResolver
@@ -94,9 +100,7 @@ func NewChannelInboundProcessor(
 	messageWriter messagepkg.Writer,
 	runner flow.Runner,
 	channelIdentityService ChannelIdentityService,
-	memberService BotMemberService,
 	policyService PolicyService,
-	preauthService PreauthService,
 	bindService BindService,
 	jwtSecret string,
 	tokenTTL time.Duration,
@@ -107,7 +111,7 @@ func NewChannelInboundProcessor(
 	if tokenTTL <= 0 {
 		tokenTTL = 5 * time.Minute
 	}
-	identityResolver := NewIdentityResolver(log, registry, channelIdentityService, memberService, policyService, preauthService, bindService, "", "")
+	identityResolver := NewIdentityResolver(log, registry, channelIdentityService, policyService, bindService, "")
 	return &ChannelInboundProcessor{
 		runner:        runner,
 		routeResolver: routeResolver,
@@ -120,6 +124,13 @@ func NewChannelInboundProcessor(
 	}
 }
 
+func (p *ChannelInboundProcessor) SetACLService(service chatACL) {
+	if p == nil {
+		return
+	}
+	p.acl = service
+}
+
 // IdentityMiddleware returns the identity resolution middleware.
 func (p *ChannelInboundProcessor) IdentityMiddleware() channel.Middleware {
 	if p == nil || p.identity == nil {
@@ -253,6 +264,7 @@ func (p *ChannelInboundProcessor) HandleInbound(ctx context.Context, cfg channel
 	resolvedAttachments := p.ingestInboundAttachments(ctx, cfg, msg, strings.TrimSpace(identity.BotID), msg.Message.Attachments)
 	attachments := mapChannelToChatAttachments(resolvedAttachments)
 	text = buildInboundQuery(msg.Message, attachments)
+	threadID := extractThreadID(msg)
 
 	// Resolve or create the route via channel_routes.
 	if p.routeResolver == nil {
@@ -263,7 +275,7 @@ func (p *ChannelInboundProcessor) HandleInbound(ctx context.Context, cfg channel
 		BotID:             identity.BotID,
 		Platform:          msg.Channel.String(),
 		ConversationID:    msg.Conversation.ID,
-		ThreadID:          extractThreadID(msg),
+		ThreadID:          threadID,
 		ConversationType:  msg.Conversation.Type,
 		ChannelIdentityID: identity.UserID,
 		ChannelConfigID:   identity.ChannelConfigID,
@@ -284,6 +296,35 @@ func (p *ChannelInboundProcessor) HandleInbound(ctx context.Context, cfg channel
 	if shouldTriggerAssistantResponse(msg) || identity.ForceReply {
 		inboxAction = inbox.ActionTrigger
 	}
+	if inboxAction == inbox.ActionTrigger && p.acl != nil {
+		allowed, err := p.acl.CanPerformChatTrigger(ctx, acl.ChatTriggerRequest{
+			BotID:             identity.BotID,
+			UserID:            identity.UserID,
+			ChannelIdentityID: identity.ChannelIdentityID,
+			SourceScope: acl.SourceScope{
+				Channel:          msg.Channel.String(),
+				ConversationType: channel.NormalizeConversationType(msg.Conversation.Type),
+				ConversationID:   strings.TrimSpace(msg.Conversation.ID),
+				ThreadID:         threadID,
+			},
+		})
+		if err != nil {
+			return fmt.Errorf("authorize chat trigger: %w", err)
+		}
+		if !allowed {
+			inboxAction = inbox.ActionNotify
+			if p.logger != nil {
+				p.logger.Info(
+					"inbound trigger denied by acl",
+					slog.String("channel", msg.Channel.String()),
+					slog.String("bot_id", strings.TrimSpace(identity.BotID)),
+					slog.String("user_id", strings.TrimSpace(identity.UserID)),
+					slog.String("channel_identity_id", strings.TrimSpace(identity.ChannelIdentityID)),
+					slog.String("conversation_type", strings.TrimSpace(msg.Conversation.Type)),
+				)
+			}
+		}
+	}
 
 	// All messages go through inbox first.
 	inboxItem := p.createInboxItem(ctx, identity, msg, text, attachments, resolved.RouteID, inboxAction)
@@ -637,8 +678,7 @@ func rawTextForCommand(msg channel.InboundMessage, fallback string) string {
 }
 
 func isDirectConversationType(conversationType string) bool {
-	ct := strings.ToLower(strings.TrimSpace(conversationType))
-	return ct == "" || ct == "p2p" || ct == "private" || ct == "direct"
+	return channel.IsPrivateConversationType(conversationType)
 }
 
 func metadataBool(metadata map[string]any, key string) bool {
diff --git a/internal/channel/inbound/channel_test.go b/internal/channel/inbound/channel_test.go
index 8092f686..d874b01e 100644
--- a/internal/channel/inbound/channel_test.go
+++ b/internal/channel/inbound/channel_test.go
@@ -13,6 +13,7 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/memohai/memoh/internal/acl"
 	"github.com/memohai/memoh/internal/channel"
 	"github.com/memohai/memoh/internal/channel/identities"
 	"github.com/memohai/memoh/internal/channel/route"
@@ -177,6 +178,22 @@ type fakeChatService struct {
 	persistedIn   []messagepkg.PersistInput
 }
 
+type fakeChatACL struct {
+	allowed bool
+	err     error
+	calls   int
+	lastReq acl.ChatTriggerRequest
+}
+
+func (f *fakeChatACL) CanPerformChatTrigger(_ context.Context, req acl.ChatTriggerRequest) (bool, error) {
+	f.calls++
+	f.lastReq = req
+	if f.err != nil {
+		return false, f.err
+	}
+	return f.allowed, nil
+}
+
 type fakeMediaIngestor struct {
 	nextID          string
 	nextMime        string
@@ -320,7 +337,6 @@ func (f *fakeChatService) Persist(_ context.Context, input messagepkg.PersistInp
 
 func TestChannelInboundProcessorWithIdentity(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-1"}}
-	memberSvc := &fakeMemberService{isMember: true}
 	policySvc := &fakePolicyService{allow: false}
 	chatSvc := &fakeChatService{resolveResult: route.ResolveConversationResult{ChatID: "chat-1", RouteID: "route-1"}}
 	gateway := &fakeChatGateway{
@@ -330,7 +346,7 @@ func TestChannelInboundProcessorWithIdentity(t *testing.T) {
 			},
 		},
 	}
-	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, memberSvc, policySvc, nil, nil, "", 0)
+	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, policySvc, nil, "", 0)
 	sender := &fakeReplySender{}
 
 	cfg := channel.ChannelConfig{ID: "cfg-1", BotID: "bot-1", ChannelType: channel.ChannelType("feishu")}
@@ -342,7 +358,7 @@ func TestChannelInboundProcessorWithIdentity(t *testing.T) {
 		Sender:      channel.Identity{SubjectID: "ext-1", DisplayName: "User1"},
 		Conversation: channel.Conversation{
 			ID:   "chat-1",
-			Type: "p2p",
+			Type: channel.ConversationTypePrivate,
 		},
 	}
 
@@ -369,11 +385,9 @@ func TestChannelInboundProcessorWithIdentity(t *testing.T) {
 
 func TestChannelInboundProcessorDenied(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-2"}}
-	memberSvc := &fakeMemberService{isMember: false}
-	policySvc := &fakePolicyService{allow: false}
 	chatSvc := &fakeChatService{}
 	gateway := &fakeChatGateway{}
-	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, memberSvc, policySvc, nil, nil, "", 0)
+	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, nil, nil, "", 0)
 	sender := &fakeReplySender{}
 
 	cfg := channel.ChannelConfig{ID: "cfg-1", BotID: "bot-1", ChannelType: channel.ChannelType("feishu")}
@@ -383,6 +397,10 @@ func TestChannelInboundProcessorDenied(t *testing.T) {
 		Message:     channel.Message{Text: "hello"},
 		ReplyTarget: "target-id",
 		Sender:      channel.Identity{SubjectID: "stranger-1"},
+		Conversation: channel.Conversation{
+			ID:   "chat-1",
+			Type: channel.ConversationTypePrivate,
+		},
 	}
 
 	err := processor.HandleInbound(context.Background(), cfg, msg, sender)
@@ -397,13 +415,96 @@ func TestChannelInboundProcessorDenied(t *testing.T) {
 	}
 }
 
+func TestChannelInboundProcessorACLGuestDeniedDowngradesToNotify(t *testing.T) {
+	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-acl-deny"}}
+	policySvc := &fakePolicyService{botType: "public"}
+	chatSvc := &fakeChatService{resolveResult: route.ResolveConversationResult{ChatID: "chat-acl", RouteID: "route-acl"}}
+	gateway := &fakeChatGateway{}
+	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, policySvc, nil, "", 0)
+	aclSvc := &fakeChatACL{allowed: false}
+	processor.SetACLService(aclSvc)
+	sender := &fakeReplySender{}
+
+	cfg := channel.ChannelConfig{ID: "cfg-1", BotID: "bot-1", ChannelType: channel.ChannelType("feishu")}
+	msg := channel.InboundMessage{
+		BotID:       "bot-1",
+		Channel:     channel.ChannelType("feishu"),
+		Message:     channel.Message{Text: "hello"},
+		ReplyTarget: "target-id",
+		Sender:      channel.Identity{SubjectID: "guest-1"},
+		Conversation: channel.Conversation{
+			ID:   "chat-1",
+			Type: channel.ConversationTypePrivate,
+		},
+	}
+
+	if err := processor.HandleInbound(context.Background(), cfg, msg, sender); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if aclSvc.calls != 1 {
+		t.Fatalf("expected acl to be checked once, got %d", aclSvc.calls)
+	}
+	if aclSvc.lastReq.SourceScope.Channel != "feishu" ||
+		aclSvc.lastReq.SourceScope.ConversationType != channel.ConversationTypePrivate ||
+		aclSvc.lastReq.SourceScope.ConversationID != "chat-1" {
+		t.Fatalf("unexpected acl source scope: %+v", aclSvc.lastReq.SourceScope)
+	}
+	if gateway.gotReq.Query != "" {
+		t.Fatal("ACL denied guest should not trigger chat call")
+	}
+	if len(sender.sent) != 0 {
+		t.Fatalf("ACL denied guest should not send reply, got %+v", sender.sent)
+	}
+	if len(chatSvc.persistedIn) != 0 {
+		t.Fatalf("ACL denied guest should not persist trigger message, got %d", len(chatSvc.persistedIn))
+	}
+}
+
+func TestChannelInboundProcessorACLReceivesThreadScope(t *testing.T) {
+	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-thread-scope"}}
+	policySvc := &fakePolicyService{botType: "public"}
+	chatSvc := &fakeChatService{resolveResult: route.ResolveConversationResult{ChatID: "chat-thread", RouteID: "route-thread"}}
+	gateway := &fakeChatGateway{}
+	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, policySvc, nil, "", 0)
+	aclSvc := &fakeChatACL{allowed: false}
+	processor.SetACLService(aclSvc)
+	sender := &fakeReplySender{}
+
+	msg := channel.InboundMessage{
+		BotID:       "bot-1",
+		Channel:     channel.ChannelType("discord"),
+		Message:     channel.Message{Text: "hello", Thread: &channel.ThreadRef{ID: "thread-1"}},
+		ReplyTarget: "discord:thread-1",
+		Sender:      channel.Identity{SubjectID: "guest-thread"},
+		Conversation: channel.Conversation{
+			ID:   "guild-chat-1",
+			Type: channel.ConversationTypeThread,
+		},
+		Metadata: map[string]any{
+			"is_mentioned": true,
+		},
+	}
+
+	if err := processor.HandleInbound(context.Background(), channel.ChannelConfig{ID: "cfg-1", BotID: "bot-1"}, msg, sender); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if aclSvc.calls != 1 {
+		t.Fatalf("expected acl to be checked once, got %d", aclSvc.calls)
+	}
+	if aclSvc.lastReq.SourceScope.Channel != "discord" ||
+		aclSvc.lastReq.SourceScope.ConversationType != channel.ConversationTypeThread ||
+		aclSvc.lastReq.SourceScope.ConversationID != "guild-chat-1" ||
+		aclSvc.lastReq.SourceScope.ThreadID != "thread-1" {
+		t.Fatalf("unexpected thread acl source scope: %+v", aclSvc.lastReq.SourceScope)
+	}
+}
+
 func TestChannelInboundProcessorIgnoreEmpty(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-3"}}
-	memberSvc := &fakeMemberService{isMember: true}
 	policySvc := &fakePolicyService{allow: false}
 	chatSvc := &fakeChatService{}
 	gateway := &fakeChatGateway{}
-	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, memberSvc, policySvc, nil, nil, "", 0)
+	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, policySvc, nil, "", 0)
 	sender := &fakeReplySender{}
 
 	cfg := channel.ChannelConfig{ID: "cfg-1"}
@@ -469,7 +570,7 @@ func TestBuildInboundQueryAttachmentFallbackWithContainerRefs(t *testing.T) {
 
 func TestChannelInboundProcessorAttachmentOnlyUsesFallbackQuery(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-fallback"}}
-	memberSvc := &fakeMemberService{isMember: true}
+	policySvc := &fakePolicyService{botType: "public"}
 	chatSvc := &fakeChatService{resolveResult: route.ResolveConversationResult{ChatID: "chat-fallback", RouteID: "route-fallback"}}
 	gateway := &fakeChatGateway{
 		resp: conversation.ChatResponse{
@@ -478,7 +579,7 @@ func TestChannelInboundProcessorAttachmentOnlyUsesFallbackQuery(t *testing.T) {
 			},
 		},
 	}
-	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, memberSvc, nil, nil, nil, "", 0)
+	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, policySvc, nil, "", 0)
 	sender := &fakeReplySender{}
 
 	cfg := channel.ChannelConfig{ID: "cfg-1", BotID: "bot-1", ChannelType: channel.ChannelType("telegram")}
@@ -495,7 +596,7 @@ func TestChannelInboundProcessorAttachmentOnlyUsesFallbackQuery(t *testing.T) {
 		Sender:      channel.Identity{SubjectID: "ext-1"},
 		Conversation: channel.Conversation{
 			ID:   "conv-1",
-			Type: "p2p",
+			Type: channel.ConversationTypePrivate,
 		},
 	}
 
@@ -513,7 +614,7 @@ func TestChannelInboundProcessorAttachmentOnlyUsesFallbackQuery(t *testing.T) {
 
 func TestChannelInboundProcessorSilentReply(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-4"}}
-	memberSvc := &fakeMemberService{isMember: true}
+	policySvc := &fakePolicyService{botType: "public"}
 	chatSvc := &fakeChatService{resolveResult: route.ResolveConversationResult{ChatID: "chat-4", RouteID: "route-4"}}
 	gateway := &fakeChatGateway{
 		resp: conversation.ChatResponse{
@@ -522,7 +623,7 @@ func TestChannelInboundProcessorSilentReply(t *testing.T) {
 			},
 		},
 	}
-	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, memberSvc, nil, nil, nil, "", 0)
+	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, policySvc, nil, "", 0)
 	sender := &fakeReplySender{}
 
 	cfg := channel.ChannelConfig{ID: "cfg-1", BotID: "bot-1"}
@@ -534,7 +635,7 @@ func TestChannelInboundProcessorSilentReply(t *testing.T) {
 		Sender:      channel.Identity{SubjectID: "user-1"},
 		Conversation: channel.Conversation{
 			ID:   "conv-1",
-			Type: "p2p",
+			Type: channel.ConversationTypePrivate,
 		},
 	}
 
@@ -549,7 +650,7 @@ func TestChannelInboundProcessorSilentReply(t *testing.T) {
 
 func TestChannelInboundProcessorGroupPassiveSync(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-5"}}
-	memberSvc := &fakeMemberService{isMember: true}
+	policySvc := &fakePolicyService{botType: "public"}
 	chatSvc := &fakeChatService{resolveResult: route.ResolveConversationResult{ChatID: "chat-5", RouteID: "route-5"}}
 	gateway := &fakeChatGateway{
 		resp: conversation.ChatResponse{
@@ -558,7 +659,7 @@ func TestChannelInboundProcessorGroupPassiveSync(t *testing.T) {
 			},
 		},
 	}
-	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, memberSvc, nil, nil, nil, "", 0)
+	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, policySvc, nil, "", 0)
 	sender := &fakeReplySender{}
 
 	cfg := channel.ChannelConfig{ID: "cfg-1", BotID: "bot-1"}
@@ -591,7 +692,7 @@ func TestChannelInboundProcessorGroupPassiveSync(t *testing.T) {
 
 func TestChannelInboundProcessorGroupMentionTriggersReply(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-6"}}
-	memberSvc := &fakeMemberService{isMember: true}
+	policySvc := &fakePolicyService{botType: "public"}
 	chatSvc := &fakeChatService{resolveResult: route.ResolveConversationResult{ChatID: "chat-6", RouteID: "route-6"}}
 	gateway := &fakeChatGateway{
 		resp: conversation.ChatResponse{
@@ -600,7 +701,7 @@ func TestChannelInboundProcessorGroupMentionTriggersReply(t *testing.T) {
 			},
 		},
 	}
-	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, memberSvc, nil, nil, nil, "", 0)
+	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, policySvc, nil, "", 0)
 	sender := &fakeReplySender{}
 
 	cfg := channel.ChannelConfig{ID: "cfg-1", BotID: "bot-1"}
@@ -651,10 +752,10 @@ func (s *failingOpenStreamSender) OpenStream(_ context.Context, _ string, _ chan
 
 func TestChannelInboundProcessorDoesNotPersistBeforeOpenStream(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-openstream"}}
-	memberSvc := &fakeMemberService{isMember: true}
+	policySvc := &fakePolicyService{botType: "public"}
 	chatSvc := &fakeChatService{resolveResult: route.ResolveConversationResult{ChatID: "chat-openstream", RouteID: "route-openstream"}}
 	gateway := &fakeChatGateway{}
-	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, memberSvc, nil, nil, nil, "", 0)
+	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, policySvc, nil, "", 0)
 	sender := &failingOpenStreamSender{err: errors.New("stream unavailable")}
 
 	cfg := channel.ChannelConfig{ID: "cfg-openstream", BotID: "bot-1", ChannelType: channel.ChannelType("qq")}
@@ -666,7 +767,7 @@ func TestChannelInboundProcessorDoesNotPersistBeforeOpenStream(t *testing.T) {
 		Sender:      channel.Identity{SubjectID: "user-1"},
 		Conversation: channel.Conversation{
 			ID:   "conv-openstream",
-			Type: "p2p",
+			Type: channel.ConversationTypePrivate,
 		},
 	}
 
@@ -684,7 +785,7 @@ func TestChannelInboundProcessorDoesNotPersistBeforeOpenStream(t *testing.T) {
 
 func TestChannelInboundProcessorPersistsAttachmentAssetRefs(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-asset"}}
-	memberSvc := &fakeMemberService{isMember: true}
+	policySvc := &fakePolicyService{botType: "public"}
 	chatSvc := &fakeChatService{resolveResult: route.ResolveConversationResult{ChatID: "chat-asset", RouteID: "route-asset"}}
 	gateway := &fakeChatGateway{
 		resp: conversation.ChatResponse{
@@ -693,7 +794,7 @@ func TestChannelInboundProcessorPersistsAttachmentAssetRefs(t *testing.T) {
 			},
 		},
 	}
-	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, memberSvc, nil, nil, nil, "", 0)
+	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, policySvc, nil, "", 0)
 	sender := &fakeReplySender{}
 
 	cfg := channel.ChannelConfig{ID: "cfg-asset", BotID: "bot-1"}
@@ -717,7 +818,7 @@ func TestChannelInboundProcessorPersistsAttachmentAssetRefs(t *testing.T) {
 		Sender:      channel.Identity{SubjectID: "ext-asset"},
 		Conversation: channel.Conversation{
 			ID:   "oc_asset",
-			Type: "p2p",
+			Type: channel.ConversationTypePrivate,
 		},
 	}
 
@@ -737,7 +838,7 @@ func TestChannelInboundProcessorPersistsAttachmentAssetRefs(t *testing.T) {
 
 func TestChannelInboundProcessorIngestsPlatformKeyWithResolver(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-resolver"}}
-	memberSvc := &fakeMemberService{isMember: true}
+	policySvc := &fakePolicyService{botType: "public"}
 	chatSvc := &fakeChatService{resolveResult: route.ResolveConversationResult{ChatID: "chat-resolver", RouteID: "route-resolver"}}
 	gateway := &fakeChatGateway{
 		resp: conversation.ChatResponse{
@@ -748,7 +849,7 @@ func TestChannelInboundProcessorIngestsPlatformKeyWithResolver(t *testing.T) {
 	}
 	registry := channel.NewRegistry()
 	registry.MustRegister(&fakeAttachmentResolverAdapter{})
-	processor := NewChannelInboundProcessor(slog.Default(), registry, chatSvc, chatSvc, gateway, channelIdentitySvc, memberSvc, nil, nil, nil, "", 0)
+	processor := NewChannelInboundProcessor(slog.Default(), registry, chatSvc, chatSvc, gateway, channelIdentitySvc, policySvc, nil, "", 0)
 	mediaSvc := &fakeMediaIngestor{nextID: "asset-resolved-1", nextMime: "application/octet-stream"}
 	processor.SetMediaService(mediaSvc)
 	sender := &fakeReplySender{}
@@ -771,7 +872,7 @@ func TestChannelInboundProcessorIngestsPlatformKeyWithResolver(t *testing.T) {
 		Sender:      channel.Identity{SubjectID: "resolver-user"},
 		Conversation: channel.Conversation{
 			ID:   "resolver-conv",
-			Type: "p2p",
+			Type: channel.ConversationTypePrivate,
 		},
 	}
 
@@ -794,7 +895,7 @@ func TestChannelInboundProcessorIngestsPlatformKeyWithResolver(t *testing.T) {
 
 func TestChannelInboundProcessorIngestsBase64Attachment(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-base64"}}
-	memberSvc := &fakeMemberService{isMember: true}
+	policySvc := &fakePolicyService{botType: "public"}
 	chatSvc := &fakeChatService{resolveResult: route.ResolveConversationResult{ChatID: "chat-base64", RouteID: "route-base64"}}
 	gateway := &fakeChatGateway{
 		resp: conversation.ChatResponse{
@@ -803,7 +904,7 @@ func TestChannelInboundProcessorIngestsBase64Attachment(t *testing.T) {
 			},
 		},
 	}
-	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, memberSvc, nil, nil, nil, "", 0)
+	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, policySvc, nil, "", 0)
 	mediaSvc := &fakeMediaIngestor{nextID: "asset-base64-1", nextMime: "image/png"}
 	processor.SetMediaService(mediaSvc)
 	sender := &fakeReplySender{}
@@ -833,7 +934,7 @@ func TestChannelInboundProcessorIngestsBase64Attachment(t *testing.T) {
 		},
 		Conversation: channel.Conversation{
 			ID:   "web-conv",
-			Type: "p2p",
+			Type: channel.ConversationTypePrivate,
 		},
 	}
 
@@ -866,7 +967,7 @@ func TestChannelInboundProcessorIngestsBase64Attachment(t *testing.T) {
 
 func TestChannelInboundProcessorIngestsQQFileAttachmentKeepsOriginalExtWhenMimeGeneric(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-qq-file"}}
-	memberSvc := &fakeMemberService{isMember: true}
+	policySvc := &fakePolicyService{botType: "public"}
 	chatSvc := &fakeChatService{resolveResult: route.ResolveConversationResult{ChatID: "chat-qq-file", RouteID: "route-qq-file"}}
 	gateway := &fakeChatGateway{
 		resp: conversation.ChatResponse{
@@ -884,7 +985,7 @@ func TestChannelInboundProcessorIngestsQQFileAttachmentKeepsOriginalExtWhenMimeG
 			Size:   5,
 		},
 	})
-	processor := NewChannelInboundProcessor(slog.Default(), registry, chatSvc, chatSvc, gateway, channelIdentitySvc, memberSvc, nil, nil, nil, "", 0)
+	processor := NewChannelInboundProcessor(slog.Default(), registry, chatSvc, chatSvc, gateway, channelIdentitySvc, policySvc, nil, "", 0)
 	storage := &fakeStorageProvider{}
 	mediaSvc := media.NewService(slog.Default(), storage)
 	processor.SetMediaService(mediaSvc)
@@ -910,7 +1011,7 @@ func TestChannelInboundProcessorIngestsQQFileAttachmentKeepsOriginalExtWhenMimeG
 		Sender:      channel.Identity{SubjectID: "qq-user"},
 		Conversation: channel.Conversation{
 			ID:   "qq-user",
-			Type: "direct",
+			Type: channel.ConversationTypePrivate,
 		},
 	}
 
@@ -931,7 +1032,6 @@ func TestChannelInboundProcessorIngestsQQFileAttachmentKeepsOriginalExtWhenMimeG
 
 func TestChannelInboundProcessorPersonalGroupNonOwnerIgnored(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-member"}}
-	memberSvc := &fakeMemberService{isMember: true}
 	policySvc := &fakePolicyService{allow: false, botType: "personal", ownerUserID: "channelIdentity-owner"}
 	chatSvc := &fakeChatService{resolveResult: route.ResolveConversationResult{ChatID: "chat-personal-1", RouteID: "route-personal-1"}}
 	gateway := &fakeChatGateway{
@@ -941,7 +1041,7 @@ func TestChannelInboundProcessorPersonalGroupNonOwnerIgnored(t *testing.T) {
 			},
 		},
 	}
-	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, memberSvc, policySvc, nil, nil, "", 0)
+	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, policySvc, nil, "", 0)
 	sender := &fakeReplySender{}
 
 	cfg := channel.ChannelConfig{ID: "cfg-1", BotID: "bot-1"}
@@ -974,7 +1074,6 @@ func TestChannelInboundProcessorPersonalGroupNonOwnerIgnored(t *testing.T) {
 
 func TestChannelInboundProcessorPersonalGroupOwnerWithoutMentionUsesPassivePersistence(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-owner"}}
-	memberSvc := &fakeMemberService{isMember: true}
 	policySvc := &fakePolicyService{allow: false, botType: "personal", ownerUserID: "channelIdentity-owner"}
 	chatSvc := &fakeChatService{resolveResult: route.ResolveConversationResult{ChatID: "chat-personal-2", RouteID: "route-personal-2"}}
 	gateway := &fakeChatGateway{
@@ -984,7 +1083,7 @@ func TestChannelInboundProcessorPersonalGroupOwnerWithoutMentionUsesPassivePersi
 			},
 		},
 	}
-	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, memberSvc, policySvc, nil, nil, "", 0)
+	processor := NewChannelInboundProcessor(slog.Default(), nil, chatSvc, chatSvc, gateway, channelIdentitySvc, policySvc, nil, "", 0)
 	sender := &fakeReplySender{}
 
 	cfg := channel.ChannelConfig{ID: "cfg-1", BotID: "bot-1"}
@@ -1022,7 +1121,7 @@ func TestChannelInboundProcessorProcessingStatusSuccessLifecycle(t *testing.T) {
 	registry := channel.NewRegistry()
 	registry.MustRegister(&fakeProcessingStatusAdapter{notifier: notifier})
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-1"}}
-	memberSvc := &fakeMemberService{isMember: true}
+	policySvc := &fakePolicyService{botType: "public"}
 	chatSvc := &fakeChatService{resolveResult: route.ResolveConversationResult{ChatID: "chat-1", RouteID: "route-1"}}
 	gateway := &fakeChatGateway{
 		resp: conversation.ChatResponse{
@@ -1036,7 +1135,7 @@ func TestChannelInboundProcessorProcessingStatusSuccessLifecycle(t *testing.T) {
 			}
 		},
 	}
-	processor := NewChannelInboundProcessor(slog.Default(), registry, chatSvc, chatSvc, gateway, channelIdentitySvc, memberSvc, nil, nil, nil, "", 0)
+	processor := NewChannelInboundProcessor(slog.Default(), registry, chatSvc, chatSvc, gateway, channelIdentitySvc, policySvc, nil, "", 0)
 	sender := &fakeReplySender{}
 	cfg := channel.ChannelConfig{ID: "cfg-1", BotID: "bot-1", ChannelType: channel.ChannelType("feishu")}
 	msg := channel.InboundMessage{
@@ -1047,7 +1146,7 @@ func TestChannelInboundProcessorProcessingStatusSuccessLifecycle(t *testing.T) {
 		Sender:      channel.Identity{SubjectID: "ext-1"},
 		Conversation: channel.Conversation{
 			ID:   "oc_123",
-			Type: "p2p",
+			Type: channel.ConversationTypePrivate,
 		},
 	}
 
@@ -1079,11 +1178,11 @@ func TestChannelInboundProcessorProcessingStatusFailureLifecycle(t *testing.T) {
 	registry := channel.NewRegistry()
 	registry.MustRegister(&fakeProcessingStatusAdapter{notifier: notifier})
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-2"}}
-	memberSvc := &fakeMemberService{isMember: true}
+	policySvc := &fakePolicyService{botType: "public"}
 	chatSvc := &fakeChatService{resolveResult: route.ResolveConversationResult{ChatID: "chat-2", RouteID: "route-2"}}
 	chatErr := errors.New("chat gateway unavailable")
 	gateway := &fakeChatGateway{err: chatErr}
-	processor := NewChannelInboundProcessor(slog.Default(), registry, chatSvc, chatSvc, gateway, channelIdentitySvc, memberSvc, nil, nil, nil, "", 0)
+	processor := NewChannelInboundProcessor(slog.Default(), registry, chatSvc, chatSvc, gateway, channelIdentitySvc, policySvc, nil, "", 0)
 	sender := &fakeReplySender{}
 	cfg := channel.ChannelConfig{ID: "cfg-1", BotID: "bot-1", ChannelType: channel.ChannelType("feishu")}
 	msg := channel.InboundMessage{
@@ -1094,7 +1193,7 @@ func TestChannelInboundProcessorProcessingStatusFailureLifecycle(t *testing.T) {
 		Sender:      channel.Identity{SubjectID: "ext-2"},
 		Conversation: channel.Conversation{
 			ID:   "oc_456",
-			Type: "p2p",
+			Type: channel.ConversationTypePrivate,
 		},
 	}
 
@@ -1124,7 +1223,7 @@ func TestChannelInboundProcessorProcessingStatusErrorsAreBestEffort(t *testing.T
 	registry := channel.NewRegistry()
 	registry.MustRegister(&fakeProcessingStatusAdapter{notifier: notifier})
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-3"}}
-	memberSvc := &fakeMemberService{isMember: true}
+	policySvc := &fakePolicyService{botType: "public"}
 	chatSvc := &fakeChatService{resolveResult: route.ResolveConversationResult{ChatID: "chat-3", RouteID: "route-3"}}
 	gateway := &fakeChatGateway{
 		resp: conversation.ChatResponse{
@@ -1133,7 +1232,7 @@ func TestChannelInboundProcessorProcessingStatusErrorsAreBestEffort(t *testing.T
 			},
 		},
 	}
-	processor := NewChannelInboundProcessor(slog.Default(), registry, chatSvc, chatSvc, gateway, channelIdentitySvc, memberSvc, nil, nil, nil, "", 0)
+	processor := NewChannelInboundProcessor(slog.Default(), registry, chatSvc, chatSvc, gateway, channelIdentitySvc, policySvc, nil, "", 0)
 	sender := &fakeReplySender{}
 	cfg := channel.ChannelConfig{ID: "cfg-1", BotID: "bot-1", ChannelType: channel.ChannelType("feishu")}
 	msg := channel.InboundMessage{
@@ -1144,7 +1243,7 @@ func TestChannelInboundProcessorProcessingStatusErrorsAreBestEffort(t *testing.T
 		Sender:      channel.Identity{SubjectID: "ext-3"},
 		Conversation: channel.Conversation{
 			ID:   "oc_789",
-			Type: "p2p",
+			Type: channel.ConversationTypePrivate,
 		},
 	}
 
@@ -1171,11 +1270,11 @@ func TestChannelInboundProcessorProcessingFailedNotifyErrorDoesNotOverrideChatEr
 	registry := channel.NewRegistry()
 	registry.MustRegister(&fakeProcessingStatusAdapter{notifier: notifier})
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-4"}}
-	memberSvc := &fakeMemberService{isMember: true}
+	policySvc := &fakePolicyService{botType: "public"}
 	chatSvc := &fakeChatService{resolveResult: route.ResolveConversationResult{ChatID: "chat-4", RouteID: "route-4"}}
 	chatErr := errors.New("chat failed")
 	gateway := &fakeChatGateway{err: chatErr}
-	processor := NewChannelInboundProcessor(slog.Default(), registry, chatSvc, chatSvc, gateway, channelIdentitySvc, memberSvc, nil, nil, nil, "", 0)
+	processor := NewChannelInboundProcessor(slog.Default(), registry, chatSvc, chatSvc, gateway, channelIdentitySvc, policySvc, nil, "", 0)
 	sender := &fakeReplySender{}
 	cfg := channel.ChannelConfig{ID: "cfg-1", BotID: "bot-1", ChannelType: channel.ChannelType("feishu")}
 	msg := channel.InboundMessage{
@@ -1186,7 +1285,7 @@ func TestChannelInboundProcessorProcessingFailedNotifyErrorDoesNotOverrideChatEr
 		Sender:      channel.Identity{SubjectID: "ext-4"},
 		Conversation: channel.Conversation{
 			ID:   "oc_999",
-			Type: "p2p",
+			Type: channel.ConversationTypePrivate,
 		},
 	}
 
diff --git a/internal/channel/inbound/identity.go b/internal/channel/inbound/identity.go
index ee56095c..0879cd49 100644
--- a/internal/channel/inbound/identity.go
+++ b/internal/channel/inbound/identity.go
@@ -11,7 +11,6 @@ import (
 	"github.com/memohai/memoh/internal/bind"
 	"github.com/memohai/memoh/internal/channel"
 	"github.com/memohai/memoh/internal/channel/identities"
-	"github.com/memohai/memoh/internal/preauth"
 )
 
 // IdentityDecision indicates whether the inbound message should be stopped with an optional reply.
@@ -67,42 +66,26 @@ type ChannelIdentityService interface {
 	LinkChannelIdentityToUser(ctx context.Context, channelIdentityID, userID string) error
 }
 
-// BotMemberService checks and manages bot membership.
-type BotMemberService interface {
-	IsMember(ctx context.Context, botID, channelIdentityID string) (bool, error)
-	UpsertMemberSimple(ctx context.Context, botID, channelIdentityID, role string) error
-}
-
 // PolicyService resolves access policy for a bot.
 type PolicyService interface {
-	AllowGuest(ctx context.Context, botID string) (bool, error)
 	BotType(ctx context.Context, botID string) (string, error)
 	BotOwnerUserID(ctx context.Context, botID string) (string, error)
 }
 
-// PreauthService handles preauth key validation.
-type PreauthService interface {
-	Get(ctx context.Context, token string) (preauth.Key, error)
-	MarkUsed(ctx context.Context, id string) (preauth.Key, error)
-}
-
 // BindService handles channel identity bind code validation and consumption.
 type BindService interface {
 	Get(ctx context.Context, token string) (bind.Code, error)
 	Consume(ctx context.Context, code bind.Code, channelIdentityID string) error
 }
 
-// IdentityResolver implements identity resolution with bind code, preauth, and guest fallback.
+// IdentityResolver implements identity resolution with bind code and bot scope checks.
 type IdentityResolver struct {
 	registry          *channel.Registry
 	channelIdentities ChannelIdentityService
-	members           BotMemberService
 	policy            PolicyService
-	preauth           PreauthService
 	bind              BindService
 	logger            *slog.Logger
 	unboundReply      string
-	preauthReply      string
 	bindReply         string
 }
 
@@ -111,11 +94,9 @@ func NewIdentityResolver(
 	log *slog.Logger,
 	registry *channel.Registry,
 	channelIdentityService ChannelIdentityService,
-	memberService BotMemberService,
 	policyService PolicyService,
-	preauthService PreauthService,
 	bindService BindService,
-	unboundReply, preauthReply string,
+	unboundReply string,
 ) *IdentityResolver {
 	if log == nil {
 		log = slog.Default()
@@ -123,19 +104,13 @@ func NewIdentityResolver(
 	if strings.TrimSpace(unboundReply) == "" {
 		unboundReply = "Access denied. Please contact the administrator."
 	}
-	if strings.TrimSpace(preauthReply) == "" {
-		preauthReply = "Authorization successful."
-	}
 	return &IdentityResolver{
 		registry:          registry,
 		channelIdentities: channelIdentityService,
-		members:           memberService,
 		policy:            policyService,
-		preauth:           preauthService,
 		bind:              bindService,
 		logger:            log.With(slog.String("component", "channel_identity")),
 		unboundReply:      unboundReply,
-		preauthReply:      preauthReply,
 		bindReply:         "Binding successful! Your identity has been linked.",
 	}
 }
@@ -155,7 +130,7 @@ func (r *IdentityResolver) Middleware() channel.Middleware {
 
 // Resolve performs two-phase identity resolution:
 //  1. Global identity: (channel, channel_subject_id) -> channel_identity_id (unconditional)
-//  2. Authorization: bot membership check with guest/preauth fallback
+//  2. Authorization: owner/member checks plus public bot guest passthrough
 func (r *IdentityResolver) Resolve(ctx context.Context, cfg channel.ChannelConfig, msg channel.InboundMessage) (IdentityState, error) {
 	if r.channelIdentities == nil {
 		return IdentityState{}, errors.New("identity resolver not configured")
@@ -232,18 +207,6 @@ func (r *IdentityResolver) Resolve(ctx context.Context, cfg channel.ChannelConfi
 		}
 	}
 
-	// Phase 2: Authorization (bot membership check).
-	if r.members != nil {
-		if strings.TrimSpace(state.Identity.UserID) != "" {
-			isMember, err := r.members.IsMember(ctx, botID, state.Identity.UserID)
-			if err != nil {
-				return state, fmt.Errorf("check bot membership: %w", err)
-			}
-			if isMember {
-				return state, nil
-			}
-		}
-	}
 	if r.policy != nil && strings.TrimSpace(state.Identity.UserID) != "" {
 		ownerUserID, err := r.policy.BotOwnerUserID(ctx, botID)
 		if err != nil {
@@ -255,21 +218,8 @@ func (r *IdentityResolver) Resolve(ctx context.Context, cfg channel.ChannelConfi
 		}
 	}
 
-	// Guest policy check.
-	if r.policy != nil {
-		allowed, err := r.policy.AllowGuest(ctx, botID)
-		if err != nil {
-			return state, err
-		}
-		if allowed {
-			return state, nil
-		}
-	}
-
-	// Preauth key check.
-	if handled, decision, err := r.tryHandlePreauthKey(ctx, msg, botID, state.Identity.UserID, subjectID); handled {
-		state.Decision = &decision
-		return state, err
+	if strings.EqualFold(strings.TrimSpace(state.Identity.BotType), "public") {
+		return state, nil
 	}
 
 	// In group conversations, silently drop unauthorized messages to avoid spamming
@@ -322,52 +272,6 @@ func (r *IdentityResolver) resolveIdentityWithLinkedUser(ctx context.Context, ms
 	return firstChannelIdentityID, "", nil
 }
 
-func (r *IdentityResolver) tryHandlePreauthKey(ctx context.Context, msg channel.InboundMessage, botID, userID, subjectID string) (bool, IdentityDecision, error) {
-	tokenText := strings.TrimSpace(msg.Message.PlainText())
-	if tokenText == "" || r.preauth == nil {
-		return false, IdentityDecision{}, nil
-	}
-	key, err := r.preauth.Get(ctx, tokenText)
-	if err != nil {
-		if errors.Is(err, preauth.ErrKeyNotFound) {
-			return false, IdentityDecision{}, nil
-		}
-		return true, IdentityDecision{}, err
-	}
-	reply := func(text string) IdentityDecision {
-		return IdentityDecision{
-			Stop:  true,
-			Reply: channel.Message{Text: text},
-		}
-	}
-	if !key.UsedAt.IsZero() {
-		return true, reply("Preauth key already used."), nil
-	}
-	if !key.ExpiresAt.IsZero() && time.Now().UTC().After(key.ExpiresAt) {
-		return true, reply("Preauth key expired."), nil
-	}
-	if key.BotID != botID {
-		return true, reply("Preauth key mismatch."), nil
-	}
-	if subjectID == "" {
-		return true, reply("Cannot identify current account."), nil
-	}
-
-	// Grant membership via preauth.
-	if strings.TrimSpace(userID) == "" {
-		return true, reply("Current channel account is not linked to a user."), nil
-	}
-	if r.members != nil {
-		if err := r.members.UpsertMemberSimple(ctx, botID, userID, "member"); err != nil {
-			return true, IdentityDecision{}, fmt.Errorf("upsert preauth member: %w", err)
-		}
-	}
-	if _, err := r.preauth.MarkUsed(ctx, key.ID); err != nil {
-		return true, IdentityDecision{}, fmt.Errorf("mark preauth key used: %w", err)
-	}
-	return true, reply(r.preauthReply), nil
-}
-
 func (r *IdentityResolver) tryHandleBindCode(ctx context.Context, msg channel.InboundMessage, channelIdentityID, subjectID string) (bool, IdentityDecision, string, error) {
 	tokenText := strings.TrimSpace(msg.Message.PlainText())
 	if tokenText == "" || r.bind == nil {
@@ -463,7 +367,9 @@ func identitySubjectCandidates(msg channel.InboundMessage, primary string) []str
 
 	appendUnique(primary)
 	appendUnique(msg.Sender.Attribute("open_id"))
-	appendUnique(msg.Sender.Attribute("user_id"))
+	if !strings.EqualFold(strings.TrimSpace(msg.Channel.String()), "feishu") {
+		appendUnique(msg.Sender.Attribute("user_id"))
+	}
 	return candidates
 }
 
@@ -539,11 +445,7 @@ func extractThreadID(msg channel.InboundMessage) string {
 }
 
 func isGroupConversationType(conversationType string) bool {
-	ct := strings.ToLower(strings.TrimSpace(conversationType))
-	if ct == "" {
-		return false
-	}
-	return ct != "p2p" && ct != "private" && ct != "direct"
+	return channel.NormalizeConversationType(conversationType) != channel.ConversationTypePrivate
 }
 
 func (r *IdentityResolver) tryLinkConfiglessChannelIdentityToUser(ctx context.Context, msg channel.InboundMessage, channelIdentityID string) string {
diff --git a/internal/channel/inbound/identity_test.go b/internal/channel/inbound/identity_test.go
index 76604a4f..90c86c45 100644
--- a/internal/channel/inbound/identity_test.go
+++ b/internal/channel/inbound/identity_test.go
@@ -4,13 +4,13 @@ import (
 	"context"
 	"errors"
 	"log/slog"
+	"strings"
 	"testing"
 	"time"
 
 	"github.com/memohai/memoh/internal/bind"
 	"github.com/memohai/memoh/internal/channel"
 	"github.com/memohai/memoh/internal/channel/identities"
-	"github.com/memohai/memoh/internal/preauth"
 )
 
 type fakeChannelIdentityService struct {
@@ -68,20 +68,6 @@ func (f *fakeChannelIdentityService) LinkChannelIdentityToUser(_ context.Context
 	return nil
 }
 
-type fakeMemberService struct {
-	isMember     bool
-	upsertCalled bool
-}
-
-func (f *fakeMemberService) IsMember(_ context.Context, _, _ string) (bool, error) {
-	return f.isMember, nil
-}
-
-func (f *fakeMemberService) UpsertMemberSimple(_ context.Context, _, _, _ string) error {
-	f.upsertCalled = true
-	return nil
-}
-
 type fakePolicyService struct {
 	allow       bool
 	botType     string
@@ -100,6 +86,9 @@ func (f *fakePolicyService) BotType(_ context.Context, _ string) (string, error)
 	if f.err != nil {
 		return "", f.err
 	}
+	if strings.TrimSpace(f.botType) == "" {
+		return "public", nil
+	}
 	return f.botType, nil
 }
 
@@ -110,27 +99,6 @@ func (f *fakePolicyService) BotOwnerUserID(_ context.Context, _ string) (string,
 	return f.ownerUserID, nil
 }
 
-type fakePreauthServiceIdentity struct {
-	key      preauth.Key
-	err      error
-	markUsed bool
-}
-
-func (f *fakePreauthServiceIdentity) Get(_ context.Context, token string) (preauth.Key, error) {
-	if f.err != nil {
-		return preauth.Key{}, f.err
-	}
-	if f.key.Token == "" || f.key.Token != token {
-		return preauth.Key{}, preauth.ErrKeyNotFound
-	}
-	return f.key, nil
-}
-
-func (f *fakePreauthServiceIdentity) MarkUsed(_ context.Context, _ string) (preauth.Key, error) {
-	f.markUsed = true
-	return f.key, nil
-}
-
 type fakeBindService struct {
 	code          bind.Code
 	getErr        error
@@ -195,9 +163,8 @@ func (f *fakeDirectoryAdapter) ResolveEntry(ctx context.Context, cfg channel.Cha
 
 func TestIdentityResolverAllowGuestWithoutMembershipSideEffect(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-1"}}
-	memberSvc := &fakeMemberService{isMember: false}
 	policySvc := &fakePolicyService{allow: true, botType: "public"}
-	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, memberSvc, policySvc, nil, nil, "", "")
+	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, policySvc, nil, "")
 
 	msg := channel.InboundMessage{
 		BotID:       "bot-1",
@@ -213,9 +180,6 @@ func TestIdentityResolverAllowGuestWithoutMembershipSideEffect(t *testing.T) {
 	if state.Identity.ChannelIdentityID != "channelIdentity-1" {
 		t.Fatalf("expected channelIdentity-1, got: %s", state.Identity.ChannelIdentityID)
 	}
-	if memberSvc.upsertCalled {
-		t.Fatal("guest allow should not upsert membership")
-	}
 	if state.Decision != nil {
 		t.Fatal("expected no decision for allowed guest")
 	}
@@ -243,9 +207,8 @@ func TestIdentityResolverResolveDisplayNameFromDirectory(t *testing.T) {
 	}
 
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-directory"}}
-	memberSvc := &fakeMemberService{isMember: true}
 	policySvc := &fakePolicyService{allow: false, botType: "public"}
-	resolver := NewIdentityResolver(slog.Default(), registry, channelIdentitySvc, memberSvc, policySvc, nil, nil, "", "")
+	resolver := NewIdentityResolver(slog.Default(), registry, channelIdentitySvc, policySvc, nil, "")
 
 	msg := channel.InboundMessage{
 		BotID:       "bot-1",
@@ -284,9 +247,8 @@ func TestIdentityResolverDirectoryLookupFailureDoesNotFallbackToOpenID(t *testin
 	}
 
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-directory-fail"}}
-	memberSvc := &fakeMemberService{isMember: true}
 	policySvc := &fakePolicyService{allow: false, botType: "public"}
-	resolver := NewIdentityResolver(slog.Default(), registry, channelIdentitySvc, memberSvc, policySvc, nil, nil, "", "")
+	resolver := NewIdentityResolver(slog.Default(), registry, channelIdentitySvc, policySvc, nil, "")
 
 	msg := channel.InboundMessage{
 		BotID:       "bot-1",
@@ -313,6 +275,41 @@ func TestIdentityResolverDirectoryLookupFailureDoesNotFallbackToOpenID(t *testin
 	}
 }
 
+func TestIdentityResolverFeishuUsesOpenIDAsCanonicalSubject(t *testing.T) {
+	channelIdentitySvc := &fakeChannelIdentityService{
+		bySubject: map[string]identities.ChannelIdentity{
+			"ou-openid": {ID: "channelIdentity-openid"},
+			"u-userid":  {ID: "channelIdentity-userid"},
+		},
+	}
+	policySvc := &fakePolicyService{allow: false, botType: "public"}
+	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, policySvc, nil, "")
+
+	msg := channel.InboundMessage{
+		BotID:       "bot-1",
+		Channel:     channel.ChannelType("feishu"),
+		Message:     channel.Message{Text: "hello"},
+		ReplyTarget: "target-id",
+		Sender: channel.Identity{
+			SubjectID: "ou-openid",
+			Attributes: map[string]string{
+				"open_id": "ou-openid",
+				"user_id": "u-userid",
+			},
+		},
+	}
+	state, err := resolver.Resolve(context.Background(), channel.ChannelConfig{BotID: "bot-1"}, msg)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if state.Identity.ChannelIdentityID != "channelIdentity-openid" {
+		t.Fatalf("expected open_id identity, got %q", state.Identity.ChannelIdentityID)
+	}
+	if channelIdentitySvc.calls != 1 {
+		t.Fatalf("expected only one identity resolution call for feishu, got %d", channelIdentitySvc.calls)
+	}
+}
+
 func TestIdentityResolverDirectoryAvatarURLPropagated(t *testing.T) {
 	registry := channel.NewRegistry()
 	directoryAdapter := &fakeDirectoryAdapter{
@@ -330,9 +327,8 @@ func TestIdentityResolverDirectoryAvatarURLPropagated(t *testing.T) {
 	}
 
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-avatar"}}
-	memberSvc := &fakeMemberService{isMember: true}
 	policySvc := &fakePolicyService{allow: false, botType: "public"}
-	resolver := NewIdentityResolver(slog.Default(), registry, channelIdentitySvc, memberSvc, policySvc, nil, nil, "", "")
+	resolver := NewIdentityResolver(slog.Default(), registry, channelIdentitySvc, policySvc, nil, "")
 
 	msg := channel.InboundMessage{
 		BotID:       "bot-1",
@@ -364,9 +360,8 @@ func TestIdentityResolverDirectoryAvatarURLPropagated(t *testing.T) {
 
 func TestIdentityResolverExistingMemberPasses(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-2"}}
-	memberSvc := &fakeMemberService{isMember: true}
 	policySvc := &fakePolicyService{allow: false, botType: "public"}
-	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, memberSvc, policySvc, nil, nil, "", "")
+	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, policySvc, nil, "")
 
 	msg := channel.InboundMessage{
 		BotID:       "bot-1",
@@ -384,80 +379,10 @@ func TestIdentityResolverExistingMemberPasses(t *testing.T) {
 	}
 }
 
-func TestIdentityResolverPreauthKey(t *testing.T) {
-	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-3"}}
-	memberSvc := &fakeMemberService{isMember: false}
-	policySvc := &fakePolicyService{allow: false, botType: "public"}
-	preauthSvc := &fakePreauthServiceIdentity{
-		key: preauth.Key{
-			ID:        "key-1",
-			BotID:     "bot-1",
-			Token:     "PREAUTH123",
-			ExpiresAt: time.Now().UTC().Add(1 * time.Hour),
-		},
-	}
-	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, memberSvc, policySvc, preauthSvc, nil, "", "")
-
-	msg := channel.InboundMessage{
-		BotID:       "bot-1",
-		Channel:     channel.ChannelType("feishu"),
-		Message:     channel.Message{Text: "PREAUTH123"},
-		ReplyTarget: "target-id",
-		Sender:      channel.Identity{SubjectID: "ext-1"},
-	}
-	state, err := resolver.Resolve(context.Background(), channel.ChannelConfig{BotID: "bot-1"}, msg)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if state.Decision == nil || !state.Decision.Stop {
-		t.Fatal("preauth key should return stop decision")
-	}
-	if !preauthSvc.markUsed {
-		t.Fatal("preauth key should be marked used")
-	}
-	if !memberSvc.upsertCalled {
-		t.Fatal("membership should be upserted via preauth")
-	}
-}
-
-func TestIdentityResolverPreauthKeyExpired(t *testing.T) {
-	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-4"}}
-	memberSvc := &fakeMemberService{isMember: false}
-	policySvc := &fakePolicyService{allow: false, botType: "public"}
-	preauthSvc := &fakePreauthServiceIdentity{
-		key: preauth.Key{
-			ID:        "key-1",
-			BotID:     "bot-1",
-			Token:     "PREAUTH123",
-			ExpiresAt: time.Now().UTC().Add(-1 * time.Hour),
-		},
-	}
-	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, memberSvc, policySvc, preauthSvc, nil, "", "")
-
-	msg := channel.InboundMessage{
-		BotID:       "bot-1",
-		Channel:     channel.ChannelType("feishu"),
-		Message:     channel.Message{Text: "PREAUTH123"},
-		ReplyTarget: "target-id",
-		Sender:      channel.Identity{SubjectID: "ext-1"},
-	}
-	state, err := resolver.Resolve(context.Background(), channel.ChannelConfig{BotID: "bot-1"}, msg)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if state.Decision == nil || !state.Decision.Stop {
-		t.Fatal("expired preauth key should be rejected")
-	}
-	if preauthSvc.markUsed {
-		t.Fatal("expired preauth key should not be marked used")
-	}
-}
-
-func TestIdentityResolverDenied(t *testing.T) {
+func TestIdentityResolverPublicBotGuestPasses(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-5"}}
-	memberSvc := &fakeMemberService{isMember: false}
 	policySvc := &fakePolicyService{allow: false, botType: "public"}
-	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, memberSvc, policySvc, nil, nil, "Access denied.", "")
+	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, policySvc, nil, "Access denied.")
 
 	msg := channel.InboundMessage{
 		BotID:       "bot-1",
@@ -470,16 +395,15 @@ func TestIdentityResolverDenied(t *testing.T) {
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
-	if state.Decision == nil || !state.Decision.Stop {
-		t.Fatal("stranger without guest access should be denied")
+	if state.Decision != nil {
+		t.Fatal("public bot guest should pass identity resolution and be handled by ACL later")
 	}
 }
 
 func TestIdentityResolverPersonalBotRejectsGroupMessages(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-group"}}
-	memberSvc := &fakeMemberService{isMember: true}
 	policySvc := &fakePolicyService{allow: false, botType: "personal", ownerUserID: "channelIdentity-owner"}
-	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, memberSvc, policySvc, nil, nil, "", "")
+	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, policySvc, nil, "")
 
 	msg := channel.InboundMessage{
 		BotID:   "bot-1",
@@ -509,9 +433,8 @@ func TestIdentityResolverPersonalBotRejectsGroupMessages(t *testing.T) {
 
 func TestIdentityResolverPersonalBotAllowsOwnerInGroup(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-owner"}}
-	memberSvc := &fakeMemberService{isMember: false}
 	policySvc := &fakePolicyService{allow: false, botType: "personal", ownerUserID: "channelIdentity-owner"}
-	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, memberSvc, policySvc, nil, nil, "", "")
+	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, policySvc, nil, "")
 
 	msg := channel.InboundMessage{
 		BotID:   "bot-1",
@@ -538,9 +461,8 @@ func TestIdentityResolverPersonalBotAllowsOwnerInGroup(t *testing.T) {
 
 func TestIdentityResolverPersonalBotAllowsOwnerDirectWithoutMembership(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-owner-direct"}}
-	memberSvc := &fakeMemberService{isMember: false}
 	policySvc := &fakePolicyService{allow: false, botType: "personal", ownerUserID: "channelIdentity-owner-direct"}
-	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, memberSvc, policySvc, nil, nil, "", "")
+	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, policySvc, nil, "")
 
 	msg := channel.InboundMessage{
 		BotID:   "bot-1",
@@ -549,7 +471,7 @@ func TestIdentityResolverPersonalBotAllowsOwnerDirectWithoutMembership(t *testin
 		Sender:  channel.Identity{SubjectID: "ext-owner-direct"},
 		Conversation: channel.Conversation{
 			ID:   "p2p-1",
-			Type: "p2p",
+			Type: channel.ConversationTypePrivate,
 		},
 	}
 
@@ -565,7 +487,7 @@ func TestIdentityResolverPersonalBotAllowsOwnerDirectWithoutMembership(t *testin
 	}
 }
 
-func TestIdentityResolverPersonalBotOwnerFallbackByAlternateSubject(t *testing.T) {
+func TestIdentityResolverPersonalBotDoesNotFallbackToFeishuUserID(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{
 		bySubject: map[string]identities.ChannelIdentity{
 			"ou-open-owner": {ID: "channelIdentity-open-owner"},
@@ -575,9 +497,8 @@ func TestIdentityResolverPersonalBotOwnerFallbackByAlternateSubject(t *testing.T
 			"channelIdentity-user-owner": "owner-user-1",
 		},
 	}
-	memberSvc := &fakeMemberService{isMember: false}
 	policySvc := &fakePolicyService{allow: false, botType: "personal", ownerUserID: "owner-user-1"}
-	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, memberSvc, policySvc, nil, nil, "", "")
+	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, policySvc, nil, "")
 
 	msg := channel.InboundMessage{
 		BotID:   "bot-1",
@@ -592,7 +513,7 @@ func TestIdentityResolverPersonalBotOwnerFallbackByAlternateSubject(t *testing.T
 		},
 		Conversation: channel.Conversation{
 			ID:   "p2p-1",
-			Type: "p2p",
+			Type: channel.ConversationTypePrivate,
 		},
 	}
 
@@ -600,25 +521,24 @@ func TestIdentityResolverPersonalBotOwnerFallbackByAlternateSubject(t *testing.T
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
-	if state.Decision != nil {
-		t.Fatal("owner direct message should pass after alternate subject fallback")
+	if state.Decision == nil || !state.Decision.Stop {
+		t.Fatal("personal bot should deny when only feishu user_id is linked")
 	}
-	if state.Identity.UserID != "owner-user-1" {
-		t.Fatalf("expected owner-user-1, got: %s", state.Identity.UserID)
+	if state.Identity.UserID != "" {
+		t.Fatalf("expected no linked owner user via user_id fallback, got: %s", state.Identity.UserID)
 	}
-	if state.Identity.ChannelIdentityID != "channelIdentity-user-owner" {
-		t.Fatalf("expected fallback channel identity, got: %s", state.Identity.ChannelIdentityID)
+	if state.Identity.ChannelIdentityID != "channelIdentity-open-owner" {
+		t.Fatalf("expected open_id identity, got: %s", state.Identity.ChannelIdentityID)
 	}
-	if channelIdentitySvc.calls < 2 {
-		t.Fatalf("expected fallback resolution attempts, got calls=%d", channelIdentitySvc.calls)
+	if channelIdentitySvc.calls != 1 {
+		t.Fatalf("expected only open_id resolution attempt, got calls=%d", channelIdentitySvc.calls)
 	}
 }
 
 func TestIdentityResolverPersonalBotRejectsNonOwnerDirectEvenIfMember(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-non-owner"}}
-	memberSvc := &fakeMemberService{isMember: true}
 	policySvc := &fakePolicyService{allow: true, botType: "personal", ownerUserID: "channelIdentity-owner"}
-	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, memberSvc, policySvc, nil, nil, "Access denied.", "")
+	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, policySvc, nil, "Access denied.")
 
 	msg := channel.InboundMessage{
 		BotID:   "bot-1",
@@ -627,7 +547,7 @@ func TestIdentityResolverPersonalBotRejectsNonOwnerDirectEvenIfMember(t *testing
 		Sender:  channel.Identity{SubjectID: "ext-non-owner"},
 		Conversation: channel.Conversation{
 			ID:   "p2p-2",
-			Type: "p2p",
+			Type: channel.ConversationTypePrivate,
 		},
 	}
 
@@ -652,7 +572,6 @@ func TestIdentityResolverBindRunsBeforeMembershipCheck(t *testing.T) {
 			shadowID: shadowID,
 		},
 	}
-	memberSvc := &fakeMemberService{isMember: true}
 	bindSvc := &fakeBindService{
 		code: bind.Code{
 			ID:             "code-1",
@@ -665,7 +584,7 @@ func TestIdentityResolverBindRunsBeforeMembershipCheck(t *testing.T) {
 			channelIdentitySvc.linked[channelChannelIdentityID] = humanID
 		},
 	}
-	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, memberSvc, nil, nil, bindSvc, "", "")
+	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, nil, bindSvc, "")
 
 	msg := channel.InboundMessage{
 		BotID:       "bot-1",
@@ -687,9 +606,6 @@ func TestIdentityResolverBindRunsBeforeMembershipCheck(t *testing.T) {
 	if state.Identity.UserID != humanID {
 		t.Fatalf("expected linked user to switch to %s, got %s", humanID, state.Identity.UserID)
 	}
-	if memberSvc.upsertCalled {
-		t.Fatal("bind should not upsert bot membership")
-	}
 }
 
 func TestIdentityResolverBindConsumeErrorHandledAsDecision(t *testing.T) {
@@ -704,7 +620,7 @@ func TestIdentityResolverBindConsumeErrorHandledAsDecision(t *testing.T) {
 		},
 		consumeErr: bind.ErrCodeUsed,
 	}
-	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, &fakeMemberService{}, nil, nil, bindSvc, "", "")
+	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, nil, bindSvc, "")
 
 	msg := channel.InboundMessage{
 		BotID:       "bot-1",
@@ -743,7 +659,7 @@ func TestIdentityResolverBindCodeNotScopedToCurrentBot(t *testing.T) {
 			channelIdentitySvc.linked[channelChannelIdentityID] = humanID
 		},
 	}
-	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, &fakeMemberService{}, nil, nil, bindSvc, "", "")
+	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, nil, bindSvc, "")
 
 	msg := channel.InboundMessage{
 		BotID:       "bot-2",
@@ -767,11 +683,10 @@ func TestIdentityResolverBindCodeNotScopedToCurrentBot(t *testing.T) {
 	}
 }
 
-func TestIdentityResolverPublicBotGroupDeniedSilently(t *testing.T) {
+func TestIdentityResolverPublicBotGroupGuestPasses(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-group-denied"}}
-	memberSvc := &fakeMemberService{isMember: false}
 	policySvc := &fakePolicyService{allow: false, botType: "public"}
-	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, memberSvc, policySvc, nil, nil, "Access denied.", "")
+	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, policySvc, nil, "Access denied.")
 
 	msg := channel.InboundMessage{
 		BotID:       "bot-1",
@@ -788,19 +703,15 @@ func TestIdentityResolverPublicBotGroupDeniedSilently(t *testing.T) {
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
-	if state.Decision == nil || !state.Decision.Stop {
-		t.Fatal("unauthorized group message should be stopped")
-	}
-	if !state.Decision.Reply.IsEmpty() {
-		t.Fatal("unauthorized group message should be silently dropped, not replied")
+	if state.Decision != nil {
+		t.Fatal("public bot group guest should pass identity resolution")
 	}
 }
 
-func TestIdentityResolverPublicBotDirectDeniedWithReply(t *testing.T) {
+func TestIdentityResolverPublicBotDirectGuestPasses(t *testing.T) {
 	channelIdentitySvc := &fakeChannelIdentityService{channelIdentity: identities.ChannelIdentity{ID: "channelIdentity-direct-denied"}}
-	memberSvc := &fakeMemberService{isMember: false}
 	policySvc := &fakePolicyService{allow: false, botType: "public"}
-	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, memberSvc, policySvc, nil, nil, "Access denied.", "")
+	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, policySvc, nil, "Access denied.")
 
 	msg := channel.InboundMessage{
 		BotID:       "bot-1",
@@ -810,18 +721,15 @@ func TestIdentityResolverPublicBotDirectDeniedWithReply(t *testing.T) {
 		Sender:      channel.Identity{SubjectID: "stranger-direct"},
 		Conversation: channel.Conversation{
 			ID:   "p2p-1",
-			Type: "p2p",
+			Type: channel.ConversationTypePrivate,
 		},
 	}
 	state, err := resolver.Resolve(context.Background(), channel.ChannelConfig{BotID: "bot-1"}, msg)
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
-	if state.Decision == nil || !state.Decision.Stop {
-		t.Fatal("unauthorized direct message should be stopped")
-	}
-	if state.Decision.Reply.IsEmpty() {
-		t.Fatal("unauthorized direct message should reply with access denied")
+	if state.Decision != nil {
+		t.Fatal("public bot direct guest should pass identity resolution")
 	}
 }
 
@@ -836,7 +744,7 @@ func TestIdentityResolverBindCodePlatformMismatch(t *testing.T) {
 			ExpiresAt:      time.Now().UTC().Add(1 * time.Hour),
 		},
 	}
-	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, &fakeMemberService{}, nil, nil, bindSvc, "", "")
+	resolver := NewIdentityResolver(slog.Default(), nil, channelIdentitySvc, nil, bindSvc, "")
 
 	msg := channel.InboundMessage{
 		BotID:       "bot-1",
diff --git a/internal/channel/inbound_test.go b/internal/channel/inbound_test.go
index 819d662c..68445f69 100644
--- a/internal/channel/inbound_test.go
+++ b/internal/channel/inbound_test.go
@@ -128,7 +128,7 @@ func TestManager_handleInbound(t *testing.T) {
 			ReplyTarget: "target-id",
 			Conversation: Conversation{
 				ID:   "chat-1",
-				Type: "p2p",
+				Type: ConversationTypePrivate,
 			},
 		}
 
@@ -199,7 +199,7 @@ func TestManager_handleInbound(t *testing.T) {
 			ReplyTarget: "stream-target",
 			Conversation: Conversation{
 				ID:   "chat-1",
-				Type: "p2p",
+				Type: ConversationTypePrivate,
 			},
 		}
 		if err := m.handleInbound(context.Background(), cfg, msg); err != nil {
diff --git a/internal/channel/manager_integration_test.go b/internal/channel/manager_integration_test.go
index 13651047..c396ec15 100644
--- a/internal/channel/manager_integration_test.go
+++ b/internal/channel/manager_integration_test.go
@@ -152,7 +152,7 @@ func TestManagerHandleInboundIntegratesAdapter(t *testing.T) {
 		ReplyTarget: "123",
 		Conversation: Conversation{
 			ID:   "chat-1",
-			Type: "p2p",
+			Type: ConversationTypePrivate,
 		},
 	})
 	if err != nil {
diff --git a/internal/channel/route/service.go b/internal/channel/route/service.go
index 98f345d9..5324cfaa 100644
--- a/internal/channel/route/service.go
+++ b/internal/channel/route/service.go
@@ -10,6 +10,7 @@ import (
 
 	"github.com/jackc/pgx/v5/pgtype"
 
+	"github.com/memohai/memoh/internal/channel"
 	"github.com/memohai/memoh/internal/conversation"
 	dbpkg "github.com/memohai/memoh/internal/db"
 	"github.com/memohai/memoh/internal/db/sqlc"
@@ -18,8 +19,6 @@ import (
 // ConversationService contains the minimal conversation behavior required by route resolution.
 type ConversationService interface {
 	Create(ctx context.Context, botID, channelIdentityID string, req conversation.CreateRequest) (conversation.Conversation, error)
-	IsParticipant(ctx context.Context, conversationID, channelIdentityID string) (bool, error)
-	AddParticipant(ctx context.Context, conversationID, channelIdentityID, role string) (conversation.Participant, error)
 }
 
 // DBService manages channel routes and route-to-conversation resolution.
@@ -170,17 +169,6 @@ func (s *DBService) UpdateMetadata(ctx context.Context, routeID string, metadata
 func (s *DBService) ResolveConversation(ctx context.Context, input ResolveInput) (ResolveConversationResult, error) {
 	route, err := s.Find(ctx, input.BotID, input.Platform, input.ConversationID, input.ThreadID)
 	if err == nil {
-		if strings.TrimSpace(input.ChannelIdentityID) != "" && s.conversation != nil {
-			ok, checkErr := s.conversation.IsParticipant(ctx, route.ChatID, input.ChannelIdentityID)
-			if checkErr != nil {
-				return ResolveConversationResult{}, fmt.Errorf("check conversation participant: %w", checkErr)
-			}
-			if !ok {
-				if _, addErr := s.conversation.AddParticipant(ctx, route.ChatID, input.ChannelIdentityID, conversation.RoleMember); addErr != nil && s.logger != nil {
-					s.logger.Warn("auto-add participant failed", slog.Any("error", addErr))
-				}
-			}
-		}
 		if strings.TrimSpace(input.ReplyTarget) != "" && input.ReplyTarget != route.ReplyTarget {
 			if updateErr := s.UpdateReplyTarget(ctx, route.ID, input.ReplyTarget); updateErr != nil && s.logger != nil {
 				s.logger.Warn("update route reply target failed", slog.Any("error", updateErr))
@@ -225,12 +213,6 @@ func (s *DBService) ResolveConversation(ctx context.Context, input ResolveInput)
 		return ResolveConversationResult{}, fmt.Errorf("create conversation: %w", err)
 	}
 
-	if strings.TrimSpace(input.ChannelIdentityID) != "" && strings.TrimSpace(input.ChannelIdentityID) != strings.TrimSpace(creatorChannelIdentityID) {
-		if _, addErr := s.conversation.AddParticipant(ctx, createdConversation.ID, input.ChannelIdentityID, conversation.RoleMember); addErr != nil && s.logger != nil {
-			s.logger.Warn("auto-add creator participant failed", slog.Any("error", addErr))
-		}
-	}
-
 	newRoute, err := s.Create(ctx, CreateInput{
 		ChatID:           createdConversation.ID,
 		BotID:            input.BotID,
@@ -261,11 +243,14 @@ func determineConversationKind(threadID, conversationType string) string {
 	if strings.TrimSpace(threadID) != "" {
 		return conversation.KindThread
 	}
-	ct := strings.ToLower(strings.TrimSpace(conversationType))
-	if ct == "p2p" || ct == "private" || ct == "" {
+	switch channel.NormalizeConversationType(conversationType) {
+	case channel.ConversationTypeThread:
+		return conversation.KindThread
+	case channel.ConversationTypePrivate:
 		return conversation.KindDirect
+	default:
+		return conversation.KindGroup
 	}
-	return conversation.KindGroup
 }
 
 func (s *DBService) resolveConversationCreatorChannelIdentityID(ctx context.Context, botID, fallbackChannelIdentityID, kind string) string {
diff --git a/internal/channel/types.go b/internal/channel/types.go
index 87a789fa..d129485f 100644
--- a/internal/channel/types.go
+++ b/internal/channel/types.go
@@ -39,6 +39,32 @@ type Conversation struct {
 	Metadata map[string]any
 }
 
+const (
+	ConversationTypePrivate = "private"
+	ConversationTypeGroup   = "group"
+	ConversationTypeThread  = "thread"
+)
+
+// NormalizeConversationType normalizes conversation type values within the
+// channel abstraction domain: private/group/thread.
+func NormalizeConversationType(raw string) string {
+	switch strings.ToLower(strings.TrimSpace(raw)) {
+	case ConversationTypePrivate:
+		return ConversationTypePrivate
+	case ConversationTypeThread:
+		return ConversationTypeThread
+	case ConversationTypeGroup:
+		return ConversationTypeGroup
+	default:
+		return ConversationTypeGroup
+	}
+}
+
+// IsPrivateConversationType reports whether the conversation is private.
+func IsPrivateConversationType(raw string) bool {
+	return NormalizeConversationType(raw) == ConversationTypePrivate
+}
+
 // InboundMessage is a message received from an external channel.
 type InboundMessage struct {
 	Channel      ChannelType
@@ -70,8 +96,7 @@ func (m InboundMessage) RoutingKey() string {
 // For group chats, the sender ID is appended to provide per-user context.
 func GenerateRoutingKey(platform, botID, conversationID, conversationType, senderID string) string {
 	parts := []string{platform, botID, conversationID}
-	ct := strings.ToLower(strings.TrimSpace(conversationType))
-	if ct != "" && ct != "p2p" && ct != "private" {
+	if !IsPrivateConversationType(conversationType) {
 		senderID = strings.TrimSpace(senderID)
 		if senderID != "" {
 			parts = append(parts, senderID)
diff --git a/internal/command/handler.go b/internal/command/handler.go
index e800bf44..d576a7e1 100644
--- a/internal/command/handler.go
+++ b/internal/command/handler.go
@@ -32,11 +32,14 @@ type BotMemberRoleAdapter struct {
 }
 
 func (a *BotMemberRoleAdapter) GetMemberRole(ctx context.Context, botID, channelIdentityID string) (string, error) {
-	member, err := a.BotService.GetMember(ctx, botID, channelIdentityID)
+	bot, err := a.BotService.Get(ctx, botID)
 	if err != nil {
 		return "", err
 	}
-	return member.Role, nil
+	if bot.OwnerUserID == channelIdentityID {
+		return "owner", nil
+	}
+	return "", nil
 }
 
 // Handler processes slash commands intercepted before they reach the LLM.
@@ -187,7 +190,7 @@ func (h *Handler) Execute(ctx context.Context, botID, channelIdentityID, text st
 		return fmt.Sprintf("Unknown action \"%s\" for /%s.\n\n%s", parsed.Action, parsed.Resource, group.Usage()), nil
 	}
 
-	if sub.IsWrite && role != bots.MemberRoleOwner {
+	if sub.IsWrite && role != "owner" {
 		return "Permission denied: only the bot owner can execute this command.", nil
 	}
 
diff --git a/internal/command/handler_test.go b/internal/command/handler_test.go
index eaface1e..772f89de 100644
--- a/internal/command/handler_test.go
+++ b/internal/command/handler_test.go
@@ -6,7 +6,6 @@ import (
 	"testing"
 	"time"
 
-	"github.com/memohai/memoh/internal/bots"
 	"github.com/memohai/memoh/internal/inbox"
 	"github.com/memohai/memoh/internal/mcp"
 	"github.com/memohai/memoh/internal/schedule"
@@ -78,7 +77,7 @@ func TestIsCommand(t *testing.T) {
 
 func TestExecute_Help(t *testing.T) {
 	t.Parallel()
-	h := newTestHandler(&fakeRoleResolver{role: bots.MemberRoleOwner})
+	h := newTestHandler(&fakeRoleResolver{role: "owner"})
 	result, err := h.Execute(context.Background(), "bot-1", "user-1", "/help")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
@@ -93,7 +92,7 @@ func TestExecute_Help(t *testing.T) {
 
 func TestExecute_UnknownCommand(t *testing.T) {
 	t.Parallel()
-	h := newTestHandler(&fakeRoleResolver{role: bots.MemberRoleOwner})
+	h := newTestHandler(&fakeRoleResolver{role: "owner"})
 	result, err := h.Execute(context.Background(), "bot-1", "user-1", "/foobar")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
@@ -105,7 +104,7 @@ func TestExecute_UnknownCommand(t *testing.T) {
 
 func TestExecute_WithMentionPrefix(t *testing.T) {
 	t.Parallel()
-	h := newTestHandler(&fakeRoleResolver{role: bots.MemberRoleOwner})
+	h := newTestHandler(&fakeRoleResolver{role: "owner"})
 	result, err := h.Execute(context.Background(), "bot-1", "user-1", "@BotName /help")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
@@ -117,7 +116,7 @@ func TestExecute_WithMentionPrefix(t *testing.T) {
 
 func TestExecute_TelegramBotSuffix(t *testing.T) {
 	t.Parallel()
-	h := newTestHandler(&fakeRoleResolver{role: bots.MemberRoleOwner})
+	h := newTestHandler(&fakeRoleResolver{role: "owner"})
 	result, err := h.Execute(context.Background(), "bot-1", "user-1", "/help@MemohBot")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
@@ -129,7 +128,7 @@ func TestExecute_TelegramBotSuffix(t *testing.T) {
 
 func TestExecute_UnknownAction(t *testing.T) {
 	t.Parallel()
-	h := newTestHandler(&fakeRoleResolver{role: bots.MemberRoleOwner})
+	h := newTestHandler(&fakeRoleResolver{role: "owner"})
 	result, err := h.Execute(context.Background(), "bot-1", "user-1", "/subagent foobar")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
@@ -144,7 +143,7 @@ func TestExecute_UnknownAction(t *testing.T) {
 
 func TestExecute_WritePermissionDenied(t *testing.T) {
 	t.Parallel()
-	h := newTestHandler(&fakeRoleResolver{role: bots.MemberRoleMember})
+	h := newTestHandler(&fakeRoleResolver{role: ""})
 	result, err := h.Execute(context.Background(), "bot-1", "user-1", "/subagent create test desc")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
@@ -156,7 +155,7 @@ func TestExecute_WritePermissionDenied(t *testing.T) {
 
 func TestExecute_WritePermissionAllowedForOwner(t *testing.T) {
 	t.Parallel()
-	h := newTestHandler(&fakeRoleResolver{role: bots.MemberRoleOwner})
+	h := newTestHandler(&fakeRoleResolver{role: "owner"})
 	result, err := h.Execute(context.Background(), "bot-1", "user-1", "/subagent create")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
@@ -171,7 +170,7 @@ func TestExecute_WritePermissionAllowedForOwner(t *testing.T) {
 
 func TestExecute_SettingsDefaultAction(t *testing.T) {
 	t.Parallel()
-	h := newTestHandler(&fakeRoleResolver{role: bots.MemberRoleMember})
+	h := newTestHandler(&fakeRoleResolver{role: ""})
 	result, err := h.Execute(context.Background(), "bot-1", "user-1", "/settings")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
@@ -183,7 +182,7 @@ func TestExecute_SettingsDefaultAction(t *testing.T) {
 
 func TestExecute_MissingArgs(t *testing.T) {
 	t.Parallel()
-	h := newTestHandler(&fakeRoleResolver{role: bots.MemberRoleOwner})
+	h := newTestHandler(&fakeRoleResolver{role: "owner"})
 	tests := []struct {
 		cmd      string
 		contains string
@@ -301,7 +300,7 @@ func TestUsage_OwnerTag(t *testing.T) {
 // Verify new commands with nil services return graceful errors, not panics.
 func TestNewCommands_NilServices(t *testing.T) {
 	t.Parallel()
-	h := newTestHandler(&fakeRoleResolver{role: bots.MemberRoleOwner})
+	h := newTestHandler(&fakeRoleResolver{role: "owner"})
 	cmds := []string{
 		"/skill list",
 		"/fs list",
diff --git a/internal/conversation/service.go b/internal/conversation/service.go
index ca76c3d9..2d436d7f 100644
--- a/internal/conversation/service.go
+++ b/internal/conversation/service.go
@@ -88,27 +88,6 @@ func (s *Service) Create(ctx context.Context, botID, channelIdentityID string, r
 		return Conversation{}, fmt.Errorf("create conversation: %w", err)
 	}
 
-	// Add creator as owner when the channel identity is available.
-	if pgChannelIdentityID.Valid {
-		if _, err := s.queries.AddChatParticipant(ctx, sqlc.AddChatParticipantParams{
-			ChatID: row.ID,
-			UserID: pgChannelIdentityID,
-			Role:   RoleOwner,
-		}); err != nil {
-			return Conversation{}, fmt.Errorf("add owner participant: %w", err)
-		}
-	}
-
-	// For threads, copy parent participants.
-	if kind == KindThread && pgParent.Valid {
-		if err := s.queries.CopyParticipantsToChat(ctx, sqlc.CopyParticipantsToChatParams{
-			ChatID:  pgParent,
-			ChatID2: row.ID,
-		}); err != nil {
-			s.logger.Warn("copy parent participants failed", slog.Any("error", err))
-		}
-	}
-
 	return toChatFromCreate(row), nil
 }
 
@@ -205,51 +184,34 @@ func (s *Service) Delete(ctx context.Context, conversationID string) error {
 	return s.queries.DeleteChat(ctx, pgID)
 }
 
-// AddParticipant adds a channel identity to a conversation.
-func (s *Service) AddParticipant(ctx context.Context, conversationID, channelIdentityID, role string) (Participant, error) {
-	pgConversationID, err := parseUUID(conversationID)
-	if err != nil {
-		return Participant{}, err
-	}
-	pgChannelIdentityID, err := parseUUID(channelIdentityID)
-	if err != nil {
-		return Participant{}, err
-	}
-	if role == "" {
-		role = RoleMember
-	}
-	row, err := s.queries.AddChatParticipant(ctx, sqlc.AddChatParticipantParams{
-		ChatID: pgConversationID,
-		UserID: pgChannelIdentityID,
-		Role:   role,
-	})
-	if err != nil {
-		return Participant{}, err
-	}
-	return toParticipantFromAdd(row), nil
+// AddParticipant is no longer supported after removing bot member sharing.
+func (*Service) AddParticipant(_ context.Context, _, _, _ string) (Participant, error) {
+	return Participant{}, ErrPermissionDenied
 }
 
-// GetParticipant returns a conversation participant.
+// GetParticipant returns the owner participant only.
 func (s *Service) GetParticipant(ctx context.Context, conversationID, channelIdentityID string) (Participant, error) {
-	pgConversationID, err := parseUUID(conversationID)
-	if err != nil {
+	conversationID = strings.TrimSpace(conversationID)
+	channelIdentityID = strings.TrimSpace(channelIdentityID)
+	if conversationID == "" || channelIdentityID == "" {
 		return Participant{}, ErrNotParticipant
 	}
-	pgChannelIdentityID, err := parseUUID(channelIdentityID)
+	chat, err := s.Get(ctx, conversationID)
 	if err != nil {
-		return Participant{}, ErrNotParticipant
-	}
-	row, err := s.queries.GetChatParticipant(ctx, sqlc.GetChatParticipantParams{
-		ChatID: pgConversationID,
-		UserID: pgChannelIdentityID,
-	})
-	if err != nil {
-		if errors.Is(err, pgx.ErrNoRows) {
+		if errors.Is(err, ErrChatNotFound) {
 			return Participant{}, ErrNotParticipant
 		}
 		return Participant{}, err
 	}
-	return toParticipantFromGet(row), nil
+	if strings.TrimSpace(chat.CreatedBy) != channelIdentityID {
+		return Participant{}, ErrNotParticipant
+	}
+	return Participant{
+		ChatID:   chat.ID,
+		UserID:   strings.TrimSpace(chat.CreatedBy),
+		Role:     RoleOwner,
+		JoinedAt: chat.CreatedAt,
+	}, nil
 }
 
 // IsParticipant checks whether a channel identity is a participant.
@@ -261,37 +223,26 @@ func (s *Service) IsParticipant(ctx context.Context, conversationID, channelIden
 	return err == nil, err
 }
 
-// ListParticipants returns all participants for a conversation.
+// ListParticipants returns the owner as the sole participant.
 func (s *Service) ListParticipants(ctx context.Context, conversationID string) ([]Participant, error) {
-	pgID, err := parseUUID(conversationID)
+	chat, err := s.Get(ctx, conversationID)
 	if err != nil {
+		if errors.Is(err, ErrChatNotFound) {
+			return nil, err
+		}
 		return nil, err
 	}
-	rows, err := s.queries.ListChatParticipants(ctx, pgID)
-	if err != nil {
-		return nil, err
-	}
-	participants := make([]Participant, 0, len(rows))
-	for _, row := range rows {
-		participants = append(participants, toParticipantFromList(row))
-	}
-	return participants, nil
+	return []Participant{{
+		ChatID:   chat.ID,
+		UserID:   strings.TrimSpace(chat.CreatedBy),
+		Role:     RoleOwner,
+		JoinedAt: chat.CreatedAt,
+	}}, nil
 }
 
-// RemoveParticipant removes a participant from a conversation.
-func (s *Service) RemoveParticipant(ctx context.Context, conversationID, channelIdentityID string) error {
-	pgConversationID, err := parseUUID(conversationID)
-	if err != nil {
-		return err
-	}
-	pgChannelIdentityID, err := parseUUID(channelIdentityID)
-	if err != nil {
-		return err
-	}
-	return s.queries.RemoveChatParticipant(ctx, sqlc.RemoveChatParticipantParams{
-		ChatID: pgConversationID,
-		UserID: pgChannelIdentityID,
-	})
+// RemoveParticipant is a no-op because only owner participation remains.
+func (*Service) RemoveParticipant(_ context.Context, _, _ string) error {
+	return ErrPermissionDenied
 }
 
 // GetSettings returns conversation settings and falls back to defaults when missing.
@@ -412,27 +363,6 @@ func toChatListItem(row sqlc.ListVisibleChatsByBotAndUserRow) ConversationListIt
 	}
 }
 
-func toParticipantFromAdd(row sqlc.AddChatParticipantRow) Participant {
-	return toParticipantFields(row.ChatID, row.UserID, row.Role, row.JoinedAt)
-}
-
-func toParticipantFromGet(row sqlc.GetChatParticipantRow) Participant {
-	return toParticipantFields(row.ChatID, row.UserID, row.Role, row.JoinedAt)
-}
-
-func toParticipantFromList(row sqlc.ListChatParticipantsRow) Participant {
-	return toParticipantFields(row.ChatID, row.UserID, row.Role, row.JoinedAt)
-}
-
-func toParticipantFields(conversationID, userID pgtype.UUID, role string, joinedAt pgtype.Timestamptz) Participant {
-	return Participant{
-		ChatID:   conversationID.String(),
-		UserID:   userID.String(),
-		Role:     role,
-		JoinedAt: joinedAt.Time,
-	}
-}
-
 func toSettingsFromRead(row sqlc.GetChatSettingsRow) Settings {
 	settings := Settings{
 		ChatID: row.ChatID.String(),
diff --git a/internal/db/sqlc/acl.sql.go b/internal/db/sqlc/acl.sql.go
new file mode 100644
index 00000000..7f33ad76
--- /dev/null
+++ b/internal/db/sqlc/acl.sql.go
@@ -0,0 +1,415 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: acl.sql
+
+package sqlc
+
+import (
+	"context"
+
+	"github.com/jackc/pgx/v5/pgtype"
+)
+
+const deleteBotACLGuestAllAllowRule = `-- name: DeleteBotACLGuestAllAllowRule :exec
+DELETE FROM bot_acl_rules
+WHERE bot_id = $1
+  AND action = 'chat.trigger'
+  AND effect = 'allow'
+  AND subject_kind = 'guest_all'
+`
+
+func (q *Queries) DeleteBotACLGuestAllAllowRule(ctx context.Context, botID pgtype.UUID) error {
+	_, err := q.db.Exec(ctx, deleteBotACLGuestAllAllowRule, botID)
+	return err
+}
+
+const deleteBotACLRuleByID = `-- name: DeleteBotACLRuleByID :exec
+DELETE FROM bot_acl_rules
+WHERE id = $1
+`
+
+func (q *Queries) DeleteBotACLRuleByID(ctx context.Context, id pgtype.UUID) error {
+	_, err := q.db.Exec(ctx, deleteBotACLRuleByID, id)
+	return err
+}
+
+const hasBotACLChannelIdentityRule = `-- name: HasBotACLChannelIdentityRule :one
+SELECT EXISTS (
+  SELECT 1
+  FROM bot_acl_rules
+  WHERE bot_id = $1
+    AND action = 'chat.trigger'
+    AND effect = $2
+    AND subject_kind = 'channel_identity'
+    AND channel_identity_id = $3
+    AND (source_channel IS NULL OR source_channel = $4::text)
+    AND (source_conversation_type IS NULL OR source_conversation_type = $5::text)
+    AND (source_conversation_id IS NULL OR source_conversation_id = $6::text)
+    AND (source_thread_id IS NULL OR source_thread_id = $7::text)
+) AS matched
+`
+
+type HasBotACLChannelIdentityRuleParams struct {
+	BotID                  pgtype.UUID `json:"bot_id"`
+	Effect                 string      `json:"effect"`
+	ChannelIdentityID      pgtype.UUID `json:"channel_identity_id"`
+	SourceChannel          pgtype.Text `json:"source_channel"`
+	SourceConversationType pgtype.Text `json:"source_conversation_type"`
+	SourceConversationID   pgtype.Text `json:"source_conversation_id"`
+	SourceThreadID         pgtype.Text `json:"source_thread_id"`
+}
+
+func (q *Queries) HasBotACLChannelIdentityRule(ctx context.Context, arg HasBotACLChannelIdentityRuleParams) (bool, error) {
+	row := q.db.QueryRow(ctx, hasBotACLChannelIdentityRule,
+		arg.BotID,
+		arg.Effect,
+		arg.ChannelIdentityID,
+		arg.SourceChannel,
+		arg.SourceConversationType,
+		arg.SourceConversationID,
+		arg.SourceThreadID,
+	)
+	var matched bool
+	err := row.Scan(&matched)
+	return matched, err
+}
+
+const hasBotACLGuestAllAllowRule = `-- name: HasBotACLGuestAllAllowRule :one
+SELECT EXISTS (
+  SELECT 1
+  FROM bot_acl_rules
+  WHERE bot_id = $1
+    AND action = 'chat.trigger'
+    AND effect = 'allow'
+    AND subject_kind = 'guest_all'
+) AS allowed
+`
+
+func (q *Queries) HasBotACLGuestAllAllowRule(ctx context.Context, botID pgtype.UUID) (bool, error) {
+	row := q.db.QueryRow(ctx, hasBotACLGuestAllAllowRule, botID)
+	var allowed bool
+	err := row.Scan(&allowed)
+	return allowed, err
+}
+
+const hasBotACLUserRule = `-- name: HasBotACLUserRule :one
+SELECT EXISTS (
+  SELECT 1
+  FROM bot_acl_rules
+  WHERE bot_id = $1
+    AND action = 'chat.trigger'
+    AND effect = $2
+    AND subject_kind = 'user'
+    AND user_id = $3
+    AND (source_channel IS NULL OR source_channel = $4::text)
+    AND (source_conversation_type IS NULL OR source_conversation_type = $5::text)
+    AND (source_conversation_id IS NULL OR source_conversation_id = $6::text)
+    AND (source_thread_id IS NULL OR source_thread_id = $7::text)
+) AS matched
+`
+
+type HasBotACLUserRuleParams struct {
+	BotID                  pgtype.UUID `json:"bot_id"`
+	Effect                 string      `json:"effect"`
+	UserID                 pgtype.UUID `json:"user_id"`
+	SourceChannel          pgtype.Text `json:"source_channel"`
+	SourceConversationType pgtype.Text `json:"source_conversation_type"`
+	SourceConversationID   pgtype.Text `json:"source_conversation_id"`
+	SourceThreadID         pgtype.Text `json:"source_thread_id"`
+}
+
+func (q *Queries) HasBotACLUserRule(ctx context.Context, arg HasBotACLUserRuleParams) (bool, error) {
+	row := q.db.QueryRow(ctx, hasBotACLUserRule,
+		arg.BotID,
+		arg.Effect,
+		arg.UserID,
+		arg.SourceChannel,
+		arg.SourceConversationType,
+		arg.SourceConversationID,
+		arg.SourceThreadID,
+	)
+	var matched bool
+	err := row.Scan(&matched)
+	return matched, err
+}
+
+const listBotACLSubjectRulesByEffect = `-- name: ListBotACLSubjectRulesByEffect :many
+SELECT
+  r.id,
+  r.bot_id,
+  r.action,
+  r.effect,
+  r.subject_kind,
+  r.user_id,
+  r.channel_identity_id,
+  r.source_channel,
+  r.source_conversation_type,
+  r.source_conversation_id,
+  r.source_thread_id,
+  r.created_by_user_id,
+  r.created_at,
+  r.updated_at,
+  u.username AS user_username,
+  u.display_name AS user_display_name,
+  u.avatar_url AS user_avatar_url,
+  ci.channel_type,
+  ci.channel_subject_id,
+  ci.display_name AS channel_identity_display_name,
+  ci.avatar_url AS channel_identity_avatar_url,
+  linked.id AS linked_user_id,
+  linked.username AS linked_user_username,
+  linked.display_name AS linked_user_display_name,
+  linked.avatar_url AS linked_user_avatar_url
+FROM bot_acl_rules r
+LEFT JOIN users u ON u.id = r.user_id
+LEFT JOIN channel_identities ci ON ci.id = r.channel_identity_id
+LEFT JOIN users linked ON linked.id = ci.user_id
+WHERE r.bot_id = $1
+  AND r.action = 'chat.trigger'
+  AND r.effect = $2
+  AND r.subject_kind IN ('user', 'channel_identity')
+ORDER BY r.created_at DESC
+`
+
+type ListBotACLSubjectRulesByEffectParams struct {
+	BotID  pgtype.UUID `json:"bot_id"`
+	Effect string      `json:"effect"`
+}
+
+type ListBotACLSubjectRulesByEffectRow struct {
+	ID                         pgtype.UUID        `json:"id"`
+	BotID                      pgtype.UUID        `json:"bot_id"`
+	Action                     string             `json:"action"`
+	Effect                     string             `json:"effect"`
+	SubjectKind                string             `json:"subject_kind"`
+	UserID                     pgtype.UUID        `json:"user_id"`
+	ChannelIdentityID          pgtype.UUID        `json:"channel_identity_id"`
+	SourceChannel              pgtype.Text        `json:"source_channel"`
+	SourceConversationType     pgtype.Text        `json:"source_conversation_type"`
+	SourceConversationID       pgtype.Text        `json:"source_conversation_id"`
+	SourceThreadID             pgtype.Text        `json:"source_thread_id"`
+	CreatedByUserID            pgtype.UUID        `json:"created_by_user_id"`
+	CreatedAt                  pgtype.Timestamptz `json:"created_at"`
+	UpdatedAt                  pgtype.Timestamptz `json:"updated_at"`
+	UserUsername               pgtype.Text        `json:"user_username"`
+	UserDisplayName            pgtype.Text        `json:"user_display_name"`
+	UserAvatarUrl              pgtype.Text        `json:"user_avatar_url"`
+	ChannelType                pgtype.Text        `json:"channel_type"`
+	ChannelSubjectID           pgtype.Text        `json:"channel_subject_id"`
+	ChannelIdentityDisplayName pgtype.Text        `json:"channel_identity_display_name"`
+	ChannelIdentityAvatarUrl   pgtype.Text        `json:"channel_identity_avatar_url"`
+	LinkedUserID               pgtype.UUID        `json:"linked_user_id"`
+	LinkedUserUsername         pgtype.Text        `json:"linked_user_username"`
+	LinkedUserDisplayName      pgtype.Text        `json:"linked_user_display_name"`
+	LinkedUserAvatarUrl        pgtype.Text        `json:"linked_user_avatar_url"`
+}
+
+func (q *Queries) ListBotACLSubjectRulesByEffect(ctx context.Context, arg ListBotACLSubjectRulesByEffectParams) ([]ListBotACLSubjectRulesByEffectRow, error) {
+	rows, err := q.db.Query(ctx, listBotACLSubjectRulesByEffect, arg.BotID, arg.Effect)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var items []ListBotACLSubjectRulesByEffectRow
+	for rows.Next() {
+		var i ListBotACLSubjectRulesByEffectRow
+		if err := rows.Scan(
+			&i.ID,
+			&i.BotID,
+			&i.Action,
+			&i.Effect,
+			&i.SubjectKind,
+			&i.UserID,
+			&i.ChannelIdentityID,
+			&i.SourceChannel,
+			&i.SourceConversationType,
+			&i.SourceConversationID,
+			&i.SourceThreadID,
+			&i.CreatedByUserID,
+			&i.CreatedAt,
+			&i.UpdatedAt,
+			&i.UserUsername,
+			&i.UserDisplayName,
+			&i.UserAvatarUrl,
+			&i.ChannelType,
+			&i.ChannelSubjectID,
+			&i.ChannelIdentityDisplayName,
+			&i.ChannelIdentityAvatarUrl,
+			&i.LinkedUserID,
+			&i.LinkedUserUsername,
+			&i.LinkedUserDisplayName,
+			&i.LinkedUserAvatarUrl,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, i)
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const upsertBotACLChannelIdentityRule = `-- name: UpsertBotACLChannelIdentityRule :one
+INSERT INTO bot_acl_rules (
+  bot_id, action, effect, subject_kind, channel_identity_id,
+  source_channel, source_conversation_type, source_conversation_id, source_thread_id,
+  created_by_user_id
+)
+VALUES (
+  $1, 'chat.trigger', $2, 'channel_identity', $3,
+  $5::text,
+  $6::text,
+  $7::text,
+  $8::text,
+  $4
+)
+ON CONFLICT ON CONSTRAINT bot_acl_rules_unique_channel_identity
+DO UPDATE SET
+  created_by_user_id = COALESCE(EXCLUDED.created_by_user_id, bot_acl_rules.created_by_user_id),
+  updated_at = now()
+RETURNING id, bot_id, action, effect, subject_kind, user_id, channel_identity_id, source_channel, source_conversation_type, source_conversation_id, source_thread_id, created_by_user_id, created_at, updated_at
+`
+
+type UpsertBotACLChannelIdentityRuleParams struct {
+	BotID                  pgtype.UUID `json:"bot_id"`
+	Effect                 string      `json:"effect"`
+	ChannelIdentityID      pgtype.UUID `json:"channel_identity_id"`
+	CreatedByUserID        pgtype.UUID `json:"created_by_user_id"`
+	SourceChannel          pgtype.Text `json:"source_channel"`
+	SourceConversationType pgtype.Text `json:"source_conversation_type"`
+	SourceConversationID   pgtype.Text `json:"source_conversation_id"`
+	SourceThreadID         pgtype.Text `json:"source_thread_id"`
+}
+
+func (q *Queries) UpsertBotACLChannelIdentityRule(ctx context.Context, arg UpsertBotACLChannelIdentityRuleParams) (BotAclRule, error) {
+	row := q.db.QueryRow(ctx, upsertBotACLChannelIdentityRule,
+		arg.BotID,
+		arg.Effect,
+		arg.ChannelIdentityID,
+		arg.CreatedByUserID,
+		arg.SourceChannel,
+		arg.SourceConversationType,
+		arg.SourceConversationID,
+		arg.SourceThreadID,
+	)
+	var i BotAclRule
+	err := row.Scan(
+		&i.ID,
+		&i.BotID,
+		&i.Action,
+		&i.Effect,
+		&i.SubjectKind,
+		&i.UserID,
+		&i.ChannelIdentityID,
+		&i.SourceChannel,
+		&i.SourceConversationType,
+		&i.SourceConversationID,
+		&i.SourceThreadID,
+		&i.CreatedByUserID,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return i, err
+}
+
+const upsertBotACLGuestAllAllowRule = `-- name: UpsertBotACLGuestAllAllowRule :one
+INSERT INTO bot_acl_rules (bot_id, action, effect, subject_kind, created_by_user_id)
+VALUES ($1, 'chat.trigger', 'allow', 'guest_all', $2)
+ON CONFLICT ON CONSTRAINT bot_acl_rules_unique_user
+DO UPDATE SET
+  created_by_user_id = COALESCE(EXCLUDED.created_by_user_id, bot_acl_rules.created_by_user_id),
+  updated_at = now()
+RETURNING id, bot_id, action, effect, subject_kind, user_id, channel_identity_id, source_channel, source_conversation_type, source_conversation_id, source_thread_id, created_by_user_id, created_at, updated_at
+`
+
+type UpsertBotACLGuestAllAllowRuleParams struct {
+	BotID           pgtype.UUID `json:"bot_id"`
+	CreatedByUserID pgtype.UUID `json:"created_by_user_id"`
+}
+
+func (q *Queries) UpsertBotACLGuestAllAllowRule(ctx context.Context, arg UpsertBotACLGuestAllAllowRuleParams) (BotAclRule, error) {
+	row := q.db.QueryRow(ctx, upsertBotACLGuestAllAllowRule, arg.BotID, arg.CreatedByUserID)
+	var i BotAclRule
+	err := row.Scan(
+		&i.ID,
+		&i.BotID,
+		&i.Action,
+		&i.Effect,
+		&i.SubjectKind,
+		&i.UserID,
+		&i.ChannelIdentityID,
+		&i.SourceChannel,
+		&i.SourceConversationType,
+		&i.SourceConversationID,
+		&i.SourceThreadID,
+		&i.CreatedByUserID,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return i, err
+}
+
+const upsertBotACLUserRule = `-- name: UpsertBotACLUserRule :one
+INSERT INTO bot_acl_rules (
+  bot_id, action, effect, subject_kind, user_id,
+  source_channel, source_conversation_type, source_conversation_id, source_thread_id,
+  created_by_user_id
+)
+VALUES (
+  $1, 'chat.trigger', $2, 'user', $3,
+  $5::text,
+  $6::text,
+  $7::text,
+  $8::text,
+  $4
+)
+ON CONFLICT ON CONSTRAINT bot_acl_rules_unique_user
+DO UPDATE SET
+  created_by_user_id = COALESCE(EXCLUDED.created_by_user_id, bot_acl_rules.created_by_user_id),
+  updated_at = now()
+RETURNING id, bot_id, action, effect, subject_kind, user_id, channel_identity_id, source_channel, source_conversation_type, source_conversation_id, source_thread_id, created_by_user_id, created_at, updated_at
+`
+
+type UpsertBotACLUserRuleParams struct {
+	BotID                  pgtype.UUID `json:"bot_id"`
+	Effect                 string      `json:"effect"`
+	UserID                 pgtype.UUID `json:"user_id"`
+	CreatedByUserID        pgtype.UUID `json:"created_by_user_id"`
+	SourceChannel          pgtype.Text `json:"source_channel"`
+	SourceConversationType pgtype.Text `json:"source_conversation_type"`
+	SourceConversationID   pgtype.Text `json:"source_conversation_id"`
+	SourceThreadID         pgtype.Text `json:"source_thread_id"`
+}
+
+func (q *Queries) UpsertBotACLUserRule(ctx context.Context, arg UpsertBotACLUserRuleParams) (BotAclRule, error) {
+	row := q.db.QueryRow(ctx, upsertBotACLUserRule,
+		arg.BotID,
+		arg.Effect,
+		arg.UserID,
+		arg.CreatedByUserID,
+		arg.SourceChannel,
+		arg.SourceConversationType,
+		arg.SourceConversationID,
+		arg.SourceThreadID,
+	)
+	var i BotAclRule
+	err := row.Scan(
+		&i.ID,
+		&i.BotID,
+		&i.Action,
+		&i.Effect,
+		&i.SubjectKind,
+		&i.UserID,
+		&i.ChannelIdentityID,
+		&i.SourceChannel,
+		&i.SourceConversationType,
+		&i.SourceConversationID,
+		&i.SourceThreadID,
+		&i.CreatedByUserID,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return i, err
+}
diff --git a/internal/db/sqlc/bots.sql.go b/internal/db/sqlc/bots.sql.go
index d2d86810..91091c4a 100644
--- a/internal/db/sqlc/bots.sql.go
+++ b/internal/db/sqlc/bots.sql.go
@@ -14,7 +14,7 @@ import (
 const createBot = `-- name: CreateBot :one
 INSERT INTO bots (owner_user_id, type, display_name, avatar_url, is_active, metadata, status)
 VALUES ($1, $2, $3, $4, $5, $6, $7)
-RETURNING id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, max_inbox_items, language, allow_guest, reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at
+RETURNING id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, max_inbox_items, language, reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at
 `
 
 type CreateBotParams struct {
@@ -39,7 +39,6 @@ type CreateBotRow struct {
 	MaxContextTokens   int32              `json:"max_context_tokens"`
 	MaxInboxItems      int32              `json:"max_inbox_items"`
 	Language           string             `json:"language"`
-	AllowGuest         bool               `json:"allow_guest"`
 	ReasoningEnabled   bool               `json:"reasoning_enabled"`
 	ReasoningEffort    string             `json:"reasoning_effort"`
 	ChatModelID        pgtype.UUID        `json:"chat_model_id"`
@@ -76,7 +75,6 @@ func (q *Queries) CreateBot(ctx context.Context, arg CreateBotParams) (CreateBot
 		&i.MaxContextTokens,
 		&i.MaxInboxItems,
 		&i.Language,
-		&i.AllowGuest,
 		&i.ReasoningEnabled,
 		&i.ReasoningEffort,
 		&i.ChatModelID,
@@ -101,22 +99,8 @@ func (q *Queries) DeleteBotByID(ctx context.Context, id pgtype.UUID) error {
 	return err
 }
 
-const deleteBotMember = `-- name: DeleteBotMember :exec
-DELETE FROM bot_members WHERE bot_id = $1 AND user_id = $2
-`
-
-type DeleteBotMemberParams struct {
-	BotID  pgtype.UUID `json:"bot_id"`
-	UserID pgtype.UUID `json:"user_id"`
-}
-
-func (q *Queries) DeleteBotMember(ctx context.Context, arg DeleteBotMemberParams) error {
-	_, err := q.db.Exec(ctx, deleteBotMember, arg.BotID, arg.UserID)
-	return err
-}
-
 const getBotByID = `-- name: GetBotByID :one
-SELECT id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, max_inbox_items, language, allow_guest, reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at
+SELECT id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, max_inbox_items, language, reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at
 FROM bots
 WHERE id = $1
 `
@@ -133,7 +117,6 @@ type GetBotByIDRow struct {
 	MaxContextTokens   int32              `json:"max_context_tokens"`
 	MaxInboxItems      int32              `json:"max_inbox_items"`
 	Language           string             `json:"language"`
-	AllowGuest         bool               `json:"allow_guest"`
 	ReasoningEnabled   bool               `json:"reasoning_enabled"`
 	ReasoningEffort    string             `json:"reasoning_effort"`
 	ChatModelID        pgtype.UUID        `json:"chat_model_id"`
@@ -162,7 +145,6 @@ func (q *Queries) GetBotByID(ctx context.Context, id pgtype.UUID) (GetBotByIDRow
 		&i.MaxContextTokens,
 		&i.MaxInboxItems,
 		&i.Language,
-		&i.AllowGuest,
 		&i.ReasoningEnabled,
 		&i.ReasoningEffort,
 		&i.ChatModelID,
@@ -178,142 +160,8 @@ func (q *Queries) GetBotByID(ctx context.Context, id pgtype.UUID) (GetBotByIDRow
 	return i, err
 }
 
-const getBotMember = `-- name: GetBotMember :one
-SELECT bot_id, user_id, role, created_at
-FROM bot_members
-WHERE bot_id = $1 AND user_id = $2
-LIMIT 1
-`
-
-type GetBotMemberParams struct {
-	BotID  pgtype.UUID `json:"bot_id"`
-	UserID pgtype.UUID `json:"user_id"`
-}
-
-func (q *Queries) GetBotMember(ctx context.Context, arg GetBotMemberParams) (BotMember, error) {
-	row := q.db.QueryRow(ctx, getBotMember, arg.BotID, arg.UserID)
-	var i BotMember
-	err := row.Scan(
-		&i.BotID,
-		&i.UserID,
-		&i.Role,
-		&i.CreatedAt,
-	)
-	return i, err
-}
-
-const listBotMembers = `-- name: ListBotMembers :many
-SELECT bot_id, user_id, role, created_at
-FROM bot_members
-WHERE bot_id = $1
-ORDER BY created_at DESC
-`
-
-func (q *Queries) ListBotMembers(ctx context.Context, botID pgtype.UUID) ([]BotMember, error) {
-	rows, err := q.db.Query(ctx, listBotMembers, botID)
-	if err != nil {
-		return nil, err
-	}
-	defer rows.Close()
-	var items []BotMember
-	for rows.Next() {
-		var i BotMember
-		if err := rows.Scan(
-			&i.BotID,
-			&i.UserID,
-			&i.Role,
-			&i.CreatedAt,
-		); err != nil {
-			return nil, err
-		}
-		items = append(items, i)
-	}
-	if err := rows.Err(); err != nil {
-		return nil, err
-	}
-	return items, nil
-}
-
-const listBotsByMember = `-- name: ListBotsByMember :many
-SELECT b.id, b.owner_user_id, b.type, b.display_name, b.avatar_url, b.is_active, b.status, b.max_context_load_time, b.max_context_tokens, b.max_inbox_items, b.language, b.allow_guest, b.reasoning_enabled, b.reasoning_effort, b.chat_model_id, b.search_provider_id, b.memory_provider_id, b.heartbeat_enabled, b.heartbeat_interval, b.heartbeat_prompt, b.metadata, b.created_at, b.updated_at
-FROM bots b
-JOIN bot_members m ON m.bot_id = b.id
-WHERE m.user_id = $1
-ORDER BY b.created_at DESC
-`
-
-type ListBotsByMemberRow struct {
-	ID                 pgtype.UUID        `json:"id"`
-	OwnerUserID        pgtype.UUID        `json:"owner_user_id"`
-	Type               string             `json:"type"`
-	DisplayName        pgtype.Text        `json:"display_name"`
-	AvatarUrl          pgtype.Text        `json:"avatar_url"`
-	IsActive           bool               `json:"is_active"`
-	Status             string             `json:"status"`
-	MaxContextLoadTime int32              `json:"max_context_load_time"`
-	MaxContextTokens   int32              `json:"max_context_tokens"`
-	MaxInboxItems      int32              `json:"max_inbox_items"`
-	Language           string             `json:"language"`
-	AllowGuest         bool               `json:"allow_guest"`
-	ReasoningEnabled   bool               `json:"reasoning_enabled"`
-	ReasoningEffort    string             `json:"reasoning_effort"`
-	ChatModelID        pgtype.UUID        `json:"chat_model_id"`
-	SearchProviderID   pgtype.UUID        `json:"search_provider_id"`
-	MemoryProviderID   pgtype.UUID        `json:"memory_provider_id"`
-	HeartbeatEnabled   bool               `json:"heartbeat_enabled"`
-	HeartbeatInterval  int32              `json:"heartbeat_interval"`
-	HeartbeatPrompt    string             `json:"heartbeat_prompt"`
-	Metadata           []byte             `json:"metadata"`
-	CreatedAt          pgtype.Timestamptz `json:"created_at"`
-	UpdatedAt          pgtype.Timestamptz `json:"updated_at"`
-}
-
-func (q *Queries) ListBotsByMember(ctx context.Context, userID pgtype.UUID) ([]ListBotsByMemberRow, error) {
-	rows, err := q.db.Query(ctx, listBotsByMember, userID)
-	if err != nil {
-		return nil, err
-	}
-	defer rows.Close()
-	var items []ListBotsByMemberRow
-	for rows.Next() {
-		var i ListBotsByMemberRow
-		if err := rows.Scan(
-			&i.ID,
-			&i.OwnerUserID,
-			&i.Type,
-			&i.DisplayName,
-			&i.AvatarUrl,
-			&i.IsActive,
-			&i.Status,
-			&i.MaxContextLoadTime,
-			&i.MaxContextTokens,
-			&i.MaxInboxItems,
-			&i.Language,
-			&i.AllowGuest,
-			&i.ReasoningEnabled,
-			&i.ReasoningEffort,
-			&i.ChatModelID,
-			&i.SearchProviderID,
-			&i.MemoryProviderID,
-			&i.HeartbeatEnabled,
-			&i.HeartbeatInterval,
-			&i.HeartbeatPrompt,
-			&i.Metadata,
-			&i.CreatedAt,
-			&i.UpdatedAt,
-		); err != nil {
-			return nil, err
-		}
-		items = append(items, i)
-	}
-	if err := rows.Err(); err != nil {
-		return nil, err
-	}
-	return items, nil
-}
-
 const listBotsByOwner = `-- name: ListBotsByOwner :many
-SELECT id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, max_inbox_items, language, allow_guest, reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at
+SELECT id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, max_inbox_items, language, reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at
 FROM bots
 WHERE owner_user_id = $1
 ORDER BY created_at DESC
@@ -331,7 +179,6 @@ type ListBotsByOwnerRow struct {
 	MaxContextTokens   int32              `json:"max_context_tokens"`
 	MaxInboxItems      int32              `json:"max_inbox_items"`
 	Language           string             `json:"language"`
-	AllowGuest         bool               `json:"allow_guest"`
 	ReasoningEnabled   bool               `json:"reasoning_enabled"`
 	ReasoningEffort    string             `json:"reasoning_effort"`
 	ChatModelID        pgtype.UUID        `json:"chat_model_id"`
@@ -366,7 +213,6 @@ func (q *Queries) ListBotsByOwner(ctx context.Context, ownerUserID pgtype.UUID)
 			&i.MaxContextTokens,
 			&i.MaxInboxItems,
 			&i.Language,
-			&i.AllowGuest,
 			&i.ReasoningEnabled,
 			&i.ReasoningEffort,
 			&i.ChatModelID,
@@ -434,7 +280,7 @@ UPDATE bots
 SET owner_user_id = $2,
     updated_at = now()
 WHERE id = $1
-RETURNING id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, max_inbox_items, language, allow_guest, reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at
+RETURNING id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, max_inbox_items, language, reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at
 `
 
 type UpdateBotOwnerParams struct {
@@ -454,7 +300,6 @@ type UpdateBotOwnerRow struct {
 	MaxContextTokens   int32              `json:"max_context_tokens"`
 	MaxInboxItems      int32              `json:"max_inbox_items"`
 	Language           string             `json:"language"`
-	AllowGuest         bool               `json:"allow_guest"`
 	ReasoningEnabled   bool               `json:"reasoning_enabled"`
 	ReasoningEffort    string             `json:"reasoning_effort"`
 	ChatModelID        pgtype.UUID        `json:"chat_model_id"`
@@ -483,7 +328,6 @@ func (q *Queries) UpdateBotOwner(ctx context.Context, arg UpdateBotOwnerParams)
 		&i.MaxContextTokens,
 		&i.MaxInboxItems,
 		&i.Language,
-		&i.AllowGuest,
 		&i.ReasoningEnabled,
 		&i.ReasoningEffort,
 		&i.ChatModelID,
@@ -507,7 +351,7 @@ SET display_name = $2,
     metadata = $5,
     updated_at = now()
 WHERE id = $1
-RETURNING id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, max_inbox_items, language, allow_guest, reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at
+RETURNING id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, max_inbox_items, language, reasoning_enabled, reasoning_effort, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, metadata, created_at, updated_at
 `
 
 type UpdateBotProfileParams struct {
@@ -530,7 +374,6 @@ type UpdateBotProfileRow struct {
 	MaxContextTokens   int32              `json:"max_context_tokens"`
 	MaxInboxItems      int32              `json:"max_inbox_items"`
 	Language           string             `json:"language"`
-	AllowGuest         bool               `json:"allow_guest"`
 	ReasoningEnabled   bool               `json:"reasoning_enabled"`
 	ReasoningEffort    string             `json:"reasoning_effort"`
 	ChatModelID        pgtype.UUID        `json:"chat_model_id"`
@@ -565,7 +408,6 @@ func (q *Queries) UpdateBotProfile(ctx context.Context, arg UpdateBotProfilePara
 		&i.MaxContextTokens,
 		&i.MaxInboxItems,
 		&i.Language,
-		&i.AllowGuest,
 		&i.ReasoningEnabled,
 		&i.ReasoningEffort,
 		&i.ChatModelID,
@@ -597,29 +439,3 @@ func (q *Queries) UpdateBotStatus(ctx context.Context, arg UpdateBotStatusParams
 	_, err := q.db.Exec(ctx, updateBotStatus, arg.ID, arg.Status)
 	return err
 }
-
-const upsertBotMember = `-- name: UpsertBotMember :one
-INSERT INTO bot_members (bot_id, user_id, role)
-VALUES ($1, $2, $3)
-ON CONFLICT (bot_id, user_id) DO UPDATE SET
-  role = EXCLUDED.role
-RETURNING bot_id, user_id, role, created_at
-`
-
-type UpsertBotMemberParams struct {
-	BotID  pgtype.UUID `json:"bot_id"`
-	UserID pgtype.UUID `json:"user_id"`
-	Role   string      `json:"role"`
-}
-
-func (q *Queries) UpsertBotMember(ctx context.Context, arg UpsertBotMemberParams) (BotMember, error) {
-	row := q.db.QueryRow(ctx, upsertBotMember, arg.BotID, arg.UserID, arg.Role)
-	var i BotMember
-	err := row.Scan(
-		&i.BotID,
-		&i.UserID,
-		&i.Role,
-		&i.CreatedAt,
-	)
-	return i, err
-}
diff --git a/internal/db/sqlc/channel_identities.sql.go b/internal/db/sqlc/channel_identities.sql.go
index d73dd4b9..4842b772 100644
--- a/internal/db/sqlc/channel_identities.sql.go
+++ b/internal/db/sqlc/channel_identities.sql.go
@@ -162,6 +162,86 @@ func (q *Queries) ListChannelIdentitiesByUserID(ctx context.Context, userID pgty
 	return items, nil
 }
 
+const searchChannelIdentities = `-- name: SearchChannelIdentities :many
+SELECT
+  ci.id,
+  ci.user_id,
+  ci.channel_type,
+  ci.channel_subject_id,
+  ci.display_name,
+  ci.avatar_url,
+  ci.metadata,
+  ci.created_at,
+  ci.updated_at,
+  u.username AS linked_username,
+  u.display_name AS linked_display_name,
+  u.avatar_url AS linked_avatar_url
+FROM channel_identities ci
+LEFT JOIN users u ON u.id = ci.user_id
+WHERE
+  $1::text = ''
+  OR ci.channel_type ILIKE '%' || $1::text || '%'
+  OR ci.channel_subject_id ILIKE '%' || $1::text || '%'
+  OR COALESCE(ci.display_name, '') ILIKE '%' || $1::text || '%'
+  OR COALESCE(u.username, '') ILIKE '%' || $1::text || '%'
+  OR COALESCE(u.display_name, '') ILIKE '%' || $1::text || '%'
+ORDER BY ci.updated_at DESC
+LIMIT $2
+`
+
+type SearchChannelIdentitiesParams struct {
+	Query      string `json:"query"`
+	LimitCount int32  `json:"limit_count"`
+}
+
+type SearchChannelIdentitiesRow struct {
+	ID                pgtype.UUID        `json:"id"`
+	UserID            pgtype.UUID        `json:"user_id"`
+	ChannelType       string             `json:"channel_type"`
+	ChannelSubjectID  string             `json:"channel_subject_id"`
+	DisplayName       pgtype.Text        `json:"display_name"`
+	AvatarUrl         pgtype.Text        `json:"avatar_url"`
+	Metadata          []byte             `json:"metadata"`
+	CreatedAt         pgtype.Timestamptz `json:"created_at"`
+	UpdatedAt         pgtype.Timestamptz `json:"updated_at"`
+	LinkedUsername    pgtype.Text        `json:"linked_username"`
+	LinkedDisplayName pgtype.Text        `json:"linked_display_name"`
+	LinkedAvatarUrl   pgtype.Text        `json:"linked_avatar_url"`
+}
+
+func (q *Queries) SearchChannelIdentities(ctx context.Context, arg SearchChannelIdentitiesParams) ([]SearchChannelIdentitiesRow, error) {
+	rows, err := q.db.Query(ctx, searchChannelIdentities, arg.Query, arg.LimitCount)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var items []SearchChannelIdentitiesRow
+	for rows.Next() {
+		var i SearchChannelIdentitiesRow
+		if err := rows.Scan(
+			&i.ID,
+			&i.UserID,
+			&i.ChannelType,
+			&i.ChannelSubjectID,
+			&i.DisplayName,
+			&i.AvatarUrl,
+			&i.Metadata,
+			&i.CreatedAt,
+			&i.UpdatedAt,
+			&i.LinkedUsername,
+			&i.LinkedDisplayName,
+			&i.LinkedAvatarUrl,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, i)
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
 const setChannelIdentityLinkedUser = `-- name: SetChannelIdentityLinkedUser :one
 UPDATE channel_identities
 SET user_id = $2, updated_at = now()
diff --git a/internal/db/sqlc/conversations.sql.go b/internal/db/sqlc/conversations.sql.go
index cec66b01..58ebe8d8 100644
--- a/internal/db/sqlc/conversations.sql.go
+++ b/internal/db/sqlc/conversations.sql.go
@@ -11,58 +11,6 @@ import (
 	"github.com/jackc/pgx/v5/pgtype"
 )
 
-const addChatParticipant = `-- name: AddChatParticipant :one
-
-INSERT INTO bot_members (bot_id, user_id, role)
-VALUES ($1, $2, $3)
-ON CONFLICT (bot_id, user_id) DO UPDATE SET role = EXCLUDED.role
-RETURNING bot_id AS chat_id, user_id, role, created_at AS joined_at
-`
-
-type AddChatParticipantParams struct {
-	ChatID pgtype.UUID `json:"chat_id"`
-	UserID pgtype.UUID `json:"user_id"`
-	Role   string      `json:"role"`
-}
-
-type AddChatParticipantRow struct {
-	ChatID   pgtype.UUID        `json:"chat_id"`
-	UserID   pgtype.UUID        `json:"user_id"`
-	Role     string             `json:"role"`
-	JoinedAt pgtype.Timestamptz `json:"joined_at"`
-}
-
-// chat_participants
-func (q *Queries) AddChatParticipant(ctx context.Context, arg AddChatParticipantParams) (AddChatParticipantRow, error) {
-	row := q.db.QueryRow(ctx, addChatParticipant, arg.ChatID, arg.UserID, arg.Role)
-	var i AddChatParticipantRow
-	err := row.Scan(
-		&i.ChatID,
-		&i.UserID,
-		&i.Role,
-		&i.JoinedAt,
-	)
-	return i, err
-}
-
-const copyParticipantsToChat = `-- name: CopyParticipantsToChat :exec
-INSERT INTO bot_members (bot_id, user_id, role)
-SELECT $1, bm.user_id, bm.role
-FROM bot_members bm
-WHERE bm.bot_id = $2
-ON CONFLICT (bot_id, user_id) DO NOTHING
-`
-
-type CopyParticipantsToChatParams struct {
-	ChatID2 pgtype.UUID `json:"chat_id_2"`
-	ChatID  pgtype.UUID `json:"chat_id"`
-}
-
-func (q *Queries) CopyParticipantsToChat(ctx context.Context, arg CopyParticipantsToChatParams) error {
-	_, err := q.db.Exec(ctx, copyParticipantsToChat, arg.ChatID2, arg.ChatID)
-	return err
-}
-
 const createChat = `-- name: CreateChat :one
 SELECT
   b.id AS id,
@@ -191,23 +139,9 @@ func (q *Queries) GetChatByID(ctx context.Context, id pgtype.UUID) (GetChatByIDR
 }
 
 const getChatParticipant = `-- name: GetChatParticipant :one
-WITH owner_participant AS (
-  SELECT b.id AS chat_id, b.owner_user_id AS user_id, 'owner'::text AS role, b.created_at AS joined_at
-  FROM bots b
-  WHERE b.id = $1 AND b.owner_user_id = $2
-),
-member_participant AS (
-  SELECT bm.bot_id AS chat_id, bm.user_id, bm.role, bm.created_at AS joined_at
-  FROM bot_members bm
-  WHERE bm.bot_id = $1 AND bm.user_id = $2
-)
-SELECT chat_id, user_id, role, joined_at
-FROM (
-  SELECT chat_id, user_id, role, joined_at FROM owner_participant
-  UNION ALL
-  SELECT chat_id, user_id, role, joined_at FROM member_participant
-) p
-ORDER BY CASE WHEN role = 'owner' THEN 0 ELSE 1 END
+SELECT b.id AS chat_id, b.owner_user_id AS user_id, 'owner'::text AS role, b.created_at AS joined_at
+FROM bots b
+WHERE b.id = $1 AND b.owner_user_id = $2
 LIMIT 1
 `
 
@@ -238,21 +172,17 @@ func (q *Queries) GetChatParticipant(ctx context.Context, arg GetChatParticipant
 const getChatReadAccessByUser = `-- name: GetChatReadAccessByUser :one
 SELECT
   'participant'::text AS access_mode,
-  (CASE
-    WHEN b.owner_user_id = $1 THEN 'owner'
-    ELSE COALESCE(bm.role, ''::text)
-  END)::text AS participant_role,
+  'owner'::text AS participant_role,
   NULL::timestamptz AS last_observed_at
 FROM bots b
-LEFT JOIN bot_members bm ON bm.bot_id = b.id AND bm.user_id = $1
-WHERE b.id = $2
-  AND (b.owner_user_id = $1 OR bm.user_id IS NOT NULL)
+WHERE b.id = $1
+  AND b.owner_user_id = $2
 LIMIT 1
 `
 
 type GetChatReadAccessByUserParams struct {
-	UserID pgtype.UUID `json:"user_id"`
 	ChatID pgtype.UUID `json:"chat_id"`
+	UserID pgtype.UUID `json:"user_id"`
 }
 
 type GetChatReadAccessByUserRow struct {
@@ -262,7 +192,7 @@ type GetChatReadAccessByUserRow struct {
 }
 
 func (q *Queries) GetChatReadAccessByUser(ctx context.Context, arg GetChatReadAccessByUserParams) (GetChatReadAccessByUserRow, error) {
-	row := q.db.QueryRow(ctx, getChatReadAccessByUser, arg.UserID, arg.ChatID)
+	row := q.db.QueryRow(ctx, getChatReadAccessByUser, arg.ChatID, arg.UserID)
 	var i GetChatReadAccessByUserRow
 	err := row.Scan(&i.AccessMode, &i.ParticipantRole, &i.LastObservedAt)
 	return i, err
@@ -292,23 +222,9 @@ func (q *Queries) GetChatSettings(ctx context.Context, id pgtype.UUID) (GetChatS
 }
 
 const listChatParticipants = `-- name: ListChatParticipants :many
-WITH owner_participant AS (
-  SELECT b.id AS chat_id, b.owner_user_id AS user_id, 'owner'::text AS role, b.created_at AS joined_at
-  FROM bots b
-  WHERE b.id = $1
-),
-member_participant AS (
-  SELECT bm.bot_id AS chat_id, bm.user_id, bm.role, bm.created_at AS joined_at
-  FROM bot_members bm
-  WHERE bm.bot_id = $1
-    AND bm.user_id <> (SELECT owner_user_id FROM bots WHERE id = $1)
-)
-SELECT chat_id, user_id, role, joined_at
-FROM (
-  SELECT chat_id, user_id, role, joined_at FROM owner_participant
-  UNION ALL
-  SELECT chat_id, user_id, role, joined_at FROM member_participant
-) p
+SELECT b.id AS chat_id, b.owner_user_id AS user_id, 'owner'::text AS role, b.created_at AS joined_at
+FROM bots b
+WHERE b.id = $1
 ORDER BY joined_at ASC
 `
 
@@ -357,16 +273,15 @@ SELECT
   b.created_at,
   b.updated_at
 FROM bots b
-LEFT JOIN bot_members bm ON bm.bot_id = b.id AND bm.user_id = $1
 LEFT JOIN models chat_models ON chat_models.id = b.chat_model_id
-WHERE b.id = $2
-  AND (b.owner_user_id = $1 OR bm.user_id IS NOT NULL)
+WHERE b.id = $1
+  AND b.owner_user_id = $2
 ORDER BY b.updated_at DESC
 `
 
 type ListChatsByBotAndUserParams struct {
-	UserID pgtype.UUID `json:"user_id"`
 	BotID  pgtype.UUID `json:"bot_id"`
+	UserID pgtype.UUID `json:"user_id"`
 }
 
 type ListChatsByBotAndUserRow struct {
@@ -383,7 +298,7 @@ type ListChatsByBotAndUserRow struct {
 }
 
 func (q *Queries) ListChatsByBotAndUser(ctx context.Context, arg ListChatsByBotAndUserParams) ([]ListChatsByBotAndUserRow, error) {
-	rows, err := q.db.Query(ctx, listChatsByBotAndUser, arg.UserID, arg.BotID)
+	rows, err := q.db.Query(ctx, listChatsByBotAndUser, arg.BotID, arg.UserID)
 	if err != nil {
 		return nil, err
 	}
@@ -494,10 +409,9 @@ SELECT
   END)::text AS participant_role,
   NULL::timestamptz AS last_observed_at
 FROM bots b
-LEFT JOIN bot_members bm ON bm.bot_id = b.id AND bm.user_id = $1
 LEFT JOIN models chat_models ON chat_models.id = b.chat_model_id
 WHERE b.id = $2
-  AND (b.owner_user_id = $1 OR bm.user_id IS NOT NULL)
+  AND b.owner_user_id = $1
 ORDER BY b.updated_at DESC
 `
 
@@ -557,10 +471,13 @@ func (q *Queries) ListVisibleChatsByBotAndUser(ctx context.Context, arg ListVisi
 }
 
 const removeChatParticipant = `-- name: RemoveChatParticipant :exec
-DELETE FROM bot_members
-WHERE bot_id = $1
-  AND user_id = $2
-  AND user_id <> (SELECT owner_user_id FROM bots WHERE id = $1)
+SELECT 1
+WHERE EXISTS (
+  SELECT 1
+  FROM bots b
+  WHERE b.id = $1
+    AND b.owner_user_id = $2
+)
 `
 
 type RemoveChatParticipantParams struct {
@@ -590,7 +507,7 @@ WITH updated AS (
   SET display_name = $1,
       updated_at = now()
   WHERE bots.id = $2
-  RETURNING id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, language, allow_guest, reasoning_enabled, reasoning_effort, max_inbox_items, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, heartbeat_model_id, tts_model_id, browser_context_id, metadata, created_at, updated_at
+  RETURNING id, owner_user_id, type, display_name, avatar_url, is_active, status, max_context_load_time, max_context_tokens, language, reasoning_enabled, reasoning_effort, max_inbox_items, chat_model_id, search_provider_id, memory_provider_id, heartbeat_enabled, heartbeat_interval, heartbeat_prompt, heartbeat_model_id, tts_model_id, browser_context_id, metadata, created_at, updated_at
 )
 SELECT
   updated.id AS id,
diff --git a/internal/db/sqlc/messages.sql.go b/internal/db/sqlc/messages.sql.go
index c9d5333e..fbc17415 100644
--- a/internal/db/sqlc/messages.sql.go
+++ b/internal/db/sqlc/messages.sql.go
@@ -543,3 +543,69 @@ func (q *Queries) ListMessagesSince(ctx context.Context, arg ListMessagesSincePa
 	}
 	return items, nil
 }
+
+const listObservedConversationsByChannelIdentity = `-- name: ListObservedConversationsByChannelIdentity :many
+SELECT
+  r.id AS route_id,
+  r.channel_type AS channel,
+  COALESCE(r.conversation_type, '') AS conversation_type,
+  r.external_conversation_id AS conversation_id,
+  COALESCE(r.external_thread_id, '') AS thread_id,
+  COALESCE(r.metadata->>'conversation_name', '')::text AS conversation_name,
+  MAX(m.created_at)::timestamptz AS last_observed_at
+FROM bot_history_messages m
+JOIN bot_channel_routes r ON r.id = m.route_id
+WHERE m.bot_id = $1
+  AND m.sender_channel_identity_id = $2
+GROUP BY
+  r.id,
+  r.channel_type,
+  r.conversation_type,
+  r.external_conversation_id,
+  r.external_thread_id,
+  r.metadata
+ORDER BY MAX(m.created_at) DESC
+`
+
+type ListObservedConversationsByChannelIdentityParams struct {
+	BotID             pgtype.UUID `json:"bot_id"`
+	ChannelIdentityID pgtype.UUID `json:"channel_identity_id"`
+}
+
+type ListObservedConversationsByChannelIdentityRow struct {
+	RouteID          pgtype.UUID        `json:"route_id"`
+	Channel          string             `json:"channel"`
+	ConversationType string             `json:"conversation_type"`
+	ConversationID   string             `json:"conversation_id"`
+	ThreadID         string             `json:"thread_id"`
+	ConversationName string             `json:"conversation_name"`
+	LastObservedAt   pgtype.Timestamptz `json:"last_observed_at"`
+}
+
+func (q *Queries) ListObservedConversationsByChannelIdentity(ctx context.Context, arg ListObservedConversationsByChannelIdentityParams) ([]ListObservedConversationsByChannelIdentityRow, error) {
+	rows, err := q.db.Query(ctx, listObservedConversationsByChannelIdentity, arg.BotID, arg.ChannelIdentityID)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var items []ListObservedConversationsByChannelIdentityRow
+	for rows.Next() {
+		var i ListObservedConversationsByChannelIdentityRow
+		if err := rows.Scan(
+			&i.RouteID,
+			&i.Channel,
+			&i.ConversationType,
+			&i.ConversationID,
+			&i.ThreadID,
+			&i.ConversationName,
+			&i.LastObservedAt,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, i)
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
diff --git a/internal/db/sqlc/models.go b/internal/db/sqlc/models.go
index 63ee380f..7fec54f3 100644
--- a/internal/db/sqlc/models.go
+++ b/internal/db/sqlc/models.go
@@ -19,7 +19,6 @@ type Bot struct {
 	MaxContextLoadTime int32              `json:"max_context_load_time"`
 	MaxContextTokens   int32              `json:"max_context_tokens"`
 	Language           string             `json:"language"`
-	AllowGuest         bool               `json:"allow_guest"`
 	ReasoningEnabled   bool               `json:"reasoning_enabled"`
 	ReasoningEffort    string             `json:"reasoning_effort"`
 	MaxInboxItems      int32              `json:"max_inbox_items"`
@@ -37,6 +36,23 @@ type Bot struct {
 	UpdatedAt          pgtype.Timestamptz `json:"updated_at"`
 }
 
+type BotAclRule struct {
+	ID                     pgtype.UUID        `json:"id"`
+	BotID                  pgtype.UUID        `json:"bot_id"`
+	Action                 string             `json:"action"`
+	Effect                 string             `json:"effect"`
+	SubjectKind            string             `json:"subject_kind"`
+	UserID                 pgtype.UUID        `json:"user_id"`
+	ChannelIdentityID      pgtype.UUID        `json:"channel_identity_id"`
+	SourceChannel          pgtype.Text        `json:"source_channel"`
+	SourceConversationType pgtype.Text        `json:"source_conversation_type"`
+	SourceConversationID   pgtype.Text        `json:"source_conversation_id"`
+	SourceThreadID         pgtype.Text        `json:"source_thread_id"`
+	CreatedByUserID        pgtype.UUID        `json:"created_by_user_id"`
+	CreatedAt              pgtype.Timestamptz `json:"created_at"`
+	UpdatedAt              pgtype.Timestamptz `json:"updated_at"`
+}
+
 type BotChannelConfig struct {
 	ID               pgtype.UUID        `json:"id"`
 	BotID            pgtype.UUID        `json:"bot_id"`
@@ -129,23 +145,6 @@ type BotInbox struct {
 	ReadAt    pgtype.Timestamptz `json:"read_at"`
 }
 
-type BotMember struct {
-	BotID     pgtype.UUID        `json:"bot_id"`
-	UserID    pgtype.UUID        `json:"user_id"`
-	Role      string             `json:"role"`
-	CreatedAt pgtype.Timestamptz `json:"created_at"`
-}
-
-type BotPreauthKey struct {
-	ID             pgtype.UUID        `json:"id"`
-	BotID          pgtype.UUID        `json:"bot_id"`
-	Token          string             `json:"token"`
-	IssuedByUserID pgtype.UUID        `json:"issued_by_user_id"`
-	ExpiresAt      pgtype.Timestamptz `json:"expires_at"`
-	UsedAt         pgtype.Timestamptz `json:"used_at"`
-	CreatedAt      pgtype.Timestamptz `json:"created_at"`
-}
-
 type BotStorageBinding struct {
 	ID                pgtype.UUID        `json:"id"`
 	BotID             pgtype.UUID        `json:"bot_id"`
diff --git a/internal/db/sqlc/preauth.sql.go b/internal/db/sqlc/preauth.sql.go
deleted file mode 100644
index 87ab4482..00000000
--- a/internal/db/sqlc/preauth.sql.go
+++ /dev/null
@@ -1,91 +0,0 @@
-// Code generated by sqlc. DO NOT EDIT.
-// versions:
-//   sqlc v1.30.0
-// source: preauth.sql
-
-package sqlc
-
-import (
-	"context"
-
-	"github.com/jackc/pgx/v5/pgtype"
-)
-
-const createBotPreauthKey = `-- name: CreateBotPreauthKey :one
-INSERT INTO bot_preauth_keys (bot_id, token, issued_by_user_id, expires_at)
-VALUES ($1, $2, $3, $4)
-RETURNING id, bot_id, token, issued_by_user_id, expires_at, used_at, created_at
-`
-
-type CreateBotPreauthKeyParams struct {
-	BotID          pgtype.UUID        `json:"bot_id"`
-	Token          string             `json:"token"`
-	IssuedByUserID pgtype.UUID        `json:"issued_by_user_id"`
-	ExpiresAt      pgtype.Timestamptz `json:"expires_at"`
-}
-
-func (q *Queries) CreateBotPreauthKey(ctx context.Context, arg CreateBotPreauthKeyParams) (BotPreauthKey, error) {
-	row := q.db.QueryRow(ctx, createBotPreauthKey,
-		arg.BotID,
-		arg.Token,
-		arg.IssuedByUserID,
-		arg.ExpiresAt,
-	)
-	var i BotPreauthKey
-	err := row.Scan(
-		&i.ID,
-		&i.BotID,
-		&i.Token,
-		&i.IssuedByUserID,
-		&i.ExpiresAt,
-		&i.UsedAt,
-		&i.CreatedAt,
-	)
-	return i, err
-}
-
-const getBotPreauthKey = `-- name: GetBotPreauthKey :one
-SELECT id, bot_id, token, issued_by_user_id, expires_at, used_at, created_at
-FROM bot_preauth_keys
-WHERE token = $1
-  AND used_at IS NULL
-  AND (expires_at IS NULL OR expires_at > now())
-LIMIT 1
-`
-
-func (q *Queries) GetBotPreauthKey(ctx context.Context, token string) (BotPreauthKey, error) {
-	row := q.db.QueryRow(ctx, getBotPreauthKey, token)
-	var i BotPreauthKey
-	err := row.Scan(
-		&i.ID,
-		&i.BotID,
-		&i.Token,
-		&i.IssuedByUserID,
-		&i.ExpiresAt,
-		&i.UsedAt,
-		&i.CreatedAt,
-	)
-	return i, err
-}
-
-const markBotPreauthKeyUsed = `-- name: MarkBotPreauthKeyUsed :one
-UPDATE bot_preauth_keys
-SET used_at = now()
-WHERE id = $1
-RETURNING id, bot_id, token, issued_by_user_id, expires_at, used_at, created_at
-`
-
-func (q *Queries) MarkBotPreauthKeyUsed(ctx context.Context, id pgtype.UUID) (BotPreauthKey, error) {
-	row := q.db.QueryRow(ctx, markBotPreauthKeyUsed, id)
-	var i BotPreauthKey
-	err := row.Scan(
-		&i.ID,
-		&i.BotID,
-		&i.Token,
-		&i.IssuedByUserID,
-		&i.ExpiresAt,
-		&i.UsedAt,
-		&i.CreatedAt,
-	)
-	return i, err
-}
diff --git a/internal/db/sqlc/settings.sql.go b/internal/db/sqlc/settings.sql.go
index 8fb24e18..566e0bec 100644
--- a/internal/db/sqlc/settings.sql.go
+++ b/internal/db/sqlc/settings.sql.go
@@ -17,7 +17,6 @@ SET max_context_load_time = 1440,
     max_context_tokens = 0,
     max_inbox_items = 50,
     language = 'auto',
-    allow_guest = false,
     reasoning_enabled = false,
     reasoning_effort = 'medium',
     heartbeat_enabled = false,
@@ -45,7 +44,6 @@ SELECT
   bots.max_context_tokens,
   bots.max_inbox_items,
   bots.language,
-  bots.allow_guest,
   bots.reasoning_enabled,
   bots.reasoning_effort,
   bots.heartbeat_enabled,
@@ -73,7 +71,6 @@ type GetSettingsByBotIDRow struct {
 	MaxContextTokens   int32       `json:"max_context_tokens"`
 	MaxInboxItems      int32       `json:"max_inbox_items"`
 	Language           string      `json:"language"`
-	AllowGuest         bool        `json:"allow_guest"`
 	ReasoningEnabled   bool        `json:"reasoning_enabled"`
 	ReasoningEffort    string      `json:"reasoning_effort"`
 	HeartbeatEnabled   bool        `json:"heartbeat_enabled"`
@@ -96,7 +93,6 @@ func (q *Queries) GetSettingsByBotID(ctx context.Context, id pgtype.UUID) (GetSe
 		&i.MaxContextTokens,
 		&i.MaxInboxItems,
 		&i.Language,
-		&i.AllowGuest,
 		&i.ReasoningEnabled,
 		&i.ReasoningEffort,
 		&i.HeartbeatEnabled,
@@ -119,21 +115,20 @@ WITH updated AS (
       max_context_tokens = $2,
       max_inbox_items = $3,
       language = $4,
-      allow_guest = $5,
-      reasoning_enabled = $6,
-      reasoning_effort = $7,
-      heartbeat_enabled = $8,
-      heartbeat_interval = $9,
-      heartbeat_prompt = $10,
-      chat_model_id = COALESCE($11::uuid, bots.chat_model_id),
-      heartbeat_model_id = COALESCE($12::uuid, bots.heartbeat_model_id),
-      search_provider_id = COALESCE($13::uuid, bots.search_provider_id),
-      memory_provider_id = COALESCE($14::uuid, bots.memory_provider_id),
-      tts_model_id = COALESCE($15::uuid, bots.tts_model_id),
-      browser_context_id = COALESCE($16::uuid, bots.browser_context_id),
+      reasoning_enabled = $5,
+      reasoning_effort = $6,
+      heartbeat_enabled = $7,
+      heartbeat_interval = $8,
+      heartbeat_prompt = $9,
+      chat_model_id = COALESCE($10::uuid, bots.chat_model_id),
+      heartbeat_model_id = COALESCE($11::uuid, bots.heartbeat_model_id),
+      search_provider_id = COALESCE($12::uuid, bots.search_provider_id),
+      memory_provider_id = COALESCE($13::uuid, bots.memory_provider_id),
+      tts_model_id = COALESCE($14::uuid, bots.tts_model_id),
+      browser_context_id = COALESCE($15::uuid, bots.browser_context_id),
       updated_at = now()
-  WHERE bots.id = $17
-  RETURNING bots.id, bots.max_context_load_time, bots.max_context_tokens, bots.max_inbox_items, bots.language, bots.allow_guest, bots.reasoning_enabled, bots.reasoning_effort, bots.heartbeat_enabled, bots.heartbeat_interval, bots.heartbeat_prompt, bots.chat_model_id, bots.heartbeat_model_id, bots.search_provider_id, bots.memory_provider_id, bots.tts_model_id, bots.browser_context_id
+  WHERE bots.id = $16
+  RETURNING bots.id, bots.max_context_load_time, bots.max_context_tokens, bots.max_inbox_items, bots.language, bots.reasoning_enabled, bots.reasoning_effort, bots.heartbeat_enabled, bots.heartbeat_interval, bots.heartbeat_prompt, bots.chat_model_id, bots.heartbeat_model_id, bots.search_provider_id, bots.memory_provider_id, bots.tts_model_id, bots.browser_context_id
 )
 SELECT
   updated.id AS bot_id,
@@ -141,7 +136,6 @@ SELECT
   updated.max_context_tokens,
   updated.max_inbox_items,
   updated.language,
-  updated.allow_guest,
   updated.reasoning_enabled,
   updated.reasoning_effort,
   updated.heartbeat_enabled,
@@ -167,7 +161,6 @@ type UpsertBotSettingsParams struct {
 	MaxContextTokens   int32       `json:"max_context_tokens"`
 	MaxInboxItems      int32       `json:"max_inbox_items"`
 	Language           string      `json:"language"`
-	AllowGuest         bool        `json:"allow_guest"`
 	ReasoningEnabled   bool        `json:"reasoning_enabled"`
 	ReasoningEffort    string      `json:"reasoning_effort"`
 	HeartbeatEnabled   bool        `json:"heartbeat_enabled"`
@@ -188,7 +181,6 @@ type UpsertBotSettingsRow struct {
 	MaxContextTokens   int32       `json:"max_context_tokens"`
 	MaxInboxItems      int32       `json:"max_inbox_items"`
 	Language           string      `json:"language"`
-	AllowGuest         bool        `json:"allow_guest"`
 	ReasoningEnabled   bool        `json:"reasoning_enabled"`
 	ReasoningEffort    string      `json:"reasoning_effort"`
 	HeartbeatEnabled   bool        `json:"heartbeat_enabled"`
@@ -208,7 +200,6 @@ func (q *Queries) UpsertBotSettings(ctx context.Context, arg UpsertBotSettingsPa
 		arg.MaxContextTokens,
 		arg.MaxInboxItems,
 		arg.Language,
-		arg.AllowGuest,
 		arg.ReasoningEnabled,
 		arg.ReasoningEffort,
 		arg.HeartbeatEnabled,
@@ -229,7 +220,6 @@ func (q *Queries) UpsertBotSettings(ctx context.Context, arg UpsertBotSettingsPa
 		&i.MaxContextTokens,
 		&i.MaxInboxItems,
 		&i.Language,
-		&i.AllowGuest,
 		&i.ReasoningEnabled,
 		&i.ReasoningEffort,
 		&i.HeartbeatEnabled,
diff --git a/internal/db/sqlc/users.sql.go b/internal/db/sqlc/users.sql.go
index 6cb4f029..f34b0a4c 100644
--- a/internal/db/sqlc/users.sql.go
+++ b/internal/db/sqlc/users.sql.go
@@ -232,6 +232,59 @@ func (q *Queries) ListAccounts(ctx context.Context) ([]User, error) {
 	return items, nil
 }
 
+const searchAccounts = `-- name: SearchAccounts :many
+SELECT id, username, email, password_hash, role, display_name, avatar_url, data_root, last_login_at, is_active, metadata, created_at, updated_at
+FROM users
+WHERE username IS NOT NULL
+  AND (
+    $1::text = ''
+    OR username ILIKE '%' || $1::text || '%'
+    OR COALESCE(display_name, '') ILIKE '%' || $1::text || '%'
+    OR COALESCE(email, '') ILIKE '%' || $1::text || '%'
+  )
+ORDER BY last_login_at DESC NULLS LAST, created_at DESC
+LIMIT $2
+`
+
+type SearchAccountsParams struct {
+	Query      string `json:"query"`
+	LimitCount int32  `json:"limit_count"`
+}
+
+func (q *Queries) SearchAccounts(ctx context.Context, arg SearchAccountsParams) ([]User, error) {
+	rows, err := q.db.Query(ctx, searchAccounts, arg.Query, arg.LimitCount)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var items []User
+	for rows.Next() {
+		var i User
+		if err := rows.Scan(
+			&i.ID,
+			&i.Username,
+			&i.Email,
+			&i.PasswordHash,
+			&i.Role,
+			&i.DisplayName,
+			&i.AvatarUrl,
+			&i.DataRoot,
+			&i.LastLoginAt,
+			&i.IsActive,
+			&i.Metadata,
+			&i.CreatedAt,
+			&i.UpdatedAt,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, i)
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
 const updateAccountAdmin = `-- name: UpdateAccountAdmin :one
 UPDATE users
 SET role = $1::user_role,
diff --git a/internal/handlers/acl.go b/internal/handlers/acl.go
new file mode 100644
index 00000000..28e0445f
--- /dev/null
+++ b/internal/handlers/acl.go
@@ -0,0 +1,322 @@
+package handlers
+
+import (
+	"errors"
+	"net/http"
+	"strconv"
+	"strings"
+
+	"github.com/labstack/echo/v4"
+
+	"github.com/memohai/memoh/internal/accounts"
+	"github.com/memohai/memoh/internal/acl"
+	"github.com/memohai/memoh/internal/bots"
+	"github.com/memohai/memoh/internal/channel/identities"
+	identitypkg "github.com/memohai/memoh/internal/identity"
+)
+
+type ACLHandler struct {
+	service         *acl.Service
+	botService      *bots.Service
+	accountService  *accounts.Service
+	identityService *identities.Service
+}
+
+func NewACLHandler(service *acl.Service, botService *bots.Service, accountService *accounts.Service, identityService *identities.Service) *ACLHandler {
+	return &ACLHandler{
+		service:         service,
+		botService:      botService,
+		accountService:  accountService,
+		identityService: identityService,
+	}
+}
+
+func (h *ACLHandler) Register(e *echo.Echo) {
+	group := e.Group("/bots/:bot_id")
+	group.GET("/whitelist", h.ListWhitelist)
+	group.PUT("/whitelist", h.UpsertWhitelist)
+	group.DELETE("/whitelist/:rule_id", h.DeleteWhitelist)
+	group.GET("/blacklist", h.ListBlacklist)
+	group.PUT("/blacklist", h.UpsertBlacklist)
+	group.DELETE("/blacklist/:rule_id", h.DeleteBlacklist)
+	group.GET("/access/users", h.SearchUsers)
+	group.GET("/access/channel_identities", h.SearchChannelIdentities)
+	group.GET("/access/channel_identities/:channel_identity_id/conversations", h.ListObservedConversationsByChannelIdentity)
+}
+
+// ListWhitelist godoc
+// @Summary List bot whitelist
+// @Description List guest allow rules for chat trigger
+// @Tags bots
+// @Param bot_id path string true "Bot ID"
+// @Success 200 {object} acl.ListRulesResponse
+// @Failure 400 {object} ErrorResponse
+// @Failure 403 {object} ErrorResponse
+// @Failure 500 {object} ErrorResponse
+// @Router /bots/{bot_id}/whitelist [get].
+func (h *ACLHandler) ListWhitelist(c echo.Context) error {
+	botID, _, err := h.requireManageAccess(c)
+	if err != nil {
+		return err
+	}
+	items, err := h.service.ListWhitelist(c.Request().Context(), botID)
+	if err != nil {
+		return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
+	}
+	return c.JSON(http.StatusOK, acl.ListRulesResponse{Items: items})
+}
+
+// UpsertWhitelist godoc
+// @Summary Upsert bot whitelist entry
+// @Description Add a guest allow rule for chat trigger
+// @Tags bots
+// @Param bot_id path string true "Bot ID"
+// @Param payload body acl.UpsertRuleRequest true "Whitelist payload"
+// @Success 200 {object} acl.Rule
+// @Failure 400 {object} ErrorResponse
+// @Failure 403 {object} ErrorResponse
+// @Failure 500 {object} ErrorResponse
+// @Router /bots/{bot_id}/whitelist [put].
+func (h *ACLHandler) UpsertWhitelist(c echo.Context) error {
+	botID, actorID, err := h.requireManageAccess(c)
+	if err != nil {
+		return err
+	}
+	var req acl.UpsertRuleRequest
+	if err := c.Bind(&req); err != nil {
+		return echo.NewHTTPError(http.StatusBadRequest, err.Error())
+	}
+	item, err := h.service.AddWhitelistEntry(c.Request().Context(), botID, actorID, req)
+	if err != nil {
+		if errors.Is(err, acl.ErrInvalidRuleSubject) || errors.Is(err, acl.ErrInvalidSourceScope) {
+			return echo.NewHTTPError(http.StatusBadRequest, err.Error())
+		}
+		return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
+	}
+	return c.JSON(http.StatusOK, item)
+}
+
+// DeleteWhitelist godoc
+// @Summary Delete bot whitelist entry
+// @Description Delete a guest allow rule by rule ID
+// @Tags bots
+// @Param bot_id path string true "Bot ID"
+// @Param rule_id path string true "Rule ID"
+// @Success 204 "No Content"
+// @Failure 400 {object} ErrorResponse
+// @Failure 403 {object} ErrorResponse
+// @Failure 500 {object} ErrorResponse
+// @Router /bots/{bot_id}/whitelist/{rule_id} [delete].
+func (h *ACLHandler) DeleteWhitelist(c echo.Context) error {
+	if _, _, err := h.requireManageAccess(c); err != nil {
+		return err
+	}
+	ruleID := strings.TrimSpace(c.Param("rule_id"))
+	if ruleID == "" {
+		return echo.NewHTTPError(http.StatusBadRequest, "rule id is required")
+	}
+	if err := h.service.DeleteRule(c.Request().Context(), ruleID); err != nil {
+		return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
+	}
+	return c.NoContent(http.StatusNoContent)
+}
+
+// ListBlacklist godoc
+// @Summary List bot blacklist
+// @Description List guest deny rules for chat trigger
+// @Tags bots
+// @Param bot_id path string true "Bot ID"
+// @Success 200 {object} acl.ListRulesResponse
+// @Failure 400 {object} ErrorResponse
+// @Failure 403 {object} ErrorResponse
+// @Failure 500 {object} ErrorResponse
+// @Router /bots/{bot_id}/blacklist [get].
+func (h *ACLHandler) ListBlacklist(c echo.Context) error {
+	botID, _, err := h.requireManageAccess(c)
+	if err != nil {
+		return err
+	}
+	items, err := h.service.ListBlacklist(c.Request().Context(), botID)
+	if err != nil {
+		return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
+	}
+	return c.JSON(http.StatusOK, acl.ListRulesResponse{Items: items})
+}
+
+// UpsertBlacklist godoc
+// @Summary Upsert bot blacklist entry
+// @Description Add a guest deny rule for chat trigger
+// @Tags bots
+// @Param bot_id path string true "Bot ID"
+// @Param payload body acl.UpsertRuleRequest true "Blacklist payload"
+// @Success 200 {object} acl.Rule
+// @Failure 400 {object} ErrorResponse
+// @Failure 403 {object} ErrorResponse
+// @Failure 500 {object} ErrorResponse
+// @Router /bots/{bot_id}/blacklist [put].
+func (h *ACLHandler) UpsertBlacklist(c echo.Context) error {
+	botID, actorID, err := h.requireManageAccess(c)
+	if err != nil {
+		return err
+	}
+	var req acl.UpsertRuleRequest
+	if err := c.Bind(&req); err != nil {
+		return echo.NewHTTPError(http.StatusBadRequest, err.Error())
+	}
+	item, err := h.service.AddBlacklistEntry(c.Request().Context(), botID, actorID, req)
+	if err != nil {
+		if errors.Is(err, acl.ErrInvalidRuleSubject) || errors.Is(err, acl.ErrInvalidSourceScope) {
+			return echo.NewHTTPError(http.StatusBadRequest, err.Error())
+		}
+		return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
+	}
+	return c.JSON(http.StatusOK, item)
+}
+
+// DeleteBlacklist godoc
+// @Summary Delete bot blacklist entry
+// @Description Delete a guest deny rule by rule ID
+// @Tags bots
+// @Param bot_id path string true "Bot ID"
+// @Param rule_id path string true "Rule ID"
+// @Success 204 "No Content"
+// @Failure 400 {object} ErrorResponse
+// @Failure 403 {object} ErrorResponse
+// @Failure 500 {object} ErrorResponse
+// @Router /bots/{bot_id}/blacklist/{rule_id} [delete].
+func (h *ACLHandler) DeleteBlacklist(c echo.Context) error {
+	if _, _, err := h.requireManageAccess(c); err != nil {
+		return err
+	}
+	ruleID := strings.TrimSpace(c.Param("rule_id"))
+	if ruleID == "" {
+		return echo.NewHTTPError(http.StatusBadRequest, "rule id is required")
+	}
+	if err := h.service.DeleteRule(c.Request().Context(), ruleID); err != nil {
+		return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
+	}
+	return c.NoContent(http.StatusNoContent)
+}
+
+// SearchUsers godoc
+// @Summary Search access users
+// @Description Search user candidates for bot access control
+// @Tags bots
+// @Param bot_id path string true "Bot ID"
+// @Param q query string false "Search query"
+// @Param limit query int false "Max results"
+// @Success 200 {object} acl.UserCandidateListResponse
+// @Failure 400 {object} ErrorResponse
+// @Failure 403 {object} ErrorResponse
+// @Failure 500 {object} ErrorResponse
+// @Router /bots/{bot_id}/access/users [get].
+func (h *ACLHandler) SearchUsers(c echo.Context) error {
+	if _, _, err := h.requireManageAccess(c); err != nil {
+		return err
+	}
+	items, err := h.accountService.SearchAccounts(c.Request().Context(), strings.TrimSpace(c.QueryParam("q")), parseLimit(c.QueryParam("limit")))
+	if err != nil {
+		return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
+	}
+	result := make([]acl.UserCandidate, 0, len(items))
+	for _, item := range items {
+		result = append(result, acl.UserCandidate{
+			ID:          item.ID,
+			Username:    item.Username,
+			DisplayName: item.DisplayName,
+			AvatarURL:   item.AvatarURL,
+			Email:       item.Email,
+		})
+	}
+	return c.JSON(http.StatusOK, acl.UserCandidateListResponse{Items: result})
+}
+
+// SearchChannelIdentities godoc
+// @Summary Search access channel identities
+// @Description Search locally observed channel identity candidates for bot access control
+// @Tags bots
+// @Param bot_id path string true "Bot ID"
+// @Param q query string false "Search query"
+// @Param limit query int false "Max results"
+// @Success 200 {object} acl.ChannelIdentityCandidateListResponse
+// @Failure 400 {object} ErrorResponse
+// @Failure 403 {object} ErrorResponse
+// @Failure 500 {object} ErrorResponse
+// @Router /bots/{bot_id}/access/channel_identities [get].
+func (h *ACLHandler) SearchChannelIdentities(c echo.Context) error {
+	if _, _, err := h.requireManageAccess(c); err != nil {
+		return err
+	}
+	items, err := h.identityService.Search(c.Request().Context(), strings.TrimSpace(c.QueryParam("q")), parseLimit(c.QueryParam("limit")))
+	if err != nil {
+		return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
+	}
+	result := make([]acl.ChannelIdentityCandidate, 0, len(items))
+	for _, item := range items {
+		result = append(result, acl.ChannelIdentityCandidate{
+			ID:                item.ID,
+			UserID:            item.UserID,
+			Channel:           item.Channel,
+			ChannelSubjectID:  item.ChannelSubjectID,
+			DisplayName:       item.DisplayName,
+			AvatarURL:         item.AvatarURL,
+			LinkedUsername:    item.LinkedUsername,
+			LinkedDisplayName: item.LinkedDisplayName,
+			LinkedAvatarURL:   item.LinkedAvatarURL,
+		})
+	}
+	return c.JSON(http.StatusOK, acl.ChannelIdentityCandidateListResponse{Items: result})
+}
+
+// ListObservedConversationsByChannelIdentity godoc
+// @Summary List observed conversations for a channel identity
+// @Description List previously observed conversation candidates for a channel identity under a bot
+// @Tags bots
+// @Param bot_id path string true "Bot ID"
+// @Param channel_identity_id path string true "Channel Identity ID"
+// @Success 200 {object} acl.ObservedConversationCandidateListResponse
+// @Failure 400 {object} ErrorResponse
+// @Failure 403 {object} ErrorResponse
+// @Failure 500 {object} ErrorResponse
+// @Router /bots/{bot_id}/access/channel_identities/{channel_identity_id}/conversations [get].
+func (h *ACLHandler) ListObservedConversationsByChannelIdentity(c echo.Context) error {
+	botID, _, err := h.requireManageAccess(c)
+	if err != nil {
+		return err
+	}
+	channelIdentityID := strings.TrimSpace(c.Param("channel_identity_id"))
+	if err := identitypkg.ValidateChannelIdentityID(channelIdentityID); err != nil {
+		return echo.NewHTTPError(http.StatusBadRequest, err.Error())
+	}
+	items, err := h.service.ListObservedConversationsByChannelIdentity(c.Request().Context(), botID, channelIdentityID)
+	if err != nil {
+		return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
+	}
+	return c.JSON(http.StatusOK, acl.ObservedConversationCandidateListResponse{Items: items})
+}
+
+func (h *ACLHandler) requireManageAccess(c echo.Context) (string, string, error) {
+	actorID, err := RequireChannelIdentityID(c)
+	if err != nil {
+		return "", "", err
+	}
+	botID := strings.TrimSpace(c.Param("bot_id"))
+	if botID == "" {
+		return "", "", echo.NewHTTPError(http.StatusBadRequest, "bot id is required")
+	}
+	if _, err := AuthorizeBotAccess(c.Request().Context(), h.botService, h.accountService, actorID, botID, bots.AccessPolicy{}); err != nil {
+		return "", "", err
+	}
+	return botID, actorID, nil
+}
+
+func parseLimit(raw string) int {
+	value, err := strconv.Atoi(strings.TrimSpace(raw))
+	if err != nil || value <= 0 {
+		return 50
+	}
+	if value > 200 {
+		return 200
+	}
+	return value
+}
diff --git a/internal/handlers/containerd.go b/internal/handlers/containerd.go
index 252aa0fe..faff303e 100644
--- a/internal/handlers/containerd.go
+++ b/internal/handlers/containerd.go
@@ -849,11 +849,11 @@ func (*ContainerdHandler) requireChannelIdentityID(c echo.Context) (string, erro
 }
 
 func (h *ContainerdHandler) authorizeBotAccess(ctx context.Context, channelIdentityID, botID string) (bots.Bot, error) {
-	return AuthorizeBotAccess(ctx, h.botService, h.accountService, channelIdentityID, botID, bots.AccessPolicy{AllowPublicMember: false})
+	return AuthorizeBotAccess(ctx, h.botService, h.accountService, channelIdentityID, botID, bots.AccessPolicy{})
 }
 
 // requireBotAccessWithGuest is like requireBotAccess but also allows guest access
-// for public bots that have the allow_guest setting enabled.
+// for public bots when the caller explicitly opts into guest-compatible access.
 func (h *ContainerdHandler) requireBotAccessWithGuest(c echo.Context) (string, error) {
 	channelIdentityID, err := h.requireChannelIdentityID(c)
 	if err != nil {
@@ -863,7 +863,7 @@ func (h *ContainerdHandler) requireBotAccessWithGuest(c echo.Context) (string, e
 	if botID == "" {
 		return "", echo.NewHTTPError(http.StatusBadRequest, "bot id is required")
 	}
-	policy := bots.AccessPolicy{AllowPublicMember: true, AllowGuest: true}
+	policy := bots.AccessPolicy{AllowGuest: true}
 	if _, err := AuthorizeBotAccess(c.Request().Context(), h.botService, h.accountService, channelIdentityID, botID, policy); err != nil {
 		return "", err
 	}
diff --git a/internal/handlers/heartbeat.go b/internal/handlers/heartbeat.go
index 89a2dd83..f343b6ae 100644
--- a/internal/handlers/heartbeat.go
+++ b/internal/handlers/heartbeat.go
@@ -115,5 +115,5 @@ func (*HeartbeatHandler) requireUserID(c echo.Context) (string, error) {
 }
 
 func (h *HeartbeatHandler) authorizeBotAccess(ctx context.Context, userID, botID string) (bots.Bot, error) {
-	return AuthorizeBotAccess(ctx, h.botService, h.accountService, userID, botID, bots.AccessPolicy{AllowPublicMember: false})
+	return AuthorizeBotAccess(ctx, h.botService, h.accountService, userID, botID, bots.AccessPolicy{})
 }
diff --git a/internal/handlers/inbox.go b/internal/handlers/inbox.go
index 95970f16..52dcc4ed 100644
--- a/internal/handlers/inbox.go
+++ b/internal/handlers/inbox.go
@@ -252,7 +252,7 @@ func (h *InboxHandler) Count(c echo.Context) error {
 }
 
 func (h *InboxHandler) authorizeBotAccess(ctx context.Context, channelIdentityID, botID string) (bots.Bot, error) {
-	return AuthorizeBotAccess(ctx, h.botService, h.accountService, channelIdentityID, botID, bots.AccessPolicy{AllowPublicMember: false})
+	return AuthorizeBotAccess(ctx, h.botService, h.accountService, channelIdentityID, botID, bots.AccessPolicy{})
 }
 
 func parseIntOr(s string, fallback int) int {
diff --git a/internal/handlers/local_channel.go b/internal/handlers/local_channel.go
index b97dfc91..ba91aeb7 100644
--- a/internal/handlers/local_channel.go
+++ b/internal/handlers/local_channel.go
@@ -226,7 +226,7 @@ func (h *LocalChannelHandler) PostMessage(c echo.Context) error {
 		},
 		Conversation: channel.Conversation{
 			ID:   routeKey,
-			Type: "p2p",
+			Type: channel.ConversationTypePrivate,
 		},
 		ReceivedAt: time.Now().UTC(),
 		Source:     "local",
@@ -404,7 +404,7 @@ func (h *LocalChannelHandler) HandleWebSocket(c echo.Context) error {
 					Token:                   bearerToken,
 					UserID:                  channelIdentityID,
 					SourceChannelIdentityID: channelIdentityID,
-					ConversationType:        "p2p",
+					ConversationType:        channel.ConversationTypePrivate,
 					Query:                   text,
 					CurrentChannel:          h.channelType.String(),
 					Channels:                []string{h.channelType.String()},
@@ -453,7 +453,7 @@ func (*LocalChannelHandler) requireChannelIdentityID(c echo.Context) (string, er
 }
 
 func (h *LocalChannelHandler) authorizeBotAccess(ctx context.Context, channelIdentityID, botID string) (bots.Bot, error) {
-	return AuthorizeBotAccess(ctx, h.botService, h.accountService, channelIdentityID, botID, bots.AccessPolicy{AllowPublicMember: true})
+	return AuthorizeBotAccess(ctx, h.botService, h.accountService, channelIdentityID, botID, bots.AccessPolicy{AllowGuest: true})
 }
 
 // ---------------------------------------------------------------------------
diff --git a/internal/handlers/mcp.go b/internal/handlers/mcp.go
index 1fac4a30..440edf06 100644
--- a/internal/handlers/mcp.go
+++ b/internal/handlers/mcp.go
@@ -410,5 +410,5 @@ func (*MCPHandler) requireChannelIdentityID(c echo.Context) (string, error) {
 }
 
 func (h *MCPHandler) authorizeBotAccess(ctx context.Context, channelIdentityID, botID string) (bots.Bot, error) {
-	return AuthorizeBotAccess(ctx, h.botService, h.accountService, channelIdentityID, botID, bots.AccessPolicy{AllowPublicMember: false})
+	return AuthorizeBotAccess(ctx, h.botService, h.accountService, channelIdentityID, botID, bots.AccessPolicy{})
 }
diff --git a/internal/handlers/mcp_oauth.go b/internal/handlers/mcp_oauth.go
index e563a3b0..b6039687 100644
--- a/internal/handlers/mcp_oauth.go
+++ b/internal/handlers/mcp_oauth.go
@@ -245,5 +245,5 @@ func (*MCPOAuthHandler) requireChannelIdentityID(c echo.Context) (string, error)
 }
 
 func (h *MCPOAuthHandler) authorizeBotAccess(ctx context.Context, channelIdentityID, botID string) (bots.Bot, error) {
-	return AuthorizeBotAccess(ctx, h.botService, h.accountService, channelIdentityID, botID, bots.AccessPolicy{AllowPublicMember: false})
+	return AuthorizeBotAccess(ctx, h.botService, h.accountService, channelIdentityID, botID, bots.AccessPolicy{})
 }
diff --git a/internal/handlers/memory.go b/internal/handlers/memory.go
index effd52b7..29e4a376 100644
--- a/internal/handlers/memory.go
+++ b/internal/handlers/memory.go
@@ -664,7 +664,7 @@ func (h *MemoryHandler) requireBotAccess(c echo.Context) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	if _, err := AuthorizeBotAccess(c.Request().Context(), h.botService, h.accountService, channelIdentityID, botID, bots.AccessPolicy{AllowPublicMember: false}); err != nil {
+	if _, err := AuthorizeBotAccess(c.Request().Context(), h.botService, h.accountService, channelIdentityID, botID, bots.AccessPolicy{}); err != nil {
 		return "", err
 	}
 	return botID, nil
diff --git a/internal/handlers/message.go b/internal/handlers/message.go
index 6fa31dda..c2552739 100644
--- a/internal/handlers/message.go
+++ b/internal/handlers/message.go
@@ -354,11 +354,11 @@ func (*MessageHandler) requireChannelIdentityID(c echo.Context) (string, error)
 }
 
 func (h *MessageHandler) authorizeBotAccess(ctx context.Context, channelIdentityID, botID string) (bots.Bot, error) {
-	return AuthorizeBotAccess(ctx, h.botService, h.accountService, channelIdentityID, botID, bots.AccessPolicy{AllowPublicMember: true})
+	return AuthorizeBotAccess(ctx, h.botService, h.accountService, channelIdentityID, botID, bots.AccessPolicy{AllowGuest: true})
 }
 
 func (h *MessageHandler) authorizeBotManage(ctx context.Context, channelIdentityID, botID string) (bots.Bot, error) {
-	return AuthorizeBotAccess(ctx, h.botService, h.accountService, channelIdentityID, botID, bots.AccessPolicy{AllowPublicMember: false})
+	return AuthorizeBotAccess(ctx, h.botService, h.accountService, channelIdentityID, botID, bots.AccessPolicy{})
 }
 
 func (h *MessageHandler) requireReadable(ctx context.Context, conversationID, channelIdentityID string) error {
diff --git a/internal/handlers/preauth.go b/internal/handlers/preauth.go
deleted file mode 100644
index 3e81debe..00000000
--- a/internal/handlers/preauth.go
+++ /dev/null
@@ -1,72 +0,0 @@
-package handlers
-
-import (
-	"context"
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/labstack/echo/v4"
-
-	"github.com/memohai/memoh/internal/accounts"
-	"github.com/memohai/memoh/internal/bots"
-	"github.com/memohai/memoh/internal/preauth"
-)
-
-type PreauthHandler struct {
-	service        *preauth.Service
-	botService     *bots.Service
-	accountService *accounts.Service
-}
-
-func NewPreauthHandler(service *preauth.Service, botService *bots.Service, accountService *accounts.Service) *PreauthHandler {
-	return &PreauthHandler{
-		service:        service,
-		botService:     botService,
-		accountService: accountService,
-	}
-}
-
-func (h *PreauthHandler) Register(e *echo.Echo) {
-	group := e.Group("/bots/:bot_id/preauth_keys")
-	group.POST("", h.Issue)
-}
-
-type preauthIssueRequest struct {
-	TTLSeconds int `json:"ttl_seconds"`
-}
-
-func (h *PreauthHandler) Issue(c echo.Context) error {
-	userID, err := h.requireUserID(c)
-	if err != nil {
-		return err
-	}
-	botID := strings.TrimSpace(c.Param("bot_id"))
-	if botID == "" {
-		return echo.NewHTTPError(http.StatusBadRequest, "bot id is required")
-	}
-	if _, err := h.authorizeBotAccess(c.Request().Context(), userID, botID); err != nil {
-		return err
-	}
-	var req preauthIssueRequest
-	if err := c.Bind(&req); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, err.Error())
-	}
-	ttl := 24 * time.Hour
-	if req.TTLSeconds > 0 {
-		ttl = time.Duration(req.TTLSeconds) * time.Second
-	}
-	key, err := h.service.Issue(c.Request().Context(), botID, userID, ttl)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
-	}
-	return c.JSON(http.StatusOK, key)
-}
-
-func (*PreauthHandler) requireUserID(c echo.Context) (string, error) {
-	return RequireChannelIdentityID(c)
-}
-
-func (h *PreauthHandler) authorizeBotAccess(ctx context.Context, userID, botID string) (bots.Bot, error) {
-	return AuthorizeBotAccess(ctx, h.botService, h.accountService, userID, botID, bots.AccessPolicy{AllowPublicMember: false})
-}
diff --git a/internal/handlers/schedule.go b/internal/handlers/schedule.go
index 30fa585c..05c80158 100644
--- a/internal/handlers/schedule.go
+++ b/internal/handlers/schedule.go
@@ -220,5 +220,5 @@ func (*ScheduleHandler) requireUserID(c echo.Context) (string, error) {
 }
 
 func (h *ScheduleHandler) authorizeBotAccess(ctx context.Context, userID, botID string) (bots.Bot, error) {
-	return AuthorizeBotAccess(ctx, h.botService, h.accountService, userID, botID, bots.AccessPolicy{AllowPublicMember: false})
+	return AuthorizeBotAccess(ctx, h.botService, h.accountService, userID, botID, bots.AccessPolicy{})
 }
diff --git a/internal/handlers/settings.go b/internal/handlers/settings.go
index 05e8526e..684e8f75 100644
--- a/internal/handlers/settings.go
+++ b/internal/handlers/settings.go
@@ -148,5 +148,5 @@ func (*SettingsHandler) requireChannelIdentityID(c echo.Context) (string, error)
 }
 
 func (h *SettingsHandler) authorizeBotAccess(ctx context.Context, channelIdentityID, botID string) (bots.Bot, error) {
-	return AuthorizeBotAccess(ctx, h.botService, h.accountService, channelIdentityID, botID, bots.AccessPolicy{AllowPublicMember: false})
+	return AuthorizeBotAccess(ctx, h.botService, h.accountService, channelIdentityID, botID, bots.AccessPolicy{})
 }
diff --git a/internal/handlers/subagent.go b/internal/handlers/subagent.go
index ebaf9b55..7de1e013 100644
--- a/internal/handlers/subagent.go
+++ b/internal/handlers/subagent.go
@@ -434,5 +434,5 @@ func (*SubagentHandler) requireChannelIdentityID(c echo.Context) (string, error)
 }
 
 func (h *SubagentHandler) authorizeBotAccess(ctx context.Context, channelIdentityID, botID string) (bots.Bot, error) {
-	return AuthorizeBotAccess(ctx, h.botService, h.accountService, channelIdentityID, botID, bots.AccessPolicy{AllowPublicMember: false})
+	return AuthorizeBotAccess(ctx, h.botService, h.accountService, channelIdentityID, botID, bots.AccessPolicy{})
 }
diff --git a/internal/handlers/token_usage.go b/internal/handlers/token_usage.go
index 72098fce..86618430 100644
--- a/internal/handlers/token_usage.go
+++ b/internal/handlers/token_usage.go
@@ -85,7 +85,7 @@ func (h *TokenUsageHandler) GetTokenUsage(c echo.Context) error {
 	if botID == "" {
 		return echo.NewHTTPError(http.StatusBadRequest, "bot id is required")
 	}
-	if _, err := AuthorizeBotAccess(c.Request().Context(), h.botService, h.accountService, userID, botID, bots.AccessPolicy{AllowPublicMember: false}); err != nil {
+	if _, err := AuthorizeBotAccess(c.Request().Context(), h.botService, h.accountService, userID, botID, bots.AccessPolicy{}); err != nil {
 		return err
 	}
 
diff --git a/internal/handlers/users.go b/internal/handlers/users.go
index 4b33076b..35b97c63 100644
--- a/internal/handlers/users.go
+++ b/internal/handlers/users.go
@@ -75,9 +75,6 @@ func (h *UsersHandler) Register(e *echo.Echo) {
 	botGroup.PUT("/:id", h.UpdateBot)
 	botGroup.PUT("/:id/owner", h.TransferBotOwner)
 	botGroup.DELETE("/:id", h.DeleteBot)
-	botGroup.GET("/:id/members", h.ListBotMembers)
-	botGroup.PUT("/:id/members", h.UpsertBotMember)
-	botGroup.DELETE("/:id/members/:user_id", h.DeleteBotMember)
 	botGroup.GET("/:id/channel/:platform", h.GetBotChannelConfig)
 	botGroup.PUT("/:id/channel/:platform", h.UpsertBotChannelConfig)
 	botGroup.PATCH("/:id/channel/:platform/status", h.UpdateBotChannelStatus)
@@ -662,109 +659,6 @@ func (h *UsersHandler) DeleteBot(c echo.Context) error {
 	})
 }
 
-// ListBotMembers godoc
-// @Summary List bot members
-// @Description List members for a bot
-// @Tags bots
-// @Param id path string true "Bot ID"
-// @Success 200 {object} bots.ListMembersResponse
-// @Failure 400 {object} ErrorResponse
-// @Failure 403 {object} ErrorResponse
-// @Failure 404 {object} ErrorResponse
-// @Failure 500 {object} ErrorResponse
-// @Router /bots/{id}/members [get].
-func (h *UsersHandler) ListBotMembers(c echo.Context) error {
-	channelIdentityID, err := h.requireChannelIdentityID(c)
-	if err != nil {
-		return err
-	}
-	botID := strings.TrimSpace(c.Param("id"))
-	if botID == "" {
-		return echo.NewHTTPError(http.StatusBadRequest, "bot id is required")
-	}
-	if _, err := h.authorizeBotAccess(c.Request().Context(), channelIdentityID, botID); err != nil {
-		return err
-	}
-	items, err := h.botService.ListMembers(c.Request().Context(), botID)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
-	}
-	return c.JSON(http.StatusOK, bots.ListMembersResponse{Items: items})
-}
-
-// UpsertBotMember godoc
-// @Summary Upsert bot member
-// @Description Add or update bot member role
-// @Tags bots
-// @Param id path string true "Bot ID"
-// @Param payload body bots.UpsertMemberRequest true "Member payload"
-// @Success 200 {object} bots.BotMember
-// @Failure 400 {object} ErrorResponse
-// @Failure 403 {object} ErrorResponse
-// @Failure 404 {object} ErrorResponse
-// @Failure 500 {object} ErrorResponse
-// @Router /bots/{id}/members [put].
-func (h *UsersHandler) UpsertBotMember(c echo.Context) error {
-	channelIdentityID, err := h.requireChannelIdentityID(c)
-	if err != nil {
-		return err
-	}
-	botID := strings.TrimSpace(c.Param("id"))
-	if botID == "" {
-		return echo.NewHTTPError(http.StatusBadRequest, "bot id is required")
-	}
-	if _, err := h.authorizeBotAccess(c.Request().Context(), channelIdentityID, botID); err != nil {
-		return err
-	}
-	var req bots.UpsertMemberRequest
-	if err := c.Bind(&req); err != nil {
-		return echo.NewHTTPError(http.StatusBadRequest, err.Error())
-	}
-	req.UserID = strings.TrimSpace(req.UserID)
-	if req.UserID == "" {
-		return echo.NewHTTPError(http.StatusBadRequest, "user_id is required")
-	}
-	resp, err := h.botService.UpsertMember(c.Request().Context(), botID, req)
-	if err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
-	}
-	return c.JSON(http.StatusOK, resp)
-}
-
-// DeleteBotMember godoc
-// @Summary Delete bot member
-// @Description Remove a member from a bot
-// @Tags bots
-// @Param id path string true "Bot ID"
-// @Param user_id path string true "User ID"
-// @Success 204 "No Content"
-// @Failure 400 {object} ErrorResponse
-// @Failure 403 {object} ErrorResponse
-// @Failure 404 {object} ErrorResponse
-// @Failure 500 {object} ErrorResponse
-// @Router /bots/{id}/members/{user_id} [delete].
-func (h *UsersHandler) DeleteBotMember(c echo.Context) error {
-	channelIdentityID, err := h.requireChannelIdentityID(c)
-	if err != nil {
-		return err
-	}
-	botID := strings.TrimSpace(c.Param("id"))
-	if botID == "" {
-		return echo.NewHTTPError(http.StatusBadRequest, "bot id is required")
-	}
-	memberUserID := strings.TrimSpace(c.Param("user_id"))
-	if memberUserID == "" {
-		return echo.NewHTTPError(http.StatusBadRequest, "user id is required")
-	}
-	if _, err := h.authorizeBotAccess(c.Request().Context(), channelIdentityID, botID); err != nil {
-		return err
-	}
-	if err := h.botService.DeleteMember(c.Request().Context(), botID, memberUserID); err != nil {
-		return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
-	}
-	return c.NoContent(http.StatusNoContent)
-}
-
 // GetBotChannelConfig godoc
 // @Summary Get bot channel config
 // @Description Get bot channel configuration
@@ -1044,7 +938,7 @@ func (h *UsersHandler) SendBotMessageSession(c echo.Context) error {
 }
 
 func (h *UsersHandler) authorizeBotAccess(ctx context.Context, channelIdentityID, botID string) (bots.Bot, error) {
-	return AuthorizeBotAccess(ctx, h.botService, h.service, channelIdentityID, botID, bots.AccessPolicy{AllowPublicMember: false})
+	return AuthorizeBotAccess(ctx, h.botService, h.service, channelIdentityID, botID, bots.AccessPolicy{})
 }
 
 func (*UsersHandler) requireChannelIdentityID(c echo.Context) (string, error) {
diff --git a/internal/policy/service.go b/internal/policy/service.go
index 423653b9..e5eb0a73 100644
--- a/internal/policy/service.go
+++ b/internal/policy/service.go
@@ -7,35 +7,31 @@ import (
 	"strings"
 
 	"github.com/memohai/memoh/internal/bots"
-	"github.com/memohai/memoh/internal/settings"
 )
 
 type Decision struct {
-	BotID      string
-	BotType    string
-	AllowGuest bool
+	BotID   string
+	BotType string
 }
 
 type Service struct {
-	bots     *bots.Service
-	settings *settings.Service
-	logger   *slog.Logger
+	bots   *bots.Service
+	logger *slog.Logger
 }
 
-func NewService(log *slog.Logger, botsService *bots.Service, settingsService *settings.Service) *Service {
+func NewService(log *slog.Logger, botsService *bots.Service) *Service {
 	if log == nil {
 		log = slog.Default()
 	}
 	return &Service{
-		bots:     botsService,
-		settings: settingsService,
-		logger:   log.With(slog.String("service", "policy")),
+		bots:   botsService,
+		logger: log.With(slog.String("service", "policy")),
 	}
 }
 
 // Resolve evaluates the full access policy for a bot.
 func (s *Service) Resolve(ctx context.Context, botID string) (Decision, error) {
-	if s == nil || s.bots == nil || s.settings == nil {
+	if s == nil || s.bots == nil {
 		return Decision{}, errors.New("policy service not configured")
 	}
 	botID = strings.TrimSpace(botID)
@@ -46,30 +42,13 @@ func (s *Service) Resolve(ctx context.Context, botID string) (Decision, error) {
 	if err != nil {
 		return Decision{}, err
 	}
-	botSettings, err := s.settings.GetBot(ctx, botID)
-	if err != nil {
-		return Decision{}, err
-	}
 	decision := Decision{
-		BotID:      botID,
-		BotType:    strings.TrimSpace(bot.Type),
-		AllowGuest: botSettings.AllowGuest,
-	}
-	if decision.BotType == bots.BotTypePersonal {
-		decision.AllowGuest = false
+		BotID:   botID,
+		BotType: strings.TrimSpace(bot.Type),
 	}
 	return decision, nil
 }
 
-// AllowGuest checks if the bot allows guest access. Implements router.PolicyService.
-func (s *Service) AllowGuest(ctx context.Context, botID string) (bool, error) {
-	decision, err := s.Resolve(ctx, botID)
-	if err != nil {
-		return false, err
-	}
-	return decision.AllowGuest, nil
-}
-
 // BotType returns the normalized bot type. Implements router.PolicyService.
 func (s *Service) BotType(ctx context.Context, botID string) (string, error) {
 	decision, err := s.Resolve(ctx, botID)
diff --git a/internal/preauth/service.go b/internal/preauth/service.go
deleted file mode 100644
index 139624ba..00000000
--- a/internal/preauth/service.go
+++ /dev/null
@@ -1,107 +0,0 @@
-package preauth
-
-import (
-	"context"
-	"errors"
-	"strings"
-	"time"
-
-	"github.com/google/uuid"
-	"github.com/jackc/pgx/v5"
-	"github.com/jackc/pgx/v5/pgtype"
-
-	"github.com/memohai/memoh/internal/db"
-	"github.com/memohai/memoh/internal/db/sqlc"
-)
-
-var ErrKeyNotFound = errors.New("preauth key not found")
-
-type Service struct {
-	queries *sqlc.Queries
-}
-
-func NewService(queries *sqlc.Queries) *Service {
-	return &Service{queries: queries}
-}
-
-// Issue creates a new preauth key for the given bot.
-func (s *Service) Issue(ctx context.Context, botID, issuedByUserID string, ttl time.Duration) (Key, error) {
-	if s.queries == nil {
-		return Key{}, errors.New("preauth queries not configured")
-	}
-	if ttl <= 0 {
-		ttl = 24 * time.Hour
-	}
-	pgBotID, err := db.ParseUUID(botID)
-	if err != nil {
-		return Key{}, err
-	}
-	pgIssuedBy := pgtype.UUID{Valid: false}
-	if strings.TrimSpace(issuedByUserID) != "" {
-		parsed, err := db.ParseUUID(issuedByUserID)
-		if err != nil {
-			return Key{}, err
-		}
-		pgIssuedBy = parsed
-	}
-	token := strings.ReplaceAll(uuid.NewString(), "-", "")[:8]
-	expiresAt := time.Now().UTC().Add(ttl)
-	row, err := s.queries.CreateBotPreauthKey(ctx, sqlc.CreateBotPreauthKeyParams{
-		BotID:          pgBotID,
-		Token:          token,
-		IssuedByUserID: pgIssuedBy,
-		ExpiresAt:      pgtype.Timestamptz{Time: expiresAt, Valid: true},
-	})
-	if err != nil {
-		return Key{}, err
-	}
-	return normalizeKey(row), nil
-}
-
-func (s *Service) Get(ctx context.Context, token string) (Key, error) {
-	if s.queries == nil {
-		return Key{}, errors.New("preauth queries not configured")
-	}
-	row, err := s.queries.GetBotPreauthKey(ctx, strings.TrimSpace(token))
-	if err != nil {
-		if errors.Is(err, pgx.ErrNoRows) {
-			return Key{}, ErrKeyNotFound
-		}
-		return Key{}, err
-	}
-	return normalizeKey(row), nil
-}
-
-func (s *Service) MarkUsed(ctx context.Context, id string) (Key, error) {
-	if s.queries == nil {
-		return Key{}, errors.New("preauth queries not configured")
-	}
-	pgID, err := db.ParseUUID(id)
-	if err != nil {
-		return Key{}, err
-	}
-	row, err := s.queries.MarkBotPreauthKeyUsed(ctx, pgID)
-	if err != nil {
-		return Key{}, err
-	}
-	return normalizeKey(row), nil
-}
-
-func normalizeKey(row sqlc.BotPreauthKey) Key {
-	return Key{
-		ID:             row.ID.String(),
-		BotID:          row.BotID.String(),
-		Token:          strings.TrimSpace(row.Token),
-		IssuedByUserID: row.IssuedByUserID.String(),
-		ExpiresAt:      timeFromPg(row.ExpiresAt),
-		UsedAt:         timeFromPg(row.UsedAt),
-		CreatedAt:      timeFromPg(row.CreatedAt),
-	}
-}
-
-func timeFromPg(value pgtype.Timestamptz) time.Time {
-	if value.Valid {
-		return value.Time
-	}
-	return time.Time{}
-}
diff --git a/internal/preauth/types.go b/internal/preauth/types.go
deleted file mode 100644
index 310a5e99..00000000
--- a/internal/preauth/types.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package preauth
-
-import "time"
-
-// Key represents a bot pre-authorization key.
-type Key struct {
-	ID             string
-	BotID          string
-	Token          string
-	IssuedByUserID string
-	ExpiresAt      time.Time
-	UsedAt         time.Time
-	CreatedAt      time.Time
-}
diff --git a/internal/settings/service.go b/internal/settings/service.go
index 791c91f1..01b39938 100644
--- a/internal/settings/service.go
+++ b/internal/settings/service.go
@@ -12,12 +12,14 @@ import (
 	"github.com/jackc/pgx/v5"
 	"github.com/jackc/pgx/v5/pgtype"
 
+	"github.com/memohai/memoh/internal/acl"
 	"github.com/memohai/memoh/internal/db"
 	"github.com/memohai/memoh/internal/db/sqlc"
 )
 
 type Service struct {
 	queries *sqlc.Queries
+	acl     *acl.Service
 	logger  *slog.Logger
 }
 
@@ -27,9 +29,10 @@ var (
 	ErrInvalidModelRef                   = errors.New("invalid model reference")
 )
 
-func NewService(log *slog.Logger, queries *sqlc.Queries) *Service {
+func NewService(log *slog.Logger, queries *sqlc.Queries, aclService *acl.Service) *Service {
 	return &Service{
 		queries: queries,
+		acl:     aclService,
 		logger:  log.With(slog.String("service", "settings")),
 	}
 }
@@ -43,7 +46,13 @@ func (s *Service) GetBot(ctx context.Context, botID string) (Settings, error) {
 	if err != nil {
 		return Settings{}, err
 	}
-	return normalizeBotSettingsReadRow(row), nil
+	settings := normalizeBotSettingsReadRow(row)
+	allowGuest, err := s.allowGuestEnabled(ctx, botID)
+	if err != nil {
+		return Settings{}, err
+	}
+	settings.AllowGuest = allowGuest
+	return settings, nil
 }
 
 func (s *Service) UpsertBot(ctx context.Context, botID string, req UpsertRequest) (Settings, error) {
@@ -60,7 +69,11 @@ func (s *Service) UpsertBot(ctx context.Context, botID string, req UpsertRequest
 	}
 	isPersonalBot := strings.EqualFold(strings.TrimSpace(botRow.Type), "personal")
 
-	current := normalizeBotSetting(botRow.MaxContextLoadTime, botRow.MaxContextTokens, botRow.MaxInboxItems, botRow.Language, botRow.AllowGuest, botRow.ReasoningEnabled, botRow.ReasoningEffort, botRow.HeartbeatEnabled, botRow.HeartbeatInterval)
+	allowGuest, err := s.allowGuestEnabled(ctx, botID)
+	if err != nil {
+		return Settings{}, err
+	}
+	current := normalizeBotSetting(botRow.MaxContextLoadTime, botRow.MaxContextTokens, botRow.MaxInboxItems, botRow.Language, allowGuest, botRow.ReasoningEnabled, botRow.ReasoningEffort, botRow.HeartbeatEnabled, botRow.HeartbeatInterval)
 	if req.MaxContextLoadTime != nil && *req.MaxContextLoadTime > 0 {
 		current.MaxContextLoadTime = *req.MaxContextLoadTime
 	}
@@ -154,7 +167,6 @@ func (s *Service) UpsertBot(ctx context.Context, botID string, req UpsertRequest
 		MaxContextTokens:   int32(current.MaxContextTokens),
 		MaxInboxItems:      int32(current.MaxInboxItems),
 		Language:           current.Language,
-		AllowGuest:         current.AllowGuest,
 		ReasoningEnabled:   current.ReasoningEnabled,
 		ReasoningEffort:    current.ReasoningEffort,
 		HeartbeatEnabled:   current.HeartbeatEnabled,
@@ -170,7 +182,16 @@ func (s *Service) UpsertBot(ctx context.Context, botID string, req UpsertRequest
 	if err != nil {
 		return Settings{}, err
 	}
-	return normalizeBotSettingsWriteRow(updated), nil
+	createdByUserID := ""
+	if botRow.OwnerUserID.Valid {
+		createdByUserID = uuid.UUID(botRow.OwnerUserID.Bytes).String()
+	}
+	if err := s.setAllowGuest(ctx, botID, createdByUserID, current.AllowGuest); err != nil {
+		return Settings{}, err
+	}
+	settings := normalizeBotSettingsWriteRow(updated)
+	settings.AllowGuest = current.AllowGuest
+	return settings, nil
 }
 
 func (s *Service) Delete(ctx context.Context, botID string) error {
@@ -181,7 +202,10 @@ func (s *Service) Delete(ctx context.Context, botID string) error {
 	if err != nil {
 		return err
 	}
-	return s.queries.DeleteSettingsByBotID(ctx, pgID)
+	if err := s.queries.DeleteSettingsByBotID(ctx, pgID); err != nil {
+		return err
+	}
+	return s.setAllowGuest(ctx, botID, "", false)
 }
 
 func normalizeBotSetting(maxContextLoadTime int32, maxContextTokens int32, maxInboxItems int32, language string, allowGuest bool, reasoningEnabled bool, reasoningEffort string, heartbeatEnabled bool, heartbeatInterval int32) Settings {
@@ -232,7 +256,6 @@ func normalizeBotSettingsReadRow(row sqlc.GetSettingsByBotIDRow) Settings {
 		row.MaxContextTokens,
 		row.MaxInboxItems,
 		row.Language,
-		row.AllowGuest,
 		row.ReasoningEnabled,
 		row.ReasoningEffort,
 		row.HeartbeatEnabled,
@@ -252,7 +275,6 @@ func normalizeBotSettingsWriteRow(row sqlc.UpsertBotSettingsRow) Settings {
 		row.MaxContextTokens,
 		row.MaxInboxItems,
 		row.Language,
-		row.AllowGuest,
 		row.ReasoningEnabled,
 		row.ReasoningEffort,
 		row.HeartbeatEnabled,
@@ -271,7 +293,6 @@ func normalizeBotSettingsFields(
 	maxContextTokens int32,
 	maxInboxItems int32,
 	language string,
-	allowGuest bool,
 	reasoningEnabled bool,
 	reasoningEffort string,
 	heartbeatEnabled bool,
@@ -283,7 +304,7 @@ func normalizeBotSettingsFields(
 	ttsModelID pgtype.UUID,
 	browserContextID pgtype.UUID,
 ) Settings {
-	settings := normalizeBotSetting(maxContextLoadTime, maxContextTokens, maxInboxItems, language, allowGuest, reasoningEnabled, reasoningEffort, heartbeatEnabled, heartbeatInterval)
+	settings := normalizeBotSetting(maxContextLoadTime, maxContextTokens, maxInboxItems, language, false, reasoningEnabled, reasoningEffort, heartbeatEnabled, heartbeatInterval)
 	if chatModelID.Valid {
 		settings.ChatModelID = uuid.UUID(chatModelID.Bytes).String()
 	}
@@ -305,6 +326,20 @@ func normalizeBotSettingsFields(
 	return settings
 }
 
+func (s *Service) allowGuestEnabled(ctx context.Context, botID string) (bool, error) {
+	if s.acl == nil {
+		return false, nil
+	}
+	return s.acl.AllowGuestEnabled(ctx, botID)
+}
+
+func (s *Service) setAllowGuest(ctx context.Context, botID, createdByUserID string, enabled bool) error {
+	if s.acl == nil {
+		return nil
+	}
+	return s.acl.SetAllowGuest(ctx, botID, createdByUserID, enabled)
+}
+
 func (s *Service) resolveModelUUID(ctx context.Context, modelID string) (pgtype.UUID, error) {
 	modelID = strings.TrimSpace(modelID)
 	if modelID == "" {
diff --git a/packages/sdk/src/@pinia/colada.gen.ts b/packages/sdk/src/@pinia/colada.gen.ts
index 8c423066..6ef1b3aa 100644
--- a/packages/sdk/src/@pinia/colada.gen.ts
+++ b/packages/sdk/src/@pinia/colada.gen.ts
@@ -4,8 +4,8 @@ import { type _JSONValue, defineQueryOptions, type UseMutationOptions } from '@p
 
 import { serializeQueryKeyValue } from '../client';
 import { client } from '../client.gen';
-import { deleteBotsByBotIdContainer, deleteBotsByBotIdContainerSkills, deleteBotsByBotIdEmailBindingsById, deleteBotsByBotIdHeartbeatLogs, deleteBotsByBotIdInboxById, deleteBotsByBotIdMcpById, deleteBotsByBotIdMcpByIdOauthToken, deleteBotsByBotIdMemory, deleteBotsByBotIdMemoryById, deleteBotsByBotIdMessages, deleteBotsByBotIdScheduleById, deleteBotsByBotIdSettings, deleteBotsByBotIdSubagentsById, deleteBotsById, deleteBotsByIdChannelByPlatform, deleteBotsByIdMembersByUserId, deleteBrowserContextsById, deleteEmailProvidersById, deleteEmailProvidersByIdOauthToken, deleteMemoryProvidersById, deleteModelsById, deleteModelsModelByModelId, deleteProvidersById, deleteSearchProvidersById, deleteTtsModelsById, deleteTtsProvidersById, getBots, getBotsByBotIdCliWs, getBotsByBotIdContainer, getBotsByBotIdContainerFs, getBotsByBotIdContainerFsDownload, getBotsByBotIdContainerFsList, getBotsByBotIdContainerFsRead, getBotsByBotIdContainerSkills, getBotsByBotIdContainerSnapshots, getBotsByBotIdContainerTerminal, getBotsByBotIdContainerTerminalWs, getBotsByBotIdEmailBindings, getBotsByBotIdEmailOutbox, getBotsByBotIdEmailOutboxById, getBotsByBotIdHeartbeatLogs, getBotsByBotIdInbox, getBotsByBotIdInboxById, getBotsByBotIdInboxCount, getBotsByBotIdMcp, getBotsByBotIdMcpById, getBotsByBotIdMcpByIdOauthStatus, getBotsByBotIdMcpExport, getBotsByBotIdMemory, getBotsByBotIdMemoryStatus, getBotsByBotIdMemoryUsage, getBotsByBotIdMessages, getBotsByBotIdSchedule, getBotsByBotIdScheduleById, getBotsByBotIdSettings, getBotsByBotIdSubagents, getBotsByBotIdSubagentsById, getBotsByBotIdSubagentsByIdContext, getBotsByBotIdSubagentsByIdSkills, getBotsByBotIdTokenUsage, getBotsByBotIdWebWs, getBotsById, getBotsByIdChannelByPlatform, getBotsByIdChecks, getBotsByIdMembers, getBrowserContexts, getBrowserContextsById, getBrowserContextsCores, getChannels, getChannelsByPlatform, getEmailOauthCallback, getEmailProviders, getEmailProvidersById, getEmailProvidersByIdOauthAuthorize, getEmailProvidersByIdOauthStatus, getEmailProvidersMeta, getMemoryProviders, getMemoryProvidersById, getMemoryProvidersByIdStatus, getMemoryProvidersMeta, getModels, getModelsById, getModelsCount, getModelsModelByModelId, getPing, getProviders, getProvidersById, getProvidersByIdModels, getProvidersCount, getProvidersNameByName, getSearchProviders, getSearchProvidersById, getSearchProvidersMeta, getTtsModels, getTtsModelsById, getTtsModelsByIdCapabilities, getTtsProviders, getTtsProvidersById, getTtsProvidersByIdModels, getTtsProvidersMeta, getUsers, getUsersById, getUsersMe, getUsersMeChannelsByPlatform, getUsersMeIdentities, type Options, patchBotsByIdChannelByPlatformStatus, postAuthLogin, postAuthRefresh, postBots, postBotsByBotIdCliMessages, postBotsByBotIdContainer, postBotsByBotIdContainerDataExport, postBotsByBotIdContainerDataImport, postBotsByBotIdContainerDataRestore, postBotsByBotIdContainerFsDelete, postBotsByBotIdContainerFsMkdir, postBotsByBotIdContainerFsRename, postBotsByBotIdContainerFsUpload, postBotsByBotIdContainerFsWrite, postBotsByBotIdContainerSkills, postBotsByBotIdContainerSnapshots, postBotsByBotIdContainerSnapshotsRollback, postBotsByBotIdContainerStart, postBotsByBotIdContainerStop, postBotsByBotIdEmailBindings, postBotsByBotIdInbox, postBotsByBotIdInboxMarkRead, postBotsByBotIdMcp, postBotsByBotIdMcpByIdOauthAuthorize, postBotsByBotIdMcpByIdOauthDiscover, postBotsByBotIdMcpByIdOauthExchange, postBotsByBotIdMcpByIdProbe, postBotsByBotIdMcpOpsBatchDelete, postBotsByBotIdMcpStdio, postBotsByBotIdMcpStdioByConnectionId, postBotsByBotIdMemory, postBotsByBotIdMemoryCompact, postBotsByBotIdMemoryRebuild, postBotsByBotIdMemorySearch, postBotsByBotIdSchedule, postBotsByBotIdSettings, postBotsByBotIdSubagents, postBotsByBotIdSubagentsByIdSkills, postBotsByBotIdTools, postBotsByBotIdTtsSynthesize, postBotsByBotIdWebMessages, postBotsByIdChannelByPlatformSend, postBotsByIdChannelByPlatformSendChat, postBrowserContexts, postEmailMailgunWebhookByConfigId, postEmailProviders, postMemoryProviders, postModels, postModelsByIdTest, postProviders, postProvidersByIdImportModels, postProvidersByIdTest, postSearchProviders, postTtsModels, postTtsModelsByIdTest, postTtsProviders, postTtsProvidersByIdImportModels, postUsers, putBotsByBotIdEmailBindingsById, putBotsByBotIdMcpById, putBotsByBotIdMcpImport, putBotsByBotIdScheduleById, putBotsByBotIdSettings, putBotsByBotIdSubagentsById, putBotsByBotIdSubagentsByIdContext, putBotsByBotIdSubagentsByIdSkills, putBotsById, putBotsByIdChannelByPlatform, putBotsByIdMembers, putBotsByIdOwner, putBrowserContextsById, putEmailProvidersById, putMemoryProvidersById, putModelsById, putModelsModelByModelId, putProvidersById, putSearchProvidersById, putTtsModelsById, putTtsProvidersById, putUsersById, putUsersByIdPassword, putUsersMe, putUsersMeChannelsByPlatform, putUsersMePassword } from '../sdk.gen';
-import type { DeleteBotsByBotIdContainerData, DeleteBotsByBotIdContainerError, DeleteBotsByBotIdContainerSkillsData, DeleteBotsByBotIdContainerSkillsError, DeleteBotsByBotIdContainerSkillsResponse, DeleteBotsByBotIdEmailBindingsByIdData, DeleteBotsByBotIdEmailBindingsByIdError, DeleteBotsByBotIdHeartbeatLogsData, DeleteBotsByBotIdHeartbeatLogsError, DeleteBotsByBotIdInboxByIdData, DeleteBotsByBotIdInboxByIdError, DeleteBotsByBotIdMcpByIdData, DeleteBotsByBotIdMcpByIdError, DeleteBotsByBotIdMcpByIdOauthTokenData, DeleteBotsByBotIdMcpByIdOauthTokenError, DeleteBotsByBotIdMemoryByIdData, DeleteBotsByBotIdMemoryByIdError, DeleteBotsByBotIdMemoryByIdResponse, DeleteBotsByBotIdMemoryData, DeleteBotsByBotIdMemoryError, DeleteBotsByBotIdMemoryResponse, DeleteBotsByBotIdMessagesData, DeleteBotsByBotIdMessagesError, DeleteBotsByBotIdScheduleByIdData, DeleteBotsByBotIdScheduleByIdError, DeleteBotsByBotIdSettingsData, DeleteBotsByBotIdSettingsError, DeleteBotsByBotIdSubagentsByIdData, DeleteBotsByBotIdSubagentsByIdError, DeleteBotsByIdChannelByPlatformData, DeleteBotsByIdChannelByPlatformError, DeleteBotsByIdData, DeleteBotsByIdError, DeleteBotsByIdMembersByUserIdData, DeleteBotsByIdMembersByUserIdError, DeleteBotsByIdResponse, DeleteBrowserContextsByIdData, DeleteBrowserContextsByIdError, DeleteEmailProvidersByIdData, DeleteEmailProvidersByIdError, DeleteEmailProvidersByIdOauthTokenData, DeleteEmailProvidersByIdOauthTokenError, DeleteMemoryProvidersByIdData, DeleteMemoryProvidersByIdError, DeleteModelsByIdData, DeleteModelsByIdError, DeleteModelsModelByModelIdData, DeleteModelsModelByModelIdError, DeleteProvidersByIdData, DeleteProvidersByIdError, DeleteSearchProvidersByIdData, DeleteSearchProvidersByIdError, DeleteTtsModelsByIdData, DeleteTtsModelsByIdError, DeleteTtsProvidersByIdData, DeleteTtsProvidersByIdError, GetBotsByBotIdCliWsData, GetBotsByBotIdContainerData, GetBotsByBotIdContainerFsData, GetBotsByBotIdContainerFsDownloadData, GetBotsByBotIdContainerFsListData, GetBotsByBotIdContainerFsReadData, GetBotsByBotIdContainerSkillsData, GetBotsByBotIdContainerSnapshotsData, GetBotsByBotIdContainerTerminalData, GetBotsByBotIdContainerTerminalWsData, GetBotsByBotIdEmailBindingsData, GetBotsByBotIdEmailOutboxByIdData, GetBotsByBotIdEmailOutboxData, GetBotsByBotIdHeartbeatLogsData, GetBotsByBotIdInboxByIdData, GetBotsByBotIdInboxCountData, GetBotsByBotIdInboxData, GetBotsByBotIdMcpByIdData, GetBotsByBotIdMcpByIdOauthStatusData, GetBotsByBotIdMcpData, GetBotsByBotIdMcpExportData, GetBotsByBotIdMemoryData, GetBotsByBotIdMemoryStatusData, GetBotsByBotIdMemoryUsageData, GetBotsByBotIdMessagesData, GetBotsByBotIdScheduleByIdData, GetBotsByBotIdScheduleData, GetBotsByBotIdSettingsData, GetBotsByBotIdSubagentsByIdContextData, GetBotsByBotIdSubagentsByIdData, GetBotsByBotIdSubagentsByIdSkillsData, GetBotsByBotIdSubagentsData, GetBotsByBotIdTokenUsageData, GetBotsByBotIdWebWsData, GetBotsByIdChannelByPlatformData, GetBotsByIdChecksData, GetBotsByIdData, GetBotsByIdMembersData, GetBotsData, GetBrowserContextsByIdData, GetBrowserContextsCoresData, GetBrowserContextsData, GetChannelsByPlatformData, GetChannelsData, GetEmailOauthCallbackData, GetEmailProvidersByIdData, GetEmailProvidersByIdOauthAuthorizeData, GetEmailProvidersByIdOauthStatusData, GetEmailProvidersData, GetEmailProvidersMetaData, GetMemoryProvidersByIdData, GetMemoryProvidersByIdStatusData, GetMemoryProvidersData, GetMemoryProvidersMetaData, GetModelsByIdData, GetModelsCountData, GetModelsData, GetModelsModelByModelIdData, GetPingData, GetProvidersByIdData, GetProvidersByIdModelsData, GetProvidersCountData, GetProvidersData, GetProvidersNameByNameData, GetSearchProvidersByIdData, GetSearchProvidersData, GetSearchProvidersMetaData, GetTtsModelsByIdCapabilitiesData, GetTtsModelsByIdData, GetTtsModelsData, GetTtsProvidersByIdData, GetTtsProvidersByIdModelsData, GetTtsProvidersData, GetTtsProvidersMetaData, GetUsersByIdData, GetUsersData, GetUsersMeChannelsByPlatformData, GetUsersMeData, GetUsersMeIdentitiesData, PatchBotsByIdChannelByPlatformStatusData, PatchBotsByIdChannelByPlatformStatusError, PatchBotsByIdChannelByPlatformStatusResponse, PostAuthLoginData, PostAuthLoginError, PostAuthLoginResponse, PostAuthRefreshData, PostAuthRefreshError, PostAuthRefreshResponse, PostBotsByBotIdCliMessagesData, PostBotsByBotIdCliMessagesError, PostBotsByBotIdCliMessagesResponse, PostBotsByBotIdContainerData, PostBotsByBotIdContainerDataExportData, PostBotsByBotIdContainerDataExportError, PostBotsByBotIdContainerDataImportData, PostBotsByBotIdContainerDataImportError, PostBotsByBotIdContainerDataImportResponse, PostBotsByBotIdContainerDataRestoreData, PostBotsByBotIdContainerDataRestoreError, PostBotsByBotIdContainerDataRestoreResponse, PostBotsByBotIdContainerError, PostBotsByBotIdContainerFsDeleteData, PostBotsByBotIdContainerFsDeleteError, PostBotsByBotIdContainerFsDeleteResponse, PostBotsByBotIdContainerFsMkdirData, PostBotsByBotIdContainerFsMkdirError, PostBotsByBotIdContainerFsMkdirResponse, PostBotsByBotIdContainerFsRenameData, PostBotsByBotIdContainerFsRenameError, PostBotsByBotIdContainerFsRenameResponse, PostBotsByBotIdContainerFsUploadData, PostBotsByBotIdContainerFsUploadError, PostBotsByBotIdContainerFsUploadResponse, PostBotsByBotIdContainerFsWriteData, PostBotsByBotIdContainerFsWriteError, PostBotsByBotIdContainerFsWriteResponse, PostBotsByBotIdContainerResponse, PostBotsByBotIdContainerSkillsData, PostBotsByBotIdContainerSkillsError, PostBotsByBotIdContainerSkillsResponse, PostBotsByBotIdContainerSnapshotsData, PostBotsByBotIdContainerSnapshotsError, PostBotsByBotIdContainerSnapshotsResponse, PostBotsByBotIdContainerSnapshotsRollbackData, PostBotsByBotIdContainerSnapshotsRollbackError, PostBotsByBotIdContainerSnapshotsRollbackResponse, PostBotsByBotIdContainerStartData, PostBotsByBotIdContainerStartError, PostBotsByBotIdContainerStartResponse, PostBotsByBotIdContainerStopData, PostBotsByBotIdContainerStopError, PostBotsByBotIdContainerStopResponse, PostBotsByBotIdEmailBindingsData, PostBotsByBotIdEmailBindingsError, PostBotsByBotIdEmailBindingsResponse, PostBotsByBotIdInboxData, PostBotsByBotIdInboxError, PostBotsByBotIdInboxMarkReadData, PostBotsByBotIdInboxMarkReadError, PostBotsByBotIdInboxResponse, PostBotsByBotIdMcpByIdOauthAuthorizeData, PostBotsByBotIdMcpByIdOauthAuthorizeError, PostBotsByBotIdMcpByIdOauthAuthorizeResponse, PostBotsByBotIdMcpByIdOauthDiscoverData, PostBotsByBotIdMcpByIdOauthDiscoverError, PostBotsByBotIdMcpByIdOauthDiscoverResponse, PostBotsByBotIdMcpByIdOauthExchangeData, PostBotsByBotIdMcpByIdOauthExchangeError, PostBotsByBotIdMcpByIdOauthExchangeResponse, PostBotsByBotIdMcpByIdProbeData, PostBotsByBotIdMcpByIdProbeError, PostBotsByBotIdMcpByIdProbeResponse, PostBotsByBotIdMcpData, PostBotsByBotIdMcpError, PostBotsByBotIdMcpOpsBatchDeleteData, PostBotsByBotIdMcpOpsBatchDeleteError, PostBotsByBotIdMcpResponse, PostBotsByBotIdMcpStdioByConnectionIdData, PostBotsByBotIdMcpStdioByConnectionIdError, PostBotsByBotIdMcpStdioByConnectionIdResponse, PostBotsByBotIdMcpStdioData, PostBotsByBotIdMcpStdioError, PostBotsByBotIdMcpStdioResponse, PostBotsByBotIdMemoryCompactData, PostBotsByBotIdMemoryCompactError, PostBotsByBotIdMemoryCompactResponse, PostBotsByBotIdMemoryData, PostBotsByBotIdMemoryError, PostBotsByBotIdMemoryRebuildData, PostBotsByBotIdMemoryRebuildError, PostBotsByBotIdMemoryRebuildResponse, PostBotsByBotIdMemoryResponse, PostBotsByBotIdMemorySearchData, PostBotsByBotIdMemorySearchError, PostBotsByBotIdMemorySearchResponse, PostBotsByBotIdScheduleData, PostBotsByBotIdScheduleError, PostBotsByBotIdScheduleResponse, PostBotsByBotIdSettingsData, PostBotsByBotIdSettingsError, PostBotsByBotIdSettingsResponse, PostBotsByBotIdSubagentsByIdSkillsData, PostBotsByBotIdSubagentsByIdSkillsError, PostBotsByBotIdSubagentsByIdSkillsResponse, PostBotsByBotIdSubagentsData, PostBotsByBotIdSubagentsError, PostBotsByBotIdSubagentsResponse, PostBotsByBotIdToolsData, PostBotsByBotIdToolsError, PostBotsByBotIdToolsResponse, PostBotsByBotIdTtsSynthesizeData, PostBotsByBotIdTtsSynthesizeError, PostBotsByBotIdTtsSynthesizeResponse, PostBotsByBotIdWebMessagesData, PostBotsByBotIdWebMessagesError, PostBotsByBotIdWebMessagesResponse, PostBotsByIdChannelByPlatformSendChatData, PostBotsByIdChannelByPlatformSendChatError, PostBotsByIdChannelByPlatformSendChatResponse, PostBotsByIdChannelByPlatformSendData, PostBotsByIdChannelByPlatformSendError, PostBotsByIdChannelByPlatformSendResponse, PostBotsData, PostBotsError, PostBotsResponse, PostBrowserContextsData, PostBrowserContextsError, PostBrowserContextsResponse, PostEmailMailgunWebhookByConfigIdData, PostEmailMailgunWebhookByConfigIdError, PostEmailMailgunWebhookByConfigIdResponse, PostEmailProvidersData, PostEmailProvidersError, PostEmailProvidersResponse, PostMemoryProvidersData, PostMemoryProvidersError, PostMemoryProvidersResponse, PostModelsByIdTestData, PostModelsByIdTestError, PostModelsByIdTestResponse, PostModelsData, PostModelsError, PostModelsResponse, PostProvidersByIdImportModelsData, PostProvidersByIdImportModelsError, PostProvidersByIdImportModelsResponse, PostProvidersByIdTestData, PostProvidersByIdTestError, PostProvidersByIdTestResponse, PostProvidersData, PostProvidersError, PostProvidersResponse, PostSearchProvidersData, PostSearchProvidersError, PostSearchProvidersResponse, PostTtsModelsByIdTestData, PostTtsModelsByIdTestError, PostTtsModelsData, PostTtsModelsError, PostTtsModelsResponse, PostTtsProvidersByIdImportModelsData, PostTtsProvidersByIdImportModelsError, PostTtsProvidersByIdImportModelsResponse, PostTtsProvidersData, PostTtsProvidersError, PostTtsProvidersResponse, PostUsersData, PostUsersError, PostUsersResponse, PutBotsByBotIdEmailBindingsByIdData, PutBotsByBotIdEmailBindingsByIdError, PutBotsByBotIdEmailBindingsByIdResponse, PutBotsByBotIdMcpByIdData, PutBotsByBotIdMcpByIdError, PutBotsByBotIdMcpByIdResponse, PutBotsByBotIdMcpImportData, PutBotsByBotIdMcpImportError, PutBotsByBotIdMcpImportResponse, PutBotsByBotIdScheduleByIdData, PutBotsByBotIdScheduleByIdError, PutBotsByBotIdScheduleByIdResponse, PutBotsByBotIdSettingsData, PutBotsByBotIdSettingsError, PutBotsByBotIdSettingsResponse, PutBotsByBotIdSubagentsByIdContextData, PutBotsByBotIdSubagentsByIdContextError, PutBotsByBotIdSubagentsByIdContextResponse, PutBotsByBotIdSubagentsByIdData, PutBotsByBotIdSubagentsByIdError, PutBotsByBotIdSubagentsByIdResponse, PutBotsByBotIdSubagentsByIdSkillsData, PutBotsByBotIdSubagentsByIdSkillsError, PutBotsByBotIdSubagentsByIdSkillsResponse, PutBotsByIdChannelByPlatformData, PutBotsByIdChannelByPlatformError, PutBotsByIdChannelByPlatformResponse, PutBotsByIdData, PutBotsByIdError, PutBotsByIdMembersData, PutBotsByIdMembersError, PutBotsByIdMembersResponse, PutBotsByIdOwnerData, PutBotsByIdOwnerError, PutBotsByIdOwnerResponse, PutBotsByIdResponse, PutBrowserContextsByIdData, PutBrowserContextsByIdError, PutBrowserContextsByIdResponse, PutEmailProvidersByIdData, PutEmailProvidersByIdError, PutEmailProvidersByIdResponse, PutMemoryProvidersByIdData, PutMemoryProvidersByIdError, PutMemoryProvidersByIdResponse, PutModelsByIdData, PutModelsByIdError, PutModelsByIdResponse, PutModelsModelByModelIdData, PutModelsModelByModelIdError, PutModelsModelByModelIdResponse, PutProvidersByIdData, PutProvidersByIdError, PutProvidersByIdResponse, PutSearchProvidersByIdData, PutSearchProvidersByIdError, PutSearchProvidersByIdResponse, PutTtsModelsByIdData, PutTtsModelsByIdError, PutTtsModelsByIdResponse, PutTtsProvidersByIdData, PutTtsProvidersByIdError, PutTtsProvidersByIdResponse, PutUsersByIdData, PutUsersByIdError, PutUsersByIdPasswordData, PutUsersByIdPasswordError, PutUsersByIdResponse, PutUsersMeChannelsByPlatformData, PutUsersMeChannelsByPlatformError, PutUsersMeChannelsByPlatformResponse, PutUsersMeData, PutUsersMeError, PutUsersMePasswordData, PutUsersMePasswordError, PutUsersMeResponse } from '../types.gen';
+import { deleteBotsByBotIdBlacklistByRuleId, deleteBotsByBotIdContainer, deleteBotsByBotIdContainerSkills, deleteBotsByBotIdEmailBindingsById, deleteBotsByBotIdHeartbeatLogs, deleteBotsByBotIdInboxById, deleteBotsByBotIdMcpById, deleteBotsByBotIdMcpByIdOauthToken, deleteBotsByBotIdMemory, deleteBotsByBotIdMemoryById, deleteBotsByBotIdMessages, deleteBotsByBotIdScheduleById, deleteBotsByBotIdSettings, deleteBotsByBotIdSubagentsById, deleteBotsByBotIdWhitelistByRuleId, deleteBotsById, deleteBotsByIdChannelByPlatform, deleteBrowserContextsById, deleteEmailProvidersById, deleteEmailProvidersByIdOauthToken, deleteMemoryProvidersById, deleteModelsById, deleteModelsModelByModelId, deleteProvidersById, deleteSearchProvidersById, deleteTtsModelsById, deleteTtsProvidersById, getBots, getBotsByBotIdAccessChannelIdentities, getBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversations, getBotsByBotIdAccessUsers, getBotsByBotIdBlacklist, getBotsByBotIdCliWs, getBotsByBotIdContainer, getBotsByBotIdContainerFs, getBotsByBotIdContainerFsDownload, getBotsByBotIdContainerFsList, getBotsByBotIdContainerFsRead, getBotsByBotIdContainerSkills, getBotsByBotIdContainerSnapshots, getBotsByBotIdContainerTerminal, getBotsByBotIdContainerTerminalWs, getBotsByBotIdEmailBindings, getBotsByBotIdEmailOutbox, getBotsByBotIdEmailOutboxById, getBotsByBotIdHeartbeatLogs, getBotsByBotIdInbox, getBotsByBotIdInboxById, getBotsByBotIdInboxCount, getBotsByBotIdMcp, getBotsByBotIdMcpById, getBotsByBotIdMcpByIdOauthStatus, getBotsByBotIdMcpExport, getBotsByBotIdMemory, getBotsByBotIdMemoryStatus, getBotsByBotIdMemoryUsage, getBotsByBotIdMessages, getBotsByBotIdSchedule, getBotsByBotIdScheduleById, getBotsByBotIdSettings, getBotsByBotIdSubagents, getBotsByBotIdSubagentsById, getBotsByBotIdSubagentsByIdContext, getBotsByBotIdSubagentsByIdSkills, getBotsByBotIdTokenUsage, getBotsByBotIdWebWs, getBotsByBotIdWhitelist, getBotsById, getBotsByIdChannelByPlatform, getBotsByIdChecks, getBrowserContexts, getBrowserContextsById, getBrowserContextsCores, getChannels, getChannelsByPlatform, getEmailOauthCallback, getEmailProviders, getEmailProvidersById, getEmailProvidersByIdOauthAuthorize, getEmailProvidersByIdOauthStatus, getEmailProvidersMeta, getMemoryProviders, getMemoryProvidersById, getMemoryProvidersByIdStatus, getMemoryProvidersMeta, getModels, getModelsById, getModelsCount, getModelsModelByModelId, getPing, getProviders, getProvidersById, getProvidersByIdModels, getProvidersCount, getProvidersNameByName, getSearchProviders, getSearchProvidersById, getSearchProvidersMeta, getTtsModels, getTtsModelsById, getTtsModelsByIdCapabilities, getTtsProviders, getTtsProvidersById, getTtsProvidersByIdModels, getTtsProvidersMeta, getUsers, getUsersById, getUsersMe, getUsersMeChannelsByPlatform, getUsersMeIdentities, type Options, patchBotsByIdChannelByPlatformStatus, postAuthLogin, postAuthRefresh, postBots, postBotsByBotIdCliMessages, postBotsByBotIdContainer, postBotsByBotIdContainerDataExport, postBotsByBotIdContainerDataImport, postBotsByBotIdContainerDataRestore, postBotsByBotIdContainerFsDelete, postBotsByBotIdContainerFsMkdir, postBotsByBotIdContainerFsRename, postBotsByBotIdContainerFsUpload, postBotsByBotIdContainerFsWrite, postBotsByBotIdContainerSkills, postBotsByBotIdContainerSnapshots, postBotsByBotIdContainerSnapshotsRollback, postBotsByBotIdContainerStart, postBotsByBotIdContainerStop, postBotsByBotIdEmailBindings, postBotsByBotIdInbox, postBotsByBotIdInboxMarkRead, postBotsByBotIdMcp, postBotsByBotIdMcpByIdOauthAuthorize, postBotsByBotIdMcpByIdOauthDiscover, postBotsByBotIdMcpByIdOauthExchange, postBotsByBotIdMcpByIdProbe, postBotsByBotIdMcpOpsBatchDelete, postBotsByBotIdMcpStdio, postBotsByBotIdMcpStdioByConnectionId, postBotsByBotIdMemory, postBotsByBotIdMemoryCompact, postBotsByBotIdMemoryRebuild, postBotsByBotIdMemorySearch, postBotsByBotIdSchedule, postBotsByBotIdSettings, postBotsByBotIdSubagents, postBotsByBotIdSubagentsByIdSkills, postBotsByBotIdTools, postBotsByBotIdTtsSynthesize, postBotsByBotIdWebMessages, postBotsByIdChannelByPlatformSend, postBotsByIdChannelByPlatformSendChat, postBrowserContexts, postEmailMailgunWebhookByConfigId, postEmailProviders, postMemoryProviders, postModels, postModelsByIdTest, postProviders, postProvidersByIdImportModels, postProvidersByIdTest, postSearchProviders, postTtsModels, postTtsModelsByIdTest, postTtsProviders, postTtsProvidersByIdImportModels, postUsers, putBotsByBotIdBlacklist, putBotsByBotIdEmailBindingsById, putBotsByBotIdMcpById, putBotsByBotIdMcpImport, putBotsByBotIdScheduleById, putBotsByBotIdSettings, putBotsByBotIdSubagentsById, putBotsByBotIdSubagentsByIdContext, putBotsByBotIdSubagentsByIdSkills, putBotsByBotIdWhitelist, putBotsById, putBotsByIdChannelByPlatform, putBotsByIdOwner, putBrowserContextsById, putEmailProvidersById, putMemoryProvidersById, putModelsById, putModelsModelByModelId, putProvidersById, putSearchProvidersById, putTtsModelsById, putTtsProvidersById, putUsersById, putUsersByIdPassword, putUsersMe, putUsersMeChannelsByPlatform, putUsersMePassword } from '../sdk.gen';
+import type { DeleteBotsByBotIdBlacklistByRuleIdData, DeleteBotsByBotIdBlacklistByRuleIdError, DeleteBotsByBotIdContainerData, DeleteBotsByBotIdContainerError, DeleteBotsByBotIdContainerSkillsData, DeleteBotsByBotIdContainerSkillsError, DeleteBotsByBotIdContainerSkillsResponse, DeleteBotsByBotIdEmailBindingsByIdData, DeleteBotsByBotIdEmailBindingsByIdError, DeleteBotsByBotIdHeartbeatLogsData, DeleteBotsByBotIdHeartbeatLogsError, DeleteBotsByBotIdInboxByIdData, DeleteBotsByBotIdInboxByIdError, DeleteBotsByBotIdMcpByIdData, DeleteBotsByBotIdMcpByIdError, DeleteBotsByBotIdMcpByIdOauthTokenData, DeleteBotsByBotIdMcpByIdOauthTokenError, DeleteBotsByBotIdMemoryByIdData, DeleteBotsByBotIdMemoryByIdError, DeleteBotsByBotIdMemoryByIdResponse, DeleteBotsByBotIdMemoryData, DeleteBotsByBotIdMemoryError, DeleteBotsByBotIdMemoryResponse, DeleteBotsByBotIdMessagesData, DeleteBotsByBotIdMessagesError, DeleteBotsByBotIdScheduleByIdData, DeleteBotsByBotIdScheduleByIdError, DeleteBotsByBotIdSettingsData, DeleteBotsByBotIdSettingsError, DeleteBotsByBotIdSubagentsByIdData, DeleteBotsByBotIdSubagentsByIdError, DeleteBotsByBotIdWhitelistByRuleIdData, DeleteBotsByBotIdWhitelistByRuleIdError, DeleteBotsByIdChannelByPlatformData, DeleteBotsByIdChannelByPlatformError, DeleteBotsByIdData, DeleteBotsByIdError, DeleteBotsByIdResponse, DeleteBrowserContextsByIdData, DeleteBrowserContextsByIdError, DeleteEmailProvidersByIdData, DeleteEmailProvidersByIdError, DeleteEmailProvidersByIdOauthTokenData, DeleteEmailProvidersByIdOauthTokenError, DeleteMemoryProvidersByIdData, DeleteMemoryProvidersByIdError, DeleteModelsByIdData, DeleteModelsByIdError, DeleteModelsModelByModelIdData, DeleteModelsModelByModelIdError, DeleteProvidersByIdData, DeleteProvidersByIdError, DeleteSearchProvidersByIdData, DeleteSearchProvidersByIdError, DeleteTtsModelsByIdData, DeleteTtsModelsByIdError, DeleteTtsProvidersByIdData, DeleteTtsProvidersByIdError, GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsData, GetBotsByBotIdAccessChannelIdentitiesData, GetBotsByBotIdAccessUsersData, GetBotsByBotIdBlacklistData, GetBotsByBotIdCliWsData, GetBotsByBotIdContainerData, GetBotsByBotIdContainerFsData, GetBotsByBotIdContainerFsDownloadData, GetBotsByBotIdContainerFsListData, GetBotsByBotIdContainerFsReadData, GetBotsByBotIdContainerSkillsData, GetBotsByBotIdContainerSnapshotsData, GetBotsByBotIdContainerTerminalData, GetBotsByBotIdContainerTerminalWsData, GetBotsByBotIdEmailBindingsData, GetBotsByBotIdEmailOutboxByIdData, GetBotsByBotIdEmailOutboxData, GetBotsByBotIdHeartbeatLogsData, GetBotsByBotIdInboxByIdData, GetBotsByBotIdInboxCountData, GetBotsByBotIdInboxData, GetBotsByBotIdMcpByIdData, GetBotsByBotIdMcpByIdOauthStatusData, GetBotsByBotIdMcpData, GetBotsByBotIdMcpExportData, GetBotsByBotIdMemoryData, GetBotsByBotIdMemoryStatusData, GetBotsByBotIdMemoryUsageData, GetBotsByBotIdMessagesData, GetBotsByBotIdScheduleByIdData, GetBotsByBotIdScheduleData, GetBotsByBotIdSettingsData, GetBotsByBotIdSubagentsByIdContextData, GetBotsByBotIdSubagentsByIdData, GetBotsByBotIdSubagentsByIdSkillsData, GetBotsByBotIdSubagentsData, GetBotsByBotIdTokenUsageData, GetBotsByBotIdWebWsData, GetBotsByBotIdWhitelistData, GetBotsByIdChannelByPlatformData, GetBotsByIdChecksData, GetBotsByIdData, GetBotsData, GetBrowserContextsByIdData, GetBrowserContextsCoresData, GetBrowserContextsData, GetChannelsByPlatformData, GetChannelsData, GetEmailOauthCallbackData, GetEmailProvidersByIdData, GetEmailProvidersByIdOauthAuthorizeData, GetEmailProvidersByIdOauthStatusData, GetEmailProvidersData, GetEmailProvidersMetaData, GetMemoryProvidersByIdData, GetMemoryProvidersByIdStatusData, GetMemoryProvidersData, GetMemoryProvidersMetaData, GetModelsByIdData, GetModelsCountData, GetModelsData, GetModelsModelByModelIdData, GetPingData, GetProvidersByIdData, GetProvidersByIdModelsData, GetProvidersCountData, GetProvidersData, GetProvidersNameByNameData, GetSearchProvidersByIdData, GetSearchProvidersData, GetSearchProvidersMetaData, GetTtsModelsByIdCapabilitiesData, GetTtsModelsByIdData, GetTtsModelsData, GetTtsProvidersByIdData, GetTtsProvidersByIdModelsData, GetTtsProvidersData, GetTtsProvidersMetaData, GetUsersByIdData, GetUsersData, GetUsersMeChannelsByPlatformData, GetUsersMeData, GetUsersMeIdentitiesData, PatchBotsByIdChannelByPlatformStatusData, PatchBotsByIdChannelByPlatformStatusError, PatchBotsByIdChannelByPlatformStatusResponse, PostAuthLoginData, PostAuthLoginError, PostAuthLoginResponse, PostAuthRefreshData, PostAuthRefreshError, PostAuthRefreshResponse, PostBotsByBotIdCliMessagesData, PostBotsByBotIdCliMessagesError, PostBotsByBotIdCliMessagesResponse, PostBotsByBotIdContainerData, PostBotsByBotIdContainerDataExportData, PostBotsByBotIdContainerDataExportError, PostBotsByBotIdContainerDataImportData, PostBotsByBotIdContainerDataImportError, PostBotsByBotIdContainerDataImportResponse, PostBotsByBotIdContainerDataRestoreData, PostBotsByBotIdContainerDataRestoreError, PostBotsByBotIdContainerDataRestoreResponse, PostBotsByBotIdContainerError, PostBotsByBotIdContainerFsDeleteData, PostBotsByBotIdContainerFsDeleteError, PostBotsByBotIdContainerFsDeleteResponse, PostBotsByBotIdContainerFsMkdirData, PostBotsByBotIdContainerFsMkdirError, PostBotsByBotIdContainerFsMkdirResponse, PostBotsByBotIdContainerFsRenameData, PostBotsByBotIdContainerFsRenameError, PostBotsByBotIdContainerFsRenameResponse, PostBotsByBotIdContainerFsUploadData, PostBotsByBotIdContainerFsUploadError, PostBotsByBotIdContainerFsUploadResponse, PostBotsByBotIdContainerFsWriteData, PostBotsByBotIdContainerFsWriteError, PostBotsByBotIdContainerFsWriteResponse, PostBotsByBotIdContainerResponse, PostBotsByBotIdContainerSkillsData, PostBotsByBotIdContainerSkillsError, PostBotsByBotIdContainerSkillsResponse, PostBotsByBotIdContainerSnapshotsData, PostBotsByBotIdContainerSnapshotsError, PostBotsByBotIdContainerSnapshotsResponse, PostBotsByBotIdContainerSnapshotsRollbackData, PostBotsByBotIdContainerSnapshotsRollbackError, PostBotsByBotIdContainerSnapshotsRollbackResponse, PostBotsByBotIdContainerStartData, PostBotsByBotIdContainerStartError, PostBotsByBotIdContainerStartResponse, PostBotsByBotIdContainerStopData, PostBotsByBotIdContainerStopError, PostBotsByBotIdContainerStopResponse, PostBotsByBotIdEmailBindingsData, PostBotsByBotIdEmailBindingsError, PostBotsByBotIdEmailBindingsResponse, PostBotsByBotIdInboxData, PostBotsByBotIdInboxError, PostBotsByBotIdInboxMarkReadData, PostBotsByBotIdInboxMarkReadError, PostBotsByBotIdInboxResponse, PostBotsByBotIdMcpByIdOauthAuthorizeData, PostBotsByBotIdMcpByIdOauthAuthorizeError, PostBotsByBotIdMcpByIdOauthAuthorizeResponse, PostBotsByBotIdMcpByIdOauthDiscoverData, PostBotsByBotIdMcpByIdOauthDiscoverError, PostBotsByBotIdMcpByIdOauthDiscoverResponse, PostBotsByBotIdMcpByIdOauthExchangeData, PostBotsByBotIdMcpByIdOauthExchangeError, PostBotsByBotIdMcpByIdOauthExchangeResponse, PostBotsByBotIdMcpByIdProbeData, PostBotsByBotIdMcpByIdProbeError, PostBotsByBotIdMcpByIdProbeResponse, PostBotsByBotIdMcpData, PostBotsByBotIdMcpError, PostBotsByBotIdMcpOpsBatchDeleteData, PostBotsByBotIdMcpOpsBatchDeleteError, PostBotsByBotIdMcpResponse, PostBotsByBotIdMcpStdioByConnectionIdData, PostBotsByBotIdMcpStdioByConnectionIdError, PostBotsByBotIdMcpStdioByConnectionIdResponse, PostBotsByBotIdMcpStdioData, PostBotsByBotIdMcpStdioError, PostBotsByBotIdMcpStdioResponse, PostBotsByBotIdMemoryCompactData, PostBotsByBotIdMemoryCompactError, PostBotsByBotIdMemoryCompactResponse, PostBotsByBotIdMemoryData, PostBotsByBotIdMemoryError, PostBotsByBotIdMemoryRebuildData, PostBotsByBotIdMemoryRebuildError, PostBotsByBotIdMemoryRebuildResponse, PostBotsByBotIdMemoryResponse, PostBotsByBotIdMemorySearchData, PostBotsByBotIdMemorySearchError, PostBotsByBotIdMemorySearchResponse, PostBotsByBotIdScheduleData, PostBotsByBotIdScheduleError, PostBotsByBotIdScheduleResponse, PostBotsByBotIdSettingsData, PostBotsByBotIdSettingsError, PostBotsByBotIdSettingsResponse, PostBotsByBotIdSubagentsByIdSkillsData, PostBotsByBotIdSubagentsByIdSkillsError, PostBotsByBotIdSubagentsByIdSkillsResponse, PostBotsByBotIdSubagentsData, PostBotsByBotIdSubagentsError, PostBotsByBotIdSubagentsResponse, PostBotsByBotIdToolsData, PostBotsByBotIdToolsError, PostBotsByBotIdToolsResponse, PostBotsByBotIdTtsSynthesizeData, PostBotsByBotIdTtsSynthesizeError, PostBotsByBotIdTtsSynthesizeResponse, PostBotsByBotIdWebMessagesData, PostBotsByBotIdWebMessagesError, PostBotsByBotIdWebMessagesResponse, PostBotsByIdChannelByPlatformSendChatData, PostBotsByIdChannelByPlatformSendChatError, PostBotsByIdChannelByPlatformSendChatResponse, PostBotsByIdChannelByPlatformSendData, PostBotsByIdChannelByPlatformSendError, PostBotsByIdChannelByPlatformSendResponse, PostBotsData, PostBotsError, PostBotsResponse, PostBrowserContextsData, PostBrowserContextsError, PostBrowserContextsResponse, PostEmailMailgunWebhookByConfigIdData, PostEmailMailgunWebhookByConfigIdError, PostEmailMailgunWebhookByConfigIdResponse, PostEmailProvidersData, PostEmailProvidersError, PostEmailProvidersResponse, PostMemoryProvidersData, PostMemoryProvidersError, PostMemoryProvidersResponse, PostModelsByIdTestData, PostModelsByIdTestError, PostModelsByIdTestResponse, PostModelsData, PostModelsError, PostModelsResponse, PostProvidersByIdImportModelsData, PostProvidersByIdImportModelsError, PostProvidersByIdImportModelsResponse, PostProvidersByIdTestData, PostProvidersByIdTestError, PostProvidersByIdTestResponse, PostProvidersData, PostProvidersError, PostProvidersResponse, PostSearchProvidersData, PostSearchProvidersError, PostSearchProvidersResponse, PostTtsModelsByIdTestData, PostTtsModelsByIdTestError, PostTtsModelsData, PostTtsModelsError, PostTtsModelsResponse, PostTtsProvidersByIdImportModelsData, PostTtsProvidersByIdImportModelsError, PostTtsProvidersByIdImportModelsResponse, PostTtsProvidersData, PostTtsProvidersError, PostTtsProvidersResponse, PostUsersData, PostUsersError, PostUsersResponse, PutBotsByBotIdBlacklistData, PutBotsByBotIdBlacklistError, PutBotsByBotIdBlacklistResponse, PutBotsByBotIdEmailBindingsByIdData, PutBotsByBotIdEmailBindingsByIdError, PutBotsByBotIdEmailBindingsByIdResponse, PutBotsByBotIdMcpByIdData, PutBotsByBotIdMcpByIdError, PutBotsByBotIdMcpByIdResponse, PutBotsByBotIdMcpImportData, PutBotsByBotIdMcpImportError, PutBotsByBotIdMcpImportResponse, PutBotsByBotIdScheduleByIdData, PutBotsByBotIdScheduleByIdError, PutBotsByBotIdScheduleByIdResponse, PutBotsByBotIdSettingsData, PutBotsByBotIdSettingsError, PutBotsByBotIdSettingsResponse, PutBotsByBotIdSubagentsByIdContextData, PutBotsByBotIdSubagentsByIdContextError, PutBotsByBotIdSubagentsByIdContextResponse, PutBotsByBotIdSubagentsByIdData, PutBotsByBotIdSubagentsByIdError, PutBotsByBotIdSubagentsByIdResponse, PutBotsByBotIdSubagentsByIdSkillsData, PutBotsByBotIdSubagentsByIdSkillsError, PutBotsByBotIdSubagentsByIdSkillsResponse, PutBotsByBotIdWhitelistData, PutBotsByBotIdWhitelistError, PutBotsByBotIdWhitelistResponse, PutBotsByIdChannelByPlatformData, PutBotsByIdChannelByPlatformError, PutBotsByIdChannelByPlatformResponse, PutBotsByIdData, PutBotsByIdError, PutBotsByIdOwnerData, PutBotsByIdOwnerError, PutBotsByIdOwnerResponse, PutBotsByIdResponse, PutBrowserContextsByIdData, PutBrowserContextsByIdError, PutBrowserContextsByIdResponse, PutEmailProvidersByIdData, PutEmailProvidersByIdError, PutEmailProvidersByIdResponse, PutMemoryProvidersByIdData, PutMemoryProvidersByIdError, PutMemoryProvidersByIdResponse, PutModelsByIdData, PutModelsByIdError, PutModelsByIdResponse, PutModelsModelByModelIdData, PutModelsModelByModelIdError, PutModelsModelByModelIdResponse, PutProvidersByIdData, PutProvidersByIdError, PutProvidersByIdResponse, PutSearchProvidersByIdData, PutSearchProvidersByIdError, PutSearchProvidersByIdResponse, PutTtsModelsByIdData, PutTtsModelsByIdError, PutTtsModelsByIdResponse, PutTtsProvidersByIdData, PutTtsProvidersByIdError, PutTtsProvidersByIdResponse, PutUsersByIdData, PutUsersByIdError, PutUsersByIdPasswordData, PutUsersByIdPasswordError, PutUsersByIdResponse, PutUsersMeChannelsByPlatformData, PutUsersMeChannelsByPlatformError, PutUsersMeChannelsByPlatformResponse, PutUsersMeData, PutUsersMeError, PutUsersMePasswordData, PutUsersMePasswordError, PutUsersMeResponse } from '../types.gen';
 
 /**
  * Login
@@ -109,6 +109,114 @@ export const postBotsMutation = (options?: Partial<Options<PostBotsData>>): UseM
     }
 });
 
+export const getBotsByBotIdAccessChannelIdentitiesQueryKey = (options: Options<GetBotsByBotIdAccessChannelIdentitiesData>) => createQueryKey('getBotsByBotIdAccessChannelIdentities', options);
+
+/**
+ * Search access channel identities
+ *
+ * Search locally observed channel identity candidates for bot access control
+ */
+export const getBotsByBotIdAccessChannelIdentitiesQuery = defineQueryOptions((options: Options<GetBotsByBotIdAccessChannelIdentitiesData>) => ({
+    key: getBotsByBotIdAccessChannelIdentitiesQueryKey(options),
+    query: async (context) => {
+        const { data } = await getBotsByBotIdAccessChannelIdentities({
+            ...options,
+            ...context,
+            throwOnError: true
+        });
+        return data;
+    }
+}));
+
+export const getBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsQueryKey = (options: Options<GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsData>) => createQueryKey('getBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversations', options);
+
+/**
+ * List observed conversations for a channel identity
+ *
+ * List previously observed conversation candidates for a channel identity under a bot
+ */
+export const getBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsQuery = defineQueryOptions((options: Options<GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsData>) => ({
+    key: getBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsQueryKey(options),
+    query: async (context) => {
+        const { data } = await getBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversations({
+            ...options,
+            ...context,
+            throwOnError: true
+        });
+        return data;
+    }
+}));
+
+export const getBotsByBotIdAccessUsersQueryKey = (options: Options<GetBotsByBotIdAccessUsersData>) => createQueryKey('getBotsByBotIdAccessUsers', options);
+
+/**
+ * Search access users
+ *
+ * Search user candidates for bot access control
+ */
+export const getBotsByBotIdAccessUsersQuery = defineQueryOptions((options: Options<GetBotsByBotIdAccessUsersData>) => ({
+    key: getBotsByBotIdAccessUsersQueryKey(options),
+    query: async (context) => {
+        const { data } = await getBotsByBotIdAccessUsers({
+            ...options,
+            ...context,
+            throwOnError: true
+        });
+        return data;
+    }
+}));
+
+export const getBotsByBotIdBlacklistQueryKey = (options: Options<GetBotsByBotIdBlacklistData>) => createQueryKey('getBotsByBotIdBlacklist', options);
+
+/**
+ * List bot blacklist
+ *
+ * List guest deny rules for chat trigger
+ */
+export const getBotsByBotIdBlacklistQuery = defineQueryOptions((options: Options<GetBotsByBotIdBlacklistData>) => ({
+    key: getBotsByBotIdBlacklistQueryKey(options),
+    query: async (context) => {
+        const { data } = await getBotsByBotIdBlacklist({
+            ...options,
+            ...context,
+            throwOnError: true
+        });
+        return data;
+    }
+}));
+
+/**
+ * Upsert bot blacklist entry
+ *
+ * Add a guest deny rule for chat trigger
+ */
+export const putBotsByBotIdBlacklistMutation = (options?: Partial<Options<PutBotsByBotIdBlacklistData>>): UseMutationOptions<PutBotsByBotIdBlacklistResponse, Options<PutBotsByBotIdBlacklistData>, PutBotsByBotIdBlacklistError> => ({
+    mutation: async (vars) => {
+        const { data } = await putBotsByBotIdBlacklist({
+            ...options,
+            ...vars,
+            throwOnError: true
+        });
+        return data;
+    }
+});
+
+/**
+ * Delete bot blacklist entry
+ *
+ * Delete a guest deny rule by rule ID
+ */
+export const deleteBotsByBotIdBlacklistByRuleIdMutation = (options?: Partial<Options<DeleteBotsByBotIdBlacklistByRuleIdData>>): UseMutationOptions<unknown, Options<DeleteBotsByBotIdBlacklistByRuleIdData>, DeleteBotsByBotIdBlacklistByRuleIdError> => ({
+    mutation: async (vars) => {
+        const { data } = await deleteBotsByBotIdBlacklistByRuleId({
+            ...options,
+            ...vars,
+            throwOnError: true
+        });
+        return data;
+    }
+});
+
 /**
  * Send a message to a local channel
  *
@@ -1646,6 +1754,57 @@ export const getBotsByBotIdWebWsQuery = defineQueryOptions((options: Options<Get
     }
 }));
 
+export const getBotsByBotIdWhitelistQueryKey = (options: Options<GetBotsByBotIdWhitelistData>) => createQueryKey('getBotsByBotIdWhitelist', options);
+
+/**
+ * List bot whitelist
+ *
+ * List guest allow rules for chat trigger
+ */
+export const getBotsByBotIdWhitelistQuery = defineQueryOptions((options: Options<GetBotsByBotIdWhitelistData>) => ({
+    key: getBotsByBotIdWhitelistQueryKey(options),
+    query: async (context) => {
+        const { data } = await getBotsByBotIdWhitelist({
+            ...options,
+            ...context,
+            throwOnError: true
+        });
+        return data;
+    }
+}));
+
+/**
+ * Upsert bot whitelist entry
+ *
+ * Add a guest allow rule for chat trigger
+ */
+export const putBotsByBotIdWhitelistMutation = (options?: Partial<Options<PutBotsByBotIdWhitelistData>>): UseMutationOptions<PutBotsByBotIdWhitelistResponse, Options<PutBotsByBotIdWhitelistData>, PutBotsByBotIdWhitelistError> => ({
+    mutation: async (vars) => {
+        const { data } = await putBotsByBotIdWhitelist({
+            ...options,
+            ...vars,
+            throwOnError: true
+        });
+        return data;
+    }
+});
+
+/**
+ * Delete bot whitelist entry
+ *
+ * Delete a guest allow rule by rule ID
+ */
+export const deleteBotsByBotIdWhitelistByRuleIdMutation = (options?: Partial<Options<DeleteBotsByBotIdWhitelistByRuleIdData>>): UseMutationOptions<unknown, Options<DeleteBotsByBotIdWhitelistByRuleIdData>, DeleteBotsByBotIdWhitelistByRuleIdError> => ({
+    mutation: async (vars) => {
+        const { data } = await deleteBotsByBotIdWhitelistByRuleId({
+            ...options,
+            ...vars,
+            throwOnError: true
+        });
+        return data;
+    }
+});
+
 /**
  * Delete bot
  *
@@ -1815,57 +1974,6 @@ export const getBotsByIdChecksQuery = defineQueryOptions((options: Options<GetBo
     }
 }));
 
-export const getBotsByIdMembersQueryKey = (options: Options<GetBotsByIdMembersData>) => createQueryKey('getBotsByIdMembers', options);
-
-/**
- * List bot members
- *
- * List members for a bot
- */
-export const getBotsByIdMembersQuery = defineQueryOptions((options: Options<GetBotsByIdMembersData>) => ({
-    key: getBotsByIdMembersQueryKey(options),
-    query: async (context) => {
-        const { data } = await getBotsByIdMembers({
-            ...options,
-            ...context,
-            throwOnError: true
-        });
-        return data;
-    }
-}));
-
-/**
- * Upsert bot member
- *
- * Add or update bot member role
- */
-export const putBotsByIdMembersMutation = (options?: Partial<Options<PutBotsByIdMembersData>>): UseMutationOptions<PutBotsByIdMembersResponse, Options<PutBotsByIdMembersData>, PutBotsByIdMembersError> => ({
-    mutation: async (vars) => {
-        const { data } = await putBotsByIdMembers({
-            ...options,
-            ...vars,
-            throwOnError: true
-        });
-        return data;
-    }
-});
-
-/**
- * Delete bot member
- *
- * Remove a member from a bot
- */
-export const deleteBotsByIdMembersByUserIdMutation = (options?: Partial<Options<DeleteBotsByIdMembersByUserIdData>>): UseMutationOptions<unknown, Options<DeleteBotsByIdMembersByUserIdData>, DeleteBotsByIdMembersByUserIdError> => ({
-    mutation: async (vars) => {
-        const { data } = await deleteBotsByIdMembersByUserId({
-            ...options,
-            ...vars,
-            throwOnError: true
-        });
-        return data;
-    }
-});
-
 /**
  * Transfer bot owner (admin only)
  *
diff --git a/packages/sdk/src/index.ts b/packages/sdk/src/index.ts
index fd5b29f7..fc1fc057 100644
--- a/packages/sdk/src/index.ts
+++ b/packages/sdk/src/index.ts
@@ -1,4 +1,4 @@
 // This file is auto-generated by @hey-api/openapi-ts
 
-export { deleteBotsByBotIdContainer, deleteBotsByBotIdContainerSkills, deleteBotsByBotIdEmailBindingsById, deleteBotsByBotIdHeartbeatLogs, deleteBotsByBotIdInboxById, deleteBotsByBotIdMcpById, deleteBotsByBotIdMcpByIdOauthToken, deleteBotsByBotIdMemory, deleteBotsByBotIdMemoryById, deleteBotsByBotIdMessages, deleteBotsByBotIdScheduleById, deleteBotsByBotIdSettings, deleteBotsByBotIdSubagentsById, deleteBotsById, deleteBotsByIdChannelByPlatform, deleteBotsByIdMembersByUserId, deleteBrowserContextsById, deleteEmailProvidersById, deleteEmailProvidersByIdOauthToken, deleteMemoryProvidersById, deleteModelsById, deleteModelsModelByModelId, deleteProvidersById, deleteSearchProvidersById, deleteTtsModelsById, deleteTtsProvidersById, getBots, getBotsByBotIdCliStream, getBotsByBotIdCliWs, getBotsByBotIdContainer, getBotsByBotIdContainerFs, getBotsByBotIdContainerFsDownload, getBotsByBotIdContainerFsList, getBotsByBotIdContainerFsRead, getBotsByBotIdContainerSkills, getBotsByBotIdContainerSnapshots, getBotsByBotIdContainerTerminal, getBotsByBotIdContainerTerminalWs, getBotsByBotIdEmailBindings, getBotsByBotIdEmailOutbox, getBotsByBotIdEmailOutboxById, getBotsByBotIdHeartbeatLogs, getBotsByBotIdInbox, getBotsByBotIdInboxById, getBotsByBotIdInboxCount, getBotsByBotIdMcp, getBotsByBotIdMcpById, getBotsByBotIdMcpByIdOauthStatus, getBotsByBotIdMcpExport, getBotsByBotIdMemory, getBotsByBotIdMemoryStatus, getBotsByBotIdMemoryUsage, getBotsByBotIdMessages, getBotsByBotIdSchedule, getBotsByBotIdScheduleById, getBotsByBotIdSettings, getBotsByBotIdSubagents, getBotsByBotIdSubagentsById, getBotsByBotIdSubagentsByIdContext, getBotsByBotIdSubagentsByIdSkills, getBotsByBotIdTokenUsage, getBotsByBotIdWebStream, getBotsByBotIdWebWs, getBotsById, getBotsByIdChannelByPlatform, getBotsByIdChecks, getBotsByIdMembers, getBrowserContexts, getBrowserContextsById, getBrowserContextsCores, getChannels, getChannelsByPlatform, getEmailOauthCallback, getEmailProviders, getEmailProvidersById, getEmailProvidersByIdOauthAuthorize, getEmailProvidersByIdOauthStatus, getEmailProvidersMeta, getMemoryProviders, getMemoryProvidersById, getMemoryProvidersByIdStatus, getMemoryProvidersMeta, getModels, getModelsById, getModelsCount, getModelsModelByModelId, getPing, getProviders, getProvidersById, getProvidersByIdModels, getProvidersCount, getProvidersNameByName, getSearchProviders, getSearchProvidersById, getSearchProvidersMeta, getTtsModels, getTtsModelsById, getTtsModelsByIdCapabilities, getTtsProviders, getTtsProvidersById, getTtsProvidersByIdModels, getTtsProvidersMeta, getUsers, getUsersById, getUsersMe, getUsersMeChannelsByPlatform, getUsersMeIdentities, type Options, patchBotsByIdChannelByPlatformStatus, postAuthLogin, postAuthRefresh, postBots, postBotsByBotIdCliMessages, postBotsByBotIdContainer, postBotsByBotIdContainerDataExport, postBotsByBotIdContainerDataImport, postBotsByBotIdContainerDataRestore, postBotsByBotIdContainerFsDelete, postBotsByBotIdContainerFsMkdir, postBotsByBotIdContainerFsRename, postBotsByBotIdContainerFsUpload, postBotsByBotIdContainerFsWrite, postBotsByBotIdContainerSkills, postBotsByBotIdContainerSnapshots, postBotsByBotIdContainerSnapshotsRollback, postBotsByBotIdContainerStart, postBotsByBotIdContainerStop, postBotsByBotIdEmailBindings, postBotsByBotIdInbox, postBotsByBotIdInboxMarkRead, postBotsByBotIdMcp, postBotsByBotIdMcpByIdOauthAuthorize, postBotsByBotIdMcpByIdOauthDiscover, postBotsByBotIdMcpByIdOauthExchange, postBotsByBotIdMcpByIdProbe, postBotsByBotIdMcpOpsBatchDelete, postBotsByBotIdMcpStdio, postBotsByBotIdMcpStdioByConnectionId, postBotsByBotIdMemory, postBotsByBotIdMemoryCompact, postBotsByBotIdMemoryRebuild, postBotsByBotIdMemorySearch, postBotsByBotIdSchedule, postBotsByBotIdSettings, postBotsByBotIdSubagents, postBotsByBotIdSubagentsByIdSkills, postBotsByBotIdTools, postBotsByBotIdTtsSynthesize, postBotsByBotIdWebMessages, postBotsByIdChannelByPlatformSend, postBotsByIdChannelByPlatformSendChat, postBrowserContexts, postEmailMailgunWebhookByConfigId, postEmailProviders, postMemoryProviders, postModels, postModelsByIdTest, postProviders, postProvidersByIdImportModels, postProvidersByIdTest, postSearchProviders, postTtsModels, postTtsModelsByIdTest, postTtsProviders, postTtsProvidersByIdImportModels, postUsers, putBotsByBotIdEmailBindingsById, putBotsByBotIdMcpById, putBotsByBotIdMcpImport, putBotsByBotIdScheduleById, putBotsByBotIdSettings, putBotsByBotIdSubagentsById, putBotsByBotIdSubagentsByIdContext, putBotsByBotIdSubagentsByIdSkills, putBotsById, putBotsByIdChannelByPlatform, putBotsByIdMembers, putBotsByIdOwner, putBrowserContextsById, putEmailProvidersById, putMemoryProvidersById, putModelsById, putModelsModelByModelId, putProvidersById, putSearchProvidersById, putTtsModelsById, putTtsProvidersById, putUsersById, putUsersByIdPassword, putUsersMe, putUsersMeChannelsByPlatform, putUsersMePassword } from './sdk.gen';
-export type { AccountsAccount, AccountsCreateAccountRequest, AccountsListAccountsResponse, AccountsResetPasswordRequest, AccountsUpdateAccountRequest, AccountsUpdatePasswordRequest, AccountsUpdateProfileRequest, AdaptersCdfPoint, AdaptersCompactResult, AdaptersDeleteResponse, AdaptersHealthStatus, AdaptersMemoryItem, AdaptersMemoryStatusResponse, AdaptersMessage, AdaptersProviderCollectionStatus, AdaptersProviderConfigSchema, AdaptersProviderCreateRequest, AdaptersProviderFieldSchema, AdaptersProviderGetResponse, AdaptersProviderMeta, AdaptersProviderStatusResponse, AdaptersProviderType, AdaptersProviderUpdateRequest, AdaptersRebuildResult, AdaptersSearchResponse, AdaptersTopKBucket, AdaptersUsageResponse, BotsBot, BotsBotCheck, BotsBotMember, BotsCreateBotRequest, BotsListBotsResponse, BotsListChecksResponse, BotsListMembersResponse, BotsTransferBotRequest, BotsUpdateBotRequest, BotsUpsertMemberRequest, BrowsercontextsBrowserContext, BrowsercontextsCreateRequest, BrowsercontextsUpdateRequest, ChannelAction, ChannelAttachment, ChannelAttachmentType, ChannelChannelCapabilities, ChannelChannelConfig, ChannelChannelIdentityBinding, ChannelConfigSchema, ChannelFieldSchema, ChannelFieldType, ChannelMessage, ChannelMessageFormat, ChannelMessagePart, ChannelMessagePartType, ChannelMessageTextStyle, ChannelReplyRef, ChannelSendRequest, ChannelTargetHint, ChannelTargetSpec, ChannelThreadRef, ChannelUpdateChannelStatusRequest, ChannelUpsertChannelIdentityConfigRequest, ChannelUpsertConfigRequest, ClientOptions, DeleteBotsByBotIdContainerData, DeleteBotsByBotIdContainerError, DeleteBotsByBotIdContainerErrors, DeleteBotsByBotIdContainerResponses, DeleteBotsByBotIdContainerSkillsData, DeleteBotsByBotIdContainerSkillsError, DeleteBotsByBotIdContainerSkillsErrors, DeleteBotsByBotIdContainerSkillsResponse, DeleteBotsByBotIdContainerSkillsResponses, DeleteBotsByBotIdEmailBindingsByIdData, DeleteBotsByBotIdEmailBindingsByIdError, DeleteBotsByBotIdEmailBindingsByIdErrors, DeleteBotsByBotIdEmailBindingsByIdResponses, DeleteBotsByBotIdHeartbeatLogsData, DeleteBotsByBotIdHeartbeatLogsError, DeleteBotsByBotIdHeartbeatLogsErrors, DeleteBotsByBotIdHeartbeatLogsResponses, DeleteBotsByBotIdInboxByIdData, DeleteBotsByBotIdInboxByIdError, DeleteBotsByBotIdInboxByIdErrors, DeleteBotsByBotIdInboxByIdResponses, DeleteBotsByBotIdMcpByIdData, DeleteBotsByBotIdMcpByIdError, DeleteBotsByBotIdMcpByIdErrors, DeleteBotsByBotIdMcpByIdOauthTokenData, DeleteBotsByBotIdMcpByIdOauthTokenError, DeleteBotsByBotIdMcpByIdOauthTokenErrors, DeleteBotsByBotIdMcpByIdOauthTokenResponses, DeleteBotsByBotIdMcpByIdResponses, DeleteBotsByBotIdMemoryByIdData, DeleteBotsByBotIdMemoryByIdError, DeleteBotsByBotIdMemoryByIdErrors, DeleteBotsByBotIdMemoryByIdResponse, DeleteBotsByBotIdMemoryByIdResponses, DeleteBotsByBotIdMemoryData, DeleteBotsByBotIdMemoryError, DeleteBotsByBotIdMemoryErrors, DeleteBotsByBotIdMemoryResponse, DeleteBotsByBotIdMemoryResponses, DeleteBotsByBotIdMessagesData, DeleteBotsByBotIdMessagesError, DeleteBotsByBotIdMessagesErrors, DeleteBotsByBotIdMessagesResponses, DeleteBotsByBotIdScheduleByIdData, DeleteBotsByBotIdScheduleByIdError, DeleteBotsByBotIdScheduleByIdErrors, DeleteBotsByBotIdScheduleByIdResponses, DeleteBotsByBotIdSettingsData, DeleteBotsByBotIdSettingsError, DeleteBotsByBotIdSettingsErrors, DeleteBotsByBotIdSettingsResponses, DeleteBotsByBotIdSubagentsByIdData, DeleteBotsByBotIdSubagentsByIdError, DeleteBotsByBotIdSubagentsByIdErrors, DeleteBotsByBotIdSubagentsByIdResponses, DeleteBotsByIdChannelByPlatformData, DeleteBotsByIdChannelByPlatformError, DeleteBotsByIdChannelByPlatformErrors, DeleteBotsByIdChannelByPlatformResponses, DeleteBotsByIdData, DeleteBotsByIdError, DeleteBotsByIdErrors, DeleteBotsByIdMembersByUserIdData, DeleteBotsByIdMembersByUserIdError, DeleteBotsByIdMembersByUserIdErrors, DeleteBotsByIdMembersByUserIdResponses, DeleteBotsByIdResponse, DeleteBotsByIdResponses, DeleteBrowserContextsByIdData, DeleteBrowserContextsByIdError, DeleteBrowserContextsByIdErrors, DeleteBrowserContextsByIdResponses, DeleteEmailProvidersByIdData, DeleteEmailProvidersByIdError, DeleteEmailProvidersByIdErrors, DeleteEmailProvidersByIdOauthTokenData, DeleteEmailProvidersByIdOauthTokenError, DeleteEmailProvidersByIdOauthTokenErrors, DeleteEmailProvidersByIdOauthTokenResponses, DeleteEmailProvidersByIdResponses, DeleteMemoryProvidersByIdData, DeleteMemoryProvidersByIdError, DeleteMemoryProvidersByIdErrors, DeleteMemoryProvidersByIdResponses, DeleteModelsByIdData, DeleteModelsByIdError, DeleteModelsByIdErrors, DeleteModelsByIdResponses, DeleteModelsModelByModelIdData, DeleteModelsModelByModelIdError, DeleteModelsModelByModelIdErrors, DeleteModelsModelByModelIdResponses, DeleteProvidersByIdData, DeleteProvidersByIdError, DeleteProvidersByIdErrors, DeleteProvidersByIdResponses, DeleteSearchProvidersByIdData, DeleteSearchProvidersByIdError, DeleteSearchProvidersByIdErrors, DeleteSearchProvidersByIdResponses, DeleteTtsModelsByIdData, DeleteTtsModelsByIdError, DeleteTtsModelsByIdErrors, DeleteTtsModelsByIdResponses, DeleteTtsProvidersByIdData, DeleteTtsProvidersByIdError, DeleteTtsProvidersByIdErrors, DeleteTtsProvidersByIdResponses, EmailBindingResponse, EmailConfigSchema, EmailCreateBindingRequest, EmailCreateProviderRequest, EmailFieldSchema, EmailOutboxItemResponse, EmailProviderMeta, EmailProviderResponse, EmailUpdateBindingRequest, EmailUpdateProviderRequest, GetBotsByBotIdCliStreamData, GetBotsByBotIdCliStreamError, GetBotsByBotIdCliStreamErrors, GetBotsByBotIdCliStreamResponse, GetBotsByBotIdCliStreamResponses, GetBotsByBotIdCliWsData, GetBotsByBotIdCliWsError, GetBotsByBotIdCliWsErrors, GetBotsByBotIdContainerData, GetBotsByBotIdContainerError, GetBotsByBotIdContainerErrors, GetBotsByBotIdContainerFsData, GetBotsByBotIdContainerFsDownloadData, GetBotsByBotIdContainerFsDownloadError, GetBotsByBotIdContainerFsDownloadErrors, GetBotsByBotIdContainerFsDownloadResponses, GetBotsByBotIdContainerFsError, GetBotsByBotIdContainerFsErrors, GetBotsByBotIdContainerFsListData, GetBotsByBotIdContainerFsListError, GetBotsByBotIdContainerFsListErrors, GetBotsByBotIdContainerFsListResponse, GetBotsByBotIdContainerFsListResponses, GetBotsByBotIdContainerFsReadData, GetBotsByBotIdContainerFsReadError, GetBotsByBotIdContainerFsReadErrors, GetBotsByBotIdContainerFsReadResponse, GetBotsByBotIdContainerFsReadResponses, GetBotsByBotIdContainerFsResponse, GetBotsByBotIdContainerFsResponses, GetBotsByBotIdContainerResponse, GetBotsByBotIdContainerResponses, GetBotsByBotIdContainerSkillsData, GetBotsByBotIdContainerSkillsError, GetBotsByBotIdContainerSkillsErrors, GetBotsByBotIdContainerSkillsResponse, GetBotsByBotIdContainerSkillsResponses, GetBotsByBotIdContainerSnapshotsData, GetBotsByBotIdContainerSnapshotsError, GetBotsByBotIdContainerSnapshotsErrors, GetBotsByBotIdContainerSnapshotsResponse, GetBotsByBotIdContainerSnapshotsResponses, GetBotsByBotIdContainerTerminalData, GetBotsByBotIdContainerTerminalError, GetBotsByBotIdContainerTerminalErrors, GetBotsByBotIdContainerTerminalResponse, GetBotsByBotIdContainerTerminalResponses, GetBotsByBotIdContainerTerminalWsData, GetBotsByBotIdContainerTerminalWsError, GetBotsByBotIdContainerTerminalWsErrors, GetBotsByBotIdEmailBindingsData, GetBotsByBotIdEmailBindingsError, GetBotsByBotIdEmailBindingsErrors, GetBotsByBotIdEmailBindingsResponse, GetBotsByBotIdEmailBindingsResponses, GetBotsByBotIdEmailOutboxByIdData, GetBotsByBotIdEmailOutboxByIdError, GetBotsByBotIdEmailOutboxByIdErrors, GetBotsByBotIdEmailOutboxByIdResponse, GetBotsByBotIdEmailOutboxByIdResponses, GetBotsByBotIdEmailOutboxData, GetBotsByBotIdEmailOutboxError, GetBotsByBotIdEmailOutboxErrors, GetBotsByBotIdEmailOutboxResponse, GetBotsByBotIdEmailOutboxResponses, GetBotsByBotIdHeartbeatLogsData, GetBotsByBotIdHeartbeatLogsError, GetBotsByBotIdHeartbeatLogsErrors, GetBotsByBotIdHeartbeatLogsResponse, GetBotsByBotIdHeartbeatLogsResponses, GetBotsByBotIdInboxByIdData, GetBotsByBotIdInboxByIdError, GetBotsByBotIdInboxByIdErrors, GetBotsByBotIdInboxByIdResponse, GetBotsByBotIdInboxByIdResponses, GetBotsByBotIdInboxCountData, GetBotsByBotIdInboxCountError, GetBotsByBotIdInboxCountErrors, GetBotsByBotIdInboxCountResponse, GetBotsByBotIdInboxCountResponses, GetBotsByBotIdInboxData, GetBotsByBotIdInboxError, GetBotsByBotIdInboxErrors, GetBotsByBotIdInboxResponse, GetBotsByBotIdInboxResponses, GetBotsByBotIdMcpByIdData, GetBotsByBotIdMcpByIdError, GetBotsByBotIdMcpByIdErrors, GetBotsByBotIdMcpByIdOauthStatusData, GetBotsByBotIdMcpByIdOauthStatusError, GetBotsByBotIdMcpByIdOauthStatusErrors, GetBotsByBotIdMcpByIdOauthStatusResponse, GetBotsByBotIdMcpByIdOauthStatusResponses, GetBotsByBotIdMcpByIdResponse, GetBotsByBotIdMcpByIdResponses, GetBotsByBotIdMcpData, GetBotsByBotIdMcpError, GetBotsByBotIdMcpErrors, GetBotsByBotIdMcpExportData, GetBotsByBotIdMcpExportError, GetBotsByBotIdMcpExportErrors, GetBotsByBotIdMcpExportResponse, GetBotsByBotIdMcpExportResponses, GetBotsByBotIdMcpResponse, GetBotsByBotIdMcpResponses, GetBotsByBotIdMemoryData, GetBotsByBotIdMemoryError, GetBotsByBotIdMemoryErrors, GetBotsByBotIdMemoryResponse, GetBotsByBotIdMemoryResponses, GetBotsByBotIdMemoryStatusData, GetBotsByBotIdMemoryStatusError, GetBotsByBotIdMemoryStatusErrors, GetBotsByBotIdMemoryStatusResponse, GetBotsByBotIdMemoryStatusResponses, GetBotsByBotIdMemoryUsageData, GetBotsByBotIdMemoryUsageError, GetBotsByBotIdMemoryUsageErrors, GetBotsByBotIdMemoryUsageResponse, GetBotsByBotIdMemoryUsageResponses, GetBotsByBotIdMessagesData, GetBotsByBotIdMessagesError, GetBotsByBotIdMessagesErrors, GetBotsByBotIdMessagesResponse, GetBotsByBotIdMessagesResponses, GetBotsByBotIdScheduleByIdData, GetBotsByBotIdScheduleByIdError, GetBotsByBotIdScheduleByIdErrors, GetBotsByBotIdScheduleByIdResponse, GetBotsByBotIdScheduleByIdResponses, GetBotsByBotIdScheduleData, GetBotsByBotIdScheduleError, GetBotsByBotIdScheduleErrors, GetBotsByBotIdScheduleResponse, GetBotsByBotIdScheduleResponses, GetBotsByBotIdSettingsData, GetBotsByBotIdSettingsError, GetBotsByBotIdSettingsErrors, GetBotsByBotIdSettingsResponse, GetBotsByBotIdSettingsResponses, GetBotsByBotIdSubagentsByIdContextData, GetBotsByBotIdSubagentsByIdContextError, GetBotsByBotIdSubagentsByIdContextErrors, GetBotsByBotIdSubagentsByIdContextResponse, GetBotsByBotIdSubagentsByIdContextResponses, GetBotsByBotIdSubagentsByIdData, GetBotsByBotIdSubagentsByIdError, GetBotsByBotIdSubagentsByIdErrors, GetBotsByBotIdSubagentsByIdResponse, GetBotsByBotIdSubagentsByIdResponses, GetBotsByBotIdSubagentsByIdSkillsData, GetBotsByBotIdSubagentsByIdSkillsError, GetBotsByBotIdSubagentsByIdSkillsErrors, GetBotsByBotIdSubagentsByIdSkillsResponse, GetBotsByBotIdSubagentsByIdSkillsResponses, GetBotsByBotIdSubagentsData, GetBotsByBotIdSubagentsError, GetBotsByBotIdSubagentsErrors, GetBotsByBotIdSubagentsResponse, GetBotsByBotIdSubagentsResponses, GetBotsByBotIdTokenUsageData, GetBotsByBotIdTokenUsageError, GetBotsByBotIdTokenUsageErrors, GetBotsByBotIdTokenUsageResponse, GetBotsByBotIdTokenUsageResponses, GetBotsByBotIdWebStreamData, GetBotsByBotIdWebStreamError, GetBotsByBotIdWebStreamErrors, GetBotsByBotIdWebStreamResponse, GetBotsByBotIdWebStreamResponses, GetBotsByBotIdWebWsData, GetBotsByBotIdWebWsError, GetBotsByBotIdWebWsErrors, GetBotsByIdChannelByPlatformData, GetBotsByIdChannelByPlatformError, GetBotsByIdChannelByPlatformErrors, GetBotsByIdChannelByPlatformResponse, GetBotsByIdChannelByPlatformResponses, GetBotsByIdChecksData, GetBotsByIdChecksError, GetBotsByIdChecksErrors, GetBotsByIdChecksResponse, GetBotsByIdChecksResponses, GetBotsByIdData, GetBotsByIdError, GetBotsByIdErrors, GetBotsByIdMembersData, GetBotsByIdMembersError, GetBotsByIdMembersErrors, GetBotsByIdMembersResponse, GetBotsByIdMembersResponses, GetBotsByIdResponse, GetBotsByIdResponses, GetBotsData, GetBotsError, GetBotsErrors, GetBotsResponse, GetBotsResponses, GetBrowserContextsByIdData, GetBrowserContextsByIdError, GetBrowserContextsByIdErrors, GetBrowserContextsByIdResponse, GetBrowserContextsByIdResponses, GetBrowserContextsCoresData, GetBrowserContextsCoresError, GetBrowserContextsCoresErrors, GetBrowserContextsCoresResponse, GetBrowserContextsCoresResponses, GetBrowserContextsData, GetBrowserContextsError, GetBrowserContextsErrors, GetBrowserContextsResponse, GetBrowserContextsResponses, GetChannelsByPlatformData, GetChannelsByPlatformError, GetChannelsByPlatformErrors, GetChannelsByPlatformResponse, GetChannelsByPlatformResponses, GetChannelsData, GetChannelsError, GetChannelsErrors, GetChannelsResponse, GetChannelsResponses, GetEmailOauthCallbackData, GetEmailOauthCallbackError, GetEmailOauthCallbackErrors, GetEmailOauthCallbackResponse, GetEmailOauthCallbackResponses, GetEmailProvidersByIdData, GetEmailProvidersByIdError, GetEmailProvidersByIdErrors, GetEmailProvidersByIdOauthAuthorizeData, GetEmailProvidersByIdOauthAuthorizeError, GetEmailProvidersByIdOauthAuthorizeErrors, GetEmailProvidersByIdOauthAuthorizeResponse, GetEmailProvidersByIdOauthAuthorizeResponses, GetEmailProvidersByIdOauthStatusData, GetEmailProvidersByIdOauthStatusError, GetEmailProvidersByIdOauthStatusErrors, GetEmailProvidersByIdOauthStatusResponse, GetEmailProvidersByIdOauthStatusResponses, GetEmailProvidersByIdResponse, GetEmailProvidersByIdResponses, GetEmailProvidersData, GetEmailProvidersError, GetEmailProvidersErrors, GetEmailProvidersMetaData, GetEmailProvidersMetaResponse, GetEmailProvidersMetaResponses, GetEmailProvidersResponse, GetEmailProvidersResponses, GetMemoryProvidersByIdData, GetMemoryProvidersByIdError, GetMemoryProvidersByIdErrors, GetMemoryProvidersByIdResponse, GetMemoryProvidersByIdResponses, GetMemoryProvidersByIdStatusData, GetMemoryProvidersByIdStatusError, GetMemoryProvidersByIdStatusErrors, GetMemoryProvidersByIdStatusResponse, GetMemoryProvidersByIdStatusResponses, GetMemoryProvidersData, GetMemoryProvidersError, GetMemoryProvidersErrors, GetMemoryProvidersMetaData, GetMemoryProvidersMetaResponse, GetMemoryProvidersMetaResponses, GetMemoryProvidersResponse, GetMemoryProvidersResponses, GetModelsByIdData, GetModelsByIdError, GetModelsByIdErrors, GetModelsByIdResponse, GetModelsByIdResponses, GetModelsCountData, GetModelsCountError, GetModelsCountErrors, GetModelsCountResponse, GetModelsCountResponses, GetModelsData, GetModelsError, GetModelsErrors, GetModelsModelByModelIdData, GetModelsModelByModelIdError, GetModelsModelByModelIdErrors, GetModelsModelByModelIdResponse, GetModelsModelByModelIdResponses, GetModelsResponse, GetModelsResponses, GetPingData, GetPingResponse, GetPingResponses, GetProvidersByIdData, GetProvidersByIdError, GetProvidersByIdErrors, GetProvidersByIdModelsData, GetProvidersByIdModelsError, GetProvidersByIdModelsErrors, GetProvidersByIdModelsResponse, GetProvidersByIdModelsResponses, GetProvidersByIdResponse, GetProvidersByIdResponses, GetProvidersCountData, GetProvidersCountError, GetProvidersCountErrors, GetProvidersCountResponse, GetProvidersCountResponses, GetProvidersData, GetProvidersError, GetProvidersErrors, GetProvidersNameByNameData, GetProvidersNameByNameError, GetProvidersNameByNameErrors, GetProvidersNameByNameResponse, GetProvidersNameByNameResponses, GetProvidersResponse, GetProvidersResponses, GetSearchProvidersByIdData, GetSearchProvidersByIdError, GetSearchProvidersByIdErrors, GetSearchProvidersByIdResponse, GetSearchProvidersByIdResponses, GetSearchProvidersData, GetSearchProvidersError, GetSearchProvidersErrors, GetSearchProvidersMetaData, GetSearchProvidersMetaResponse, GetSearchProvidersMetaResponses, GetSearchProvidersResponse, GetSearchProvidersResponses, GetTtsModelsByIdCapabilitiesData, GetTtsModelsByIdCapabilitiesError, GetTtsModelsByIdCapabilitiesErrors, GetTtsModelsByIdCapabilitiesResponse, GetTtsModelsByIdCapabilitiesResponses, GetTtsModelsByIdData, GetTtsModelsByIdError, GetTtsModelsByIdErrors, GetTtsModelsByIdResponse, GetTtsModelsByIdResponses, GetTtsModelsData, GetTtsModelsError, GetTtsModelsErrors, GetTtsModelsResponse, GetTtsModelsResponses, GetTtsProvidersByIdData, GetTtsProvidersByIdError, GetTtsProvidersByIdErrors, GetTtsProvidersByIdModelsData, GetTtsProvidersByIdModelsError, GetTtsProvidersByIdModelsErrors, GetTtsProvidersByIdModelsResponse, GetTtsProvidersByIdModelsResponses, GetTtsProvidersByIdResponse, GetTtsProvidersByIdResponses, GetTtsProvidersData, GetTtsProvidersError, GetTtsProvidersErrors, GetTtsProvidersMetaData, GetTtsProvidersMetaResponse, GetTtsProvidersMetaResponses, GetTtsProvidersResponse, GetTtsProvidersResponses, GetUsersByIdData, GetUsersByIdError, GetUsersByIdErrors, GetUsersByIdResponse, GetUsersByIdResponses, GetUsersData, GetUsersError, GetUsersErrors, GetUsersMeChannelsByPlatformData, GetUsersMeChannelsByPlatformError, GetUsersMeChannelsByPlatformErrors, GetUsersMeChannelsByPlatformResponse, GetUsersMeChannelsByPlatformResponses, GetUsersMeData, GetUsersMeError, GetUsersMeErrors, GetUsersMeIdentitiesData, GetUsersMeIdentitiesError, GetUsersMeIdentitiesErrors, GetUsersMeIdentitiesResponse, GetUsersMeIdentitiesResponses, GetUsersMeResponse, GetUsersMeResponses, GetUsersResponse, GetUsersResponses, GithubComMemohaiMemohInternalMcpConnection, HandlersBatchDeleteRequest, HandlersBrowserCoresResponse, HandlersChannelMeta, HandlersCreateContainerRequest, HandlersCreateContainerResponse, HandlersCreateSnapshotRequest, HandlersCreateSnapshotResponse, HandlersDailyTokenUsage, HandlersEmailOAuthStatusResponse, HandlersErrorResponse, HandlersFsDeleteRequest, HandlersFsFileInfo, HandlersFsListResponse, HandlersFsMkdirRequest, HandlersFsOpResponse, HandlersFsReadResponse, HandlersFsRenameRequest, HandlersFsUploadResponse, HandlersFsWriteRequest, HandlersGetContainerResponse, HandlersListMyIdentitiesResponse, HandlersListSnapshotsResponse, HandlersLocalChannelMessageRequest, HandlersLoginRequest, HandlersLoginResponse, HandlersMarkReadRequest, HandlersMcpStdioRequest, HandlersMcpStdioResponse, HandlersMemoryAddPayload, HandlersMemoryCompactPayload, HandlersMemoryDeletePayload, HandlersMemorySearchPayload, HandlersModelTokenUsage, HandlersOauthAuthorizeRequest, HandlersOauthDiscoverRequest, HandlersOauthExchangeRequest, HandlersPingResponse, HandlersProbeResponse, HandlersRefreshResponse, HandlersRollbackRequest, HandlersSkillItem, HandlersSkillsDeleteRequest, HandlersSkillsOpResponse, HandlersSkillsResponse, HandlersSkillsUpsertRequest, HandlersSnapshotInfo, HandlersSynthesizeRequest, HandlersSynthesizeResponse, HandlersTerminalInfoResponse, HandlersTokenUsageResponse, HeartbeatListLogsResponse, HeartbeatLog, IdentitiesChannelIdentity, InboxCountResult, InboxCreateRequest, InboxItem, McpAuthorizeResult, McpDiscoveryResult, McpExportResponse, McpImportRequest, McpListResponse, McpMcpServerEntry, McpOAuthStatus, McpToolDescriptor, McpUpsertRequest, MessageMessage, MessageMessageAsset, ModelsAddRequest, ModelsAddResponse, ModelsClientType, ModelsCountResponse, ModelsGetResponse, ModelsModelType, ModelsTestResponse, ModelsTestStatus, ModelsUpdateRequest, PatchBotsByIdChannelByPlatformStatusData, PatchBotsByIdChannelByPlatformStatusError, PatchBotsByIdChannelByPlatformStatusErrors, PatchBotsByIdChannelByPlatformStatusResponse, PatchBotsByIdChannelByPlatformStatusResponses, PostAuthLoginData, PostAuthLoginError, PostAuthLoginErrors, PostAuthLoginResponse, PostAuthLoginResponses, PostAuthRefreshData, PostAuthRefreshError, PostAuthRefreshErrors, PostAuthRefreshResponse, PostAuthRefreshResponses, PostBotsByBotIdCliMessagesData, PostBotsByBotIdCliMessagesError, PostBotsByBotIdCliMessagesErrors, PostBotsByBotIdCliMessagesResponse, PostBotsByBotIdCliMessagesResponses, PostBotsByBotIdContainerData, PostBotsByBotIdContainerDataExportData, PostBotsByBotIdContainerDataExportError, PostBotsByBotIdContainerDataExportErrors, PostBotsByBotIdContainerDataExportResponses, PostBotsByBotIdContainerDataImportData, PostBotsByBotIdContainerDataImportError, PostBotsByBotIdContainerDataImportErrors, PostBotsByBotIdContainerDataImportResponse, PostBotsByBotIdContainerDataImportResponses, PostBotsByBotIdContainerDataRestoreData, PostBotsByBotIdContainerDataRestoreError, PostBotsByBotIdContainerDataRestoreErrors, PostBotsByBotIdContainerDataRestoreResponse, PostBotsByBotIdContainerDataRestoreResponses, PostBotsByBotIdContainerError, PostBotsByBotIdContainerErrors, PostBotsByBotIdContainerFsDeleteData, PostBotsByBotIdContainerFsDeleteError, PostBotsByBotIdContainerFsDeleteErrors, PostBotsByBotIdContainerFsDeleteResponse, PostBotsByBotIdContainerFsDeleteResponses, PostBotsByBotIdContainerFsMkdirData, PostBotsByBotIdContainerFsMkdirError, PostBotsByBotIdContainerFsMkdirErrors, PostBotsByBotIdContainerFsMkdirResponse, PostBotsByBotIdContainerFsMkdirResponses, PostBotsByBotIdContainerFsRenameData, PostBotsByBotIdContainerFsRenameError, PostBotsByBotIdContainerFsRenameErrors, PostBotsByBotIdContainerFsRenameResponse, PostBotsByBotIdContainerFsRenameResponses, PostBotsByBotIdContainerFsUploadData, PostBotsByBotIdContainerFsUploadError, PostBotsByBotIdContainerFsUploadErrors, PostBotsByBotIdContainerFsUploadResponse, PostBotsByBotIdContainerFsUploadResponses, PostBotsByBotIdContainerFsWriteData, PostBotsByBotIdContainerFsWriteError, PostBotsByBotIdContainerFsWriteErrors, PostBotsByBotIdContainerFsWriteResponse, PostBotsByBotIdContainerFsWriteResponses, PostBotsByBotIdContainerResponse, PostBotsByBotIdContainerResponses, PostBotsByBotIdContainerSkillsData, PostBotsByBotIdContainerSkillsError, PostBotsByBotIdContainerSkillsErrors, PostBotsByBotIdContainerSkillsResponse, PostBotsByBotIdContainerSkillsResponses, PostBotsByBotIdContainerSnapshotsData, PostBotsByBotIdContainerSnapshotsError, PostBotsByBotIdContainerSnapshotsErrors, PostBotsByBotIdContainerSnapshotsResponse, PostBotsByBotIdContainerSnapshotsResponses, PostBotsByBotIdContainerSnapshotsRollbackData, PostBotsByBotIdContainerSnapshotsRollbackError, PostBotsByBotIdContainerSnapshotsRollbackErrors, PostBotsByBotIdContainerSnapshotsRollbackResponse, PostBotsByBotIdContainerSnapshotsRollbackResponses, PostBotsByBotIdContainerStartData, PostBotsByBotIdContainerStartError, PostBotsByBotIdContainerStartErrors, PostBotsByBotIdContainerStartResponse, PostBotsByBotIdContainerStartResponses, PostBotsByBotIdContainerStopData, PostBotsByBotIdContainerStopError, PostBotsByBotIdContainerStopErrors, PostBotsByBotIdContainerStopResponse, PostBotsByBotIdContainerStopResponses, PostBotsByBotIdEmailBindingsData, PostBotsByBotIdEmailBindingsError, PostBotsByBotIdEmailBindingsErrors, PostBotsByBotIdEmailBindingsResponse, PostBotsByBotIdEmailBindingsResponses, PostBotsByBotIdInboxData, PostBotsByBotIdInboxError, PostBotsByBotIdInboxErrors, PostBotsByBotIdInboxMarkReadData, PostBotsByBotIdInboxMarkReadError, PostBotsByBotIdInboxMarkReadErrors, PostBotsByBotIdInboxMarkReadResponses, PostBotsByBotIdInboxResponse, PostBotsByBotIdInboxResponses, PostBotsByBotIdMcpByIdOauthAuthorizeData, PostBotsByBotIdMcpByIdOauthAuthorizeError, PostBotsByBotIdMcpByIdOauthAuthorizeErrors, PostBotsByBotIdMcpByIdOauthAuthorizeResponse, PostBotsByBotIdMcpByIdOauthAuthorizeResponses, PostBotsByBotIdMcpByIdOauthDiscoverData, PostBotsByBotIdMcpByIdOauthDiscoverError, PostBotsByBotIdMcpByIdOauthDiscoverErrors, PostBotsByBotIdMcpByIdOauthDiscoverResponse, PostBotsByBotIdMcpByIdOauthDiscoverResponses, PostBotsByBotIdMcpByIdOauthExchangeData, PostBotsByBotIdMcpByIdOauthExchangeError, PostBotsByBotIdMcpByIdOauthExchangeErrors, PostBotsByBotIdMcpByIdOauthExchangeResponse, PostBotsByBotIdMcpByIdOauthExchangeResponses, PostBotsByBotIdMcpByIdProbeData, PostBotsByBotIdMcpByIdProbeError, PostBotsByBotIdMcpByIdProbeErrors, PostBotsByBotIdMcpByIdProbeResponse, PostBotsByBotIdMcpByIdProbeResponses, PostBotsByBotIdMcpData, PostBotsByBotIdMcpError, PostBotsByBotIdMcpErrors, PostBotsByBotIdMcpOpsBatchDeleteData, PostBotsByBotIdMcpOpsBatchDeleteError, PostBotsByBotIdMcpOpsBatchDeleteErrors, PostBotsByBotIdMcpOpsBatchDeleteResponses, PostBotsByBotIdMcpResponse, PostBotsByBotIdMcpResponses, PostBotsByBotIdMcpStdioByConnectionIdData, PostBotsByBotIdMcpStdioByConnectionIdError, PostBotsByBotIdMcpStdioByConnectionIdErrors, PostBotsByBotIdMcpStdioByConnectionIdResponse, PostBotsByBotIdMcpStdioByConnectionIdResponses, PostBotsByBotIdMcpStdioData, PostBotsByBotIdMcpStdioError, PostBotsByBotIdMcpStdioErrors, PostBotsByBotIdMcpStdioResponse, PostBotsByBotIdMcpStdioResponses, PostBotsByBotIdMemoryCompactData, PostBotsByBotIdMemoryCompactError, PostBotsByBotIdMemoryCompactErrors, PostBotsByBotIdMemoryCompactResponse, PostBotsByBotIdMemoryCompactResponses, PostBotsByBotIdMemoryData, PostBotsByBotIdMemoryError, PostBotsByBotIdMemoryErrors, PostBotsByBotIdMemoryRebuildData, PostBotsByBotIdMemoryRebuildError, PostBotsByBotIdMemoryRebuildErrors, PostBotsByBotIdMemoryRebuildResponse, PostBotsByBotIdMemoryRebuildResponses, PostBotsByBotIdMemoryResponse, PostBotsByBotIdMemoryResponses, PostBotsByBotIdMemorySearchData, PostBotsByBotIdMemorySearchError, PostBotsByBotIdMemorySearchErrors, PostBotsByBotIdMemorySearchResponse, PostBotsByBotIdMemorySearchResponses, PostBotsByBotIdScheduleData, PostBotsByBotIdScheduleError, PostBotsByBotIdScheduleErrors, PostBotsByBotIdScheduleResponse, PostBotsByBotIdScheduleResponses, PostBotsByBotIdSettingsData, PostBotsByBotIdSettingsError, PostBotsByBotIdSettingsErrors, PostBotsByBotIdSettingsResponse, PostBotsByBotIdSettingsResponses, PostBotsByBotIdSubagentsByIdSkillsData, PostBotsByBotIdSubagentsByIdSkillsError, PostBotsByBotIdSubagentsByIdSkillsErrors, PostBotsByBotIdSubagentsByIdSkillsResponse, PostBotsByBotIdSubagentsByIdSkillsResponses, PostBotsByBotIdSubagentsData, PostBotsByBotIdSubagentsError, PostBotsByBotIdSubagentsErrors, PostBotsByBotIdSubagentsResponse, PostBotsByBotIdSubagentsResponses, PostBotsByBotIdToolsData, PostBotsByBotIdToolsError, PostBotsByBotIdToolsErrors, PostBotsByBotIdToolsResponse, PostBotsByBotIdToolsResponses, PostBotsByBotIdTtsSynthesizeData, PostBotsByBotIdTtsSynthesizeError, PostBotsByBotIdTtsSynthesizeErrors, PostBotsByBotIdTtsSynthesizeResponse, PostBotsByBotIdTtsSynthesizeResponses, PostBotsByBotIdWebMessagesData, PostBotsByBotIdWebMessagesError, PostBotsByBotIdWebMessagesErrors, PostBotsByBotIdWebMessagesResponse, PostBotsByBotIdWebMessagesResponses, PostBotsByIdChannelByPlatformSendChatData, PostBotsByIdChannelByPlatformSendChatError, PostBotsByIdChannelByPlatformSendChatErrors, PostBotsByIdChannelByPlatformSendChatResponse, PostBotsByIdChannelByPlatformSendChatResponses, PostBotsByIdChannelByPlatformSendData, PostBotsByIdChannelByPlatformSendError, PostBotsByIdChannelByPlatformSendErrors, PostBotsByIdChannelByPlatformSendResponse, PostBotsByIdChannelByPlatformSendResponses, PostBotsData, PostBotsError, PostBotsErrors, PostBotsResponse, PostBotsResponses, PostBrowserContextsData, PostBrowserContextsError, PostBrowserContextsErrors, PostBrowserContextsResponse, PostBrowserContextsResponses, PostEmailMailgunWebhookByConfigIdData, PostEmailMailgunWebhookByConfigIdError, PostEmailMailgunWebhookByConfigIdErrors, PostEmailMailgunWebhookByConfigIdResponse, PostEmailMailgunWebhookByConfigIdResponses, PostEmailProvidersData, PostEmailProvidersError, PostEmailProvidersErrors, PostEmailProvidersResponse, PostEmailProvidersResponses, PostMemoryProvidersData, PostMemoryProvidersError, PostMemoryProvidersErrors, PostMemoryProvidersResponse, PostMemoryProvidersResponses, PostModelsByIdTestData, PostModelsByIdTestError, PostModelsByIdTestErrors, PostModelsByIdTestResponse, PostModelsByIdTestResponses, PostModelsData, PostModelsError, PostModelsErrors, PostModelsResponse, PostModelsResponses, PostProvidersByIdImportModelsData, PostProvidersByIdImportModelsError, PostProvidersByIdImportModelsErrors, PostProvidersByIdImportModelsResponse, PostProvidersByIdImportModelsResponses, PostProvidersByIdTestData, PostProvidersByIdTestError, PostProvidersByIdTestErrors, PostProvidersByIdTestResponse, PostProvidersByIdTestResponses, PostProvidersData, PostProvidersError, PostProvidersErrors, PostProvidersResponse, PostProvidersResponses, PostSearchProvidersData, PostSearchProvidersError, PostSearchProvidersErrors, PostSearchProvidersResponse, PostSearchProvidersResponses, PostTtsModelsByIdTestData, PostTtsModelsByIdTestError, PostTtsModelsByIdTestErrors, PostTtsModelsByIdTestResponses, PostTtsModelsData, PostTtsModelsError, PostTtsModelsErrors, PostTtsModelsResponse, PostTtsModelsResponses, PostTtsProvidersByIdImportModelsData, PostTtsProvidersByIdImportModelsError, PostTtsProvidersByIdImportModelsErrors, PostTtsProvidersByIdImportModelsResponse, PostTtsProvidersByIdImportModelsResponses, PostTtsProvidersData, PostTtsProvidersError, PostTtsProvidersErrors, PostTtsProvidersResponse, PostTtsProvidersResponses, PostUsersData, PostUsersError, PostUsersErrors, PostUsersResponse, PostUsersResponses, ProvidersCountResponse, ProvidersCreateRequest, ProvidersGetResponse, ProvidersImportModelsRequest, ProvidersImportModelsResponse, ProvidersTestResponse, ProvidersUpdateRequest, PutBotsByBotIdEmailBindingsByIdData, PutBotsByBotIdEmailBindingsByIdError, PutBotsByBotIdEmailBindingsByIdErrors, PutBotsByBotIdEmailBindingsByIdResponse, PutBotsByBotIdEmailBindingsByIdResponses, PutBotsByBotIdMcpByIdData, PutBotsByBotIdMcpByIdError, PutBotsByBotIdMcpByIdErrors, PutBotsByBotIdMcpByIdResponse, PutBotsByBotIdMcpByIdResponses, PutBotsByBotIdMcpImportData, PutBotsByBotIdMcpImportError, PutBotsByBotIdMcpImportErrors, PutBotsByBotIdMcpImportResponse, PutBotsByBotIdMcpImportResponses, PutBotsByBotIdScheduleByIdData, PutBotsByBotIdScheduleByIdError, PutBotsByBotIdScheduleByIdErrors, PutBotsByBotIdScheduleByIdResponse, PutBotsByBotIdScheduleByIdResponses, PutBotsByBotIdSettingsData, PutBotsByBotIdSettingsError, PutBotsByBotIdSettingsErrors, PutBotsByBotIdSettingsResponse, PutBotsByBotIdSettingsResponses, PutBotsByBotIdSubagentsByIdContextData, PutBotsByBotIdSubagentsByIdContextError, PutBotsByBotIdSubagentsByIdContextErrors, PutBotsByBotIdSubagentsByIdContextResponse, PutBotsByBotIdSubagentsByIdContextResponses, PutBotsByBotIdSubagentsByIdData, PutBotsByBotIdSubagentsByIdError, PutBotsByBotIdSubagentsByIdErrors, PutBotsByBotIdSubagentsByIdResponse, PutBotsByBotIdSubagentsByIdResponses, PutBotsByBotIdSubagentsByIdSkillsData, PutBotsByBotIdSubagentsByIdSkillsError, PutBotsByBotIdSubagentsByIdSkillsErrors, PutBotsByBotIdSubagentsByIdSkillsResponse, PutBotsByBotIdSubagentsByIdSkillsResponses, PutBotsByIdChannelByPlatformData, PutBotsByIdChannelByPlatformError, PutBotsByIdChannelByPlatformErrors, PutBotsByIdChannelByPlatformResponse, PutBotsByIdChannelByPlatformResponses, PutBotsByIdData, PutBotsByIdError, PutBotsByIdErrors, PutBotsByIdMembersData, PutBotsByIdMembersError, PutBotsByIdMembersErrors, PutBotsByIdMembersResponse, PutBotsByIdMembersResponses, PutBotsByIdOwnerData, PutBotsByIdOwnerError, PutBotsByIdOwnerErrors, PutBotsByIdOwnerResponse, PutBotsByIdOwnerResponses, PutBotsByIdResponse, PutBotsByIdResponses, PutBrowserContextsByIdData, PutBrowserContextsByIdError, PutBrowserContextsByIdErrors, PutBrowserContextsByIdResponse, PutBrowserContextsByIdResponses, PutEmailProvidersByIdData, PutEmailProvidersByIdError, PutEmailProvidersByIdErrors, PutEmailProvidersByIdResponse, PutEmailProvidersByIdResponses, PutMemoryProvidersByIdData, PutMemoryProvidersByIdError, PutMemoryProvidersByIdErrors, PutMemoryProvidersByIdResponse, PutMemoryProvidersByIdResponses, PutModelsByIdData, PutModelsByIdError, PutModelsByIdErrors, PutModelsByIdResponse, PutModelsByIdResponses, PutModelsModelByModelIdData, PutModelsModelByModelIdError, PutModelsModelByModelIdErrors, PutModelsModelByModelIdResponse, PutModelsModelByModelIdResponses, PutProvidersByIdData, PutProvidersByIdError, PutProvidersByIdErrors, PutProvidersByIdResponse, PutProvidersByIdResponses, PutSearchProvidersByIdData, PutSearchProvidersByIdError, PutSearchProvidersByIdErrors, PutSearchProvidersByIdResponse, PutSearchProvidersByIdResponses, PutTtsModelsByIdData, PutTtsModelsByIdError, PutTtsModelsByIdErrors, PutTtsModelsByIdResponse, PutTtsModelsByIdResponses, PutTtsProvidersByIdData, PutTtsProvidersByIdError, PutTtsProvidersByIdErrors, PutTtsProvidersByIdResponse, PutTtsProvidersByIdResponses, PutUsersByIdData, PutUsersByIdError, PutUsersByIdErrors, PutUsersByIdPasswordData, PutUsersByIdPasswordError, PutUsersByIdPasswordErrors, PutUsersByIdPasswordResponses, PutUsersByIdResponse, PutUsersByIdResponses, PutUsersMeChannelsByPlatformData, PutUsersMeChannelsByPlatformError, PutUsersMeChannelsByPlatformErrors, PutUsersMeChannelsByPlatformResponse, PutUsersMeChannelsByPlatformResponses, PutUsersMeData, PutUsersMeError, PutUsersMeErrors, PutUsersMePasswordData, PutUsersMePasswordError, PutUsersMePasswordErrors, PutUsersMePasswordResponses, PutUsersMeResponse, PutUsersMeResponses, ScheduleCreateRequest, ScheduleListResponse, ScheduleNullableInt, ScheduleSchedule, ScheduleUpdateRequest, SearchprovidersCreateRequest, SearchprovidersGetResponse, SearchprovidersProviderConfigSchema, SearchprovidersProviderFieldSchema, SearchprovidersProviderMeta, SearchprovidersProviderName, SearchprovidersUpdateRequest, SettingsSettings, SettingsUpsertRequest, SubagentAddSkillsRequest, SubagentContextResponse, SubagentCreateRequest, SubagentListResponse, SubagentSkillsResponse, SubagentSubagent, SubagentUpdateContextRequest, SubagentUpdateRequest, SubagentUpdateSkillsRequest, TtsCreateModelRequest, TtsCreateProviderRequest, TtsModelCapabilities, TtsModelInfo, TtsModelResponse, TtsParamConstraint, TtsProviderMetaResponse, TtsProviderResponse, TtsTestSynthesizeRequest, TtsUpdateModelRequest, TtsUpdateProviderRequest, TtsVoiceInfo } from './types.gen';
+export { deleteBotsByBotIdBlacklistByRuleId, deleteBotsByBotIdContainer, deleteBotsByBotIdContainerSkills, deleteBotsByBotIdEmailBindingsById, deleteBotsByBotIdHeartbeatLogs, deleteBotsByBotIdInboxById, deleteBotsByBotIdMcpById, deleteBotsByBotIdMcpByIdOauthToken, deleteBotsByBotIdMemory, deleteBotsByBotIdMemoryById, deleteBotsByBotIdMessages, deleteBotsByBotIdScheduleById, deleteBotsByBotIdSettings, deleteBotsByBotIdSubagentsById, deleteBotsByBotIdWhitelistByRuleId, deleteBotsById, deleteBotsByIdChannelByPlatform, deleteBrowserContextsById, deleteEmailProvidersById, deleteEmailProvidersByIdOauthToken, deleteMemoryProvidersById, deleteModelsById, deleteModelsModelByModelId, deleteProvidersById, deleteSearchProvidersById, deleteTtsModelsById, deleteTtsProvidersById, getBots, getBotsByBotIdAccessChannelIdentities, getBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversations, getBotsByBotIdAccessUsers, getBotsByBotIdBlacklist, getBotsByBotIdCliStream, getBotsByBotIdCliWs, getBotsByBotIdContainer, getBotsByBotIdContainerFs, getBotsByBotIdContainerFsDownload, getBotsByBotIdContainerFsList, getBotsByBotIdContainerFsRead, getBotsByBotIdContainerSkills, getBotsByBotIdContainerSnapshots, getBotsByBotIdContainerTerminal, getBotsByBotIdContainerTerminalWs, getBotsByBotIdEmailBindings, getBotsByBotIdEmailOutbox, getBotsByBotIdEmailOutboxById, getBotsByBotIdHeartbeatLogs, getBotsByBotIdInbox, getBotsByBotIdInboxById, getBotsByBotIdInboxCount, getBotsByBotIdMcp, getBotsByBotIdMcpById, getBotsByBotIdMcpByIdOauthStatus, getBotsByBotIdMcpExport, getBotsByBotIdMemory, getBotsByBotIdMemoryStatus, getBotsByBotIdMemoryUsage, getBotsByBotIdMessages, getBotsByBotIdSchedule, getBotsByBotIdScheduleById, getBotsByBotIdSettings, getBotsByBotIdSubagents, getBotsByBotIdSubagentsById, getBotsByBotIdSubagentsByIdContext, getBotsByBotIdSubagentsByIdSkills, getBotsByBotIdTokenUsage, getBotsByBotIdWebStream, getBotsByBotIdWebWs, getBotsByBotIdWhitelist, getBotsById, getBotsByIdChannelByPlatform, getBotsByIdChecks, getBrowserContexts, getBrowserContextsById, getBrowserContextsCores, getChannels, getChannelsByPlatform, getEmailOauthCallback, getEmailProviders, getEmailProvidersById, getEmailProvidersByIdOauthAuthorize, getEmailProvidersByIdOauthStatus, getEmailProvidersMeta, getMemoryProviders, getMemoryProvidersById, getMemoryProvidersByIdStatus, getMemoryProvidersMeta, getModels, getModelsById, getModelsCount, getModelsModelByModelId, getPing, getProviders, getProvidersById, getProvidersByIdModels, getProvidersCount, getProvidersNameByName, getSearchProviders, getSearchProvidersById, getSearchProvidersMeta, getTtsModels, getTtsModelsById, getTtsModelsByIdCapabilities, getTtsProviders, getTtsProvidersById, getTtsProvidersByIdModels, getTtsProvidersMeta, getUsers, getUsersById, getUsersMe, getUsersMeChannelsByPlatform, getUsersMeIdentities, type Options, patchBotsByIdChannelByPlatformStatus, postAuthLogin, postAuthRefresh, postBots, postBotsByBotIdCliMessages, postBotsByBotIdContainer, postBotsByBotIdContainerDataExport, postBotsByBotIdContainerDataImport, postBotsByBotIdContainerDataRestore, postBotsByBotIdContainerFsDelete, postBotsByBotIdContainerFsMkdir, postBotsByBotIdContainerFsRename, postBotsByBotIdContainerFsUpload, postBotsByBotIdContainerFsWrite, postBotsByBotIdContainerSkills, postBotsByBotIdContainerSnapshots, postBotsByBotIdContainerSnapshotsRollback, postBotsByBotIdContainerStart, postBotsByBotIdContainerStop, postBotsByBotIdEmailBindings, postBotsByBotIdInbox, postBotsByBotIdInboxMarkRead, postBotsByBotIdMcp, postBotsByBotIdMcpByIdOauthAuthorize, postBotsByBotIdMcpByIdOauthDiscover, postBotsByBotIdMcpByIdOauthExchange, postBotsByBotIdMcpByIdProbe, postBotsByBotIdMcpOpsBatchDelete, postBotsByBotIdMcpStdio, postBotsByBotIdMcpStdioByConnectionId, postBotsByBotIdMemory, postBotsByBotIdMemoryCompact, postBotsByBotIdMemoryRebuild, postBotsByBotIdMemorySearch, postBotsByBotIdSchedule, postBotsByBotIdSettings, postBotsByBotIdSubagents, postBotsByBotIdSubagentsByIdSkills, postBotsByBotIdTools, postBotsByBotIdTtsSynthesize, postBotsByBotIdWebMessages, postBotsByIdChannelByPlatformSend, postBotsByIdChannelByPlatformSendChat, postBrowserContexts, postEmailMailgunWebhookByConfigId, postEmailProviders, postMemoryProviders, postModels, postModelsByIdTest, postProviders, postProvidersByIdImportModels, postProvidersByIdTest, postSearchProviders, postTtsModels, postTtsModelsByIdTest, postTtsProviders, postTtsProvidersByIdImportModels, postUsers, putBotsByBotIdBlacklist, putBotsByBotIdEmailBindingsById, putBotsByBotIdMcpById, putBotsByBotIdMcpImport, putBotsByBotIdScheduleById, putBotsByBotIdSettings, putBotsByBotIdSubagentsById, putBotsByBotIdSubagentsByIdContext, putBotsByBotIdSubagentsByIdSkills, putBotsByBotIdWhitelist, putBotsById, putBotsByIdChannelByPlatform, putBotsByIdOwner, putBrowserContextsById, putEmailProvidersById, putMemoryProvidersById, putModelsById, putModelsModelByModelId, putProvidersById, putSearchProvidersById, putTtsModelsById, putTtsProvidersById, putUsersById, putUsersByIdPassword, putUsersMe, putUsersMeChannelsByPlatform, putUsersMePassword } from './sdk.gen';
+export type { AccountsAccount, AccountsCreateAccountRequest, AccountsListAccountsResponse, AccountsResetPasswordRequest, AccountsUpdateAccountRequest, AccountsUpdatePasswordRequest, AccountsUpdateProfileRequest, AclChannelIdentityCandidate, AclChannelIdentityCandidateListResponse, AclListRulesResponse, AclObservedConversationCandidate, AclObservedConversationCandidateListResponse, AclRule, AclSourceScope, AclUpsertRuleRequest, AclUserCandidate, AclUserCandidateListResponse, AdaptersCdfPoint, AdaptersCompactResult, AdaptersDeleteResponse, AdaptersHealthStatus, AdaptersMemoryItem, AdaptersMemoryStatusResponse, AdaptersMessage, AdaptersProviderCollectionStatus, AdaptersProviderConfigSchema, AdaptersProviderCreateRequest, AdaptersProviderFieldSchema, AdaptersProviderGetResponse, AdaptersProviderMeta, AdaptersProviderStatusResponse, AdaptersProviderType, AdaptersProviderUpdateRequest, AdaptersRebuildResult, AdaptersSearchResponse, AdaptersTopKBucket, AdaptersUsageResponse, BotsBot, BotsBotCheck, BotsCreateBotRequest, BotsListBotsResponse, BotsListChecksResponse, BotsTransferBotRequest, BotsUpdateBotRequest, BrowsercontextsBrowserContext, BrowsercontextsCreateRequest, BrowsercontextsUpdateRequest, ChannelAction, ChannelAttachment, ChannelAttachmentType, ChannelChannelCapabilities, ChannelChannelConfig, ChannelChannelIdentityBinding, ChannelConfigSchema, ChannelFieldSchema, ChannelFieldType, ChannelMessage, ChannelMessageFormat, ChannelMessagePart, ChannelMessagePartType, ChannelMessageTextStyle, ChannelReplyRef, ChannelSendRequest, ChannelTargetHint, ChannelTargetSpec, ChannelThreadRef, ChannelUpdateChannelStatusRequest, ChannelUpsertChannelIdentityConfigRequest, ChannelUpsertConfigRequest, ClientOptions, DeleteBotsByBotIdBlacklistByRuleIdData, DeleteBotsByBotIdBlacklistByRuleIdError, DeleteBotsByBotIdBlacklistByRuleIdErrors, DeleteBotsByBotIdBlacklistByRuleIdResponses, DeleteBotsByBotIdContainerData, DeleteBotsByBotIdContainerError, DeleteBotsByBotIdContainerErrors, DeleteBotsByBotIdContainerResponses, DeleteBotsByBotIdContainerSkillsData, DeleteBotsByBotIdContainerSkillsError, DeleteBotsByBotIdContainerSkillsErrors, DeleteBotsByBotIdContainerSkillsResponse, DeleteBotsByBotIdContainerSkillsResponses, DeleteBotsByBotIdEmailBindingsByIdData, DeleteBotsByBotIdEmailBindingsByIdError, DeleteBotsByBotIdEmailBindingsByIdErrors, DeleteBotsByBotIdEmailBindingsByIdResponses, DeleteBotsByBotIdHeartbeatLogsData, DeleteBotsByBotIdHeartbeatLogsError, DeleteBotsByBotIdHeartbeatLogsErrors, DeleteBotsByBotIdHeartbeatLogsResponses, DeleteBotsByBotIdInboxByIdData, DeleteBotsByBotIdInboxByIdError, DeleteBotsByBotIdInboxByIdErrors, DeleteBotsByBotIdInboxByIdResponses, DeleteBotsByBotIdMcpByIdData, DeleteBotsByBotIdMcpByIdError, DeleteBotsByBotIdMcpByIdErrors, DeleteBotsByBotIdMcpByIdOauthTokenData, DeleteBotsByBotIdMcpByIdOauthTokenError, DeleteBotsByBotIdMcpByIdOauthTokenErrors, DeleteBotsByBotIdMcpByIdOauthTokenResponses, DeleteBotsByBotIdMcpByIdResponses, DeleteBotsByBotIdMemoryByIdData, DeleteBotsByBotIdMemoryByIdError, DeleteBotsByBotIdMemoryByIdErrors, DeleteBotsByBotIdMemoryByIdResponse, DeleteBotsByBotIdMemoryByIdResponses, DeleteBotsByBotIdMemoryData, DeleteBotsByBotIdMemoryError, DeleteBotsByBotIdMemoryErrors, DeleteBotsByBotIdMemoryResponse, DeleteBotsByBotIdMemoryResponses, DeleteBotsByBotIdMessagesData, DeleteBotsByBotIdMessagesError, DeleteBotsByBotIdMessagesErrors, DeleteBotsByBotIdMessagesResponses, DeleteBotsByBotIdScheduleByIdData, DeleteBotsByBotIdScheduleByIdError, DeleteBotsByBotIdScheduleByIdErrors, DeleteBotsByBotIdScheduleByIdResponses, DeleteBotsByBotIdSettingsData, DeleteBotsByBotIdSettingsError, DeleteBotsByBotIdSettingsErrors, DeleteBotsByBotIdSettingsResponses, DeleteBotsByBotIdSubagentsByIdData, DeleteBotsByBotIdSubagentsByIdError, DeleteBotsByBotIdSubagentsByIdErrors, DeleteBotsByBotIdSubagentsByIdResponses, DeleteBotsByBotIdWhitelistByRuleIdData, DeleteBotsByBotIdWhitelistByRuleIdError, DeleteBotsByBotIdWhitelistByRuleIdErrors, DeleteBotsByBotIdWhitelistByRuleIdResponses, DeleteBotsByIdChannelByPlatformData, DeleteBotsByIdChannelByPlatformError, DeleteBotsByIdChannelByPlatformErrors, DeleteBotsByIdChannelByPlatformResponses, DeleteBotsByIdData, DeleteBotsByIdError, DeleteBotsByIdErrors, DeleteBotsByIdResponse, DeleteBotsByIdResponses, DeleteBrowserContextsByIdData, DeleteBrowserContextsByIdError, DeleteBrowserContextsByIdErrors, DeleteBrowserContextsByIdResponses, DeleteEmailProvidersByIdData, DeleteEmailProvidersByIdError, DeleteEmailProvidersByIdErrors, DeleteEmailProvidersByIdOauthTokenData, DeleteEmailProvidersByIdOauthTokenError, DeleteEmailProvidersByIdOauthTokenErrors, DeleteEmailProvidersByIdOauthTokenResponses, DeleteEmailProvidersByIdResponses, DeleteMemoryProvidersByIdData, DeleteMemoryProvidersByIdError, DeleteMemoryProvidersByIdErrors, DeleteMemoryProvidersByIdResponses, DeleteModelsByIdData, DeleteModelsByIdError, DeleteModelsByIdErrors, DeleteModelsByIdResponses, DeleteModelsModelByModelIdData, DeleteModelsModelByModelIdError, DeleteModelsModelByModelIdErrors, DeleteModelsModelByModelIdResponses, DeleteProvidersByIdData, DeleteProvidersByIdError, DeleteProvidersByIdErrors, DeleteProvidersByIdResponses, DeleteSearchProvidersByIdData, DeleteSearchProvidersByIdError, DeleteSearchProvidersByIdErrors, DeleteSearchProvidersByIdResponses, DeleteTtsModelsByIdData, DeleteTtsModelsByIdError, DeleteTtsModelsByIdErrors, DeleteTtsModelsByIdResponses, DeleteTtsProvidersByIdData, DeleteTtsProvidersByIdError, DeleteTtsProvidersByIdErrors, DeleteTtsProvidersByIdResponses, EmailBindingResponse, EmailConfigSchema, EmailCreateBindingRequest, EmailCreateProviderRequest, EmailFieldSchema, EmailOutboxItemResponse, EmailProviderMeta, EmailProviderResponse, EmailUpdateBindingRequest, EmailUpdateProviderRequest, GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsData, GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsError, GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsErrors, GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsResponse, GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsResponses, GetBotsByBotIdAccessChannelIdentitiesData, GetBotsByBotIdAccessChannelIdentitiesError, GetBotsByBotIdAccessChannelIdentitiesErrors, GetBotsByBotIdAccessChannelIdentitiesResponse, GetBotsByBotIdAccessChannelIdentitiesResponses, GetBotsByBotIdAccessUsersData, GetBotsByBotIdAccessUsersError, GetBotsByBotIdAccessUsersErrors, GetBotsByBotIdAccessUsersResponse, GetBotsByBotIdAccessUsersResponses, GetBotsByBotIdBlacklistData, GetBotsByBotIdBlacklistError, GetBotsByBotIdBlacklistErrors, GetBotsByBotIdBlacklistResponse, GetBotsByBotIdBlacklistResponses, GetBotsByBotIdCliStreamData, GetBotsByBotIdCliStreamError, GetBotsByBotIdCliStreamErrors, GetBotsByBotIdCliStreamResponse, GetBotsByBotIdCliStreamResponses, GetBotsByBotIdCliWsData, GetBotsByBotIdCliWsError, GetBotsByBotIdCliWsErrors, GetBotsByBotIdContainerData, GetBotsByBotIdContainerError, GetBotsByBotIdContainerErrors, GetBotsByBotIdContainerFsData, GetBotsByBotIdContainerFsDownloadData, GetBotsByBotIdContainerFsDownloadError, GetBotsByBotIdContainerFsDownloadErrors, GetBotsByBotIdContainerFsDownloadResponses, GetBotsByBotIdContainerFsError, GetBotsByBotIdContainerFsErrors, GetBotsByBotIdContainerFsListData, GetBotsByBotIdContainerFsListError, GetBotsByBotIdContainerFsListErrors, GetBotsByBotIdContainerFsListResponse, GetBotsByBotIdContainerFsListResponses, GetBotsByBotIdContainerFsReadData, GetBotsByBotIdContainerFsReadError, GetBotsByBotIdContainerFsReadErrors, GetBotsByBotIdContainerFsReadResponse, GetBotsByBotIdContainerFsReadResponses, GetBotsByBotIdContainerFsResponse, GetBotsByBotIdContainerFsResponses, GetBotsByBotIdContainerResponse, GetBotsByBotIdContainerResponses, GetBotsByBotIdContainerSkillsData, GetBotsByBotIdContainerSkillsError, GetBotsByBotIdContainerSkillsErrors, GetBotsByBotIdContainerSkillsResponse, GetBotsByBotIdContainerSkillsResponses, GetBotsByBotIdContainerSnapshotsData, GetBotsByBotIdContainerSnapshotsError, GetBotsByBotIdContainerSnapshotsErrors, GetBotsByBotIdContainerSnapshotsResponse, GetBotsByBotIdContainerSnapshotsResponses, GetBotsByBotIdContainerTerminalData, GetBotsByBotIdContainerTerminalError, GetBotsByBotIdContainerTerminalErrors, GetBotsByBotIdContainerTerminalResponse, GetBotsByBotIdContainerTerminalResponses, GetBotsByBotIdContainerTerminalWsData, GetBotsByBotIdContainerTerminalWsError, GetBotsByBotIdContainerTerminalWsErrors, GetBotsByBotIdEmailBindingsData, GetBotsByBotIdEmailBindingsError, GetBotsByBotIdEmailBindingsErrors, GetBotsByBotIdEmailBindingsResponse, GetBotsByBotIdEmailBindingsResponses, GetBotsByBotIdEmailOutboxByIdData, GetBotsByBotIdEmailOutboxByIdError, GetBotsByBotIdEmailOutboxByIdErrors, GetBotsByBotIdEmailOutboxByIdResponse, GetBotsByBotIdEmailOutboxByIdResponses, GetBotsByBotIdEmailOutboxData, GetBotsByBotIdEmailOutboxError, GetBotsByBotIdEmailOutboxErrors, GetBotsByBotIdEmailOutboxResponse, GetBotsByBotIdEmailOutboxResponses, GetBotsByBotIdHeartbeatLogsData, GetBotsByBotIdHeartbeatLogsError, GetBotsByBotIdHeartbeatLogsErrors, GetBotsByBotIdHeartbeatLogsResponse, GetBotsByBotIdHeartbeatLogsResponses, GetBotsByBotIdInboxByIdData, GetBotsByBotIdInboxByIdError, GetBotsByBotIdInboxByIdErrors, GetBotsByBotIdInboxByIdResponse, GetBotsByBotIdInboxByIdResponses, GetBotsByBotIdInboxCountData, GetBotsByBotIdInboxCountError, GetBotsByBotIdInboxCountErrors, GetBotsByBotIdInboxCountResponse, GetBotsByBotIdInboxCountResponses, GetBotsByBotIdInboxData, GetBotsByBotIdInboxError, GetBotsByBotIdInboxErrors, GetBotsByBotIdInboxResponse, GetBotsByBotIdInboxResponses, GetBotsByBotIdMcpByIdData, GetBotsByBotIdMcpByIdError, GetBotsByBotIdMcpByIdErrors, GetBotsByBotIdMcpByIdOauthStatusData, GetBotsByBotIdMcpByIdOauthStatusError, GetBotsByBotIdMcpByIdOauthStatusErrors, GetBotsByBotIdMcpByIdOauthStatusResponse, GetBotsByBotIdMcpByIdOauthStatusResponses, GetBotsByBotIdMcpByIdResponse, GetBotsByBotIdMcpByIdResponses, GetBotsByBotIdMcpData, GetBotsByBotIdMcpError, GetBotsByBotIdMcpErrors, GetBotsByBotIdMcpExportData, GetBotsByBotIdMcpExportError, GetBotsByBotIdMcpExportErrors, GetBotsByBotIdMcpExportResponse, GetBotsByBotIdMcpExportResponses, GetBotsByBotIdMcpResponse, GetBotsByBotIdMcpResponses, GetBotsByBotIdMemoryData, GetBotsByBotIdMemoryError, GetBotsByBotIdMemoryErrors, GetBotsByBotIdMemoryResponse, GetBotsByBotIdMemoryResponses, GetBotsByBotIdMemoryStatusData, GetBotsByBotIdMemoryStatusError, GetBotsByBotIdMemoryStatusErrors, GetBotsByBotIdMemoryStatusResponse, GetBotsByBotIdMemoryStatusResponses, GetBotsByBotIdMemoryUsageData, GetBotsByBotIdMemoryUsageError, GetBotsByBotIdMemoryUsageErrors, GetBotsByBotIdMemoryUsageResponse, GetBotsByBotIdMemoryUsageResponses, GetBotsByBotIdMessagesData, GetBotsByBotIdMessagesError, GetBotsByBotIdMessagesErrors, GetBotsByBotIdMessagesResponse, GetBotsByBotIdMessagesResponses, GetBotsByBotIdScheduleByIdData, GetBotsByBotIdScheduleByIdError, GetBotsByBotIdScheduleByIdErrors, GetBotsByBotIdScheduleByIdResponse, GetBotsByBotIdScheduleByIdResponses, GetBotsByBotIdScheduleData, GetBotsByBotIdScheduleError, GetBotsByBotIdScheduleErrors, GetBotsByBotIdScheduleResponse, GetBotsByBotIdScheduleResponses, GetBotsByBotIdSettingsData, GetBotsByBotIdSettingsError, GetBotsByBotIdSettingsErrors, GetBotsByBotIdSettingsResponse, GetBotsByBotIdSettingsResponses, GetBotsByBotIdSubagentsByIdContextData, GetBotsByBotIdSubagentsByIdContextError, GetBotsByBotIdSubagentsByIdContextErrors, GetBotsByBotIdSubagentsByIdContextResponse, GetBotsByBotIdSubagentsByIdContextResponses, GetBotsByBotIdSubagentsByIdData, GetBotsByBotIdSubagentsByIdError, GetBotsByBotIdSubagentsByIdErrors, GetBotsByBotIdSubagentsByIdResponse, GetBotsByBotIdSubagentsByIdResponses, GetBotsByBotIdSubagentsByIdSkillsData, GetBotsByBotIdSubagentsByIdSkillsError, GetBotsByBotIdSubagentsByIdSkillsErrors, GetBotsByBotIdSubagentsByIdSkillsResponse, GetBotsByBotIdSubagentsByIdSkillsResponses, GetBotsByBotIdSubagentsData, GetBotsByBotIdSubagentsError, GetBotsByBotIdSubagentsErrors, GetBotsByBotIdSubagentsResponse, GetBotsByBotIdSubagentsResponses, GetBotsByBotIdTokenUsageData, GetBotsByBotIdTokenUsageError, GetBotsByBotIdTokenUsageErrors, GetBotsByBotIdTokenUsageResponse, GetBotsByBotIdTokenUsageResponses, GetBotsByBotIdWebStreamData, GetBotsByBotIdWebStreamError, GetBotsByBotIdWebStreamErrors, GetBotsByBotIdWebStreamResponse, GetBotsByBotIdWebStreamResponses, GetBotsByBotIdWebWsData, GetBotsByBotIdWebWsError, GetBotsByBotIdWebWsErrors, GetBotsByBotIdWhitelistData, GetBotsByBotIdWhitelistError, GetBotsByBotIdWhitelistErrors, GetBotsByBotIdWhitelistResponse, GetBotsByBotIdWhitelistResponses, GetBotsByIdChannelByPlatformData, GetBotsByIdChannelByPlatformError, GetBotsByIdChannelByPlatformErrors, GetBotsByIdChannelByPlatformResponse, GetBotsByIdChannelByPlatformResponses, GetBotsByIdChecksData, GetBotsByIdChecksError, GetBotsByIdChecksErrors, GetBotsByIdChecksResponse, GetBotsByIdChecksResponses, GetBotsByIdData, GetBotsByIdError, GetBotsByIdErrors, GetBotsByIdResponse, GetBotsByIdResponses, GetBotsData, GetBotsError, GetBotsErrors, GetBotsResponse, GetBotsResponses, GetBrowserContextsByIdData, GetBrowserContextsByIdError, GetBrowserContextsByIdErrors, GetBrowserContextsByIdResponse, GetBrowserContextsByIdResponses, GetBrowserContextsCoresData, GetBrowserContextsCoresError, GetBrowserContextsCoresErrors, GetBrowserContextsCoresResponse, GetBrowserContextsCoresResponses, GetBrowserContextsData, GetBrowserContextsError, GetBrowserContextsErrors, GetBrowserContextsResponse, GetBrowserContextsResponses, GetChannelsByPlatformData, GetChannelsByPlatformError, GetChannelsByPlatformErrors, GetChannelsByPlatformResponse, GetChannelsByPlatformResponses, GetChannelsData, GetChannelsError, GetChannelsErrors, GetChannelsResponse, GetChannelsResponses, GetEmailOauthCallbackData, GetEmailOauthCallbackError, GetEmailOauthCallbackErrors, GetEmailOauthCallbackResponse, GetEmailOauthCallbackResponses, GetEmailProvidersByIdData, GetEmailProvidersByIdError, GetEmailProvidersByIdErrors, GetEmailProvidersByIdOauthAuthorizeData, GetEmailProvidersByIdOauthAuthorizeError, GetEmailProvidersByIdOauthAuthorizeErrors, GetEmailProvidersByIdOauthAuthorizeResponse, GetEmailProvidersByIdOauthAuthorizeResponses, GetEmailProvidersByIdOauthStatusData, GetEmailProvidersByIdOauthStatusError, GetEmailProvidersByIdOauthStatusErrors, GetEmailProvidersByIdOauthStatusResponse, GetEmailProvidersByIdOauthStatusResponses, GetEmailProvidersByIdResponse, GetEmailProvidersByIdResponses, GetEmailProvidersData, GetEmailProvidersError, GetEmailProvidersErrors, GetEmailProvidersMetaData, GetEmailProvidersMetaResponse, GetEmailProvidersMetaResponses, GetEmailProvidersResponse, GetEmailProvidersResponses, GetMemoryProvidersByIdData, GetMemoryProvidersByIdError, GetMemoryProvidersByIdErrors, GetMemoryProvidersByIdResponse, GetMemoryProvidersByIdResponses, GetMemoryProvidersByIdStatusData, GetMemoryProvidersByIdStatusError, GetMemoryProvidersByIdStatusErrors, GetMemoryProvidersByIdStatusResponse, GetMemoryProvidersByIdStatusResponses, GetMemoryProvidersData, GetMemoryProvidersError, GetMemoryProvidersErrors, GetMemoryProvidersMetaData, GetMemoryProvidersMetaResponse, GetMemoryProvidersMetaResponses, GetMemoryProvidersResponse, GetMemoryProvidersResponses, GetModelsByIdData, GetModelsByIdError, GetModelsByIdErrors, GetModelsByIdResponse, GetModelsByIdResponses, GetModelsCountData, GetModelsCountError, GetModelsCountErrors, GetModelsCountResponse, GetModelsCountResponses, GetModelsData, GetModelsError, GetModelsErrors, GetModelsModelByModelIdData, GetModelsModelByModelIdError, GetModelsModelByModelIdErrors, GetModelsModelByModelIdResponse, GetModelsModelByModelIdResponses, GetModelsResponse, GetModelsResponses, GetPingData, GetPingResponse, GetPingResponses, GetProvidersByIdData, GetProvidersByIdError, GetProvidersByIdErrors, GetProvidersByIdModelsData, GetProvidersByIdModelsError, GetProvidersByIdModelsErrors, GetProvidersByIdModelsResponse, GetProvidersByIdModelsResponses, GetProvidersByIdResponse, GetProvidersByIdResponses, GetProvidersCountData, GetProvidersCountError, GetProvidersCountErrors, GetProvidersCountResponse, GetProvidersCountResponses, GetProvidersData, GetProvidersError, GetProvidersErrors, GetProvidersNameByNameData, GetProvidersNameByNameError, GetProvidersNameByNameErrors, GetProvidersNameByNameResponse, GetProvidersNameByNameResponses, GetProvidersResponse, GetProvidersResponses, GetSearchProvidersByIdData, GetSearchProvidersByIdError, GetSearchProvidersByIdErrors, GetSearchProvidersByIdResponse, GetSearchProvidersByIdResponses, GetSearchProvidersData, GetSearchProvidersError, GetSearchProvidersErrors, GetSearchProvidersMetaData, GetSearchProvidersMetaResponse, GetSearchProvidersMetaResponses, GetSearchProvidersResponse, GetSearchProvidersResponses, GetTtsModelsByIdCapabilitiesData, GetTtsModelsByIdCapabilitiesError, GetTtsModelsByIdCapabilitiesErrors, GetTtsModelsByIdCapabilitiesResponse, GetTtsModelsByIdCapabilitiesResponses, GetTtsModelsByIdData, GetTtsModelsByIdError, GetTtsModelsByIdErrors, GetTtsModelsByIdResponse, GetTtsModelsByIdResponses, GetTtsModelsData, GetTtsModelsError, GetTtsModelsErrors, GetTtsModelsResponse, GetTtsModelsResponses, GetTtsProvidersByIdData, GetTtsProvidersByIdError, GetTtsProvidersByIdErrors, GetTtsProvidersByIdModelsData, GetTtsProvidersByIdModelsError, GetTtsProvidersByIdModelsErrors, GetTtsProvidersByIdModelsResponse, GetTtsProvidersByIdModelsResponses, GetTtsProvidersByIdResponse, GetTtsProvidersByIdResponses, GetTtsProvidersData, GetTtsProvidersError, GetTtsProvidersErrors, GetTtsProvidersMetaData, GetTtsProvidersMetaResponse, GetTtsProvidersMetaResponses, GetTtsProvidersResponse, GetTtsProvidersResponses, GetUsersByIdData, GetUsersByIdError, GetUsersByIdErrors, GetUsersByIdResponse, GetUsersByIdResponses, GetUsersData, GetUsersError, GetUsersErrors, GetUsersMeChannelsByPlatformData, GetUsersMeChannelsByPlatformError, GetUsersMeChannelsByPlatformErrors, GetUsersMeChannelsByPlatformResponse, GetUsersMeChannelsByPlatformResponses, GetUsersMeData, GetUsersMeError, GetUsersMeErrors, GetUsersMeIdentitiesData, GetUsersMeIdentitiesError, GetUsersMeIdentitiesErrors, GetUsersMeIdentitiesResponse, GetUsersMeIdentitiesResponses, GetUsersMeResponse, GetUsersMeResponses, GetUsersResponse, GetUsersResponses, GithubComMemohaiMemohInternalMcpConnection, HandlersBatchDeleteRequest, HandlersBrowserCoresResponse, HandlersChannelMeta, HandlersCreateContainerRequest, HandlersCreateContainerResponse, HandlersCreateSnapshotRequest, HandlersCreateSnapshotResponse, HandlersDailyTokenUsage, HandlersEmailOAuthStatusResponse, HandlersErrorResponse, HandlersFsDeleteRequest, HandlersFsFileInfo, HandlersFsListResponse, HandlersFsMkdirRequest, HandlersFsOpResponse, HandlersFsReadResponse, HandlersFsRenameRequest, HandlersFsUploadResponse, HandlersFsWriteRequest, HandlersGetContainerResponse, HandlersListMyIdentitiesResponse, HandlersListSnapshotsResponse, HandlersLocalChannelMessageRequest, HandlersLoginRequest, HandlersLoginResponse, HandlersMarkReadRequest, HandlersMcpStdioRequest, HandlersMcpStdioResponse, HandlersMemoryAddPayload, HandlersMemoryCompactPayload, HandlersMemoryDeletePayload, HandlersMemorySearchPayload, HandlersModelTokenUsage, HandlersOauthAuthorizeRequest, HandlersOauthDiscoverRequest, HandlersOauthExchangeRequest, HandlersPingResponse, HandlersProbeResponse, HandlersRefreshResponse, HandlersRollbackRequest, HandlersSkillItem, HandlersSkillsDeleteRequest, HandlersSkillsOpResponse, HandlersSkillsResponse, HandlersSkillsUpsertRequest, HandlersSnapshotInfo, HandlersSynthesizeRequest, HandlersSynthesizeResponse, HandlersTerminalInfoResponse, HandlersTokenUsageResponse, HeartbeatListLogsResponse, HeartbeatLog, IdentitiesChannelIdentity, InboxCountResult, InboxCreateRequest, InboxItem, McpAuthorizeResult, McpDiscoveryResult, McpExportResponse, McpImportRequest, McpListResponse, McpMcpServerEntry, McpOAuthStatus, McpToolDescriptor, McpUpsertRequest, MessageMessage, MessageMessageAsset, ModelsAddRequest, ModelsAddResponse, ModelsClientType, ModelsCountResponse, ModelsGetResponse, ModelsModelType, ModelsTestResponse, ModelsTestStatus, ModelsUpdateRequest, PatchBotsByIdChannelByPlatformStatusData, PatchBotsByIdChannelByPlatformStatusError, PatchBotsByIdChannelByPlatformStatusErrors, PatchBotsByIdChannelByPlatformStatusResponse, PatchBotsByIdChannelByPlatformStatusResponses, PostAuthLoginData, PostAuthLoginError, PostAuthLoginErrors, PostAuthLoginResponse, PostAuthLoginResponses, PostAuthRefreshData, PostAuthRefreshError, PostAuthRefreshErrors, PostAuthRefreshResponse, PostAuthRefreshResponses, PostBotsByBotIdCliMessagesData, PostBotsByBotIdCliMessagesError, PostBotsByBotIdCliMessagesErrors, PostBotsByBotIdCliMessagesResponse, PostBotsByBotIdCliMessagesResponses, PostBotsByBotIdContainerData, PostBotsByBotIdContainerDataExportData, PostBotsByBotIdContainerDataExportError, PostBotsByBotIdContainerDataExportErrors, PostBotsByBotIdContainerDataExportResponses, PostBotsByBotIdContainerDataImportData, PostBotsByBotIdContainerDataImportError, PostBotsByBotIdContainerDataImportErrors, PostBotsByBotIdContainerDataImportResponse, PostBotsByBotIdContainerDataImportResponses, PostBotsByBotIdContainerDataRestoreData, PostBotsByBotIdContainerDataRestoreError, PostBotsByBotIdContainerDataRestoreErrors, PostBotsByBotIdContainerDataRestoreResponse, PostBotsByBotIdContainerDataRestoreResponses, PostBotsByBotIdContainerError, PostBotsByBotIdContainerErrors, PostBotsByBotIdContainerFsDeleteData, PostBotsByBotIdContainerFsDeleteError, PostBotsByBotIdContainerFsDeleteErrors, PostBotsByBotIdContainerFsDeleteResponse, PostBotsByBotIdContainerFsDeleteResponses, PostBotsByBotIdContainerFsMkdirData, PostBotsByBotIdContainerFsMkdirError, PostBotsByBotIdContainerFsMkdirErrors, PostBotsByBotIdContainerFsMkdirResponse, PostBotsByBotIdContainerFsMkdirResponses, PostBotsByBotIdContainerFsRenameData, PostBotsByBotIdContainerFsRenameError, PostBotsByBotIdContainerFsRenameErrors, PostBotsByBotIdContainerFsRenameResponse, PostBotsByBotIdContainerFsRenameResponses, PostBotsByBotIdContainerFsUploadData, PostBotsByBotIdContainerFsUploadError, PostBotsByBotIdContainerFsUploadErrors, PostBotsByBotIdContainerFsUploadResponse, PostBotsByBotIdContainerFsUploadResponses, PostBotsByBotIdContainerFsWriteData, PostBotsByBotIdContainerFsWriteError, PostBotsByBotIdContainerFsWriteErrors, PostBotsByBotIdContainerFsWriteResponse, PostBotsByBotIdContainerFsWriteResponses, PostBotsByBotIdContainerResponse, PostBotsByBotIdContainerResponses, PostBotsByBotIdContainerSkillsData, PostBotsByBotIdContainerSkillsError, PostBotsByBotIdContainerSkillsErrors, PostBotsByBotIdContainerSkillsResponse, PostBotsByBotIdContainerSkillsResponses, PostBotsByBotIdContainerSnapshotsData, PostBotsByBotIdContainerSnapshotsError, PostBotsByBotIdContainerSnapshotsErrors, PostBotsByBotIdContainerSnapshotsResponse, PostBotsByBotIdContainerSnapshotsResponses, PostBotsByBotIdContainerSnapshotsRollbackData, PostBotsByBotIdContainerSnapshotsRollbackError, PostBotsByBotIdContainerSnapshotsRollbackErrors, PostBotsByBotIdContainerSnapshotsRollbackResponse, PostBotsByBotIdContainerSnapshotsRollbackResponses, PostBotsByBotIdContainerStartData, PostBotsByBotIdContainerStartError, PostBotsByBotIdContainerStartErrors, PostBotsByBotIdContainerStartResponse, PostBotsByBotIdContainerStartResponses, PostBotsByBotIdContainerStopData, PostBotsByBotIdContainerStopError, PostBotsByBotIdContainerStopErrors, PostBotsByBotIdContainerStopResponse, PostBotsByBotIdContainerStopResponses, PostBotsByBotIdEmailBindingsData, PostBotsByBotIdEmailBindingsError, PostBotsByBotIdEmailBindingsErrors, PostBotsByBotIdEmailBindingsResponse, PostBotsByBotIdEmailBindingsResponses, PostBotsByBotIdInboxData, PostBotsByBotIdInboxError, PostBotsByBotIdInboxErrors, PostBotsByBotIdInboxMarkReadData, PostBotsByBotIdInboxMarkReadError, PostBotsByBotIdInboxMarkReadErrors, PostBotsByBotIdInboxMarkReadResponses, PostBotsByBotIdInboxResponse, PostBotsByBotIdInboxResponses, PostBotsByBotIdMcpByIdOauthAuthorizeData, PostBotsByBotIdMcpByIdOauthAuthorizeError, PostBotsByBotIdMcpByIdOauthAuthorizeErrors, PostBotsByBotIdMcpByIdOauthAuthorizeResponse, PostBotsByBotIdMcpByIdOauthAuthorizeResponses, PostBotsByBotIdMcpByIdOauthDiscoverData, PostBotsByBotIdMcpByIdOauthDiscoverError, PostBotsByBotIdMcpByIdOauthDiscoverErrors, PostBotsByBotIdMcpByIdOauthDiscoverResponse, PostBotsByBotIdMcpByIdOauthDiscoverResponses, PostBotsByBotIdMcpByIdOauthExchangeData, PostBotsByBotIdMcpByIdOauthExchangeError, PostBotsByBotIdMcpByIdOauthExchangeErrors, PostBotsByBotIdMcpByIdOauthExchangeResponse, PostBotsByBotIdMcpByIdOauthExchangeResponses, PostBotsByBotIdMcpByIdProbeData, PostBotsByBotIdMcpByIdProbeError, PostBotsByBotIdMcpByIdProbeErrors, PostBotsByBotIdMcpByIdProbeResponse, PostBotsByBotIdMcpByIdProbeResponses, PostBotsByBotIdMcpData, PostBotsByBotIdMcpError, PostBotsByBotIdMcpErrors, PostBotsByBotIdMcpOpsBatchDeleteData, PostBotsByBotIdMcpOpsBatchDeleteError, PostBotsByBotIdMcpOpsBatchDeleteErrors, PostBotsByBotIdMcpOpsBatchDeleteResponses, PostBotsByBotIdMcpResponse, PostBotsByBotIdMcpResponses, PostBotsByBotIdMcpStdioByConnectionIdData, PostBotsByBotIdMcpStdioByConnectionIdError, PostBotsByBotIdMcpStdioByConnectionIdErrors, PostBotsByBotIdMcpStdioByConnectionIdResponse, PostBotsByBotIdMcpStdioByConnectionIdResponses, PostBotsByBotIdMcpStdioData, PostBotsByBotIdMcpStdioError, PostBotsByBotIdMcpStdioErrors, PostBotsByBotIdMcpStdioResponse, PostBotsByBotIdMcpStdioResponses, PostBotsByBotIdMemoryCompactData, PostBotsByBotIdMemoryCompactError, PostBotsByBotIdMemoryCompactErrors, PostBotsByBotIdMemoryCompactResponse, PostBotsByBotIdMemoryCompactResponses, PostBotsByBotIdMemoryData, PostBotsByBotIdMemoryError, PostBotsByBotIdMemoryErrors, PostBotsByBotIdMemoryRebuildData, PostBotsByBotIdMemoryRebuildError, PostBotsByBotIdMemoryRebuildErrors, PostBotsByBotIdMemoryRebuildResponse, PostBotsByBotIdMemoryRebuildResponses, PostBotsByBotIdMemoryResponse, PostBotsByBotIdMemoryResponses, PostBotsByBotIdMemorySearchData, PostBotsByBotIdMemorySearchError, PostBotsByBotIdMemorySearchErrors, PostBotsByBotIdMemorySearchResponse, PostBotsByBotIdMemorySearchResponses, PostBotsByBotIdScheduleData, PostBotsByBotIdScheduleError, PostBotsByBotIdScheduleErrors, PostBotsByBotIdScheduleResponse, PostBotsByBotIdScheduleResponses, PostBotsByBotIdSettingsData, PostBotsByBotIdSettingsError, PostBotsByBotIdSettingsErrors, PostBotsByBotIdSettingsResponse, PostBotsByBotIdSettingsResponses, PostBotsByBotIdSubagentsByIdSkillsData, PostBotsByBotIdSubagentsByIdSkillsError, PostBotsByBotIdSubagentsByIdSkillsErrors, PostBotsByBotIdSubagentsByIdSkillsResponse, PostBotsByBotIdSubagentsByIdSkillsResponses, PostBotsByBotIdSubagentsData, PostBotsByBotIdSubagentsError, PostBotsByBotIdSubagentsErrors, PostBotsByBotIdSubagentsResponse, PostBotsByBotIdSubagentsResponses, PostBotsByBotIdToolsData, PostBotsByBotIdToolsError, PostBotsByBotIdToolsErrors, PostBotsByBotIdToolsResponse, PostBotsByBotIdToolsResponses, PostBotsByBotIdTtsSynthesizeData, PostBotsByBotIdTtsSynthesizeError, PostBotsByBotIdTtsSynthesizeErrors, PostBotsByBotIdTtsSynthesizeResponse, PostBotsByBotIdTtsSynthesizeResponses, PostBotsByBotIdWebMessagesData, PostBotsByBotIdWebMessagesError, PostBotsByBotIdWebMessagesErrors, PostBotsByBotIdWebMessagesResponse, PostBotsByBotIdWebMessagesResponses, PostBotsByIdChannelByPlatformSendChatData, PostBotsByIdChannelByPlatformSendChatError, PostBotsByIdChannelByPlatformSendChatErrors, PostBotsByIdChannelByPlatformSendChatResponse, PostBotsByIdChannelByPlatformSendChatResponses, PostBotsByIdChannelByPlatformSendData, PostBotsByIdChannelByPlatformSendError, PostBotsByIdChannelByPlatformSendErrors, PostBotsByIdChannelByPlatformSendResponse, PostBotsByIdChannelByPlatformSendResponses, PostBotsData, PostBotsError, PostBotsErrors, PostBotsResponse, PostBotsResponses, PostBrowserContextsData, PostBrowserContextsError, PostBrowserContextsErrors, PostBrowserContextsResponse, PostBrowserContextsResponses, PostEmailMailgunWebhookByConfigIdData, PostEmailMailgunWebhookByConfigIdError, PostEmailMailgunWebhookByConfigIdErrors, PostEmailMailgunWebhookByConfigIdResponse, PostEmailMailgunWebhookByConfigIdResponses, PostEmailProvidersData, PostEmailProvidersError, PostEmailProvidersErrors, PostEmailProvidersResponse, PostEmailProvidersResponses, PostMemoryProvidersData, PostMemoryProvidersError, PostMemoryProvidersErrors, PostMemoryProvidersResponse, PostMemoryProvidersResponses, PostModelsByIdTestData, PostModelsByIdTestError, PostModelsByIdTestErrors, PostModelsByIdTestResponse, PostModelsByIdTestResponses, PostModelsData, PostModelsError, PostModelsErrors, PostModelsResponse, PostModelsResponses, PostProvidersByIdImportModelsData, PostProvidersByIdImportModelsError, PostProvidersByIdImportModelsErrors, PostProvidersByIdImportModelsResponse, PostProvidersByIdImportModelsResponses, PostProvidersByIdTestData, PostProvidersByIdTestError, PostProvidersByIdTestErrors, PostProvidersByIdTestResponse, PostProvidersByIdTestResponses, PostProvidersData, PostProvidersError, PostProvidersErrors, PostProvidersResponse, PostProvidersResponses, PostSearchProvidersData, PostSearchProvidersError, PostSearchProvidersErrors, PostSearchProvidersResponse, PostSearchProvidersResponses, PostTtsModelsByIdTestData, PostTtsModelsByIdTestError, PostTtsModelsByIdTestErrors, PostTtsModelsByIdTestResponses, PostTtsModelsData, PostTtsModelsError, PostTtsModelsErrors, PostTtsModelsResponse, PostTtsModelsResponses, PostTtsProvidersByIdImportModelsData, PostTtsProvidersByIdImportModelsError, PostTtsProvidersByIdImportModelsErrors, PostTtsProvidersByIdImportModelsResponse, PostTtsProvidersByIdImportModelsResponses, PostTtsProvidersData, PostTtsProvidersError, PostTtsProvidersErrors, PostTtsProvidersResponse, PostTtsProvidersResponses, PostUsersData, PostUsersError, PostUsersErrors, PostUsersResponse, PostUsersResponses, ProvidersCountResponse, ProvidersCreateRequest, ProvidersGetResponse, ProvidersImportModelsRequest, ProvidersImportModelsResponse, ProvidersTestResponse, ProvidersUpdateRequest, PutBotsByBotIdBlacklistData, PutBotsByBotIdBlacklistError, PutBotsByBotIdBlacklistErrors, PutBotsByBotIdBlacklistResponse, PutBotsByBotIdBlacklistResponses, PutBotsByBotIdEmailBindingsByIdData, PutBotsByBotIdEmailBindingsByIdError, PutBotsByBotIdEmailBindingsByIdErrors, PutBotsByBotIdEmailBindingsByIdResponse, PutBotsByBotIdEmailBindingsByIdResponses, PutBotsByBotIdMcpByIdData, PutBotsByBotIdMcpByIdError, PutBotsByBotIdMcpByIdErrors, PutBotsByBotIdMcpByIdResponse, PutBotsByBotIdMcpByIdResponses, PutBotsByBotIdMcpImportData, PutBotsByBotIdMcpImportError, PutBotsByBotIdMcpImportErrors, PutBotsByBotIdMcpImportResponse, PutBotsByBotIdMcpImportResponses, PutBotsByBotIdScheduleByIdData, PutBotsByBotIdScheduleByIdError, PutBotsByBotIdScheduleByIdErrors, PutBotsByBotIdScheduleByIdResponse, PutBotsByBotIdScheduleByIdResponses, PutBotsByBotIdSettingsData, PutBotsByBotIdSettingsError, PutBotsByBotIdSettingsErrors, PutBotsByBotIdSettingsResponse, PutBotsByBotIdSettingsResponses, PutBotsByBotIdSubagentsByIdContextData, PutBotsByBotIdSubagentsByIdContextError, PutBotsByBotIdSubagentsByIdContextErrors, PutBotsByBotIdSubagentsByIdContextResponse, PutBotsByBotIdSubagentsByIdContextResponses, PutBotsByBotIdSubagentsByIdData, PutBotsByBotIdSubagentsByIdError, PutBotsByBotIdSubagentsByIdErrors, PutBotsByBotIdSubagentsByIdResponse, PutBotsByBotIdSubagentsByIdResponses, PutBotsByBotIdSubagentsByIdSkillsData, PutBotsByBotIdSubagentsByIdSkillsError, PutBotsByBotIdSubagentsByIdSkillsErrors, PutBotsByBotIdSubagentsByIdSkillsResponse, PutBotsByBotIdSubagentsByIdSkillsResponses, PutBotsByBotIdWhitelistData, PutBotsByBotIdWhitelistError, PutBotsByBotIdWhitelistErrors, PutBotsByBotIdWhitelistResponse, PutBotsByBotIdWhitelistResponses, PutBotsByIdChannelByPlatformData, PutBotsByIdChannelByPlatformError, PutBotsByIdChannelByPlatformErrors, PutBotsByIdChannelByPlatformResponse, PutBotsByIdChannelByPlatformResponses, PutBotsByIdData, PutBotsByIdError, PutBotsByIdErrors, PutBotsByIdOwnerData, PutBotsByIdOwnerError, PutBotsByIdOwnerErrors, PutBotsByIdOwnerResponse, PutBotsByIdOwnerResponses, PutBotsByIdResponse, PutBotsByIdResponses, PutBrowserContextsByIdData, PutBrowserContextsByIdError, PutBrowserContextsByIdErrors, PutBrowserContextsByIdResponse, PutBrowserContextsByIdResponses, PutEmailProvidersByIdData, PutEmailProvidersByIdError, PutEmailProvidersByIdErrors, PutEmailProvidersByIdResponse, PutEmailProvidersByIdResponses, PutMemoryProvidersByIdData, PutMemoryProvidersByIdError, PutMemoryProvidersByIdErrors, PutMemoryProvidersByIdResponse, PutMemoryProvidersByIdResponses, PutModelsByIdData, PutModelsByIdError, PutModelsByIdErrors, PutModelsByIdResponse, PutModelsByIdResponses, PutModelsModelByModelIdData, PutModelsModelByModelIdError, PutModelsModelByModelIdErrors, PutModelsModelByModelIdResponse, PutModelsModelByModelIdResponses, PutProvidersByIdData, PutProvidersByIdError, PutProvidersByIdErrors, PutProvidersByIdResponse, PutProvidersByIdResponses, PutSearchProvidersByIdData, PutSearchProvidersByIdError, PutSearchProvidersByIdErrors, PutSearchProvidersByIdResponse, PutSearchProvidersByIdResponses, PutTtsModelsByIdData, PutTtsModelsByIdError, PutTtsModelsByIdErrors, PutTtsModelsByIdResponse, PutTtsModelsByIdResponses, PutTtsProvidersByIdData, PutTtsProvidersByIdError, PutTtsProvidersByIdErrors, PutTtsProvidersByIdResponse, PutTtsProvidersByIdResponses, PutUsersByIdData, PutUsersByIdError, PutUsersByIdErrors, PutUsersByIdPasswordData, PutUsersByIdPasswordError, PutUsersByIdPasswordErrors, PutUsersByIdPasswordResponses, PutUsersByIdResponse, PutUsersByIdResponses, PutUsersMeChannelsByPlatformData, PutUsersMeChannelsByPlatformError, PutUsersMeChannelsByPlatformErrors, PutUsersMeChannelsByPlatformResponse, PutUsersMeChannelsByPlatformResponses, PutUsersMeData, PutUsersMeError, PutUsersMeErrors, PutUsersMePasswordData, PutUsersMePasswordError, PutUsersMePasswordErrors, PutUsersMePasswordResponses, PutUsersMeResponse, PutUsersMeResponses, ScheduleCreateRequest, ScheduleListResponse, ScheduleNullableInt, ScheduleSchedule, ScheduleUpdateRequest, SearchprovidersCreateRequest, SearchprovidersGetResponse, SearchprovidersProviderConfigSchema, SearchprovidersProviderFieldSchema, SearchprovidersProviderMeta, SearchprovidersProviderName, SearchprovidersUpdateRequest, SettingsSettings, SettingsUpsertRequest, SubagentAddSkillsRequest, SubagentContextResponse, SubagentCreateRequest, SubagentListResponse, SubagentSkillsResponse, SubagentSubagent, SubagentUpdateContextRequest, SubagentUpdateRequest, SubagentUpdateSkillsRequest, TtsCreateModelRequest, TtsCreateProviderRequest, TtsModelCapabilities, TtsModelInfo, TtsModelResponse, TtsParamConstraint, TtsProviderMetaResponse, TtsProviderResponse, TtsTestSynthesizeRequest, TtsUpdateModelRequest, TtsUpdateProviderRequest, TtsVoiceInfo } from './types.gen';
diff --git a/packages/sdk/src/sdk.gen.ts b/packages/sdk/src/sdk.gen.ts
index 1e8ab865..2959a578 100644
--- a/packages/sdk/src/sdk.gen.ts
+++ b/packages/sdk/src/sdk.gen.ts
@@ -2,7 +2,7 @@
 
 import { type Client, formDataBodySerializer, type Options as Options2, type TDataShape } from './client';
 import { client } from './client.gen';
-import type { DeleteBotsByBotIdContainerData, DeleteBotsByBotIdContainerErrors, DeleteBotsByBotIdContainerResponses, DeleteBotsByBotIdContainerSkillsData, DeleteBotsByBotIdContainerSkillsErrors, DeleteBotsByBotIdContainerSkillsResponses, DeleteBotsByBotIdEmailBindingsByIdData, DeleteBotsByBotIdEmailBindingsByIdErrors, DeleteBotsByBotIdEmailBindingsByIdResponses, DeleteBotsByBotIdHeartbeatLogsData, DeleteBotsByBotIdHeartbeatLogsErrors, DeleteBotsByBotIdHeartbeatLogsResponses, DeleteBotsByBotIdInboxByIdData, DeleteBotsByBotIdInboxByIdErrors, DeleteBotsByBotIdInboxByIdResponses, DeleteBotsByBotIdMcpByIdData, DeleteBotsByBotIdMcpByIdErrors, DeleteBotsByBotIdMcpByIdOauthTokenData, DeleteBotsByBotIdMcpByIdOauthTokenErrors, DeleteBotsByBotIdMcpByIdOauthTokenResponses, DeleteBotsByBotIdMcpByIdResponses, DeleteBotsByBotIdMemoryByIdData, DeleteBotsByBotIdMemoryByIdErrors, DeleteBotsByBotIdMemoryByIdResponses, DeleteBotsByBotIdMemoryData, DeleteBotsByBotIdMemoryErrors, DeleteBotsByBotIdMemoryResponses, DeleteBotsByBotIdMessagesData, DeleteBotsByBotIdMessagesErrors, DeleteBotsByBotIdMessagesResponses, DeleteBotsByBotIdScheduleByIdData, DeleteBotsByBotIdScheduleByIdErrors, DeleteBotsByBotIdScheduleByIdResponses, DeleteBotsByBotIdSettingsData, DeleteBotsByBotIdSettingsErrors, DeleteBotsByBotIdSettingsResponses, DeleteBotsByBotIdSubagentsByIdData, DeleteBotsByBotIdSubagentsByIdErrors, DeleteBotsByBotIdSubagentsByIdResponses, DeleteBotsByIdChannelByPlatformData, DeleteBotsByIdChannelByPlatformErrors, DeleteBotsByIdChannelByPlatformResponses, DeleteBotsByIdData, DeleteBotsByIdErrors, DeleteBotsByIdMembersByUserIdData, DeleteBotsByIdMembersByUserIdErrors, DeleteBotsByIdMembersByUserIdResponses, DeleteBotsByIdResponses, DeleteBrowserContextsByIdData, DeleteBrowserContextsByIdErrors, DeleteBrowserContextsByIdResponses, DeleteEmailProvidersByIdData, DeleteEmailProvidersByIdErrors, DeleteEmailProvidersByIdOauthTokenData, DeleteEmailProvidersByIdOauthTokenErrors, DeleteEmailProvidersByIdOauthTokenResponses, DeleteEmailProvidersByIdResponses, DeleteMemoryProvidersByIdData, DeleteMemoryProvidersByIdErrors, DeleteMemoryProvidersByIdResponses, DeleteModelsByIdData, DeleteModelsByIdErrors, DeleteModelsByIdResponses, DeleteModelsModelByModelIdData, DeleteModelsModelByModelIdErrors, DeleteModelsModelByModelIdResponses, DeleteProvidersByIdData, DeleteProvidersByIdErrors, DeleteProvidersByIdResponses, DeleteSearchProvidersByIdData, DeleteSearchProvidersByIdErrors, DeleteSearchProvidersByIdResponses, DeleteTtsModelsByIdData, DeleteTtsModelsByIdErrors, DeleteTtsModelsByIdResponses, DeleteTtsProvidersByIdData, DeleteTtsProvidersByIdErrors, DeleteTtsProvidersByIdResponses, GetBotsByBotIdCliStreamData, GetBotsByBotIdCliStreamErrors, GetBotsByBotIdCliStreamResponses, GetBotsByBotIdCliWsData, GetBotsByBotIdCliWsErrors, GetBotsByBotIdContainerData, GetBotsByBotIdContainerErrors, GetBotsByBotIdContainerFsData, GetBotsByBotIdContainerFsDownloadData, GetBotsByBotIdContainerFsDownloadErrors, GetBotsByBotIdContainerFsDownloadResponses, GetBotsByBotIdContainerFsErrors, GetBotsByBotIdContainerFsListData, GetBotsByBotIdContainerFsListErrors, GetBotsByBotIdContainerFsListResponses, GetBotsByBotIdContainerFsReadData, GetBotsByBotIdContainerFsReadErrors, GetBotsByBotIdContainerFsReadResponses, GetBotsByBotIdContainerFsResponses, GetBotsByBotIdContainerResponses, GetBotsByBotIdContainerSkillsData, GetBotsByBotIdContainerSkillsErrors, GetBotsByBotIdContainerSkillsResponses, GetBotsByBotIdContainerSnapshotsData, GetBotsByBotIdContainerSnapshotsErrors, GetBotsByBotIdContainerSnapshotsResponses, GetBotsByBotIdContainerTerminalData, GetBotsByBotIdContainerTerminalErrors, GetBotsByBotIdContainerTerminalResponses, GetBotsByBotIdContainerTerminalWsData, GetBotsByBotIdContainerTerminalWsErrors, GetBotsByBotIdEmailBindingsData, GetBotsByBotIdEmailBindingsErrors, GetBotsByBotIdEmailBindingsResponses, GetBotsByBotIdEmailOutboxByIdData, GetBotsByBotIdEmailOutboxByIdErrors, GetBotsByBotIdEmailOutboxByIdResponses, GetBotsByBotIdEmailOutboxData, GetBotsByBotIdEmailOutboxErrors, GetBotsByBotIdEmailOutboxResponses, GetBotsByBotIdHeartbeatLogsData, GetBotsByBotIdHeartbeatLogsErrors, GetBotsByBotIdHeartbeatLogsResponses, GetBotsByBotIdInboxByIdData, GetBotsByBotIdInboxByIdErrors, GetBotsByBotIdInboxByIdResponses, GetBotsByBotIdInboxCountData, GetBotsByBotIdInboxCountErrors, GetBotsByBotIdInboxCountResponses, GetBotsByBotIdInboxData, GetBotsByBotIdInboxErrors, GetBotsByBotIdInboxResponses, GetBotsByBotIdMcpByIdData, GetBotsByBotIdMcpByIdErrors, GetBotsByBotIdMcpByIdOauthStatusData, GetBotsByBotIdMcpByIdOauthStatusErrors, GetBotsByBotIdMcpByIdOauthStatusResponses, GetBotsByBotIdMcpByIdResponses, GetBotsByBotIdMcpData, GetBotsByBotIdMcpErrors, GetBotsByBotIdMcpExportData, GetBotsByBotIdMcpExportErrors, GetBotsByBotIdMcpExportResponses, GetBotsByBotIdMcpResponses, GetBotsByBotIdMemoryData, GetBotsByBotIdMemoryErrors, GetBotsByBotIdMemoryResponses, GetBotsByBotIdMemoryStatusData, GetBotsByBotIdMemoryStatusErrors, GetBotsByBotIdMemoryStatusResponses, GetBotsByBotIdMemoryUsageData, GetBotsByBotIdMemoryUsageErrors, GetBotsByBotIdMemoryUsageResponses, GetBotsByBotIdMessagesData, GetBotsByBotIdMessagesErrors, GetBotsByBotIdMessagesResponses, GetBotsByBotIdScheduleByIdData, GetBotsByBotIdScheduleByIdErrors, GetBotsByBotIdScheduleByIdResponses, GetBotsByBotIdScheduleData, GetBotsByBotIdScheduleErrors, GetBotsByBotIdScheduleResponses, GetBotsByBotIdSettingsData, GetBotsByBotIdSettingsErrors, GetBotsByBotIdSettingsResponses, GetBotsByBotIdSubagentsByIdContextData, GetBotsByBotIdSubagentsByIdContextErrors, GetBotsByBotIdSubagentsByIdContextResponses, GetBotsByBotIdSubagentsByIdData, GetBotsByBotIdSubagentsByIdErrors, GetBotsByBotIdSubagentsByIdResponses, GetBotsByBotIdSubagentsByIdSkillsData, GetBotsByBotIdSubagentsByIdSkillsErrors, GetBotsByBotIdSubagentsByIdSkillsResponses, GetBotsByBotIdSubagentsData, GetBotsByBotIdSubagentsErrors, GetBotsByBotIdSubagentsResponses, GetBotsByBotIdTokenUsageData, GetBotsByBotIdTokenUsageErrors, GetBotsByBotIdTokenUsageResponses, GetBotsByBotIdWebStreamData, GetBotsByBotIdWebStreamErrors, GetBotsByBotIdWebStreamResponses, GetBotsByBotIdWebWsData, GetBotsByBotIdWebWsErrors, GetBotsByIdChannelByPlatformData, GetBotsByIdChannelByPlatformErrors, GetBotsByIdChannelByPlatformResponses, GetBotsByIdChecksData, GetBotsByIdChecksErrors, GetBotsByIdChecksResponses, GetBotsByIdData, GetBotsByIdErrors, GetBotsByIdMembersData, GetBotsByIdMembersErrors, GetBotsByIdMembersResponses, GetBotsByIdResponses, GetBotsData, GetBotsErrors, GetBotsResponses, GetBrowserContextsByIdData, GetBrowserContextsByIdErrors, GetBrowserContextsByIdResponses, GetBrowserContextsCoresData, GetBrowserContextsCoresErrors, GetBrowserContextsCoresResponses, GetBrowserContextsData, GetBrowserContextsErrors, GetBrowserContextsResponses, GetChannelsByPlatformData, GetChannelsByPlatformErrors, GetChannelsByPlatformResponses, GetChannelsData, GetChannelsErrors, GetChannelsResponses, GetEmailOauthCallbackData, GetEmailOauthCallbackErrors, GetEmailOauthCallbackResponses, GetEmailProvidersByIdData, GetEmailProvidersByIdErrors, GetEmailProvidersByIdOauthAuthorizeData, GetEmailProvidersByIdOauthAuthorizeErrors, GetEmailProvidersByIdOauthAuthorizeResponses, GetEmailProvidersByIdOauthStatusData, GetEmailProvidersByIdOauthStatusErrors, GetEmailProvidersByIdOauthStatusResponses, GetEmailProvidersByIdResponses, GetEmailProvidersData, GetEmailProvidersErrors, GetEmailProvidersMetaData, GetEmailProvidersMetaResponses, GetEmailProvidersResponses, GetMemoryProvidersByIdData, GetMemoryProvidersByIdErrors, GetMemoryProvidersByIdResponses, GetMemoryProvidersByIdStatusData, GetMemoryProvidersByIdStatusErrors, GetMemoryProvidersByIdStatusResponses, GetMemoryProvidersData, GetMemoryProvidersErrors, GetMemoryProvidersMetaData, GetMemoryProvidersMetaResponses, GetMemoryProvidersResponses, GetModelsByIdData, GetModelsByIdErrors, GetModelsByIdResponses, GetModelsCountData, GetModelsCountErrors, GetModelsCountResponses, GetModelsData, GetModelsErrors, GetModelsModelByModelIdData, GetModelsModelByModelIdErrors, GetModelsModelByModelIdResponses, GetModelsResponses, GetPingData, GetPingResponses, GetProvidersByIdData, GetProvidersByIdErrors, GetProvidersByIdModelsData, GetProvidersByIdModelsErrors, GetProvidersByIdModelsResponses, GetProvidersByIdResponses, GetProvidersCountData, GetProvidersCountErrors, GetProvidersCountResponses, GetProvidersData, GetProvidersErrors, GetProvidersNameByNameData, GetProvidersNameByNameErrors, GetProvidersNameByNameResponses, GetProvidersResponses, GetSearchProvidersByIdData, GetSearchProvidersByIdErrors, GetSearchProvidersByIdResponses, GetSearchProvidersData, GetSearchProvidersErrors, GetSearchProvidersMetaData, GetSearchProvidersMetaResponses, GetSearchProvidersResponses, GetTtsModelsByIdCapabilitiesData, GetTtsModelsByIdCapabilitiesErrors, GetTtsModelsByIdCapabilitiesResponses, GetTtsModelsByIdData, GetTtsModelsByIdErrors, GetTtsModelsByIdResponses, GetTtsModelsData, GetTtsModelsErrors, GetTtsModelsResponses, GetTtsProvidersByIdData, GetTtsProvidersByIdErrors, GetTtsProvidersByIdModelsData, GetTtsProvidersByIdModelsErrors, GetTtsProvidersByIdModelsResponses, GetTtsProvidersByIdResponses, GetTtsProvidersData, GetTtsProvidersErrors, GetTtsProvidersMetaData, GetTtsProvidersMetaResponses, GetTtsProvidersResponses, GetUsersByIdData, GetUsersByIdErrors, GetUsersByIdResponses, GetUsersData, GetUsersErrors, GetUsersMeChannelsByPlatformData, GetUsersMeChannelsByPlatformErrors, GetUsersMeChannelsByPlatformResponses, GetUsersMeData, GetUsersMeErrors, GetUsersMeIdentitiesData, GetUsersMeIdentitiesErrors, GetUsersMeIdentitiesResponses, GetUsersMeResponses, GetUsersResponses, PatchBotsByIdChannelByPlatformStatusData, PatchBotsByIdChannelByPlatformStatusErrors, PatchBotsByIdChannelByPlatformStatusResponses, PostAuthLoginData, PostAuthLoginErrors, PostAuthLoginResponses, PostAuthRefreshData, PostAuthRefreshErrors, PostAuthRefreshResponses, PostBotsByBotIdCliMessagesData, PostBotsByBotIdCliMessagesErrors, PostBotsByBotIdCliMessagesResponses, PostBotsByBotIdContainerData, PostBotsByBotIdContainerDataExportData, PostBotsByBotIdContainerDataExportErrors, PostBotsByBotIdContainerDataExportResponses, PostBotsByBotIdContainerDataImportData, PostBotsByBotIdContainerDataImportErrors, PostBotsByBotIdContainerDataImportResponses, PostBotsByBotIdContainerDataRestoreData, PostBotsByBotIdContainerDataRestoreErrors, PostBotsByBotIdContainerDataRestoreResponses, PostBotsByBotIdContainerErrors, PostBotsByBotIdContainerFsDeleteData, PostBotsByBotIdContainerFsDeleteErrors, PostBotsByBotIdContainerFsDeleteResponses, PostBotsByBotIdContainerFsMkdirData, PostBotsByBotIdContainerFsMkdirErrors, PostBotsByBotIdContainerFsMkdirResponses, PostBotsByBotIdContainerFsRenameData, PostBotsByBotIdContainerFsRenameErrors, PostBotsByBotIdContainerFsRenameResponses, PostBotsByBotIdContainerFsUploadData, PostBotsByBotIdContainerFsUploadErrors, PostBotsByBotIdContainerFsUploadResponses, PostBotsByBotIdContainerFsWriteData, PostBotsByBotIdContainerFsWriteErrors, PostBotsByBotIdContainerFsWriteResponses, PostBotsByBotIdContainerResponses, PostBotsByBotIdContainerSkillsData, PostBotsByBotIdContainerSkillsErrors, PostBotsByBotIdContainerSkillsResponses, PostBotsByBotIdContainerSnapshotsData, PostBotsByBotIdContainerSnapshotsErrors, PostBotsByBotIdContainerSnapshotsResponses, PostBotsByBotIdContainerSnapshotsRollbackData, PostBotsByBotIdContainerSnapshotsRollbackErrors, PostBotsByBotIdContainerSnapshotsRollbackResponses, PostBotsByBotIdContainerStartData, PostBotsByBotIdContainerStartErrors, PostBotsByBotIdContainerStartResponses, PostBotsByBotIdContainerStopData, PostBotsByBotIdContainerStopErrors, PostBotsByBotIdContainerStopResponses, PostBotsByBotIdEmailBindingsData, PostBotsByBotIdEmailBindingsErrors, PostBotsByBotIdEmailBindingsResponses, PostBotsByBotIdInboxData, PostBotsByBotIdInboxErrors, PostBotsByBotIdInboxMarkReadData, PostBotsByBotIdInboxMarkReadErrors, PostBotsByBotIdInboxMarkReadResponses, PostBotsByBotIdInboxResponses, PostBotsByBotIdMcpByIdOauthAuthorizeData, PostBotsByBotIdMcpByIdOauthAuthorizeErrors, PostBotsByBotIdMcpByIdOauthAuthorizeResponses, PostBotsByBotIdMcpByIdOauthDiscoverData, PostBotsByBotIdMcpByIdOauthDiscoverErrors, PostBotsByBotIdMcpByIdOauthDiscoverResponses, PostBotsByBotIdMcpByIdOauthExchangeData, PostBotsByBotIdMcpByIdOauthExchangeErrors, PostBotsByBotIdMcpByIdOauthExchangeResponses, PostBotsByBotIdMcpByIdProbeData, PostBotsByBotIdMcpByIdProbeErrors, PostBotsByBotIdMcpByIdProbeResponses, PostBotsByBotIdMcpData, PostBotsByBotIdMcpErrors, PostBotsByBotIdMcpOpsBatchDeleteData, PostBotsByBotIdMcpOpsBatchDeleteErrors, PostBotsByBotIdMcpOpsBatchDeleteResponses, PostBotsByBotIdMcpResponses, PostBotsByBotIdMcpStdioByConnectionIdData, PostBotsByBotIdMcpStdioByConnectionIdErrors, PostBotsByBotIdMcpStdioByConnectionIdResponses, PostBotsByBotIdMcpStdioData, PostBotsByBotIdMcpStdioErrors, PostBotsByBotIdMcpStdioResponses, PostBotsByBotIdMemoryCompactData, PostBotsByBotIdMemoryCompactErrors, PostBotsByBotIdMemoryCompactResponses, PostBotsByBotIdMemoryData, PostBotsByBotIdMemoryErrors, PostBotsByBotIdMemoryRebuildData, PostBotsByBotIdMemoryRebuildErrors, PostBotsByBotIdMemoryRebuildResponses, PostBotsByBotIdMemoryResponses, PostBotsByBotIdMemorySearchData, PostBotsByBotIdMemorySearchErrors, PostBotsByBotIdMemorySearchResponses, PostBotsByBotIdScheduleData, PostBotsByBotIdScheduleErrors, PostBotsByBotIdScheduleResponses, PostBotsByBotIdSettingsData, PostBotsByBotIdSettingsErrors, PostBotsByBotIdSettingsResponses, PostBotsByBotIdSubagentsByIdSkillsData, PostBotsByBotIdSubagentsByIdSkillsErrors, PostBotsByBotIdSubagentsByIdSkillsResponses, PostBotsByBotIdSubagentsData, PostBotsByBotIdSubagentsErrors, PostBotsByBotIdSubagentsResponses, PostBotsByBotIdToolsData, PostBotsByBotIdToolsErrors, PostBotsByBotIdToolsResponses, PostBotsByBotIdTtsSynthesizeData, PostBotsByBotIdTtsSynthesizeErrors, PostBotsByBotIdTtsSynthesizeResponses, PostBotsByBotIdWebMessagesData, PostBotsByBotIdWebMessagesErrors, PostBotsByBotIdWebMessagesResponses, PostBotsByIdChannelByPlatformSendChatData, PostBotsByIdChannelByPlatformSendChatErrors, PostBotsByIdChannelByPlatformSendChatResponses, PostBotsByIdChannelByPlatformSendData, PostBotsByIdChannelByPlatformSendErrors, PostBotsByIdChannelByPlatformSendResponses, PostBotsData, PostBotsErrors, PostBotsResponses, PostBrowserContextsData, PostBrowserContextsErrors, PostBrowserContextsResponses, PostEmailMailgunWebhookByConfigIdData, PostEmailMailgunWebhookByConfigIdErrors, PostEmailMailgunWebhookByConfigIdResponses, PostEmailProvidersData, PostEmailProvidersErrors, PostEmailProvidersResponses, PostMemoryProvidersData, PostMemoryProvidersErrors, PostMemoryProvidersResponses, PostModelsByIdTestData, PostModelsByIdTestErrors, PostModelsByIdTestResponses, PostModelsData, PostModelsErrors, PostModelsResponses, PostProvidersByIdImportModelsData, PostProvidersByIdImportModelsErrors, PostProvidersByIdImportModelsResponses, PostProvidersByIdTestData, PostProvidersByIdTestErrors, PostProvidersByIdTestResponses, PostProvidersData, PostProvidersErrors, PostProvidersResponses, PostSearchProvidersData, PostSearchProvidersErrors, PostSearchProvidersResponses, PostTtsModelsByIdTestData, PostTtsModelsByIdTestErrors, PostTtsModelsByIdTestResponses, PostTtsModelsData, PostTtsModelsErrors, PostTtsModelsResponses, PostTtsProvidersByIdImportModelsData, PostTtsProvidersByIdImportModelsErrors, PostTtsProvidersByIdImportModelsResponses, PostTtsProvidersData, PostTtsProvidersErrors, PostTtsProvidersResponses, PostUsersData, PostUsersErrors, PostUsersResponses, PutBotsByBotIdEmailBindingsByIdData, PutBotsByBotIdEmailBindingsByIdErrors, PutBotsByBotIdEmailBindingsByIdResponses, PutBotsByBotIdMcpByIdData, PutBotsByBotIdMcpByIdErrors, PutBotsByBotIdMcpByIdResponses, PutBotsByBotIdMcpImportData, PutBotsByBotIdMcpImportErrors, PutBotsByBotIdMcpImportResponses, PutBotsByBotIdScheduleByIdData, PutBotsByBotIdScheduleByIdErrors, PutBotsByBotIdScheduleByIdResponses, PutBotsByBotIdSettingsData, PutBotsByBotIdSettingsErrors, PutBotsByBotIdSettingsResponses, PutBotsByBotIdSubagentsByIdContextData, PutBotsByBotIdSubagentsByIdContextErrors, PutBotsByBotIdSubagentsByIdContextResponses, PutBotsByBotIdSubagentsByIdData, PutBotsByBotIdSubagentsByIdErrors, PutBotsByBotIdSubagentsByIdResponses, PutBotsByBotIdSubagentsByIdSkillsData, PutBotsByBotIdSubagentsByIdSkillsErrors, PutBotsByBotIdSubagentsByIdSkillsResponses, PutBotsByIdChannelByPlatformData, PutBotsByIdChannelByPlatformErrors, PutBotsByIdChannelByPlatformResponses, PutBotsByIdData, PutBotsByIdErrors, PutBotsByIdMembersData, PutBotsByIdMembersErrors, PutBotsByIdMembersResponses, PutBotsByIdOwnerData, PutBotsByIdOwnerErrors, PutBotsByIdOwnerResponses, PutBotsByIdResponses, PutBrowserContextsByIdData, PutBrowserContextsByIdErrors, PutBrowserContextsByIdResponses, PutEmailProvidersByIdData, PutEmailProvidersByIdErrors, PutEmailProvidersByIdResponses, PutMemoryProvidersByIdData, PutMemoryProvidersByIdErrors, PutMemoryProvidersByIdResponses, PutModelsByIdData, PutModelsByIdErrors, PutModelsByIdResponses, PutModelsModelByModelIdData, PutModelsModelByModelIdErrors, PutModelsModelByModelIdResponses, PutProvidersByIdData, PutProvidersByIdErrors, PutProvidersByIdResponses, PutSearchProvidersByIdData, PutSearchProvidersByIdErrors, PutSearchProvidersByIdResponses, PutTtsModelsByIdData, PutTtsModelsByIdErrors, PutTtsModelsByIdResponses, PutTtsProvidersByIdData, PutTtsProvidersByIdErrors, PutTtsProvidersByIdResponses, PutUsersByIdData, PutUsersByIdErrors, PutUsersByIdPasswordData, PutUsersByIdPasswordErrors, PutUsersByIdPasswordResponses, PutUsersByIdResponses, PutUsersMeChannelsByPlatformData, PutUsersMeChannelsByPlatformErrors, PutUsersMeChannelsByPlatformResponses, PutUsersMeData, PutUsersMeErrors, PutUsersMePasswordData, PutUsersMePasswordErrors, PutUsersMePasswordResponses, PutUsersMeResponses } from './types.gen';
+import type { DeleteBotsByBotIdBlacklistByRuleIdData, DeleteBotsByBotIdBlacklistByRuleIdErrors, DeleteBotsByBotIdBlacklistByRuleIdResponses, DeleteBotsByBotIdContainerData, DeleteBotsByBotIdContainerErrors, DeleteBotsByBotIdContainerResponses, DeleteBotsByBotIdContainerSkillsData, DeleteBotsByBotIdContainerSkillsErrors, DeleteBotsByBotIdContainerSkillsResponses, DeleteBotsByBotIdEmailBindingsByIdData, DeleteBotsByBotIdEmailBindingsByIdErrors, DeleteBotsByBotIdEmailBindingsByIdResponses, DeleteBotsByBotIdHeartbeatLogsData, DeleteBotsByBotIdHeartbeatLogsErrors, DeleteBotsByBotIdHeartbeatLogsResponses, DeleteBotsByBotIdInboxByIdData, DeleteBotsByBotIdInboxByIdErrors, DeleteBotsByBotIdInboxByIdResponses, DeleteBotsByBotIdMcpByIdData, DeleteBotsByBotIdMcpByIdErrors, DeleteBotsByBotIdMcpByIdOauthTokenData, DeleteBotsByBotIdMcpByIdOauthTokenErrors, DeleteBotsByBotIdMcpByIdOauthTokenResponses, DeleteBotsByBotIdMcpByIdResponses, DeleteBotsByBotIdMemoryByIdData, DeleteBotsByBotIdMemoryByIdErrors, DeleteBotsByBotIdMemoryByIdResponses, DeleteBotsByBotIdMemoryData, DeleteBotsByBotIdMemoryErrors, DeleteBotsByBotIdMemoryResponses, DeleteBotsByBotIdMessagesData, DeleteBotsByBotIdMessagesErrors, DeleteBotsByBotIdMessagesResponses, DeleteBotsByBotIdScheduleByIdData, DeleteBotsByBotIdScheduleByIdErrors, DeleteBotsByBotIdScheduleByIdResponses, DeleteBotsByBotIdSettingsData, DeleteBotsByBotIdSettingsErrors, DeleteBotsByBotIdSettingsResponses, DeleteBotsByBotIdSubagentsByIdData, DeleteBotsByBotIdSubagentsByIdErrors, DeleteBotsByBotIdSubagentsByIdResponses, DeleteBotsByBotIdWhitelistByRuleIdData, DeleteBotsByBotIdWhitelistByRuleIdErrors, DeleteBotsByBotIdWhitelistByRuleIdResponses, DeleteBotsByIdChannelByPlatformData, DeleteBotsByIdChannelByPlatformErrors, DeleteBotsByIdChannelByPlatformResponses, DeleteBotsByIdData, DeleteBotsByIdErrors, DeleteBotsByIdResponses, DeleteBrowserContextsByIdData, DeleteBrowserContextsByIdErrors, DeleteBrowserContextsByIdResponses, DeleteEmailProvidersByIdData, DeleteEmailProvidersByIdErrors, DeleteEmailProvidersByIdOauthTokenData, DeleteEmailProvidersByIdOauthTokenErrors, DeleteEmailProvidersByIdOauthTokenResponses, DeleteEmailProvidersByIdResponses, DeleteMemoryProvidersByIdData, DeleteMemoryProvidersByIdErrors, DeleteMemoryProvidersByIdResponses, DeleteModelsByIdData, DeleteModelsByIdErrors, DeleteModelsByIdResponses, DeleteModelsModelByModelIdData, DeleteModelsModelByModelIdErrors, DeleteModelsModelByModelIdResponses, DeleteProvidersByIdData, DeleteProvidersByIdErrors, DeleteProvidersByIdResponses, DeleteSearchProvidersByIdData, DeleteSearchProvidersByIdErrors, DeleteSearchProvidersByIdResponses, DeleteTtsModelsByIdData, DeleteTtsModelsByIdErrors, DeleteTtsModelsByIdResponses, DeleteTtsProvidersByIdData, DeleteTtsProvidersByIdErrors, DeleteTtsProvidersByIdResponses, GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsData, GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsErrors, GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsResponses, GetBotsByBotIdAccessChannelIdentitiesData, GetBotsByBotIdAccessChannelIdentitiesErrors, GetBotsByBotIdAccessChannelIdentitiesResponses, GetBotsByBotIdAccessUsersData, GetBotsByBotIdAccessUsersErrors, GetBotsByBotIdAccessUsersResponses, GetBotsByBotIdBlacklistData, GetBotsByBotIdBlacklistErrors, GetBotsByBotIdBlacklistResponses, GetBotsByBotIdCliStreamData, GetBotsByBotIdCliStreamErrors, GetBotsByBotIdCliStreamResponses, GetBotsByBotIdCliWsData, GetBotsByBotIdCliWsErrors, GetBotsByBotIdContainerData, GetBotsByBotIdContainerErrors, GetBotsByBotIdContainerFsData, GetBotsByBotIdContainerFsDownloadData, GetBotsByBotIdContainerFsDownloadErrors, GetBotsByBotIdContainerFsDownloadResponses, GetBotsByBotIdContainerFsErrors, GetBotsByBotIdContainerFsListData, GetBotsByBotIdContainerFsListErrors, GetBotsByBotIdContainerFsListResponses, GetBotsByBotIdContainerFsReadData, GetBotsByBotIdContainerFsReadErrors, GetBotsByBotIdContainerFsReadResponses, GetBotsByBotIdContainerFsResponses, GetBotsByBotIdContainerResponses, GetBotsByBotIdContainerSkillsData, GetBotsByBotIdContainerSkillsErrors, GetBotsByBotIdContainerSkillsResponses, GetBotsByBotIdContainerSnapshotsData, GetBotsByBotIdContainerSnapshotsErrors, GetBotsByBotIdContainerSnapshotsResponses, GetBotsByBotIdContainerTerminalData, GetBotsByBotIdContainerTerminalErrors, GetBotsByBotIdContainerTerminalResponses, GetBotsByBotIdContainerTerminalWsData, GetBotsByBotIdContainerTerminalWsErrors, GetBotsByBotIdEmailBindingsData, GetBotsByBotIdEmailBindingsErrors, GetBotsByBotIdEmailBindingsResponses, GetBotsByBotIdEmailOutboxByIdData, GetBotsByBotIdEmailOutboxByIdErrors, GetBotsByBotIdEmailOutboxByIdResponses, GetBotsByBotIdEmailOutboxData, GetBotsByBotIdEmailOutboxErrors, GetBotsByBotIdEmailOutboxResponses, GetBotsByBotIdHeartbeatLogsData, GetBotsByBotIdHeartbeatLogsErrors, GetBotsByBotIdHeartbeatLogsResponses, GetBotsByBotIdInboxByIdData, GetBotsByBotIdInboxByIdErrors, GetBotsByBotIdInboxByIdResponses, GetBotsByBotIdInboxCountData, GetBotsByBotIdInboxCountErrors, GetBotsByBotIdInboxCountResponses, GetBotsByBotIdInboxData, GetBotsByBotIdInboxErrors, GetBotsByBotIdInboxResponses, GetBotsByBotIdMcpByIdData, GetBotsByBotIdMcpByIdErrors, GetBotsByBotIdMcpByIdOauthStatusData, GetBotsByBotIdMcpByIdOauthStatusErrors, GetBotsByBotIdMcpByIdOauthStatusResponses, GetBotsByBotIdMcpByIdResponses, GetBotsByBotIdMcpData, GetBotsByBotIdMcpErrors, GetBotsByBotIdMcpExportData, GetBotsByBotIdMcpExportErrors, GetBotsByBotIdMcpExportResponses, GetBotsByBotIdMcpResponses, GetBotsByBotIdMemoryData, GetBotsByBotIdMemoryErrors, GetBotsByBotIdMemoryResponses, GetBotsByBotIdMemoryStatusData, GetBotsByBotIdMemoryStatusErrors, GetBotsByBotIdMemoryStatusResponses, GetBotsByBotIdMemoryUsageData, GetBotsByBotIdMemoryUsageErrors, GetBotsByBotIdMemoryUsageResponses, GetBotsByBotIdMessagesData, GetBotsByBotIdMessagesErrors, GetBotsByBotIdMessagesResponses, GetBotsByBotIdScheduleByIdData, GetBotsByBotIdScheduleByIdErrors, GetBotsByBotIdScheduleByIdResponses, GetBotsByBotIdScheduleData, GetBotsByBotIdScheduleErrors, GetBotsByBotIdScheduleResponses, GetBotsByBotIdSettingsData, GetBotsByBotIdSettingsErrors, GetBotsByBotIdSettingsResponses, GetBotsByBotIdSubagentsByIdContextData, GetBotsByBotIdSubagentsByIdContextErrors, GetBotsByBotIdSubagentsByIdContextResponses, GetBotsByBotIdSubagentsByIdData, GetBotsByBotIdSubagentsByIdErrors, GetBotsByBotIdSubagentsByIdResponses, GetBotsByBotIdSubagentsByIdSkillsData, GetBotsByBotIdSubagentsByIdSkillsErrors, GetBotsByBotIdSubagentsByIdSkillsResponses, GetBotsByBotIdSubagentsData, GetBotsByBotIdSubagentsErrors, GetBotsByBotIdSubagentsResponses, GetBotsByBotIdTokenUsageData, GetBotsByBotIdTokenUsageErrors, GetBotsByBotIdTokenUsageResponses, GetBotsByBotIdWebStreamData, GetBotsByBotIdWebStreamErrors, GetBotsByBotIdWebStreamResponses, GetBotsByBotIdWebWsData, GetBotsByBotIdWebWsErrors, GetBotsByBotIdWhitelistData, GetBotsByBotIdWhitelistErrors, GetBotsByBotIdWhitelistResponses, GetBotsByIdChannelByPlatformData, GetBotsByIdChannelByPlatformErrors, GetBotsByIdChannelByPlatformResponses, GetBotsByIdChecksData, GetBotsByIdChecksErrors, GetBotsByIdChecksResponses, GetBotsByIdData, GetBotsByIdErrors, GetBotsByIdResponses, GetBotsData, GetBotsErrors, GetBotsResponses, GetBrowserContextsByIdData, GetBrowserContextsByIdErrors, GetBrowserContextsByIdResponses, GetBrowserContextsCoresData, GetBrowserContextsCoresErrors, GetBrowserContextsCoresResponses, GetBrowserContextsData, GetBrowserContextsErrors, GetBrowserContextsResponses, GetChannelsByPlatformData, GetChannelsByPlatformErrors, GetChannelsByPlatformResponses, GetChannelsData, GetChannelsErrors, GetChannelsResponses, GetEmailOauthCallbackData, GetEmailOauthCallbackErrors, GetEmailOauthCallbackResponses, GetEmailProvidersByIdData, GetEmailProvidersByIdErrors, GetEmailProvidersByIdOauthAuthorizeData, GetEmailProvidersByIdOauthAuthorizeErrors, GetEmailProvidersByIdOauthAuthorizeResponses, GetEmailProvidersByIdOauthStatusData, GetEmailProvidersByIdOauthStatusErrors, GetEmailProvidersByIdOauthStatusResponses, GetEmailProvidersByIdResponses, GetEmailProvidersData, GetEmailProvidersErrors, GetEmailProvidersMetaData, GetEmailProvidersMetaResponses, GetEmailProvidersResponses, GetMemoryProvidersByIdData, GetMemoryProvidersByIdErrors, GetMemoryProvidersByIdResponses, GetMemoryProvidersByIdStatusData, GetMemoryProvidersByIdStatusErrors, GetMemoryProvidersByIdStatusResponses, GetMemoryProvidersData, GetMemoryProvidersErrors, GetMemoryProvidersMetaData, GetMemoryProvidersMetaResponses, GetMemoryProvidersResponses, GetModelsByIdData, GetModelsByIdErrors, GetModelsByIdResponses, GetModelsCountData, GetModelsCountErrors, GetModelsCountResponses, GetModelsData, GetModelsErrors, GetModelsModelByModelIdData, GetModelsModelByModelIdErrors, GetModelsModelByModelIdResponses, GetModelsResponses, GetPingData, GetPingResponses, GetProvidersByIdData, GetProvidersByIdErrors, GetProvidersByIdModelsData, GetProvidersByIdModelsErrors, GetProvidersByIdModelsResponses, GetProvidersByIdResponses, GetProvidersCountData, GetProvidersCountErrors, GetProvidersCountResponses, GetProvidersData, GetProvidersErrors, GetProvidersNameByNameData, GetProvidersNameByNameErrors, GetProvidersNameByNameResponses, GetProvidersResponses, GetSearchProvidersByIdData, GetSearchProvidersByIdErrors, GetSearchProvidersByIdResponses, GetSearchProvidersData, GetSearchProvidersErrors, GetSearchProvidersMetaData, GetSearchProvidersMetaResponses, GetSearchProvidersResponses, GetTtsModelsByIdCapabilitiesData, GetTtsModelsByIdCapabilitiesErrors, GetTtsModelsByIdCapabilitiesResponses, GetTtsModelsByIdData, GetTtsModelsByIdErrors, GetTtsModelsByIdResponses, GetTtsModelsData, GetTtsModelsErrors, GetTtsModelsResponses, GetTtsProvidersByIdData, GetTtsProvidersByIdErrors, GetTtsProvidersByIdModelsData, GetTtsProvidersByIdModelsErrors, GetTtsProvidersByIdModelsResponses, GetTtsProvidersByIdResponses, GetTtsProvidersData, GetTtsProvidersErrors, GetTtsProvidersMetaData, GetTtsProvidersMetaResponses, GetTtsProvidersResponses, GetUsersByIdData, GetUsersByIdErrors, GetUsersByIdResponses, GetUsersData, GetUsersErrors, GetUsersMeChannelsByPlatformData, GetUsersMeChannelsByPlatformErrors, GetUsersMeChannelsByPlatformResponses, GetUsersMeData, GetUsersMeErrors, GetUsersMeIdentitiesData, GetUsersMeIdentitiesErrors, GetUsersMeIdentitiesResponses, GetUsersMeResponses, GetUsersResponses, PatchBotsByIdChannelByPlatformStatusData, PatchBotsByIdChannelByPlatformStatusErrors, PatchBotsByIdChannelByPlatformStatusResponses, PostAuthLoginData, PostAuthLoginErrors, PostAuthLoginResponses, PostAuthRefreshData, PostAuthRefreshErrors, PostAuthRefreshResponses, PostBotsByBotIdCliMessagesData, PostBotsByBotIdCliMessagesErrors, PostBotsByBotIdCliMessagesResponses, PostBotsByBotIdContainerData, PostBotsByBotIdContainerDataExportData, PostBotsByBotIdContainerDataExportErrors, PostBotsByBotIdContainerDataExportResponses, PostBotsByBotIdContainerDataImportData, PostBotsByBotIdContainerDataImportErrors, PostBotsByBotIdContainerDataImportResponses, PostBotsByBotIdContainerDataRestoreData, PostBotsByBotIdContainerDataRestoreErrors, PostBotsByBotIdContainerDataRestoreResponses, PostBotsByBotIdContainerErrors, PostBotsByBotIdContainerFsDeleteData, PostBotsByBotIdContainerFsDeleteErrors, PostBotsByBotIdContainerFsDeleteResponses, PostBotsByBotIdContainerFsMkdirData, PostBotsByBotIdContainerFsMkdirErrors, PostBotsByBotIdContainerFsMkdirResponses, PostBotsByBotIdContainerFsRenameData, PostBotsByBotIdContainerFsRenameErrors, PostBotsByBotIdContainerFsRenameResponses, PostBotsByBotIdContainerFsUploadData, PostBotsByBotIdContainerFsUploadErrors, PostBotsByBotIdContainerFsUploadResponses, PostBotsByBotIdContainerFsWriteData, PostBotsByBotIdContainerFsWriteErrors, PostBotsByBotIdContainerFsWriteResponses, PostBotsByBotIdContainerResponses, PostBotsByBotIdContainerSkillsData, PostBotsByBotIdContainerSkillsErrors, PostBotsByBotIdContainerSkillsResponses, PostBotsByBotIdContainerSnapshotsData, PostBotsByBotIdContainerSnapshotsErrors, PostBotsByBotIdContainerSnapshotsResponses, PostBotsByBotIdContainerSnapshotsRollbackData, PostBotsByBotIdContainerSnapshotsRollbackErrors, PostBotsByBotIdContainerSnapshotsRollbackResponses, PostBotsByBotIdContainerStartData, PostBotsByBotIdContainerStartErrors, PostBotsByBotIdContainerStartResponses, PostBotsByBotIdContainerStopData, PostBotsByBotIdContainerStopErrors, PostBotsByBotIdContainerStopResponses, PostBotsByBotIdEmailBindingsData, PostBotsByBotIdEmailBindingsErrors, PostBotsByBotIdEmailBindingsResponses, PostBotsByBotIdInboxData, PostBotsByBotIdInboxErrors, PostBotsByBotIdInboxMarkReadData, PostBotsByBotIdInboxMarkReadErrors, PostBotsByBotIdInboxMarkReadResponses, PostBotsByBotIdInboxResponses, PostBotsByBotIdMcpByIdOauthAuthorizeData, PostBotsByBotIdMcpByIdOauthAuthorizeErrors, PostBotsByBotIdMcpByIdOauthAuthorizeResponses, PostBotsByBotIdMcpByIdOauthDiscoverData, PostBotsByBotIdMcpByIdOauthDiscoverErrors, PostBotsByBotIdMcpByIdOauthDiscoverResponses, PostBotsByBotIdMcpByIdOauthExchangeData, PostBotsByBotIdMcpByIdOauthExchangeErrors, PostBotsByBotIdMcpByIdOauthExchangeResponses, PostBotsByBotIdMcpByIdProbeData, PostBotsByBotIdMcpByIdProbeErrors, PostBotsByBotIdMcpByIdProbeResponses, PostBotsByBotIdMcpData, PostBotsByBotIdMcpErrors, PostBotsByBotIdMcpOpsBatchDeleteData, PostBotsByBotIdMcpOpsBatchDeleteErrors, PostBotsByBotIdMcpOpsBatchDeleteResponses, PostBotsByBotIdMcpResponses, PostBotsByBotIdMcpStdioByConnectionIdData, PostBotsByBotIdMcpStdioByConnectionIdErrors, PostBotsByBotIdMcpStdioByConnectionIdResponses, PostBotsByBotIdMcpStdioData, PostBotsByBotIdMcpStdioErrors, PostBotsByBotIdMcpStdioResponses, PostBotsByBotIdMemoryCompactData, PostBotsByBotIdMemoryCompactErrors, PostBotsByBotIdMemoryCompactResponses, PostBotsByBotIdMemoryData, PostBotsByBotIdMemoryErrors, PostBotsByBotIdMemoryRebuildData, PostBotsByBotIdMemoryRebuildErrors, PostBotsByBotIdMemoryRebuildResponses, PostBotsByBotIdMemoryResponses, PostBotsByBotIdMemorySearchData, PostBotsByBotIdMemorySearchErrors, PostBotsByBotIdMemorySearchResponses, PostBotsByBotIdScheduleData, PostBotsByBotIdScheduleErrors, PostBotsByBotIdScheduleResponses, PostBotsByBotIdSettingsData, PostBotsByBotIdSettingsErrors, PostBotsByBotIdSettingsResponses, PostBotsByBotIdSubagentsByIdSkillsData, PostBotsByBotIdSubagentsByIdSkillsErrors, PostBotsByBotIdSubagentsByIdSkillsResponses, PostBotsByBotIdSubagentsData, PostBotsByBotIdSubagentsErrors, PostBotsByBotIdSubagentsResponses, PostBotsByBotIdToolsData, PostBotsByBotIdToolsErrors, PostBotsByBotIdToolsResponses, PostBotsByBotIdTtsSynthesizeData, PostBotsByBotIdTtsSynthesizeErrors, PostBotsByBotIdTtsSynthesizeResponses, PostBotsByBotIdWebMessagesData, PostBotsByBotIdWebMessagesErrors, PostBotsByBotIdWebMessagesResponses, PostBotsByIdChannelByPlatformSendChatData, PostBotsByIdChannelByPlatformSendChatErrors, PostBotsByIdChannelByPlatformSendChatResponses, PostBotsByIdChannelByPlatformSendData, PostBotsByIdChannelByPlatformSendErrors, PostBotsByIdChannelByPlatformSendResponses, PostBotsData, PostBotsErrors, PostBotsResponses, PostBrowserContextsData, PostBrowserContextsErrors, PostBrowserContextsResponses, PostEmailMailgunWebhookByConfigIdData, PostEmailMailgunWebhookByConfigIdErrors, PostEmailMailgunWebhookByConfigIdResponses, PostEmailProvidersData, PostEmailProvidersErrors, PostEmailProvidersResponses, PostMemoryProvidersData, PostMemoryProvidersErrors, PostMemoryProvidersResponses, PostModelsByIdTestData, PostModelsByIdTestErrors, PostModelsByIdTestResponses, PostModelsData, PostModelsErrors, PostModelsResponses, PostProvidersByIdImportModelsData, PostProvidersByIdImportModelsErrors, PostProvidersByIdImportModelsResponses, PostProvidersByIdTestData, PostProvidersByIdTestErrors, PostProvidersByIdTestResponses, PostProvidersData, PostProvidersErrors, PostProvidersResponses, PostSearchProvidersData, PostSearchProvidersErrors, PostSearchProvidersResponses, PostTtsModelsByIdTestData, PostTtsModelsByIdTestErrors, PostTtsModelsByIdTestResponses, PostTtsModelsData, PostTtsModelsErrors, PostTtsModelsResponses, PostTtsProvidersByIdImportModelsData, PostTtsProvidersByIdImportModelsErrors, PostTtsProvidersByIdImportModelsResponses, PostTtsProvidersData, PostTtsProvidersErrors, PostTtsProvidersResponses, PostUsersData, PostUsersErrors, PostUsersResponses, PutBotsByBotIdBlacklistData, PutBotsByBotIdBlacklistErrors, PutBotsByBotIdBlacklistResponses, PutBotsByBotIdEmailBindingsByIdData, PutBotsByBotIdEmailBindingsByIdErrors, PutBotsByBotIdEmailBindingsByIdResponses, PutBotsByBotIdMcpByIdData, PutBotsByBotIdMcpByIdErrors, PutBotsByBotIdMcpByIdResponses, PutBotsByBotIdMcpImportData, PutBotsByBotIdMcpImportErrors, PutBotsByBotIdMcpImportResponses, PutBotsByBotIdScheduleByIdData, PutBotsByBotIdScheduleByIdErrors, PutBotsByBotIdScheduleByIdResponses, PutBotsByBotIdSettingsData, PutBotsByBotIdSettingsErrors, PutBotsByBotIdSettingsResponses, PutBotsByBotIdSubagentsByIdContextData, PutBotsByBotIdSubagentsByIdContextErrors, PutBotsByBotIdSubagentsByIdContextResponses, PutBotsByBotIdSubagentsByIdData, PutBotsByBotIdSubagentsByIdErrors, PutBotsByBotIdSubagentsByIdResponses, PutBotsByBotIdSubagentsByIdSkillsData, PutBotsByBotIdSubagentsByIdSkillsErrors, PutBotsByBotIdSubagentsByIdSkillsResponses, PutBotsByBotIdWhitelistData, PutBotsByBotIdWhitelistErrors, PutBotsByBotIdWhitelistResponses, PutBotsByIdChannelByPlatformData, PutBotsByIdChannelByPlatformErrors, PutBotsByIdChannelByPlatformResponses, PutBotsByIdData, PutBotsByIdErrors, PutBotsByIdOwnerData, PutBotsByIdOwnerErrors, PutBotsByIdOwnerResponses, PutBotsByIdResponses, PutBrowserContextsByIdData, PutBrowserContextsByIdErrors, PutBrowserContextsByIdResponses, PutEmailProvidersByIdData, PutEmailProvidersByIdErrors, PutEmailProvidersByIdResponses, PutMemoryProvidersByIdData, PutMemoryProvidersByIdErrors, PutMemoryProvidersByIdResponses, PutModelsByIdData, PutModelsByIdErrors, PutModelsByIdResponses, PutModelsModelByModelIdData, PutModelsModelByModelIdErrors, PutModelsModelByModelIdResponses, PutProvidersByIdData, PutProvidersByIdErrors, PutProvidersByIdResponses, PutSearchProvidersByIdData, PutSearchProvidersByIdErrors, PutSearchProvidersByIdResponses, PutTtsModelsByIdData, PutTtsModelsByIdErrors, PutTtsModelsByIdResponses, PutTtsProvidersByIdData, PutTtsProvidersByIdErrors, PutTtsProvidersByIdResponses, PutUsersByIdData, PutUsersByIdErrors, PutUsersByIdPasswordData, PutUsersByIdPasswordErrors, PutUsersByIdPasswordResponses, PutUsersByIdResponses, PutUsersMeChannelsByPlatformData, PutUsersMeChannelsByPlatformErrors, PutUsersMeChannelsByPlatformResponses, PutUsersMeData, PutUsersMeErrors, PutUsersMePasswordData, PutUsersMePasswordErrors, PutUsersMePasswordResponses, PutUsersMeResponses } from './types.gen';
 
 export type Options<TData extends TDataShape = TDataShape, ThrowOnError extends boolean = boolean> = Options2<TData, ThrowOnError> & {
     /**
@@ -60,6 +60,55 @@ export const postBots = <ThrowOnError extends boolean = false>(options: Options<
     }
 });
 
+/**
+ * Search access channel identities
+ *
+ * Search locally observed channel identity candidates for bot access control
+ */
+export const getBotsByBotIdAccessChannelIdentities = <ThrowOnError extends boolean = false>(options: Options<GetBotsByBotIdAccessChannelIdentitiesData, ThrowOnError>) => (options.client ?? client).get<GetBotsByBotIdAccessChannelIdentitiesResponses, GetBotsByBotIdAccessChannelIdentitiesErrors, ThrowOnError>({ url: '/bots/{bot_id}/access/channel_identities', ...options });
+
+/**
+ * List observed conversations for a channel identity
+ *
+ * List previously observed conversation candidates for a channel identity under a bot
+ */
+export const getBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversations = <ThrowOnError extends boolean = false>(options: Options<GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsData, ThrowOnError>) => (options.client ?? client).get<GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsResponses, GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsErrors, ThrowOnError>({ url: '/bots/{bot_id}/access/channel_identities/{channel_identity_id}/conversations', ...options });
+
+/**
+ * Search access users
+ *
+ * Search user candidates for bot access control
+ */
+export const getBotsByBotIdAccessUsers = <ThrowOnError extends boolean = false>(options: Options<GetBotsByBotIdAccessUsersData, ThrowOnError>) => (options.client ?? client).get<GetBotsByBotIdAccessUsersResponses, GetBotsByBotIdAccessUsersErrors, ThrowOnError>({ url: '/bots/{bot_id}/access/users', ...options });
+
+/**
+ * List bot blacklist
+ *
+ * List guest deny rules for chat trigger
+ */
+export const getBotsByBotIdBlacklist = <ThrowOnError extends boolean = false>(options: Options<GetBotsByBotIdBlacklistData, ThrowOnError>) => (options.client ?? client).get<GetBotsByBotIdBlacklistResponses, GetBotsByBotIdBlacklistErrors, ThrowOnError>({ url: '/bots/{bot_id}/blacklist', ...options });
+
+/**
+ * Upsert bot blacklist entry
+ *
+ * Add a guest deny rule for chat trigger
+ */
+export const putBotsByBotIdBlacklist = <ThrowOnError extends boolean = false>(options: Options<PutBotsByBotIdBlacklistData, ThrowOnError>) => (options.client ?? client).put<PutBotsByBotIdBlacklistResponses, PutBotsByBotIdBlacklistErrors, ThrowOnError>({
+    url: '/bots/{bot_id}/blacklist',
+    ...options,
+    headers: {
+        'Content-Type': 'application/json',
+        ...options.headers
+    }
+});
+
+/**
+ * Delete bot blacklist entry
+ *
+ * Delete a guest deny rule by rule ID
+ */
+export const deleteBotsByBotIdBlacklistByRuleId = <ThrowOnError extends boolean = false>(options: Options<DeleteBotsByBotIdBlacklistByRuleIdData, ThrowOnError>) => (options.client ?? client).delete<DeleteBotsByBotIdBlacklistByRuleIdResponses, DeleteBotsByBotIdBlacklistByRuleIdErrors, ThrowOnError>({ url: '/bots/{bot_id}/blacklist/{rule_id}', ...options });
+
 /**
  * Send a message to a local channel
  *
@@ -970,6 +1019,34 @@ export const getBotsByBotIdWebStream = <ThrowOnError extends boolean = false>(op
  */
 export const getBotsByBotIdWebWs = <ThrowOnError extends boolean = false>(options: Options<GetBotsByBotIdWebWsData, ThrowOnError>) => (options.client ?? client).get<unknown, GetBotsByBotIdWebWsErrors, ThrowOnError>({ url: '/bots/{bot_id}/web/ws', ...options });
 
+/**
+ * List bot whitelist
+ *
+ * List guest allow rules for chat trigger
+ */
+export const getBotsByBotIdWhitelist = <ThrowOnError extends boolean = false>(options: Options<GetBotsByBotIdWhitelistData, ThrowOnError>) => (options.client ?? client).get<GetBotsByBotIdWhitelistResponses, GetBotsByBotIdWhitelistErrors, ThrowOnError>({ url: '/bots/{bot_id}/whitelist', ...options });
+
+/**
+ * Upsert bot whitelist entry
+ *
+ * Add a guest allow rule for chat trigger
+ */
+export const putBotsByBotIdWhitelist = <ThrowOnError extends boolean = false>(options: Options<PutBotsByBotIdWhitelistData, ThrowOnError>) => (options.client ?? client).put<PutBotsByBotIdWhitelistResponses, PutBotsByBotIdWhitelistErrors, ThrowOnError>({
+    url: '/bots/{bot_id}/whitelist',
+    ...options,
+    headers: {
+        'Content-Type': 'application/json',
+        ...options.headers
+    }
+});
+
+/**
+ * Delete bot whitelist entry
+ *
+ * Delete a guest allow rule by rule ID
+ */
+export const deleteBotsByBotIdWhitelistByRuleId = <ThrowOnError extends boolean = false>(options: Options<DeleteBotsByBotIdWhitelistByRuleIdData, ThrowOnError>) => (options.client ?? client).delete<DeleteBotsByBotIdWhitelistByRuleIdResponses, DeleteBotsByBotIdWhitelistByRuleIdErrors, ThrowOnError>({ url: '/bots/{bot_id}/whitelist/{rule_id}', ...options });
+
 /**
  * Delete bot
  *
@@ -1075,34 +1152,6 @@ export const patchBotsByIdChannelByPlatformStatus = <ThrowOnError extends boolea
  */
 export const getBotsByIdChecks = <ThrowOnError extends boolean = false>(options: Options<GetBotsByIdChecksData, ThrowOnError>) => (options.client ?? client).get<GetBotsByIdChecksResponses, GetBotsByIdChecksErrors, ThrowOnError>({ url: '/bots/{id}/checks', ...options });
 
-/**
- * List bot members
- *
- * List members for a bot
- */
-export const getBotsByIdMembers = <ThrowOnError extends boolean = false>(options: Options<GetBotsByIdMembersData, ThrowOnError>) => (options.client ?? client).get<GetBotsByIdMembersResponses, GetBotsByIdMembersErrors, ThrowOnError>({ url: '/bots/{id}/members', ...options });
-
-/**
- * Upsert bot member
- *
- * Add or update bot member role
- */
-export const putBotsByIdMembers = <ThrowOnError extends boolean = false>(options: Options<PutBotsByIdMembersData, ThrowOnError>) => (options.client ?? client).put<PutBotsByIdMembersResponses, PutBotsByIdMembersErrors, ThrowOnError>({
-    url: '/bots/{id}/members',
-    ...options,
-    headers: {
-        'Content-Type': 'application/json',
-        ...options.headers
-    }
-});
-
-/**
- * Delete bot member
- *
- * Remove a member from a bot
- */
-export const deleteBotsByIdMembersByUserId = <ThrowOnError extends boolean = false>(options: Options<DeleteBotsByIdMembersByUserIdData, ThrowOnError>) => (options.client ?? client).delete<DeleteBotsByIdMembersByUserIdResponses, DeleteBotsByIdMembersByUserIdErrors, ThrowOnError>({ url: '/bots/{id}/members/{user_id}', ...options });
-
 /**
  * Transfer bot owner (admin only)
  *
diff --git a/packages/sdk/src/types.gen.ts b/packages/sdk/src/types.gen.ts
index 04e8004d..ebc604c2 100644
--- a/packages/sdk/src/types.gen.ts
+++ b/packages/sdk/src/types.gen.ts
@@ -52,6 +52,89 @@ export type AccountsUpdateProfileRequest = {
     display_name?: string;
 };
 
+export type AclChannelIdentityCandidate = {
+    avatar_url?: string;
+    channel?: string;
+    channel_subject_id?: string;
+    display_name?: string;
+    id?: string;
+    linked_avatar_url?: string;
+    linked_display_name?: string;
+    linked_username?: string;
+    user_id?: string;
+};
+
+export type AclChannelIdentityCandidateListResponse = {
+    items?: Array<AclChannelIdentityCandidate>;
+};
+
+export type AclListRulesResponse = {
+    items?: Array<AclRule>;
+};
+
+export type AclObservedConversationCandidate = {
+    channel?: string;
+    conversation_id?: string;
+    conversation_name?: string;
+    conversation_type?: string;
+    last_observed_at?: string;
+    route_id?: string;
+    thread_id?: string;
+};
+
+export type AclObservedConversationCandidateListResponse = {
+    items?: Array<AclObservedConversationCandidate>;
+};
+
+export type AclRule = {
+    action?: string;
+    bot_id?: string;
+    channel_identity_avatar_url?: string;
+    channel_identity_display_name?: string;
+    channel_identity_id?: string;
+    channel_subject_id?: string;
+    channel_type?: string;
+    created_at?: string;
+    effect?: string;
+    id?: string;
+    linked_user_avatar_url?: string;
+    linked_user_display_name?: string;
+    linked_user_id?: string;
+    linked_user_username?: string;
+    source_scope?: AclSourceScope;
+    subject_kind?: string;
+    updated_at?: string;
+    user_avatar_url?: string;
+    user_display_name?: string;
+    user_id?: string;
+    user_username?: string;
+};
+
+export type AclSourceScope = {
+    channel?: string;
+    conversation_id?: string;
+    conversation_type?: string;
+    thread_id?: string;
+};
+
+export type AclUpsertRuleRequest = {
+    channel_identity_id?: string;
+    source_scope?: AclSourceScope;
+    user_id?: string;
+};
+
+export type AclUserCandidate = {
+    avatar_url?: string;
+    display_name?: string;
+    email?: string;
+    id?: string;
+    username?: string;
+};
+
+export type AclUserCandidateListResponse = {
+    items?: Array<AclUserCandidate>;
+};
+
 export type AdaptersCdfPoint = {
     /**
      * cumulative weight fraction [0.0, 1.0]
@@ -210,7 +293,6 @@ export type AdaptersUsageResponse = {
 };
 
 export type BotsBot = {
-    allow_guest?: boolean;
     avatar_url?: string;
     check_issue_count?: number;
     check_state?: string;
@@ -240,13 +322,6 @@ export type BotsBotCheck = {
     type?: string;
 };
 
-export type BotsBotMember = {
-    bot_id?: string;
-    created_at?: string;
-    role?: string;
-    user_id?: string;
-};
-
 export type BotsCreateBotRequest = {
     avatar_url?: string;
     display_name?: string;
@@ -265,10 +340,6 @@ export type BotsListChecksResponse = {
     items?: Array<BotsBotCheck>;
 };
 
-export type BotsListMembersResponse = {
-    items?: Array<BotsBotMember>;
-};
-
 export type BotsTransferBotRequest = {
     owner_user_id?: string;
 };
@@ -282,11 +353,6 @@ export type BotsUpdateBotRequest = {
     };
 };
 
-export type BotsUpsertMemberRequest = {
-    role?: string;
-    user_id?: string;
-};
-
 export type BrowsercontextsBrowserContext = {
     config?: Array<number>;
     created_at?: string;
@@ -1633,6 +1699,261 @@ export type PostBotsResponses = {
 
 export type PostBotsResponse = PostBotsResponses[keyof PostBotsResponses];
 
+export type GetBotsByBotIdAccessChannelIdentitiesData = {
+    body?: never;
+    path: {
+        /**
+         * Bot ID
+         */
+        bot_id: string;
+    };
+    query?: {
+        /**
+         * Search query
+         */
+        q?: string;
+        /**
+         * Max results
+         */
+        limit?: number;
+    };
+    url: '/bots/{bot_id}/access/channel_identities';
+};
+
+export type GetBotsByBotIdAccessChannelIdentitiesErrors = {
+    /**
+     * Bad Request
+     */
+    400: HandlersErrorResponse;
+    /**
+     * Forbidden
+     */
+    403: HandlersErrorResponse;
+    /**
+     * Internal Server Error
+     */
+    500: HandlersErrorResponse;
+};
+
+export type GetBotsByBotIdAccessChannelIdentitiesError = GetBotsByBotIdAccessChannelIdentitiesErrors[keyof GetBotsByBotIdAccessChannelIdentitiesErrors];
+
+export type GetBotsByBotIdAccessChannelIdentitiesResponses = {
+    /**
+     * OK
+     */
+    200: AclChannelIdentityCandidateListResponse;
+};
+
+export type GetBotsByBotIdAccessChannelIdentitiesResponse = GetBotsByBotIdAccessChannelIdentitiesResponses[keyof GetBotsByBotIdAccessChannelIdentitiesResponses];
+
+export type GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsData = {
+    body?: never;
+    path: {
+        /**
+         * Bot ID
+         */
+        bot_id: string;
+        /**
+         * Channel Identity ID
+         */
+        channel_identity_id: string;
+    };
+    query?: never;
+    url: '/bots/{bot_id}/access/channel_identities/{channel_identity_id}/conversations';
+};
+
+export type GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsErrors = {
+    /**
+     * Bad Request
+     */
+    400: HandlersErrorResponse;
+    /**
+     * Forbidden
+     */
+    403: HandlersErrorResponse;
+    /**
+     * Internal Server Error
+     */
+    500: HandlersErrorResponse;
+};
+
+export type GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsError = GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsErrors[keyof GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsErrors];
+
+export type GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsResponses = {
+    /**
+     * OK
+     */
+    200: AclObservedConversationCandidateListResponse;
+};
+
+export type GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsResponse = GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsResponses[keyof GetBotsByBotIdAccessChannelIdentitiesByChannelIdentityIdConversationsResponses];
+
+export type GetBotsByBotIdAccessUsersData = {
+    body?: never;
+    path: {
+        /**
+         * Bot ID
+         */
+        bot_id: string;
+    };
+    query?: {
+        /**
+         * Search query
+         */
+        q?: string;
+        /**
+         * Max results
+         */
+        limit?: number;
+    };
+    url: '/bots/{bot_id}/access/users';
+};
+
+export type GetBotsByBotIdAccessUsersErrors = {
+    /**
+     * Bad Request
+     */
+    400: HandlersErrorResponse;
+    /**
+     * Forbidden
+     */
+    403: HandlersErrorResponse;
+    /**
+     * Internal Server Error
+     */
+    500: HandlersErrorResponse;
+};
+
+export type GetBotsByBotIdAccessUsersError = GetBotsByBotIdAccessUsersErrors[keyof GetBotsByBotIdAccessUsersErrors];
+
+export type GetBotsByBotIdAccessUsersResponses = {
+    /**
+     * OK
+     */
+    200: AclUserCandidateListResponse;
+};
+
+export type GetBotsByBotIdAccessUsersResponse = GetBotsByBotIdAccessUsersResponses[keyof GetBotsByBotIdAccessUsersResponses];
+
+export type GetBotsByBotIdBlacklistData = {
+    body?: never;
+    path: {
+        /**
+         * Bot ID
+         */
+        bot_id: string;
+    };
+    query?: never;
+    url: '/bots/{bot_id}/blacklist';
+};
+
+export type GetBotsByBotIdBlacklistErrors = {
+    /**
+     * Bad Request
+     */
+    400: HandlersErrorResponse;
+    /**
+     * Forbidden
+     */
+    403: HandlersErrorResponse;
+    /**
+     * Internal Server Error
+     */
+    500: HandlersErrorResponse;
+};
+
+export type GetBotsByBotIdBlacklistError = GetBotsByBotIdBlacklistErrors[keyof GetBotsByBotIdBlacklistErrors];
+
+export type GetBotsByBotIdBlacklistResponses = {
+    /**
+     * OK
+     */
+    200: AclListRulesResponse;
+};
+
+export type GetBotsByBotIdBlacklistResponse = GetBotsByBotIdBlacklistResponses[keyof GetBotsByBotIdBlacklistResponses];
+
+export type PutBotsByBotIdBlacklistData = {
+    /**
+     * Blacklist payload
+     */
+    body: AclUpsertRuleRequest;
+    path: {
+        /**
+         * Bot ID
+         */
+        bot_id: string;
+    };
+    query?: never;
+    url: '/bots/{bot_id}/blacklist';
+};
+
+export type PutBotsByBotIdBlacklistErrors = {
+    /**
+     * Bad Request
+     */
+    400: HandlersErrorResponse;
+    /**
+     * Forbidden
+     */
+    403: HandlersErrorResponse;
+    /**
+     * Internal Server Error
+     */
+    500: HandlersErrorResponse;
+};
+
+export type PutBotsByBotIdBlacklistError = PutBotsByBotIdBlacklistErrors[keyof PutBotsByBotIdBlacklistErrors];
+
+export type PutBotsByBotIdBlacklistResponses = {
+    /**
+     * OK
+     */
+    200: AclRule;
+};
+
+export type PutBotsByBotIdBlacklistResponse = PutBotsByBotIdBlacklistResponses[keyof PutBotsByBotIdBlacklistResponses];
+
+export type DeleteBotsByBotIdBlacklistByRuleIdData = {
+    body?: never;
+    path: {
+        /**
+         * Bot ID
+         */
+        bot_id: string;
+        /**
+         * Rule ID
+         */
+        rule_id: string;
+    };
+    query?: never;
+    url: '/bots/{bot_id}/blacklist/{rule_id}';
+};
+
+export type DeleteBotsByBotIdBlacklistByRuleIdErrors = {
+    /**
+     * Bad Request
+     */
+    400: HandlersErrorResponse;
+    /**
+     * Forbidden
+     */
+    403: HandlersErrorResponse;
+    /**
+     * Internal Server Error
+     */
+    500: HandlersErrorResponse;
+};
+
+export type DeleteBotsByBotIdBlacklistByRuleIdError = DeleteBotsByBotIdBlacklistByRuleIdErrors[keyof DeleteBotsByBotIdBlacklistByRuleIdErrors];
+
+export type DeleteBotsByBotIdBlacklistByRuleIdResponses = {
+    /**
+     * No Content
+     */
+    204: unknown;
+};
+
 export type PostBotsByBotIdCliMessagesData = {
     /**
      * Message payload
@@ -5256,6 +5577,125 @@ export type GetBotsByBotIdWebWsErrors = {
 
 export type GetBotsByBotIdWebWsError = GetBotsByBotIdWebWsErrors[keyof GetBotsByBotIdWebWsErrors];
 
+export type GetBotsByBotIdWhitelistData = {
+    body?: never;
+    path: {
+        /**
+         * Bot ID
+         */
+        bot_id: string;
+    };
+    query?: never;
+    url: '/bots/{bot_id}/whitelist';
+};
+
+export type GetBotsByBotIdWhitelistErrors = {
+    /**
+     * Bad Request
+     */
+    400: HandlersErrorResponse;
+    /**
+     * Forbidden
+     */
+    403: HandlersErrorResponse;
+    /**
+     * Internal Server Error
+     */
+    500: HandlersErrorResponse;
+};
+
+export type GetBotsByBotIdWhitelistError = GetBotsByBotIdWhitelistErrors[keyof GetBotsByBotIdWhitelistErrors];
+
+export type GetBotsByBotIdWhitelistResponses = {
+    /**
+     * OK
+     */
+    200: AclListRulesResponse;
+};
+
+export type GetBotsByBotIdWhitelistResponse = GetBotsByBotIdWhitelistResponses[keyof GetBotsByBotIdWhitelistResponses];
+
+export type PutBotsByBotIdWhitelistData = {
+    /**
+     * Whitelist payload
+     */
+    body: AclUpsertRuleRequest;
+    path: {
+        /**
+         * Bot ID
+         */
+        bot_id: string;
+    };
+    query?: never;
+    url: '/bots/{bot_id}/whitelist';
+};
+
+export type PutBotsByBotIdWhitelistErrors = {
+    /**
+     * Bad Request
+     */
+    400: HandlersErrorResponse;
+    /**
+     * Forbidden
+     */
+    403: HandlersErrorResponse;
+    /**
+     * Internal Server Error
+     */
+    500: HandlersErrorResponse;
+};
+
+export type PutBotsByBotIdWhitelistError = PutBotsByBotIdWhitelistErrors[keyof PutBotsByBotIdWhitelistErrors];
+
+export type PutBotsByBotIdWhitelistResponses = {
+    /**
+     * OK
+     */
+    200: AclRule;
+};
+
+export type PutBotsByBotIdWhitelistResponse = PutBotsByBotIdWhitelistResponses[keyof PutBotsByBotIdWhitelistResponses];
+
+export type DeleteBotsByBotIdWhitelistByRuleIdData = {
+    body?: never;
+    path: {
+        /**
+         * Bot ID
+         */
+        bot_id: string;
+        /**
+         * Rule ID
+         */
+        rule_id: string;
+    };
+    query?: never;
+    url: '/bots/{bot_id}/whitelist/{rule_id}';
+};
+
+export type DeleteBotsByBotIdWhitelistByRuleIdErrors = {
+    /**
+     * Bad Request
+     */
+    400: HandlersErrorResponse;
+    /**
+     * Forbidden
+     */
+    403: HandlersErrorResponse;
+    /**
+     * Internal Server Error
+     */
+    500: HandlersErrorResponse;
+};
+
+export type DeleteBotsByBotIdWhitelistByRuleIdError = DeleteBotsByBotIdWhitelistByRuleIdErrors[keyof DeleteBotsByBotIdWhitelistByRuleIdErrors];
+
+export type DeleteBotsByBotIdWhitelistByRuleIdResponses = {
+    /**
+     * No Content
+     */
+    204: unknown;
+};
+
 export type DeleteBotsByIdData = {
     body?: never;
     path: {
@@ -5715,137 +6155,6 @@ export type GetBotsByIdChecksResponses = {
 
 export type GetBotsByIdChecksResponse = GetBotsByIdChecksResponses[keyof GetBotsByIdChecksResponses];
 
-export type GetBotsByIdMembersData = {
-    body?: never;
-    path: {
-        /**
-         * Bot ID
-         */
-        id: string;
-    };
-    query?: never;
-    url: '/bots/{id}/members';
-};
-
-export type GetBotsByIdMembersErrors = {
-    /**
-     * Bad Request
-     */
-    400: HandlersErrorResponse;
-    /**
-     * Forbidden
-     */
-    403: HandlersErrorResponse;
-    /**
-     * Not Found
-     */
-    404: HandlersErrorResponse;
-    /**
-     * Internal Server Error
-     */
-    500: HandlersErrorResponse;
-};
-
-export type GetBotsByIdMembersError = GetBotsByIdMembersErrors[keyof GetBotsByIdMembersErrors];
-
-export type GetBotsByIdMembersResponses = {
-    /**
-     * OK
-     */
-    200: BotsListMembersResponse;
-};
-
-export type GetBotsByIdMembersResponse = GetBotsByIdMembersResponses[keyof GetBotsByIdMembersResponses];
-
-export type PutBotsByIdMembersData = {
-    /**
-     * Member payload
-     */
-    body: BotsUpsertMemberRequest;
-    path: {
-        /**
-         * Bot ID
-         */
-        id: string;
-    };
-    query?: never;
-    url: '/bots/{id}/members';
-};
-
-export type PutBotsByIdMembersErrors = {
-    /**
-     * Bad Request
-     */
-    400: HandlersErrorResponse;
-    /**
-     * Forbidden
-     */
-    403: HandlersErrorResponse;
-    /**
-     * Not Found
-     */
-    404: HandlersErrorResponse;
-    /**
-     * Internal Server Error
-     */
-    500: HandlersErrorResponse;
-};
-
-export type PutBotsByIdMembersError = PutBotsByIdMembersErrors[keyof PutBotsByIdMembersErrors];
-
-export type PutBotsByIdMembersResponses = {
-    /**
-     * OK
-     */
-    200: BotsBotMember;
-};
-
-export type PutBotsByIdMembersResponse = PutBotsByIdMembersResponses[keyof PutBotsByIdMembersResponses];
-
-export type DeleteBotsByIdMembersByUserIdData = {
-    body?: never;
-    path: {
-        /**
-         * Bot ID
-         */
-        id: string;
-        /**
-         * User ID
-         */
-        user_id: string;
-    };
-    query?: never;
-    url: '/bots/{id}/members/{user_id}';
-};
-
-export type DeleteBotsByIdMembersByUserIdErrors = {
-    /**
-     * Bad Request
-     */
-    400: HandlersErrorResponse;
-    /**
-     * Forbidden
-     */
-    403: HandlersErrorResponse;
-    /**
-     * Not Found
-     */
-    404: HandlersErrorResponse;
-    /**
-     * Internal Server Error
-     */
-    500: HandlersErrorResponse;
-};
-
-export type DeleteBotsByIdMembersByUserIdError = DeleteBotsByIdMembersByUserIdErrors[keyof DeleteBotsByIdMembersByUserIdErrors];
-
-export type DeleteBotsByIdMembersByUserIdResponses = {
-    /**
-     * No Content
-     */
-    204: unknown;
-};
-
 export type PutBotsByIdOwnerData = {
     /**
      * Transfer payload
diff --git a/spec/docs.go b/spec/docs.go
index 4485fe73..e4e7857a 100644
--- a/spec/docs.go
+++ b/spec/docs.go
@@ -182,6 +182,312 @@ const docTemplate = `{
                 }
             }
         },
+        "/bots/{bot_id}/access/channel_identities": {
+            "get": {
+                "description": "Search locally observed channel identity candidates for bot access control",
+                "tags": [
+                    "bots"
+                ],
+                "summary": "Search access channel identities",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Bot ID",
+                        "name": "bot_id",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "type": "string",
+                        "description": "Search query",
+                        "name": "q",
+                        "in": "query"
+                    },
+                    {
+                        "type": "integer",
+                        "description": "Max results",
+                        "name": "limit",
+                        "in": "query"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/acl.ChannelIdentityCandidateListResponse"
+                        }
+                    },
+                    "400": {
+                        "description": "Bad Request",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "403": {
+                        "description": "Forbidden",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    }
+                }
+            }
+        },
+        "/bots/{bot_id}/access/channel_identities/{channel_identity_id}/conversations": {
+            "get": {
+                "description": "List previously observed conversation candidates for a channel identity under a bot",
+                "tags": [
+                    "bots"
+                ],
+                "summary": "List observed conversations for a channel identity",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Bot ID",
+                        "name": "bot_id",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "type": "string",
+                        "description": "Channel Identity ID",
+                        "name": "channel_identity_id",
+                        "in": "path",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/acl.ObservedConversationCandidateListResponse"
+                        }
+                    },
+                    "400": {
+                        "description": "Bad Request",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "403": {
+                        "description": "Forbidden",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    }
+                }
+            }
+        },
+        "/bots/{bot_id}/access/users": {
+            "get": {
+                "description": "Search user candidates for bot access control",
+                "tags": [
+                    "bots"
+                ],
+                "summary": "Search access users",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Bot ID",
+                        "name": "bot_id",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "type": "string",
+                        "description": "Search query",
+                        "name": "q",
+                        "in": "query"
+                    },
+                    {
+                        "type": "integer",
+                        "description": "Max results",
+                        "name": "limit",
+                        "in": "query"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/acl.UserCandidateListResponse"
+                        }
+                    },
+                    "400": {
+                        "description": "Bad Request",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "403": {
+                        "description": "Forbidden",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    }
+                }
+            }
+        },
+        "/bots/{bot_id}/blacklist": {
+            "get": {
+                "description": "List guest deny rules for chat trigger",
+                "tags": [
+                    "bots"
+                ],
+                "summary": "List bot blacklist",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Bot ID",
+                        "name": "bot_id",
+                        "in": "path",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/acl.ListRulesResponse"
+                        }
+                    },
+                    "400": {
+                        "description": "Bad Request",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "403": {
+                        "description": "Forbidden",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    }
+                }
+            },
+            "put": {
+                "description": "Add a guest deny rule for chat trigger",
+                "tags": [
+                    "bots"
+                ],
+                "summary": "Upsert bot blacklist entry",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Bot ID",
+                        "name": "bot_id",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "description": "Blacklist payload",
+                        "name": "payload",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/acl.UpsertRuleRequest"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/acl.Rule"
+                        }
+                    },
+                    "400": {
+                        "description": "Bad Request",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "403": {
+                        "description": "Forbidden",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    }
+                }
+            }
+        },
+        "/bots/{bot_id}/blacklist/{rule_id}": {
+            "delete": {
+                "description": "Delete a guest deny rule by rule ID",
+                "tags": [
+                    "bots"
+                ],
+                "summary": "Delete bot blacklist entry",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Bot ID",
+                        "name": "bot_id",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "type": "string",
+                        "description": "Rule ID",
+                        "name": "rule_id",
+                        "in": "path",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "204": {
+                        "description": "No Content"
+                    },
+                    "400": {
+                        "description": "Bad Request",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "403": {
+                        "description": "Forbidden",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    }
+                }
+            }
+        },
         "/bots/{bot_id}/cli/messages": {
             "post": {
                 "description": "Post a user message (with optional attachments) through the local channel pipeline.",
@@ -4610,6 +4916,149 @@ const docTemplate = `{
                 }
             }
         },
+        "/bots/{bot_id}/whitelist": {
+            "get": {
+                "description": "List guest allow rules for chat trigger",
+                "tags": [
+                    "bots"
+                ],
+                "summary": "List bot whitelist",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Bot ID",
+                        "name": "bot_id",
+                        "in": "path",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/acl.ListRulesResponse"
+                        }
+                    },
+                    "400": {
+                        "description": "Bad Request",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "403": {
+                        "description": "Forbidden",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    }
+                }
+            },
+            "put": {
+                "description": "Add a guest allow rule for chat trigger",
+                "tags": [
+                    "bots"
+                ],
+                "summary": "Upsert bot whitelist entry",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Bot ID",
+                        "name": "bot_id",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "description": "Whitelist payload",
+                        "name": "payload",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/acl.UpsertRuleRequest"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/acl.Rule"
+                        }
+                    },
+                    "400": {
+                        "description": "Bad Request",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "403": {
+                        "description": "Forbidden",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    }
+                }
+            }
+        },
+        "/bots/{bot_id}/whitelist/{rule_id}": {
+            "delete": {
+                "description": "Delete a guest allow rule by rule ID",
+                "tags": [
+                    "bots"
+                ],
+                "summary": "Delete bot whitelist entry",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Bot ID",
+                        "name": "bot_id",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "type": "string",
+                        "description": "Rule ID",
+                        "name": "rule_id",
+                        "in": "path",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "204": {
+                        "description": "No Content"
+                    },
+                    "400": {
+                        "description": "Bad Request",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "403": {
+                        "description": "Forbidden",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    }
+                }
+            }
+        },
         "/bots/{id}": {
             "get": {
                 "description": "Get a bot by ID (owner/admin only)",
@@ -5189,167 +5638,6 @@ const docTemplate = `{
                 }
             }
         },
-        "/bots/{id}/members": {
-            "get": {
-                "description": "List members for a bot",
-                "tags": [
-                    "bots"
-                ],
-                "summary": "List bot members",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Bot ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "OK",
-                        "schema": {
-                            "$ref": "#/definitions/bots.ListMembersResponse"
-                        }
-                    },
-                    "400": {
-                        "description": "Bad Request",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    },
-                    "403": {
-                        "description": "Forbidden",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    },
-                    "404": {
-                        "description": "Not Found",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal Server Error",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    }
-                }
-            },
-            "put": {
-                "description": "Add or update bot member role",
-                "tags": [
-                    "bots"
-                ],
-                "summary": "Upsert bot member",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Bot ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    },
-                    {
-                        "description": "Member payload",
-                        "name": "payload",
-                        "in": "body",
-                        "required": true,
-                        "schema": {
-                            "$ref": "#/definitions/bots.UpsertMemberRequest"
-                        }
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "OK",
-                        "schema": {
-                            "$ref": "#/definitions/bots.BotMember"
-                        }
-                    },
-                    "400": {
-                        "description": "Bad Request",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    },
-                    "403": {
-                        "description": "Forbidden",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    },
-                    "404": {
-                        "description": "Not Found",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal Server Error",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/bots/{id}/members/{user_id}": {
-            "delete": {
-                "description": "Remove a member from a bot",
-                "tags": [
-                    "bots"
-                ],
-                "summary": "Delete bot member",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Bot ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    },
-                    {
-                        "type": "string",
-                        "description": "User ID",
-                        "name": "user_id",
-                        "in": "path",
-                        "required": true
-                    }
-                ],
-                "responses": {
-                    "204": {
-                        "description": "No Content"
-                    },
-                    "400": {
-                        "description": "Bad Request",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    },
-                    "403": {
-                        "description": "Forbidden",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    },
-                    "404": {
-                        "description": "Not Found",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal Server Error",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
         "/bots/{id}/owner": {
             "put": {
                 "description": "Transfer bot ownership to another human user",
@@ -8685,6 +8973,227 @@ const docTemplate = `{
                 }
             }
         },
+        "acl.ChannelIdentityCandidate": {
+            "type": "object",
+            "properties": {
+                "avatar_url": {
+                    "type": "string"
+                },
+                "channel": {
+                    "type": "string"
+                },
+                "channel_subject_id": {
+                    "type": "string"
+                },
+                "display_name": {
+                    "type": "string"
+                },
+                "id": {
+                    "type": "string"
+                },
+                "linked_avatar_url": {
+                    "type": "string"
+                },
+                "linked_display_name": {
+                    "type": "string"
+                },
+                "linked_username": {
+                    "type": "string"
+                },
+                "user_id": {
+                    "type": "string"
+                }
+            }
+        },
+        "acl.ChannelIdentityCandidateListResponse": {
+            "type": "object",
+            "properties": {
+                "items": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/acl.ChannelIdentityCandidate"
+                    }
+                }
+            }
+        },
+        "acl.ListRulesResponse": {
+            "type": "object",
+            "properties": {
+                "items": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/acl.Rule"
+                    }
+                }
+            }
+        },
+        "acl.ObservedConversationCandidate": {
+            "type": "object",
+            "properties": {
+                "channel": {
+                    "type": "string"
+                },
+                "conversation_id": {
+                    "type": "string"
+                },
+                "conversation_name": {
+                    "type": "string"
+                },
+                "conversation_type": {
+                    "type": "string"
+                },
+                "last_observed_at": {
+                    "type": "string"
+                },
+                "route_id": {
+                    "type": "string"
+                },
+                "thread_id": {
+                    "type": "string"
+                }
+            }
+        },
+        "acl.ObservedConversationCandidateListResponse": {
+            "type": "object",
+            "properties": {
+                "items": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/acl.ObservedConversationCandidate"
+                    }
+                }
+            }
+        },
+        "acl.Rule": {
+            "type": "object",
+            "properties": {
+                "action": {
+                    "type": "string"
+                },
+                "bot_id": {
+                    "type": "string"
+                },
+                "channel_identity_avatar_url": {
+                    "type": "string"
+                },
+                "channel_identity_display_name": {
+                    "type": "string"
+                },
+                "channel_identity_id": {
+                    "type": "string"
+                },
+                "channel_subject_id": {
+                    "type": "string"
+                },
+                "channel_type": {
+                    "type": "string"
+                },
+                "created_at": {
+                    "type": "string"
+                },
+                "effect": {
+                    "type": "string"
+                },
+                "id": {
+                    "type": "string"
+                },
+                "linked_user_avatar_url": {
+                    "type": "string"
+                },
+                "linked_user_display_name": {
+                    "type": "string"
+                },
+                "linked_user_id": {
+                    "type": "string"
+                },
+                "linked_user_username": {
+                    "type": "string"
+                },
+                "source_scope": {
+                    "$ref": "#/definitions/acl.SourceScope"
+                },
+                "subject_kind": {
+                    "type": "string"
+                },
+                "updated_at": {
+                    "type": "string"
+                },
+                "user_avatar_url": {
+                    "type": "string"
+                },
+                "user_display_name": {
+                    "type": "string"
+                },
+                "user_id": {
+                    "type": "string"
+                },
+                "user_username": {
+                    "type": "string"
+                }
+            }
+        },
+        "acl.SourceScope": {
+            "type": "object",
+            "properties": {
+                "channel": {
+                    "type": "string"
+                },
+                "conversation_id": {
+                    "type": "string"
+                },
+                "conversation_type": {
+                    "type": "string"
+                },
+                "thread_id": {
+                    "type": "string"
+                }
+            }
+        },
+        "acl.UpsertRuleRequest": {
+            "type": "object",
+            "properties": {
+                "channel_identity_id": {
+                    "type": "string"
+                },
+                "source_scope": {
+                    "$ref": "#/definitions/acl.SourceScope"
+                },
+                "user_id": {
+                    "type": "string"
+                }
+            }
+        },
+        "acl.UserCandidate": {
+            "type": "object",
+            "properties": {
+                "avatar_url": {
+                    "type": "string"
+                },
+                "display_name": {
+                    "type": "string"
+                },
+                "email": {
+                    "type": "string"
+                },
+                "id": {
+                    "type": "string"
+                },
+                "username": {
+                    "type": "string"
+                }
+            }
+        },
+        "acl.UserCandidateListResponse": {
+            "type": "object",
+            "properties": {
+                "items": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/acl.UserCandidate"
+                    }
+                }
+            }
+        },
         "adapters.CDFPoint": {
             "type": "object",
             "properties": {
@@ -9049,9 +9558,6 @@ const docTemplate = `{
         "bots.Bot": {
             "type": "object",
             "properties": {
-                "allow_guest": {
-                    "type": "boolean"
-                },
                 "avatar_url": {
                     "type": "string"
                 },
@@ -9121,23 +9627,6 @@ const docTemplate = `{
                 }
             }
         },
-        "bots.BotMember": {
-            "type": "object",
-            "properties": {
-                "bot_id": {
-                    "type": "string"
-                },
-                "created_at": {
-                    "type": "string"
-                },
-                "role": {
-                    "type": "string"
-                },
-                "user_id": {
-                    "type": "string"
-                }
-            }
-        },
         "bots.CreateBotRequest": {
             "type": "object",
             "properties": {
@@ -9181,17 +9670,6 @@ const docTemplate = `{
                 }
             }
         },
-        "bots.ListMembersResponse": {
-            "type": "object",
-            "properties": {
-                "items": {
-                    "type": "array",
-                    "items": {
-                        "$ref": "#/definitions/bots.BotMember"
-                    }
-                }
-            }
-        },
         "bots.TransferBotRequest": {
             "type": "object",
             "properties": {
@@ -9218,17 +9696,6 @@ const docTemplate = `{
                 }
             }
         },
-        "bots.UpsertMemberRequest": {
-            "type": "object",
-            "properties": {
-                "role": {
-                    "type": "string"
-                },
-                "user_id": {
-                    "type": "string"
-                }
-            }
-        },
         "browsercontexts.BrowserContext": {
             "type": "object",
             "properties": {
diff --git a/spec/swagger.json b/spec/swagger.json
index 5626fe81..b11ea4f2 100644
--- a/spec/swagger.json
+++ b/spec/swagger.json
@@ -173,6 +173,312 @@
                 }
             }
         },
+        "/bots/{bot_id}/access/channel_identities": {
+            "get": {
+                "description": "Search locally observed channel identity candidates for bot access control",
+                "tags": [
+                    "bots"
+                ],
+                "summary": "Search access channel identities",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Bot ID",
+                        "name": "bot_id",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "type": "string",
+                        "description": "Search query",
+                        "name": "q",
+                        "in": "query"
+                    },
+                    {
+                        "type": "integer",
+                        "description": "Max results",
+                        "name": "limit",
+                        "in": "query"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/acl.ChannelIdentityCandidateListResponse"
+                        }
+                    },
+                    "400": {
+                        "description": "Bad Request",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "403": {
+                        "description": "Forbidden",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    }
+                }
+            }
+        },
+        "/bots/{bot_id}/access/channel_identities/{channel_identity_id}/conversations": {
+            "get": {
+                "description": "List previously observed conversation candidates for a channel identity under a bot",
+                "tags": [
+                    "bots"
+                ],
+                "summary": "List observed conversations for a channel identity",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Bot ID",
+                        "name": "bot_id",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "type": "string",
+                        "description": "Channel Identity ID",
+                        "name": "channel_identity_id",
+                        "in": "path",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/acl.ObservedConversationCandidateListResponse"
+                        }
+                    },
+                    "400": {
+                        "description": "Bad Request",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "403": {
+                        "description": "Forbidden",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    }
+                }
+            }
+        },
+        "/bots/{bot_id}/access/users": {
+            "get": {
+                "description": "Search user candidates for bot access control",
+                "tags": [
+                    "bots"
+                ],
+                "summary": "Search access users",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Bot ID",
+                        "name": "bot_id",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "type": "string",
+                        "description": "Search query",
+                        "name": "q",
+                        "in": "query"
+                    },
+                    {
+                        "type": "integer",
+                        "description": "Max results",
+                        "name": "limit",
+                        "in": "query"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/acl.UserCandidateListResponse"
+                        }
+                    },
+                    "400": {
+                        "description": "Bad Request",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "403": {
+                        "description": "Forbidden",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    }
+                }
+            }
+        },
+        "/bots/{bot_id}/blacklist": {
+            "get": {
+                "description": "List guest deny rules for chat trigger",
+                "tags": [
+                    "bots"
+                ],
+                "summary": "List bot blacklist",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Bot ID",
+                        "name": "bot_id",
+                        "in": "path",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/acl.ListRulesResponse"
+                        }
+                    },
+                    "400": {
+                        "description": "Bad Request",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "403": {
+                        "description": "Forbidden",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    }
+                }
+            },
+            "put": {
+                "description": "Add a guest deny rule for chat trigger",
+                "tags": [
+                    "bots"
+                ],
+                "summary": "Upsert bot blacklist entry",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Bot ID",
+                        "name": "bot_id",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "description": "Blacklist payload",
+                        "name": "payload",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/acl.UpsertRuleRequest"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/acl.Rule"
+                        }
+                    },
+                    "400": {
+                        "description": "Bad Request",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "403": {
+                        "description": "Forbidden",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    }
+                }
+            }
+        },
+        "/bots/{bot_id}/blacklist/{rule_id}": {
+            "delete": {
+                "description": "Delete a guest deny rule by rule ID",
+                "tags": [
+                    "bots"
+                ],
+                "summary": "Delete bot blacklist entry",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Bot ID",
+                        "name": "bot_id",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "type": "string",
+                        "description": "Rule ID",
+                        "name": "rule_id",
+                        "in": "path",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "204": {
+                        "description": "No Content"
+                    },
+                    "400": {
+                        "description": "Bad Request",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "403": {
+                        "description": "Forbidden",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    }
+                }
+            }
+        },
         "/bots/{bot_id}/cli/messages": {
             "post": {
                 "description": "Post a user message (with optional attachments) through the local channel pipeline.",
@@ -4601,6 +4907,149 @@
                 }
             }
         },
+        "/bots/{bot_id}/whitelist": {
+            "get": {
+                "description": "List guest allow rules for chat trigger",
+                "tags": [
+                    "bots"
+                ],
+                "summary": "List bot whitelist",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Bot ID",
+                        "name": "bot_id",
+                        "in": "path",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/acl.ListRulesResponse"
+                        }
+                    },
+                    "400": {
+                        "description": "Bad Request",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "403": {
+                        "description": "Forbidden",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    }
+                }
+            },
+            "put": {
+                "description": "Add a guest allow rule for chat trigger",
+                "tags": [
+                    "bots"
+                ],
+                "summary": "Upsert bot whitelist entry",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Bot ID",
+                        "name": "bot_id",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "description": "Whitelist payload",
+                        "name": "payload",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/acl.UpsertRuleRequest"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/acl.Rule"
+                        }
+                    },
+                    "400": {
+                        "description": "Bad Request",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "403": {
+                        "description": "Forbidden",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    }
+                }
+            }
+        },
+        "/bots/{bot_id}/whitelist/{rule_id}": {
+            "delete": {
+                "description": "Delete a guest allow rule by rule ID",
+                "tags": [
+                    "bots"
+                ],
+                "summary": "Delete bot whitelist entry",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "Bot ID",
+                        "name": "bot_id",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "type": "string",
+                        "description": "Rule ID",
+                        "name": "rule_id",
+                        "in": "path",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "204": {
+                        "description": "No Content"
+                    },
+                    "400": {
+                        "description": "Bad Request",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "403": {
+                        "description": "Forbidden",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/handlers.ErrorResponse"
+                        }
+                    }
+                }
+            }
+        },
         "/bots/{id}": {
             "get": {
                 "description": "Get a bot by ID (owner/admin only)",
@@ -5180,167 +5629,6 @@
                 }
             }
         },
-        "/bots/{id}/members": {
-            "get": {
-                "description": "List members for a bot",
-                "tags": [
-                    "bots"
-                ],
-                "summary": "List bot members",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Bot ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "OK",
-                        "schema": {
-                            "$ref": "#/definitions/bots.ListMembersResponse"
-                        }
-                    },
-                    "400": {
-                        "description": "Bad Request",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    },
-                    "403": {
-                        "description": "Forbidden",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    },
-                    "404": {
-                        "description": "Not Found",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal Server Error",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    }
-                }
-            },
-            "put": {
-                "description": "Add or update bot member role",
-                "tags": [
-                    "bots"
-                ],
-                "summary": "Upsert bot member",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Bot ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    },
-                    {
-                        "description": "Member payload",
-                        "name": "payload",
-                        "in": "body",
-                        "required": true,
-                        "schema": {
-                            "$ref": "#/definitions/bots.UpsertMemberRequest"
-                        }
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "OK",
-                        "schema": {
-                            "$ref": "#/definitions/bots.BotMember"
-                        }
-                    },
-                    "400": {
-                        "description": "Bad Request",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    },
-                    "403": {
-                        "description": "Forbidden",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    },
-                    "404": {
-                        "description": "Not Found",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal Server Error",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/bots/{id}/members/{user_id}": {
-            "delete": {
-                "description": "Remove a member from a bot",
-                "tags": [
-                    "bots"
-                ],
-                "summary": "Delete bot member",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Bot ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    },
-                    {
-                        "type": "string",
-                        "description": "User ID",
-                        "name": "user_id",
-                        "in": "path",
-                        "required": true
-                    }
-                ],
-                "responses": {
-                    "204": {
-                        "description": "No Content"
-                    },
-                    "400": {
-                        "description": "Bad Request",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    },
-                    "403": {
-                        "description": "Forbidden",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    },
-                    "404": {
-                        "description": "Not Found",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal Server Error",
-                        "schema": {
-                            "$ref": "#/definitions/handlers.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
         "/bots/{id}/owner": {
             "put": {
                 "description": "Transfer bot ownership to another human user",
@@ -8676,6 +8964,227 @@
                 }
             }
         },
+        "acl.ChannelIdentityCandidate": {
+            "type": "object",
+            "properties": {
+                "avatar_url": {
+                    "type": "string"
+                },
+                "channel": {
+                    "type": "string"
+                },
+                "channel_subject_id": {
+                    "type": "string"
+                },
+                "display_name": {
+                    "type": "string"
+                },
+                "id": {
+                    "type": "string"
+                },
+                "linked_avatar_url": {
+                    "type": "string"
+                },
+                "linked_display_name": {
+                    "type": "string"
+                },
+                "linked_username": {
+                    "type": "string"
+                },
+                "user_id": {
+                    "type": "string"
+                }
+            }
+        },
+        "acl.ChannelIdentityCandidateListResponse": {
+            "type": "object",
+            "properties": {
+                "items": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/acl.ChannelIdentityCandidate"
+                    }
+                }
+            }
+        },
+        "acl.ListRulesResponse": {
+            "type": "object",
+            "properties": {
+                "items": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/acl.Rule"
+                    }
+                }
+            }
+        },
+        "acl.ObservedConversationCandidate": {
+            "type": "object",
+            "properties": {
+                "channel": {
+                    "type": "string"
+                },
+                "conversation_id": {
+                    "type": "string"
+                },
+                "conversation_name": {
+                    "type": "string"
+                },
+                "conversation_type": {
+                    "type": "string"
+                },
+                "last_observed_at": {
+                    "type": "string"
+                },
+                "route_id": {
+                    "type": "string"
+                },
+                "thread_id": {
+                    "type": "string"
+                }
+            }
+        },
+        "acl.ObservedConversationCandidateListResponse": {
+            "type": "object",
+            "properties": {
+                "items": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/acl.ObservedConversationCandidate"
+                    }
+                }
+            }
+        },
+        "acl.Rule": {
+            "type": "object",
+            "properties": {
+                "action": {
+                    "type": "string"
+                },
+                "bot_id": {
+                    "type": "string"
+                },
+                "channel_identity_avatar_url": {
+                    "type": "string"
+                },
+                "channel_identity_display_name": {
+                    "type": "string"
+                },
+                "channel_identity_id": {
+                    "type": "string"
+                },
+                "channel_subject_id": {
+                    "type": "string"
+                },
+                "channel_type": {
+                    "type": "string"
+                },
+                "created_at": {
+                    "type": "string"
+                },
+                "effect": {
+                    "type": "string"
+                },
+                "id": {
+                    "type": "string"
+                },
+                "linked_user_avatar_url": {
+                    "type": "string"
+                },
+                "linked_user_display_name": {
+                    "type": "string"
+                },
+                "linked_user_id": {
+                    "type": "string"
+                },
+                "linked_user_username": {
+                    "type": "string"
+                },
+                "source_scope": {
+                    "$ref": "#/definitions/acl.SourceScope"
+                },
+                "subject_kind": {
+                    "type": "string"
+                },
+                "updated_at": {
+                    "type": "string"
+                },
+                "user_avatar_url": {
+                    "type": "string"
+                },
+                "user_display_name": {
+                    "type": "string"
+                },
+                "user_id": {
+                    "type": "string"
+                },
+                "user_username": {
+                    "type": "string"
+                }
+            }
+        },
+        "acl.SourceScope": {
+            "type": "object",
+            "properties": {
+                "channel": {
+                    "type": "string"
+                },
+                "conversation_id": {
+                    "type": "string"
+                },
+                "conversation_type": {
+                    "type": "string"
+                },
+                "thread_id": {
+                    "type": "string"
+                }
+            }
+        },
+        "acl.UpsertRuleRequest": {
+            "type": "object",
+            "properties": {
+                "channel_identity_id": {
+                    "type": "string"
+                },
+                "source_scope": {
+                    "$ref": "#/definitions/acl.SourceScope"
+                },
+                "user_id": {
+                    "type": "string"
+                }
+            }
+        },
+        "acl.UserCandidate": {
+            "type": "object",
+            "properties": {
+                "avatar_url": {
+                    "type": "string"
+                },
+                "display_name": {
+                    "type": "string"
+                },
+                "email": {
+                    "type": "string"
+                },
+                "id": {
+                    "type": "string"
+                },
+                "username": {
+                    "type": "string"
+                }
+            }
+        },
+        "acl.UserCandidateListResponse": {
+            "type": "object",
+            "properties": {
+                "items": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/acl.UserCandidate"
+                    }
+                }
+            }
+        },
         "adapters.CDFPoint": {
             "type": "object",
             "properties": {
@@ -9040,9 +9549,6 @@
         "bots.Bot": {
             "type": "object",
             "properties": {
-                "allow_guest": {
-                    "type": "boolean"
-                },
                 "avatar_url": {
                     "type": "string"
                 },
@@ -9112,23 +9618,6 @@
                 }
             }
         },
-        "bots.BotMember": {
-            "type": "object",
-            "properties": {
-                "bot_id": {
-                    "type": "string"
-                },
-                "created_at": {
-                    "type": "string"
-                },
-                "role": {
-                    "type": "string"
-                },
-                "user_id": {
-                    "type": "string"
-                }
-            }
-        },
         "bots.CreateBotRequest": {
             "type": "object",
             "properties": {
@@ -9172,17 +9661,6 @@
                 }
             }
         },
-        "bots.ListMembersResponse": {
-            "type": "object",
-            "properties": {
-                "items": {
-                    "type": "array",
-                    "items": {
-                        "$ref": "#/definitions/bots.BotMember"
-                    }
-                }
-            }
-        },
         "bots.TransferBotRequest": {
             "type": "object",
             "properties": {
@@ -9209,17 +9687,6 @@
                 }
             }
         },
-        "bots.UpsertMemberRequest": {
-            "type": "object",
-            "properties": {
-                "role": {
-                    "type": "string"
-                },
-                "user_id": {
-                    "type": "string"
-                }
-            }
-        },
         "browsercontexts.BrowserContext": {
             "type": "object",
             "properties": {
diff --git a/spec/swagger.yaml b/spec/swagger.yaml
index f414dfc0..3ed340e8 100644
--- a/spec/swagger.yaml
+++ b/spec/swagger.yaml
@@ -76,6 +76,150 @@ definitions:
       display_name:
         type: string
     type: object
+  acl.ChannelIdentityCandidate:
+    properties:
+      avatar_url:
+        type: string
+      channel:
+        type: string
+      channel_subject_id:
+        type: string
+      display_name:
+        type: string
+      id:
+        type: string
+      linked_avatar_url:
+        type: string
+      linked_display_name:
+        type: string
+      linked_username:
+        type: string
+      user_id:
+        type: string
+    type: object
+  acl.ChannelIdentityCandidateListResponse:
+    properties:
+      items:
+        items:
+          $ref: '#/definitions/acl.ChannelIdentityCandidate'
+        type: array
+    type: object
+  acl.ListRulesResponse:
+    properties:
+      items:
+        items:
+          $ref: '#/definitions/acl.Rule'
+        type: array
+    type: object
+  acl.ObservedConversationCandidate:
+    properties:
+      channel:
+        type: string
+      conversation_id:
+        type: string
+      conversation_name:
+        type: string
+      conversation_type:
+        type: string
+      last_observed_at:
+        type: string
+      route_id:
+        type: string
+      thread_id:
+        type: string
+    type: object
+  acl.ObservedConversationCandidateListResponse:
+    properties:
+      items:
+        items:
+          $ref: '#/definitions/acl.ObservedConversationCandidate'
+        type: array
+    type: object
+  acl.Rule:
+    properties:
+      action:
+        type: string
+      bot_id:
+        type: string
+      channel_identity_avatar_url:
+        type: string
+      channel_identity_display_name:
+        type: string
+      channel_identity_id:
+        type: string
+      channel_subject_id:
+        type: string
+      channel_type:
+        type: string
+      created_at:
+        type: string
+      effect:
+        type: string
+      id:
+        type: string
+      linked_user_avatar_url:
+        type: string
+      linked_user_display_name:
+        type: string
+      linked_user_id:
+        type: string
+      linked_user_username:
+        type: string
+      source_scope:
+        $ref: '#/definitions/acl.SourceScope'
+      subject_kind:
+        type: string
+      updated_at:
+        type: string
+      user_avatar_url:
+        type: string
+      user_display_name:
+        type: string
+      user_id:
+        type: string
+      user_username:
+        type: string
+    type: object
+  acl.SourceScope:
+    properties:
+      channel:
+        type: string
+      conversation_id:
+        type: string
+      conversation_type:
+        type: string
+      thread_id:
+        type: string
+    type: object
+  acl.UpsertRuleRequest:
+    properties:
+      channel_identity_id:
+        type: string
+      source_scope:
+        $ref: '#/definitions/acl.SourceScope'
+      user_id:
+        type: string
+    type: object
+  acl.UserCandidate:
+    properties:
+      avatar_url:
+        type: string
+      display_name:
+        type: string
+      email:
+        type: string
+      id:
+        type: string
+      username:
+        type: string
+    type: object
+  acl.UserCandidateListResponse:
+    properties:
+      items:
+        items:
+          $ref: '#/definitions/acl.UserCandidate'
+        type: array
+    type: object
   adapters.CDFPoint:
     properties:
       cumulative:
@@ -317,8 +461,6 @@ definitions:
     type: object
   bots.Bot:
     properties:
-      allow_guest:
-        type: boolean
       avatar_url:
         type: string
       check_issue_count:
@@ -365,17 +507,6 @@ definitions:
       type:
         type: string
     type: object
-  bots.BotMember:
-    properties:
-      bot_id:
-        type: string
-      created_at:
-        type: string
-      role:
-        type: string
-      user_id:
-        type: string
-    type: object
   bots.CreateBotRequest:
     properties:
       avatar_url:
@@ -404,13 +535,6 @@ definitions:
           $ref: '#/definitions/bots.BotCheck'
         type: array
     type: object
-  bots.ListMembersResponse:
-    properties:
-      items:
-        items:
-          $ref: '#/definitions/bots.BotMember'
-        type: array
-    type: object
   bots.TransferBotRequest:
     properties:
       owner_user_id:
@@ -428,13 +552,6 @@ definitions:
         additionalProperties: {}
         type: object
     type: object
-  bots.UpsertMemberRequest:
-    properties:
-      role:
-        type: string
-      user_id:
-        type: string
-    type: object
   browsercontexts.BrowserContext:
     properties:
       config:
@@ -2569,6 +2686,211 @@ paths:
       summary: Create bot user
       tags:
       - bots
+  /bots/{bot_id}/access/channel_identities:
+    get:
+      description: Search locally observed channel identity candidates for bot access
+        control
+      parameters:
+      - description: Bot ID
+        in: path
+        name: bot_id
+        required: true
+        type: string
+      - description: Search query
+        in: query
+        name: q
+        type: string
+      - description: Max results
+        in: query
+        name: limit
+        type: integer
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/acl.ChannelIdentityCandidateListResponse'
+        "400":
+          description: Bad Request
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+        "403":
+          description: Forbidden
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+        "500":
+          description: Internal Server Error
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+      summary: Search access channel identities
+      tags:
+      - bots
+  /bots/{bot_id}/access/channel_identities/{channel_identity_id}/conversations:
+    get:
+      description: List previously observed conversation candidates for a channel
+        identity under a bot
+      parameters:
+      - description: Bot ID
+        in: path
+        name: bot_id
+        required: true
+        type: string
+      - description: Channel Identity ID
+        in: path
+        name: channel_identity_id
+        required: true
+        type: string
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/acl.ObservedConversationCandidateListResponse'
+        "400":
+          description: Bad Request
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+        "403":
+          description: Forbidden
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+        "500":
+          description: Internal Server Error
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+      summary: List observed conversations for a channel identity
+      tags:
+      - bots
+  /bots/{bot_id}/access/users:
+    get:
+      description: Search user candidates for bot access control
+      parameters:
+      - description: Bot ID
+        in: path
+        name: bot_id
+        required: true
+        type: string
+      - description: Search query
+        in: query
+        name: q
+        type: string
+      - description: Max results
+        in: query
+        name: limit
+        type: integer
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/acl.UserCandidateListResponse'
+        "400":
+          description: Bad Request
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+        "403":
+          description: Forbidden
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+        "500":
+          description: Internal Server Error
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+      summary: Search access users
+      tags:
+      - bots
+  /bots/{bot_id}/blacklist:
+    get:
+      description: List guest deny rules for chat trigger
+      parameters:
+      - description: Bot ID
+        in: path
+        name: bot_id
+        required: true
+        type: string
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/acl.ListRulesResponse'
+        "400":
+          description: Bad Request
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+        "403":
+          description: Forbidden
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+        "500":
+          description: Internal Server Error
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+      summary: List bot blacklist
+      tags:
+      - bots
+    put:
+      description: Add a guest deny rule for chat trigger
+      parameters:
+      - description: Bot ID
+        in: path
+        name: bot_id
+        required: true
+        type: string
+      - description: Blacklist payload
+        in: body
+        name: payload
+        required: true
+        schema:
+          $ref: '#/definitions/acl.UpsertRuleRequest'
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/acl.Rule'
+        "400":
+          description: Bad Request
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+        "403":
+          description: Forbidden
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+        "500":
+          description: Internal Server Error
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+      summary: Upsert bot blacklist entry
+      tags:
+      - bots
+  /bots/{bot_id}/blacklist/{rule_id}:
+    delete:
+      description: Delete a guest deny rule by rule ID
+      parameters:
+      - description: Bot ID
+        in: path
+        name: bot_id
+        required: true
+        type: string
+      - description: Rule ID
+        in: path
+        name: rule_id
+        required: true
+        type: string
+      responses:
+        "204":
+          description: No Content
+        "400":
+          description: Bad Request
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+        "403":
+          description: Forbidden
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+        "500":
+          description: Internal Server Error
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+      summary: Delete bot blacklist entry
+      tags:
+      - bots
   /bots/{bot_id}/cli/messages:
     post:
       consumes:
@@ -5522,6 +5844,101 @@ paths:
       summary: WebSocket chat endpoint
       tags:
       - local-channel
+  /bots/{bot_id}/whitelist:
+    get:
+      description: List guest allow rules for chat trigger
+      parameters:
+      - description: Bot ID
+        in: path
+        name: bot_id
+        required: true
+        type: string
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/acl.ListRulesResponse'
+        "400":
+          description: Bad Request
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+        "403":
+          description: Forbidden
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+        "500":
+          description: Internal Server Error
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+      summary: List bot whitelist
+      tags:
+      - bots
+    put:
+      description: Add a guest allow rule for chat trigger
+      parameters:
+      - description: Bot ID
+        in: path
+        name: bot_id
+        required: true
+        type: string
+      - description: Whitelist payload
+        in: body
+        name: payload
+        required: true
+        schema:
+          $ref: '#/definitions/acl.UpsertRuleRequest'
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/acl.Rule'
+        "400":
+          description: Bad Request
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+        "403":
+          description: Forbidden
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+        "500":
+          description: Internal Server Error
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+      summary: Upsert bot whitelist entry
+      tags:
+      - bots
+  /bots/{bot_id}/whitelist/{rule_id}:
+    delete:
+      description: Delete a guest allow rule by rule ID
+      parameters:
+      - description: Bot ID
+        in: path
+        name: bot_id
+        required: true
+        type: string
+      - description: Rule ID
+        in: path
+        name: rule_id
+        required: true
+        type: string
+      responses:
+        "204":
+          description: No Content
+        "400":
+          description: Bad Request
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+        "403":
+          description: Forbidden
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+        "500":
+          description: Internal Server Error
+          schema:
+            $ref: '#/definitions/handlers.ErrorResponse'
+      summary: Delete bot whitelist entry
+      tags:
+      - bots
   /bots/{id}:
     delete:
       description: Delete a bot user (owner/admin only)
@@ -5908,113 +6325,6 @@ paths:
       summary: List bot runtime checks
       tags:
       - bots
-  /bots/{id}/members:
-    get:
-      description: List members for a bot
-      parameters:
-      - description: Bot ID
-        in: path
-        name: id
-        required: true
-        type: string
-      responses:
-        "200":
-          description: OK
-          schema:
-            $ref: '#/definitions/bots.ListMembersResponse'
-        "400":
-          description: Bad Request
-          schema:
-            $ref: '#/definitions/handlers.ErrorResponse'
-        "403":
-          description: Forbidden
-          schema:
-            $ref: '#/definitions/handlers.ErrorResponse'
-        "404":
-          description: Not Found
-          schema:
-            $ref: '#/definitions/handlers.ErrorResponse'
-        "500":
-          description: Internal Server Error
-          schema:
-            $ref: '#/definitions/handlers.ErrorResponse'
-      summary: List bot members
-      tags:
-      - bots
-    put:
-      description: Add or update bot member role
-      parameters:
-      - description: Bot ID
-        in: path
-        name: id
-        required: true
-        type: string
-      - description: Member payload
-        in: body
-        name: payload
-        required: true
-        schema:
-          $ref: '#/definitions/bots.UpsertMemberRequest'
-      responses:
-        "200":
-          description: OK
-          schema:
-            $ref: '#/definitions/bots.BotMember'
-        "400":
-          description: Bad Request
-          schema:
-            $ref: '#/definitions/handlers.ErrorResponse'
-        "403":
-          description: Forbidden
-          schema:
-            $ref: '#/definitions/handlers.ErrorResponse'
-        "404":
-          description: Not Found
-          schema:
-            $ref: '#/definitions/handlers.ErrorResponse'
-        "500":
-          description: Internal Server Error
-          schema:
-            $ref: '#/definitions/handlers.ErrorResponse'
-      summary: Upsert bot member
-      tags:
-      - bots
-  /bots/{id}/members/{user_id}:
-    delete:
-      description: Remove a member from a bot
-      parameters:
-      - description: Bot ID
-        in: path
-        name: id
-        required: true
-        type: string
-      - description: User ID
-        in: path
-        name: user_id
-        required: true
-        type: string
-      responses:
-        "204":
-          description: No Content
-        "400":
-          description: Bad Request
-          schema:
-            $ref: '#/definitions/handlers.ErrorResponse'
-        "403":
-          description: Forbidden
-          schema:
-            $ref: '#/definitions/handlers.ErrorResponse'
-        "404":
-          description: Not Found
-          schema:
-            $ref: '#/definitions/handlers.ErrorResponse'
-        "500":
-          description: Internal Server Error
-          schema:
-            $ref: '#/definitions/handlers.ErrorResponse'
-      summary: Delete bot member
-      tags:
-      - bots
   /bots/{id}/owner:
     put:
       description: Transfer bot ownership to another human user