mirror of
https://github.com/memohai/Memoh.git
synced 2026-04-25 07:00:48 +09:00
BBQ
68745133b7
* feat(access): add guest chat ACL and simplify bot access Unify bot chat permissions around owner and guest ACL so public access, whitelist, and blacklist share a single model. Remove unused sharing paths, add searchable platform identity controls, and normalize Feishu identities to stable open_id records. * fix(web): format access control panel Include the post-commit formatting changes applied to the access control UI so the branch stays clean and the PR reflects the final rendered layout. * fix(migrations): drop legacy bot tables before bots Ensure the init down migration removes bot_members and bot_preauth_keys before dropping bots so full rollback succeeds after the ACL refactor. * feat(acl): add source-aware chat trigger rules Support channel-, conversation-, and thread-scoped ACL rules while keeping allow_guest, whitelist, and blacklist compatible. Also expose observed conversation candidates and normalize channel identity rules to their own platform. * fix(lint): resolve golangci-lint errors after rebase - Remove unused receivers and parameters in fakeRows/Service methods - Delete unused makeNoRow helper and toParticipantFields function - Fix gci/gofumpt formatting * fix(lint): fix gci import formatting in acl types and handler * fix(acl): tighten observed group and thread selection (#245) Use inbox plus persisted messages to discover observed group and thread routes, and lock scope fields after selecting a concrete observed target. This keeps Telegram group candidates visible and prevents contradictory private/group scope edits. * chore: regenerate sqlc swagger and sdk after rebase onto main * fix(inbound): use bot owner token for agent gateway callbacks The inbound channel processor issued a JWT for the chatting user's identity. When the agent called back into container/MCP endpoints (e.g. /bots/{id}/tools, /bots/{id}/mcp-stdio), AuthorizeBotAccess rejected non-owner users with HTTP 403 "bot access denied". Resolve the bot owner via PolicyService and issue the downstream token under the owner's identity, consistent with schedule, heartbeat, and email gateways. The chatting user's identity is still tracked via SourceChannelIdentityID and identity headers.