@excitedjs/dreamux 0.9.2 → 0.9.3

package/dist/channel/introduce.js

@@ -4,15 +4,31 @@
  * Trigger rule (deliberately different from claudemux):
  *
  *   In a group, a `/introduce` message triggers **if and only if the sender is
- *   on the allowlist**. No `@`-mention of our bot is required, and the group's
- *   `require_mention` setting is ignored on this path.
+ *   authorized to run it under the group's policy**. No `@`-mention of our bot
+ *   is required, and the group's `require_mention` setting is ignored on this
+ *   path.
  *
- *   "Sender on the allowlist" is sender-scoped, NOT group-scoped: it is not
- *   enough for the chat to be authorized — the *sender* must be explicitly
- *   allowlisted for the chat. An open group (no per-sender allowlist) does NOT
- *   authorize introduce. `canRunIntroduce` therefore never reuses a broad
- *   group-authorization predicate that would trust the group without checking
- *   the sender's identity.
+ * Authorization mirrors the delivery gate (`dreamuxFeishuGate`) for the same
+ * group policy, minus the @-mention requirement that introduce deliberately
+ * waives. The parity is exact except for two divergences that are intentional
+ * (issue #62), not accidental — keep them when "aligning" the two gates:
+ *
+ *   - `block`       — never authorized (the gate drops every group message).
+ *   - `follow-user` — the chat needs no authorization; `allow_chats` is ignored
+ *                     exactly as the gate ignores it. The sender must be on the
+ *                     global `allow_users` list.
+ *   - `allowlist`   — the chat must be named in `allow_chats` (the group is the
+ *                     unit of trust). The sender must ALSO be on `allow_users` —
+ *                     this is the #62 divergence: a trust-changing command is
+ *                     sender-scoped even in an allowlisted group, whereas the
+ *                     delivery gate lets any member of an allowlisted group
+ *                     speak. "Any member of an allowlisted group" is therefore
+ *                     deliberately NOT a path to introduce.
+ *
+ * Before issue #79/#82 made the gate policy-aware, introduce kept a hardcoded
+ * `chat_not_allowlisted` check for *every* policy — so an `allow_users` sender
+ * could chat in a brand-new `follow-user` group but could never `/introduce`
+ * there. That accidental split is the bug this contract now closes.
  *
  * The peer bots being introduced are the message's @-mentions (excluding our
  * own bot); the host records them as *trusted* for the chat. Recording a human
@@ -26,22 +42,37 @@ const UNKNOWN_PEER_LABEL = '伙伴';
  * is authorized. This is the single source of truth for the issue #62 hard
  * contract; `canRunIntroduce` is the boolean projection of it.
  *
- * Sender-scoped, not group-scoped: the chat must be explicitly allowlisted AND
- * the sender must be on the global `allow_users` list (the same list that gates
- * direct messages and `follow-user` group delivery). Empty allowlists do not
- * authorize anyone — there is no "any member of an allowlisted group" path.
+ * Policy-aware, mirroring `dreamuxFeishuGate`'s group branch for the same policy
+ * (minus the @-mention requirement introduce waives):
+ *   - `block`       → `group_blocked` (the gate drops every group message).
+ *   - `follow-user` → `allow_chats` is ignored exactly as the gate ignores it;
+ *                     only the sender's membership in `allow_users` matters.
+ *   - `allowlist`   → the chat must be in `allow_chats` (chat-as-unit-of-trust)
+ *                     AND the sender must be on `allow_users` (the #62 sender
+ *                     scoping that the delivery gate does not impose).
+ * Empty allowlists authorize nobody — there is no "any member of an allowlisted
+ * group" path.
  */
 export function introduceDenyReason(access, input) {
     if (input.chatType !== 'group')
         return 'non_group';
     if (input.senderId === '')
         return 'empty_sender_id';
-    // The chat must be explicitly allowlisted. Under the `follow-user` policy an
-    // empty `allow_chats` means "every chat" for normal delivery, but a
-    // trust-changing command always requires the chat to be named, so introduce
-    // never fires in an incidental group regardless of the group policy.
-    if (!access.group.allow_chats.includes(input.chatId))
+    const policy = access.group.policy;
+    // `block` drops every group message; a trust-changing command is no exception.
+    // (Before this was explicit, `block` blocked introduce only by accident — its
+    // empty `allow_chats` tripped `chat_not_allowlisted`. Once `follow-user` stops
+    // checking `allow_chats`, the block case needs its own guard.)
+    if (policy === 'block')
+        return 'group_blocked';
+    // Under `allowlist` the group is the unit of trust, so the chat must be named.
+    // Under `follow-user` the chat allowlist is intentionally ignored — the group
+    // needs no authorization, exactly as the delivery gate ignores it. This is the
+    // line that was previously hardcoded for every policy and split introduce from
+    // the gate (issue #82 made the gate policy-aware but left this behind).
+    if (policy === 'allowlist' && !access.group.allow_chats.includes(input.chatId)) {
         return 'chat_not_allowlisted';
+    }
     // The sender must be on the global allow-user list — the same list that gates
     // direct messages and `follow-user` group delivery. An empty list authorizes
     // nobody, keeping the rule sender-scoped rather than "any member of an

package/dist/channel/introduce.js.map

@@ -1 +1 @@
-{"version":3,"file":"introduce.js","sourceRoot":"","sources":["../../src/channel/introduce.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAOH,MAAM,YAAY,GAAG,uBAAuB,CAAC;AAC7C,MAAM,kBAAkB,GAAG,IAAI,CAAC;AAoBhC;;;;;;;;;GASG;AACH,MAAM,UAAU,mBAAmB,CACjC,MAA6B,EAC7B,KAAyB;IAEzB,IAAI,KAAK,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO,WAAW,CAAC;IACnD,IAAI,KAAK,CAAC,QAAQ,KAAK,EAAE;QAAE,OAAO,iBAAiB,CAAC;IACpD,6EAA6E;IAC7E,oEAAoE;IACpE,4EAA4E;IAC5E,qEAAqE;IACrE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC;QAAE,OAAO,sBAAsB,CAAC;IACpF,8EAA8E;IAC9E,6EAA6E;IAC7E,uEAAuE;IACvE,uEAAuE;IACvE,4EAA4E;IAC5E,uCAAuC;IACvC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC;QAAE,OAAO,qBAAqB,CAAC;IAC/E,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAC7B,MAA6B,EAC7B,KAAyB;IAEzB,OAAO,mBAAmB,CAAC,MAAM,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC;AACrD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAC7B,WAAmB,EACnB,UAAkB,EAClB,QAAmB;IAEnB,IAAI,WAAW,KAAK,MAAM;QAAE,OAAO,KAAK,CAAC;IACzC,IAAI,IAAY,CAAC;IACjB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAY,CAAC;QACjD,IAAI;YACF,MAAM,KAAK,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;gBACrE,CAAC,CAAC,OAAQ,MAAkC,CAAC,MAAM,CAAC,KAAK,QAAQ;oBAC/D,CAAC,CAAG,MAAkC,CAAC,MAAM,CAAY;oBACzD,CAAC,CAAC,EAAE;gBACN,CAAC,CAAC,EAAE,CAAC;IACX,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,2EAA2E;IAC3E,6EAA6E;IAC7E,4EAA4E;IAC5E,+EAA+E;IAC/E,MAAM,IAAI,GAAG,QAAQ;SAClB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;SACjB,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC;SAC3B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IACvC,IAAI,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;IACjC,IAAI,QAAQ,GAAG,IAAI,CAAC;IACpB,OAAO,QAAQ,EAAE,CAAC;QAChB,QAAQ,GAAG,KAAK,CAAC;QACjB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,IAAI,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC9B,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,CAAC;gBACpD,QAAQ,GAAG,IAAI,CAAC;gBAChB,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AACtC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAC7B,QAAmB,EACnB,UAA8B;IAE9B,MAAM,KAAK,GAAc,EAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,CAAC,CAAC,EAAE,EAAE,OAAO,IAAI,CAAC,CAAC,EAAE,EAAE,QAAQ,IAAI,EAAE,CAAC;QACrD,IAAI,MAAM,KAAK,EAAE,IAAI,MAAM,KAAK,UAAU,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC;YAAE,SAAS;QACzE,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAgB;IAC/C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC3E,OAAO,WAAW,KAAK,CAAC,MAAM,QAAQ,KAAK,EAAE,CAAC;AAChD,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAa;IACtC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACtE,OAAO,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,kBAAkB,CAAC;AACjD,CAAC;AAED,SAAS,cAAc,CAAC,KAAa;IACnC,OAAO,KAAK;SACT,OAAO,CAAC,yBAAyB,EAAE,GAAG,CAAC;SACvC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC;SACxB,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;SACpB,IAAI,EAAE,CAAC;AACZ,CAAC"}
+{"version":3,"file":"introduce.js","sourceRoot":"","sources":["../../src/channel/introduce.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AAOH,MAAM,YAAY,GAAG,uBAAuB,CAAC;AAC7C,MAAM,kBAAkB,GAAG,IAAI,CAAC;AAqBhC;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,mBAAmB,CACjC,MAA6B,EAC7B,KAAyB;IAEzB,IAAI,KAAK,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO,WAAW,CAAC;IACnD,IAAI,KAAK,CAAC,QAAQ,KAAK,EAAE;QAAE,OAAO,iBAAiB,CAAC;IACpD,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC;IACnC,+EAA+E;IAC/E,8EAA8E;IAC9E,+EAA+E;IAC/E,+DAA+D;IAC/D,IAAI,MAAM,KAAK,OAAO;QAAE,OAAO,eAAe,CAAC;IAC/C,+EAA+E;IAC/E,8EAA8E;IAC9E,+EAA+E;IAC/E,+EAA+E;IAC/E,wEAAwE;IACxE,IAAI,MAAM,KAAK,WAAW,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;QAC/E,OAAO,sBAAsB,CAAC;IAChC,CAAC;IACD,8EAA8E;IAC9E,6EAA6E;IAC7E,uEAAuE;IACvE,uEAAuE;IACvE,4EAA4E;IAC5E,uCAAuC;IACvC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC;QAAE,OAAO,qBAAqB,CAAC;IAC/E,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAC7B,MAA6B,EAC7B,KAAyB;IAEzB,OAAO,mBAAmB,CAAC,MAAM,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC;AACrD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAC7B,WAAmB,EACnB,UAAkB,EAClB,QAAmB;IAEnB,IAAI,WAAW,KAAK,MAAM;QAAE,OAAO,KAAK,CAAC;IACzC,IAAI,IAAY,CAAC;IACjB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAY,CAAC;QACjD,IAAI;YACF,MAAM,KAAK,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;gBACrE,CAAC,CAAC,OAAQ,MAAkC,CAAC,MAAM,CAAC,KAAK,QAAQ;oBAC/D,CAAC,CAAG,MAAkC,CAAC,MAAM,CAAY;oBACzD,CAAC,CAAC,EAAE;gBACN,CAAC,CAAC,EAAE,CAAC;IACX,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,2EAA2E;IAC3E,6EAA6E;IAC7E,4EAA4E;IAC5E,+EAA+E;IAC/E,MAAM,IAAI,GAAG,QAAQ;SAClB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;SACjB,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC;SAC3B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IACvC,IAAI,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;IACjC,IAAI,QAAQ,GAAG,IAAI,CAAC;IACpB,OAAO,QAAQ,EAAE,CAAC;QAChB,QAAQ,GAAG,KAAK,CAAC;QACjB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,IAAI,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC9B,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,CAAC;gBACpD,QAAQ,GAAG,IAAI,CAAC;gBAChB,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AACtC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAC7B,QAAmB,EACnB,UAA8B;IAE9B,MAAM,KAAK,GAAc,EAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,CAAC,CAAC,EAAE,EAAE,OAAO,IAAI,CAAC,CAAC,EAAE,EAAE,QAAQ,IAAI,EAAE,CAAC;QACrD,IAAI,MAAM,KAAK,EAAE,IAAI,MAAM,KAAK,UAAU,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC;YAAE,SAAS;QACzE,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAgB;IAC/C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC3E,OAAO,WAAW,KAAK,CAAC,MAAM,QAAQ,KAAK,EAAE,CAAC;AAChD,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAa;IACtC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACtE,OAAO,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,kBAAkB,CAAC;AACjD,CAAC;AAED,SAAS,cAAc,CAAC,KAAa;IACnC,OAAO,KAAK;SACT,OAAO,CAAC,yBAAyB,EAAE,GAAG,CAAC;SACvC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC;SACxB,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;SACpB,IAAI,EAAE,CAAC;AACZ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@excitedjs/dreamux",
-  "version": "0.9.2",
+  "version": "0.9.3",
   "description": "Codex-host server — single-session MVP. One node process hosts N dispatchers, each binding 1 Feishu bot + 1 Codex thread.",
   "license": "MIT",
   "repository": {