@excitedjs/dreamux 0.9.8 → 0.11.0

package/CHANGELOG.json

@@ -0,0 +1,372 @@
+{
+  "name": "@excitedjs/dreamux",
+  "entries": [
+    {
+      "version": "0.11.0",
+      "tag": "@excitedjs/dreamux_v0.11.0",
+      "date": "Fri, 05 Jun 2026 16:16:45 GMT",
+      "comments": {
+        "minor": [
+          {
+            "comment": "Unify persisted-file version policy (issue #98). BREAKING: dispatcher access.json is now v2-only; the legacy v1 shape (dm.allow_users + group.follow_users) is no longer auto-migrated and an unsupported/missing version fails loud. Rebuild: delete the dispatcher's access.json to return to the secure default (no one authorized), then recreate it as a v2 access.json with allow_users and group.policy (see the access.json section in the dreamux README) and restart; note that `dreamux onboard` does not restore access grants. status.json and restart-intent.json now warn-and-rebuild / warn-and-drop on incompatible, malformed, or invalid-field content instead of silently discarding or misreading; neither hard-fatals the server."
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.10.0",
+      "tag": "@excitedjs/dreamux_v0.10.0",
+      "date": "Fri, 05 Jun 2026 15:34:49 GMT",
+      "comments": {
+        "minor": [
+          {
+            "comment": "Add the `dreamux changelog` command (and `--json`) that prints the installed package's bundled CHANGELOG, and ship CHANGELOG.md/CHANGELOG.json in the package files. This is the upgrade-time information entry point for the 0.x fail-loud + rebuild policy (issue #98)."
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.9.8",
+      "tag": "@excitedjs/dreamux_v0.9.8",
+      "date": "Fri, 05 Jun 2026 14:06:54 GMT",
+      "comments": {
+        "patch": [
+          {
+            "comment": "Trusted peer-bot inbound now requires both a trusted sender open_id and an @-mention of this bot; introduce trusts only mention open_id (no union_id/user_id fallback); add diagnostic-only sender_union_id to inbound-drop logs (issue #102)"
+          }
+        ],
+        "dependency": [
+          {
+            "comment": "Updating dependency \"@excitedjs/feishu-transport\" to `0.2.3`"
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.9.7",
+      "tag": "@excitedjs/dreamux_v0.9.7",
+      "date": "Fri, 05 Jun 2026 12:14:20 GMT",
+      "comments": {
+        "patch": [
+          {
+            "comment": "Restructure the bundled dispatcher skill into a router plus references, make the teammate engine a deliberate explicit choice instead of forcing codex, and add prompt-composition, router-posture, and inspect/resume workflow guidance."
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.9.6",
+      "tag": "@excitedjs/dreamux_v0.9.6",
+      "date": "Fri, 05 Jun 2026 08:05:04 GMT",
+      "comments": {
+        "patch": [
+          {
+            "comment": "Fix the published npm install path by removing the ahead-of-use Feishu channel runtime dependency."
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.9.5",
+      "tag": "@excitedjs/dreamux_v0.9.5",
+      "date": "Fri, 05 Jun 2026 05:41:43 GMT",
+      "comments": {
+        "patch": [
+          {
+            "comment": "Bundle the dispatcher, team-dev-workflow, and dreamux-maintenance skills and install them as workspace-local symlinks for each dispatcher."
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.9.4",
+      "tag": "@excitedjs/dreamux_v0.9.4",
+      "date": "Fri, 05 Jun 2026 05:30:23 GMT",
+      "comments": {
+        "patch": [
+          {
+            "comment": "Route Feishu inbound formatting through feishu-channel, including downloaded attachment paths and fallback resource references."
+          }
+        ],
+        "dependency": [
+          {
+            "comment": "Updating dependency \"@excitedjs/feishu-transport\" to `0.2.2`"
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.9.3",
+      "tag": "@excitedjs/dreamux_v0.9.3",
+      "date": "Fri, 05 Jun 2026 03:34:03 GMT",
+      "comments": {
+        "patch": [
+          {
+            "comment": "Fix group /introduce authorization to follow the group policy: under follow-user it now ignores allow_chats and gates only on allow_users, matching the delivery gate; block is denied explicitly (group_blocked); allowlist is unchanged."
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.9.2",
+      "tag": "@excitedjs/dreamux_v0.9.2",
+      "date": "Fri, 05 Jun 2026 02:47:01 GMT",
+      "comments": {
+        "patch": [
+          {
+            "comment": "Add a best-effort Feishu channel acknowledgement for authorized group /introduce commands."
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.9.1",
+      "tag": "@excitedjs/dreamux_v0.9.1",
+      "date": "Thu, 04 Jun 2026 23:08:48 GMT",
+      "comments": {
+        "patch": [
+          {
+            "comment": "Remove all synchronous blocking IO from package source (fs/promises + async child_process) and add a permanent ESLint gate (n/no-sync + import/syntax backstops via the shared @excitedjs/eslint-config) wired through rush lint, CI, and the pre-commit hook (issue #85)"
+          }
+        ],
+        "dependency": [
+          {
+            "comment": "Updating dependency \"@excitedjs/feishu-transport\" to `0.2.1`"
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.9.0",
+      "tag": "@excitedjs/dreamux_v0.9.0",
+      "date": "Thu, 04 Jun 2026 20:50:14 GMT",
+      "comments": {
+        "minor": [
+          {
+            "comment": "Add daemon command group (install/uninstall/start/stop/restart), enable systemd linger so the user service starts at boot, and inject a restart-completed notice into resumed dispatchers after daemon restart --notify-resumed"
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.8.0",
+      "tag": "@excitedjs/dreamux_v0.8.0",
+      "date": "Thu, 04 Jun 2026 20:24:45 GMT",
+      "comments": {
+        "minor": [
+          {
+            "comment": "Fix the follow-user group-access semantics: the dispatcher runtime gate (dreamuxFeishuGate) now gates group delivery on a single global allow-user list shared with direct messages, instead of a separate group.follow_users list, so a sender on the global allowlist who @-mentions the bot is delivered in any group (issue #79). The access.json shape is unified to v2: a top-level allow_users list plus an explicit group.policy (block | allowlist | follow-user); v1 files are migrated forward by readDispatcherAccess (legacy dm.allow_users and group.follow_users are merged and de-duplicated, the policy is inferred, and the first save rewrites the file). An empty allow_users now authorizes nobody, consistent with direct messages. /introduce sender authorization moves to the global allow_users list while still requiring the chat to be named in allow_chats."
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.7.0",
+      "tag": "@excitedjs/dreamux_v0.7.0",
+      "date": "Thu, 04 Jun 2026 20:18:37 GMT",
+      "comments": {
+        "minor": [
+          {
+            "comment": "Prefer a stable platform-aware system Node for the managed service (Homebrew on macOS, system paths on Linux) with fallback to the current Node, and add a non-fatal dreamux doctor advisory when the service Node is bound to a version manager."
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.6.2",
+      "tag": "@excitedjs/dreamux_v0.6.2",
+      "date": "Thu, 04 Jun 2026 19:41:43 GMT",
+      "comments": {
+        "patch": [
+          {
+            "comment": "Log a distinct channel diagnostic ('introduce detected but not authorized') with a stable reason code (non_group / empty_sender_id / chat_not_allowlisted / sender_not_followed) when a group /introduce is detected but the sender is not authorized, instead of letting it surface as an ordinary gate drop (e.g. 'bot not mentioned'). Gate, trust, and /introduce semantics are unchanged (issue #77)."
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.6.1",
+      "tag": "@excitedjs/dreamux_v0.6.1",
+      "date": "Thu, 04 Jun 2026 18:47:15 GMT",
+      "comments": {
+        "patch": [
+          {
+            "comment": "Inject each dispatcher's per-dispatcher channel logger into its Feishu bot/transport, so the transport's Lark SDK and WebSocket connection diagnostics land in logs/feishu-channel/<id>.log alongside the host's own channel decisions (issue #74)."
+          }
+        ],
+        "dependency": [
+          {
+            "comment": "Updating dependency \"@excitedjs/feishu-transport\" to `0.2.0`"
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.6.0",
+      "tag": "@excitedjs/dreamux_v0.6.0",
+      "date": "Thu, 04 Jun 2026 17:58:38 GMT",
+      "comments": {
+        "minor": [
+          {
+            "comment": "Add persistent structured file logging (pino) across server, Feishu channel, gate/drop/inbound/outbound/introduce, dispatcher runtime, and the feishu-mcp stdio shim; logs persist under ~/.dreamux/logs (issue #70)."
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.5.0",
+      "tag": "@excitedjs/dreamux_v0.5.0",
+      "date": "Thu, 04 Jun 2026 17:12:55 GMT",
+      "comments": {
+        "minor": [
+          {
+            "comment": "Inject a one-shot <group_bots> context of a group's trusted bots on the first delivered message after /introduce (commit-after-notify, generation-safe clear); add a model-facing list_chat_bots MCP tool (backed by a read-only mcp.list_chat_bots admin method) returning a chat's known + trusted bots; and change the inbound reaction lifecycle to add-then-cancel so the message never shows a zero-reaction window during the received -> in-progress transition."
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.4.0",
+      "tag": "@excitedjs/dreamux_v0.4.0",
+      "date": "Thu, 04 Jun 2026 15:47:28 GMT",
+      "comments": {
+        "minor": [
+          {
+            "comment": "Add the Feishu event-registry seam (FeishuBot.start now takes a route object with onMessage + optional onBotMemberAdded) and the group /introduce hard contract: /introduce triggers only when the sender is allowlisted, with no @-mention of the bot required. A new chat-bots.json store separates passive bot awareness from introduced trust."
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.3.3",
+      "tag": "@excitedjs/dreamux_v0.3.3",
+      "date": "Thu, 04 Jun 2026 14:09:37 GMT",
+      "comments": {
+        "patch": [
+          {
+            "comment": "Fix Feishu inbound reaction emoji type values."
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.3.2",
+      "tag": "@excitedjs/dreamux_v0.3.2",
+      "date": "Thu, 04 Jun 2026 13:15:17 GMT",
+      "comments": {
+        "patch": [
+          {
+            "comment": "Submit accepted Feishu inbound with non-blocking turn/start delivery and three-state reactions."
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.3.1",
+      "tag": "@excitedjs/dreamux_v0.3.1",
+      "date": "Thu, 04 Jun 2026 07:44:14 GMT",
+      "comments": {
+        "patch": [
+          {
+            "comment": "Fix managed service startup when Node is provided by nvm."
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.3.0",
+      "tag": "@excitedjs/dreamux_v0.3.0",
+      "date": "Thu, 04 Jun 2026 05:00:52 GMT",
+      "comments": {
+        "minor": [
+          {
+            "comment": "调整 onboard 与 dispatcher runtime，使其继承本机 Codex 状态，改用 JSON 配置并新增 uninstall 指令。"
+          }
+        ],
+        "dependency": [
+          {
+            "comment": "Updating dependency \"@excitedjs/feishu-transport\" to `0.1.0`"
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.2.0",
+      "tag": "@excitedjs/dreamux_v0.2.0",
+      "date": "Wed, 03 Jun 2026 07:57:13 GMT",
+      "comments": {
+        "minor": [
+          {
+            "comment": "调整 onboard 与 dispatcher runtime，使其继承本机 Codex 状态，改用 JSON 配置并新增 uninstall 指令。"
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.1.4",
+      "tag": "@excitedjs/dreamux_v0.1.4",
+      "date": "Wed, 03 Jun 2026 04:29:43 GMT",
+      "comments": {
+        "patch": [
+          {
+            "comment": "Fix onboard Codex marketplace installation from the public dreamux repository."
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.1.3",
+      "tag": "@excitedjs/dreamux_v0.1.3",
+      "date": "Tue, 02 Jun 2026 18:55:21 GMT",
+      "comments": {
+        "patch": [
+          {
+            "comment": "Implement dreamux onboard: first-run wizard, dispatcher-private Codex home setup, plugin installation, service registration, and transparent file ledger output."
+          },
+          {
+            "comment": "Add the issue #18 dreamux serve foundation: single global bin command tree, dispatcher-private Codex homes, and serve-time Codex home checks."
+          }
+        ],
+        "none": [
+          {
+            "comment": "Add repository field so npm provenance validation passes on OIDC publish"
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.1.2",
+      "tag": "@excitedjs/dreamux_v0.1.2",
+      "date": "Sun, 31 May 2026 07:02:52 GMT",
+      "comments": {
+        "patch": [
+          {
+            "comment": "Thread Feishu replies and drop bot-loop inbound messages"
+          }
+        ],
+        "dependency": [
+          {
+            "comment": "Updating dependency \"@excitedjs/feishu-transport\" to `0.0.2`"
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.1.1",
+      "tag": "@excitedjs/dreamux_v0.1.1",
+      "date": "Sat, 30 May 2026 17:49:32 GMT",
+      "comments": {
+        "patch": [
+          {
+            "comment": "init"
+          }
+        ],
+        "dependency": [
+          {
+            "comment": "Updating dependency \"@excitedjs/feishu-transport\" to `0.0.1`"
+          }
+        ]
+      }
+    }
+  ]
+}

package/CHANGELOG.md

@@ -0,0 +1,194 @@
+# Change Log - @excitedjs/dreamux
+
+This log was last generated on Fri, 05 Jun 2026 16:16:45 GMT and should not be manually modified.
+
+## 0.11.0
+Fri, 05 Jun 2026 16:16:45 GMT
+
+### Minor changes
+
+- Unify persisted-file version policy (issue #98). BREAKING: dispatcher access.json is now v2-only; the legacy v1 shape (dm.allow_users + group.follow_users) is no longer auto-migrated and an unsupported/missing version fails loud. Rebuild: delete the dispatcher's access.json to return to the secure default (no one authorized), then recreate it as a v2 access.json with allow_users and group.policy (see the access.json section in the dreamux README) and restart; note that `dreamux onboard` does not restore access grants. status.json and restart-intent.json now warn-and-rebuild / warn-and-drop on incompatible, malformed, or invalid-field content instead of silently discarding or misreading; neither hard-fatals the server.
+
+## 0.10.0
+Fri, 05 Jun 2026 15:34:49 GMT
+
+### Minor changes
+
+- Add the `dreamux changelog` command (and `--json`) that prints the installed package's bundled CHANGELOG, and ship CHANGELOG.md/CHANGELOG.json in the package files. This is the upgrade-time information entry point for the 0.x fail-loud + rebuild policy (issue #98).
+
+## 0.9.8
+Fri, 05 Jun 2026 14:06:54 GMT
+
+### Patches
+
+- Trusted peer-bot inbound now requires both a trusted sender open_id and an @-mention of this bot; introduce trusts only mention open_id (no union_id/user_id fallback); add diagnostic-only sender_union_id to inbound-drop logs (issue #102)
+
+## 0.9.7
+Fri, 05 Jun 2026 12:14:20 GMT
+
+### Patches
+
+- Restructure the bundled dispatcher skill into a router plus references, make the teammate engine a deliberate explicit choice instead of forcing codex, and add prompt-composition, router-posture, and inspect/resume workflow guidance.
+
+## 0.9.6
+Fri, 05 Jun 2026 08:05:04 GMT
+
+### Patches
+
+- Fix the published npm install path by removing the ahead-of-use Feishu channel runtime dependency.
+
+## 0.9.5
+Fri, 05 Jun 2026 05:41:43 GMT
+
+### Patches
+
+- Bundle the dispatcher, team-dev-workflow, and dreamux-maintenance skills and install them as workspace-local symlinks for each dispatcher.
+
+## 0.9.4
+Fri, 05 Jun 2026 05:30:23 GMT
+
+### Patches
+
+- Route Feishu inbound formatting through feishu-channel, including downloaded attachment paths and fallback resource references.
+
+## 0.9.3
+Fri, 05 Jun 2026 03:34:03 GMT
+
+### Patches
+
+- Fix group /introduce authorization to follow the group policy: under follow-user it now ignores allow_chats and gates only on allow_users, matching the delivery gate; block is denied explicitly (group_blocked); allowlist is unchanged.
+
+## 0.9.2
+Fri, 05 Jun 2026 02:47:01 GMT
+
+### Patches
+
+- Add a best-effort Feishu channel acknowledgement for authorized group /introduce commands.
+
+## 0.9.1
+Thu, 04 Jun 2026 23:08:48 GMT
+
+### Patches
+
+- Remove all synchronous blocking IO from package source (fs/promises + async child_process) and add a permanent ESLint gate (n/no-sync + import/syntax backstops via the shared @excitedjs/eslint-config) wired through rush lint, CI, and the pre-commit hook (issue #85)
+
+## 0.9.0
+Thu, 04 Jun 2026 20:50:14 GMT
+
+### Minor changes
+
+- Add daemon command group (install/uninstall/start/stop/restart), enable systemd linger so the user service starts at boot, and inject a restart-completed notice into resumed dispatchers after daemon restart --notify-resumed
+
+## 0.8.0
+Thu, 04 Jun 2026 20:24:45 GMT
+
+### Minor changes
+
+- Fix the follow-user group-access semantics: the dispatcher runtime gate (dreamuxFeishuGate) now gates group delivery on a single global allow-user list shared with direct messages, instead of a separate group.follow_users list, so a sender on the global allowlist who @-mentions the bot is delivered in any group (issue #79). The access.json shape is unified to v2: a top-level allow_users list plus an explicit group.policy (block | allowlist | follow-user); v1 files are migrated forward by readDispatcherAccess (legacy dm.allow_users and group.follow_users are merged and de-duplicated, the policy is inferred, and the first save rewrites the file). An empty allow_users now authorizes nobody, consistent with direct messages. /introduce sender authorization moves to the global allow_users list while still requiring the chat to be named in allow_chats.
+
+## 0.7.0
+Thu, 04 Jun 2026 20:18:37 GMT
+
+### Minor changes
+
+- Prefer a stable platform-aware system Node for the managed service (Homebrew on macOS, system paths on Linux) with fallback to the current Node, and add a non-fatal dreamux doctor advisory when the service Node is bound to a version manager.
+
+## 0.6.2
+Thu, 04 Jun 2026 19:41:43 GMT
+
+### Patches
+
+- Log a distinct channel diagnostic ('introduce detected but not authorized') with a stable reason code (non_group / empty_sender_id / chat_not_allowlisted / sender_not_followed) when a group /introduce is detected but the sender is not authorized, instead of letting it surface as an ordinary gate drop (e.g. 'bot not mentioned'). Gate, trust, and /introduce semantics are unchanged (issue #77).
+
+## 0.6.1
+Thu, 04 Jun 2026 18:47:15 GMT
+
+### Patches
+
+- Inject each dispatcher's per-dispatcher channel logger into its Feishu bot/transport, so the transport's Lark SDK and WebSocket connection diagnostics land in logs/feishu-channel/<id>.log alongside the host's own channel decisions (issue #74).
+
+## 0.6.0
+Thu, 04 Jun 2026 17:58:38 GMT
+
+### Minor changes
+
+- Add persistent structured file logging (pino) across server, Feishu channel, gate/drop/inbound/outbound/introduce, dispatcher runtime, and the feishu-mcp stdio shim; logs persist under ~/.dreamux/logs (issue #70).
+
+## 0.5.0
+Thu, 04 Jun 2026 17:12:55 GMT
+
+### Minor changes
+
+- Inject a one-shot <group_bots> context of a group's trusted bots on the first delivered message after /introduce (commit-after-notify, generation-safe clear); add a model-facing list_chat_bots MCP tool (backed by a read-only mcp.list_chat_bots admin method) returning a chat's known + trusted bots; and change the inbound reaction lifecycle to add-then-cancel so the message never shows a zero-reaction window during the received -> in-progress transition.
+
+## 0.4.0
+Thu, 04 Jun 2026 15:47:28 GMT
+
+### Minor changes
+
+- Add the Feishu event-registry seam (FeishuBot.start now takes a route object with onMessage + optional onBotMemberAdded) and the group /introduce hard contract: /introduce triggers only when the sender is allowlisted, with no @-mention of the bot required. A new chat-bots.json store separates passive bot awareness from introduced trust.
+
+## 0.3.3
+Thu, 04 Jun 2026 14:09:37 GMT
+
+### Patches
+
+- Fix Feishu inbound reaction emoji type values.
+
+## 0.3.2
+Thu, 04 Jun 2026 13:15:17 GMT
+
+### Patches
+
+- Submit accepted Feishu inbound with non-blocking turn/start delivery and three-state reactions.
+
+## 0.3.1
+Thu, 04 Jun 2026 07:44:14 GMT
+
+### Patches
+
+- Fix managed service startup when Node is provided by nvm.
+
+## 0.3.0
+Thu, 04 Jun 2026 05:00:52 GMT
+
+### Minor changes
+
+- 调整 onboard 与 dispatcher runtime，使其继承本机 Codex 状态，改用 JSON 配置并新增 uninstall 指令。
+
+## 0.2.0
+Wed, 03 Jun 2026 07:57:13 GMT
+
+### Minor changes
+
+- 调整 onboard 与 dispatcher runtime，使其继承本机 Codex 状态，改用 JSON 配置并新增 uninstall 指令。
+
+## 0.1.4
+Wed, 03 Jun 2026 04:29:43 GMT
+
+### Patches
+
+- Fix onboard Codex marketplace installation from the public dreamux repository.
+
+## 0.1.3
+Tue, 02 Jun 2026 18:55:21 GMT
+
+### Patches
+
+- Implement dreamux onboard: first-run wizard, dispatcher-private Codex home setup, plugin installation, service registration, and transparent file ledger output.
+- Add the issue #18 dreamux serve foundation: single global bin command tree, dispatcher-private Codex homes, and serve-time Codex home checks.
+
+## 0.1.2
+Sun, 31 May 2026 07:02:52 GMT
+
+### Patches
+
+- Thread Feishu replies and drop bot-loop inbound messages
+
+## 0.1.1
+Sat, 30 May 2026 17:49:32 GMT
+
+### Patches
+
+- init
+

package/README.md

@@ -144,13 +144,11 @@ Access-gate allowlists are not part of `config.json`. Configure them in
 
 ```json
 {
-  "version": 1,
-  "dm": {
-    "allow_users": ["<USER_ID>"]
-  },
+  "version": 2,
+  "allow_users": ["<USER_ID>"],
   "group": {
+    "policy": "follow-user",
     "allow_chats": ["<CHAT_ID>"],
-    "follow_users": ["<USER_ID>"],
     "require_mention": true
   },
   "observed_chats": [],
@@ -159,6 +157,15 @@ Access-gate allowlists are not part of `config.json`. Configure them in
 }
 ```
 
+`access.json` is v2-only. `allow_users` is the single global allowlist of
+sender open_ids, shared by direct messages and the group `follow-user` policy.
+`group.policy` is one of `block`, `allowlist`, or `follow-user`; under
+`allowlist` the gate consults `allow_chats`, under `follow-user` it ignores
+`allow_chats` and gates on `allow_users`. dreamux 0.x does not migrate older
+shapes: an unsupported or missing `version` fails loud at startup. To reset,
+delete the file (secure default: no one authorized) and recreate it in this v2
+shape.
+
 The server reads `access.json` directly at runtime and preserves runtime
 observations and warnings in the same file.
 

package/dist/channel/feishu-gate.js

@@ -162,35 +162,26 @@ function readDispatcherAccess(raw, path) {
     if (!isRecord(raw)) {
         throw new Error(`dispatcher access error in ${path}: top-level must be an object`);
     }
+    // v2-only: the legacy v1 shape (`dm.allow_users` + `group.follow_users`) is no
+    // longer read or inferred. An unsupported or missing version fails loud — this
+    // file holds access authorization, so dreamux refuses to guess old permissions.
+    if (raw['version'] !== 2) {
+        const found = raw['version'] === undefined ? 'missing' : JSON.stringify(raw['version']);
+        throw new Error(`dispatcher access error in ${path}: unsupported schema version (found ${found}, expected 2).\n` +
+            'dreamux 0.x does not migrate old access state. This file controls access ' +
+            'authorization and old permissions will not be inferred. Delete it to return ' +
+            'to the secure default (no one is authorized), then recreate it as a v2 ' +
+            'access.json — set `allow_users` and `group.policy` — and restart. See the ' +
+            'access.json section in the dreamux README for the v2 shape.');
+    }
     const defaults = defaultDispatcherAccessState();
-    const dm = isRecord(raw['dm']) ? raw['dm'] : {};
     const group = isRecord(raw['group']) ? raw['group'] : {};
     const lastGate = raw['last_gate'];
-    // v2 unifies three possible sources of allowed senders into one list:
-    //   - top-level `allow_users` (v2),
-    //   - legacy `dm.allow_users` (v1 direct allowlist),
-    //   - legacy `group.follow_users` (v1 group sender allowlist).
-    // They are merged and de-duplicated; the legacy fields are read but never
-    // written back, so the first save collapses the file to the v2 shape. The
-    // union means DM access becomes `dm.allow_users ∪ group.follow_users` — for
-    // the common case (the two were equal, or dm ⊇ follow) DM is unchanged.
-    const topAllow = readStringArray(raw, 'allow_users', [], path);
-    const legacyDmAllow = readStringArray(dm, 'allow_users', [], path);
-    const legacyFollow = readStringArray(group, 'follow_users', [], path);
-    const allowUsers = [...new Set([...topAllow, ...legacyDmAllow, ...legacyFollow])];
+    const allowUsers = readStringArray(raw, 'allow_users', [], path);
     const allowChats = readStringArray(group, 'allow_chats', defaults.group.allow_chats, path);
-    // Group policy: an explicit value always wins. Otherwise infer from the
-    // legacy shape — a non-empty `follow_users` is the strongest signal the
-    // operator wanted sender-scoped gating, so preserve it as `follow-user`
-    // (never silently relax it to chat-only `allowlist`); then a non-empty
-    // `allow_chats` means chat-scoped gating; else the secure default.
-    const explicitPolicy = readGroupPolicy(group['policy'], path);
-    const policy = explicitPolicy ??
-        (legacyFollow.length > 0
-            ? 'follow-user'
-            : allowChats.length > 0
-                ? 'allowlist'
-                : defaults.group.policy);
+    // Group policy: an explicit value wins; an absent field falls back to the
+    // secure default. No inference from other fields — that was the v1 migration.
+    const policy = readGroupPolicy(group['policy'], path) ?? defaults.group.policy;
     return {
         version: 2,
         allow_users: allowUsers,