@modelzen/feishu-codex-bridge 0.3.2 → 0.3.3

package/README.md

@@ -33,7 +33,7 @@
 - **私聊控制台**：私聊机器人弹交互菜单 —— 新建项目、项目列表、设置、诊断、重连。
 - **稳定隔离**：每会话独立 app-server 进程；卡死有 watchdog（默认 120s）→ 终止 → 回收，异常不波及其他群。
 - **本地加密密钥库**：飞书应用密钥用 AES-256-GCM 存在 `~/.feishu-codex-bridge/`，不入仓库、不进环境变量。
-- **跨平台常驻**：macOS / Windows / Linux·WSL 均可注册成后台服务、开机或登录自启（分别走 launchd / 登录自启免管理员 / systemd）。
+- **跨平台常驻**：macOS / Windows / Linux·WSL 均可注册成后台服务、开机或登录自启（分别走 launchd / 登录自启免管理员 / systemd）。注：跨平台指进程运行与后台自启；「项目内只读/读写」隐私沙箱仅 macOS / 原生 Windows 可强制（见[安全须知](#-安全须知)）。
 
 ---
 
@@ -41,7 +41,7 @@
 
 | 依赖 | 说明 | 获取方式 |
 |------|------|----------|
-| **操作系统** | **macOS / Windows** 均支持；Linux·WSL 为 best-effort（已实现 systemd，未广泛实测） | — |
+| **操作系统** | 运行/后台常驻：**macOS / Windows** 均支持，Linux·WSL 为 best-effort（已实现 systemd，未广泛实测）。注意：「项目内只读 / 读写」隐私档的沙箱强制仅 **macOS / 原生 Windows**，Linux·WSL 上这两档会 fail-closed 拒绝启动（见下方[安全须知](#-安全须知)） | — |
 | **Node.js ≥ 20** | 运行时 | <https://nodejs.org> 或 `nvm install 20` |
 | **Codex CLI** | 后端，bridge 会 spawn `codex app-server` | `npm i -g @openai/codex`，或装 Codex.app，或用 `CODEX_BIN` 指向已有二进制 |
 | **Codex 已登录** | app-server 需要 `~/.codex/auth.json` | `codex login` |
@@ -241,17 +241,24 @@ src/
 
 ## ⚠️ 安全须知
 
-本机器人调用 Codex 时固定使用 **`approvalPolicy: "never"` + `sandbox: "danger-full-access"`** —— 即 **无任何人工审批、对磁盘完全访问**。这意味着：
+机器人调用 Codex 始终是 **`approvalPolicy: "never"`**（无人工逐条审批），**沙箱就是唯一的安全闸门**。每个项目有一档**权限**，在私聊控制台「📁 项目列表 → ⚙️ 设置 → 🔐 权限」里用下拉框选择后提交：
 
-> **任何能在项目群里给机器人发消息的人，都能在你这台机器上、以你的身份、在该项目目录里执行任意命令（读写文件、联网、运行脚本）。**
+| 档位 | 能读 | 能写 | 适用 |
+|------|------|------|------|
+| 🔒 **项目内只读** | 仅项目文件夹 | ✗ | 外部群 / 不可信场景的问答机器人 |
+| ✏️ **项目内读写** | 仅项目文件夹 | 仅项目文件夹 | 自己的编码项目，但禁止它碰机器其余部分 |
+| ⚠️ **完全访问** | 整台电脑 | 整台电脑 | 完全信任、你自己掌控的机器 |
 
-因此：
-
-- 只把**你信任的人**拉进项目群；
-- 在**你自己掌控的机器/账号**上运行，最好是隔离的开发机或容器；
-- 绑定的项目目录里不要放你不愿被读写的敏感数据；
+- **管理员 / 普通用户可分设**：🔐 权限里有「管理员档」和「普通用户档」两个下拉。两档**不同**时，管理员与群里其他人**各用独立的 Codex 线程**（互不串沙箱、也互不串对话历史）——典型：外部群里管理员 `完全访问`、其他人 `项目内只读`。两档**相同** = 所有人一致（默认）。
+- **默认值**：你自己新建的项目群 = `完全访问`（与历史行为一致）；**别人把机器人拉进的存量/外部群** = `项目内只读`；普通用户档默认**同管理员档**（不分档）。**升级前没有 `mode` 字段的老项目按 `完全访问` 处理**，行为不变。
+- 🔒/✏️ 靠 Codex 的自定义 permissions 档把读写都**锁死在项目文件夹内**（读不到 `~/.ssh`、`/etc` 等），由操作系统沙箱强制：**macOS（Seatbelt）与原生 Windows（restricted token）可强制**，其中 Windows 需 Codex 以 elevated 沙箱运行、否则它会**拒绝执行**（仍不泄漏）。**Linux / WSL 无法强制读限定**（沙箱只挡写、不限读，Landlock 读限制尚未实现，WSL 等同 Linux）——在这些平台选 🔒/✏️ 会被**直接拒绝启动（fail-closed），绝不静默降级为完全访问**；要在 Linux/WSL 用，请把 Codex 跑在容器/隔离环境里。
+  > Windows 上的强制是 Codex 自己做的，请先在真机自测一次（让机器人读项目文件夹外的文件，应被拒）再用于真实外部群。
+- ⚠️ `完全访问` 档意味着：**任何能给机器人发消息的人，都能在你这台机器上、以你的身份执行任意命令（读写文件、联网、跑脚本）**。这一档只把**你信任的人**拉进群，在**你自己掌控的隔离机器**上跑，目录里别放不愿被读写的敏感数据。
+- 「联网」是档位之外的独立开关，只影响它执行的 shell 命令能否上网，不影响模型本身和 Codex 自带的联网搜索。
 - 它不是多租户托管服务，是给你（和你信任的小团队）自用的桥。
 
+> 把机器人拉进**外部群**做只读问答前，先在飞书开发者后台开启应用的「可被添加到外部群 / 外部可用范围」，再由群里的真人手动把机器人加进群（机器人无法自行加入）。
+
 ---
 
 ## ❓ 故障排查

package/dist/cli.js

@@ -1442,7 +1442,28 @@ function mapItemComplete(item) {
 
 // src/agent/codex-appserver/backend.ts
 var APPROVAL_POLICY = "never";
-var SANDBOX = "danger-full-access";
+function sandboxParams(mode, network) {
+  if ((mode ?? "full") === "full") return { sandbox: "danger-full-access" };
+  if (process.platform !== "darwin" && process.platform !== "win32") {
+    throw new Error(
+      "\u300C\u9879\u76EE\u5185\u53EA\u8BFB / \u9879\u76EE\u5185\u8BFB\u5199\u300D\u9760\u64CD\u4F5C\u7CFB\u7EDF\u6C99\u7BB1\u628A\u8BFB\u5199\u9501\u8FDB\u9879\u76EE\u6587\u4EF6\u5939\uFF0C\u76EE\u524D\u53EA\u6709 macOS \u4E0E\u539F\u751F Windows \u80FD\u5F3A\u5236\u6267\u884C\u3002\u5F53\u524D\u5E73\u53F0\uFF08Linux / WSL \u53EA\u6321\u5199\u3001\u4E0D\u9650\u5236\u8BFB\u53D6\uFF0C\u65E0\u6CD5\u4FDD\u8BC1\u4E0D\u6CC4\u9732\u9690\u79C1\uFF09\u5DF2\u62D2\u7EDD\u542F\u52A8\uFF08\u7EDD\u4E0D\u964D\u7EA7\u4E3A\u5B8C\u5168\u8BBF\u95EE\uFF09\u3002\u8BF7\u6539\u7528\u300C\u5B8C\u5168\u8BBF\u95EE\u300D\u3001\u628A Codex \u8DD1\u8FDB\u5BB9\u5668/\u9694\u79BB\u73AF\u5883\uFF0C\u6216\u5728 macOS / Windows \u4E0A\u8FD0\u884C\u3002"
+    );
+  }
+  return {
+    config: {
+      default_permissions: "feishu",
+      permissions: {
+        feishu: {
+          filesystem: {
+            ":minimal": "read",
+            ":workspace_roots": { ".": mode === "write" ? "write" : "read" }
+          },
+          network: { enabled: Boolean(network) }
+        }
+      }
+    }
+  };
+}
 var BRIDGE_DEVELOPER_INSTRUCTIONS = [
   "\u4F60\u73B0\u5728\u901A\u8FC7\u300C\u98DE\u4E66\u6865\u300D\u4E0E\u7528\u6237\u5BF9\u8BDD\uFF1A\u4F60\u7684\u56DE\u590D\u4F1A\u88AB\u6E32\u67D3\u6210\u98DE\u4E66\u6D88\u606F\u3002\u8BF7\u9075\u5B88\u4E24\u6761\u8F93\u51FA\u7EA6\u5B9A\u3002",
   "",
@@ -1627,23 +1648,25 @@ var CodexAppServerBackend = class {
     }
   }
   async startThread(opts) {
+    const sandbox = sandboxParams(opts.mode, opts.network);
     const client = await this.spawn(opts.cwd);
     const res = await client.request("thread/start", {
       cwd: opts.cwd,
       approvalPolicy: APPROVAL_POLICY,
-      sandbox: SANDBOX,
+      ...sandbox,
       developerInstructions: BRIDGE_DEVELOPER_INSTRUCTIONS,
       ...opts.model ? { model: opts.model } : {}
     });
     return new CodexThread(client, res.thread.id, opts.model, opts.effort);
   }
   async resumeThread(opts) {
+    const sandbox = sandboxParams(opts.mode, opts.network);
     const client = await this.spawn(opts.cwd);
     const res = await client.request("thread/resume", {
       threadId: opts.codexThreadId,
       cwd: opts.cwd,
       approvalPolicy: APPROVAL_POLICY,
-      sandbox: SANDBOX,
+      ...sandbox,
       developerInstructions: BRIDGE_DEVELOPER_INSTRUCTIONS,
       ...opts.model ? { model: opts.model } : {}
     });
@@ -2194,6 +2217,7 @@ function selectMenu(opts) {
     tag: "select_static",
     name: opts.name,
     placeholder: { tag: "plain_text", content: opts.placeholder },
+    ...opts.initial ? { initial_option: opts.initial } : {},
     options: opts.options.map((o) => ({ text: { tag: "plain_text", content: o.label }, value: o.value }))
   };
 }
@@ -3138,6 +3162,21 @@ import { dirname as dirname5 } from "path";
 function defaultNoMention(p) {
   return !((p.origin ?? "created") === "joined" && (p.kind ?? "multi") === "single");
 }
+function effectiveMode(p) {
+  return p.mode ?? "full";
+}
+function effectiveGuestMode(p) {
+  return p.guestMode ?? effectiveMode(p);
+}
+function turnTier(p, isAdminSender) {
+  const adminTier = effectiveMode(p);
+  const guestTier = effectiveGuestMode(p);
+  return {
+    mode: isAdminSender ? adminTier : guestTier,
+    role: isAdminSender ? "admin" : "guest",
+    split: guestTier !== adminTier
+  };
+}
 var FILE_VERSION2 = 1;
 async function read() {
   try {
@@ -3247,7 +3286,10 @@ var DM = {
   rmAllowed: "dm.allow.rm",
   // 项目设置容器（项目列表 / 建项目完成卡 进入），以后的项目级设置项往这里加
   projectSettings: "dm.projectSettings",
-  setNoMentionDm: "dm.proj.noMention"
+  setNoMentionDm: "dm.proj.noMention",
+  // 🔐 权限：codex 沙箱档位（管理员档 + 普通用户档）+ 联网，做成下拉表单（选+提交）
+  permission: "dm.proj.perm",
+  permissionSubmit: "dm.proj.perm.submit"
 };
 var GS = {
   setNoMention: "gs.noMention"
@@ -3689,6 +3731,56 @@ function buildAddAdminCard(members) {
     { header: { title: "\u2795 \u6DFB\u52A0\u7BA1\u7406\u5458", template: "blue" } }
   );
 }
+var MODE_OPTS = [
+  { value: "qa", label: "\u{1F512} \u9879\u76EE\u5185\u53EA\u8BFB", desc: "\u53EA\u80FD\u67E5\u770B\u9879\u76EE\u6587\u4EF6\u5939\u91CC\u7684\u5185\u5BB9\uFF0C\u4E0D\u4F1A\u6539\u4EFB\u4F55\u6587\u4EF6" },
+  { value: "write", label: "\u270F\uFE0F \u9879\u76EE\u5185\u8BFB\u5199", desc: "\u80FD\u67E5\u770B\u5E76\u4FEE\u6539\u9879\u76EE\u6587\u4EF6\u5939\u91CC\u7684\u6587\u4EF6\uFF0C\u4F46\u78B0\u4E0D\u5230\u6587\u4EF6\u5939\u5916" },
+  { value: "full", label: "\u26A0\uFE0F \u5B8C\u5168\u8BBF\u95EE", desc: "\u80FD\u8BFB\u5199\u6574\u53F0\u7535\u8111\u4E0A\u7684\u4EFB\u4F55\u6587\u4EF6" }
+];
+function tierLabel(m) {
+  return MODE_OPTS.find((o) => o.value === m)?.label ?? m;
+}
+var TIER_SELECT_OPTS = MODE_OPTS.map((o) => ({ label: `${o.label} \u2014 ${o.desc}`, value: o.value }));
+function permissionSummary(p) {
+  const admin = effectiveMode(p);
+  const guest = effectiveGuestMode(p);
+  return admin === guest ? `\u6240\u6709\u4EBA\uFF1A${tierLabel(admin)}` : `\u7BA1\u7406\u5458\uFF1A${tierLabel(admin)}\u3000\xB7\u3000\u5176\u4ED6\u4EBA\uFF1A${tierLabel(guest)}`;
+}
+function buildPermissionCard(p) {
+  const network = p.network ?? false;
+  return card(
+    [
+      md(`**\u{1F510} \u6743\u9650** \xB7 ${p.name}`),
+      note(
+        "codex \u6C99\u7BB1\u7684\u8BBF\u95EE\u8303\u56F4\u3002\u300C\u7BA1\u7406\u5458\u6863\u300D\u7ED9 owner / \u7BA1\u7406\u5458\uFF0C\u300C\u666E\u901A\u7528\u6237\u6863\u300D\u7ED9\u7FA4\u91CC\u5176\u4ED6\u4EBA\u3002\u4E24\u6863**\u4E0D\u540C**\u65F6\uFF0C\u4E24\u7C7B\u4EBA\u5404\u7528\u72EC\u7ACB\u7EBF\u7A0B\uFF08\u4E92\u4E0D\u4E32\u6C99\u7BB1\u4E0E\u5BF9\u8BDD\u5386\u53F2\uFF09\uFF1B**\u76F8\u540C**\u5219\u6240\u6709\u4EBA\u4E00\u81F4\u3002"
+      ),
+      form("perm", [
+        md("\u{1F451} **\u7BA1\u7406\u5458\u6863**"),
+        selectMenu({ name: "mode", placeholder: "\u9009\u62E9\u7BA1\u7406\u5458\u6743\u9650\u6863", options: TIER_SELECT_OPTS, initial: effectiveMode(p) }),
+        md("\u{1F465} **\u666E\u901A\u7528\u6237\u6863**"),
+        selectMenu({
+          name: "guestMode",
+          placeholder: "\u9009\u62E9\u666E\u901A\u7528\u6237\u6743\u9650\u6863",
+          options: TIER_SELECT_OPTS,
+          initial: effectiveGuestMode(p)
+        }),
+        md("\u{1F310} **\u8054\u7F51**\uFF08\u53EA\u5BF9\u53EA\u8BFB / \u8BFB\u5199\u6863\u6709\u610F\u4E49\uFF1B\u5B8C\u5168\u8BBF\u95EE\u6052\u8054\u7F51\uFF09"),
+        selectMenu({
+          name: "network",
+          placeholder: "\u8054\u7F51\u5F00\u5173",
+          options: [
+            { label: "\u5173\uFF08\u9ED8\u8BA4\uFF0C\u66F4\u5B89\u5168\uFF09", value: "off" },
+            { label: "\u5F00", value: "on" }
+          ],
+          initial: network ? "on" : "off"
+        }),
+        actions([submitButton("\u2705 \u4FDD\u5B58\u6743\u9650", { a: DM.permissionSubmit, n: p.name }, "primary", "submit_perm")])
+      ]),
+      note("\u4FDD\u5B58\u4F1A\u65AD\u5F00\u672C\u9879\u76EE\u6B63\u5728\u8FDB\u884C\u7684\u4F1A\u8BDD\uFF0C\u8BA9\u65B0\u6863\u4F4D\u7ACB\u5373\u751F\u6548\u3002"),
+      actions([button("\u2B05\uFE0F \u8FD4\u56DE\u8BBE\u7F6E", { a: DM.projectSettings, n: p.name })])
+    ],
+    { header: { title: "\u{1F510} \u6743\u9650", template: "blue" } }
+  );
+}
 function buildProjectSettingsCard(project) {
   const kind = project.kind ?? "multi";
   const noMention = project.noMention ?? defaultNoMention(project);
@@ -3697,6 +3789,9 @@ function buildProjectSettingsCard(project) {
       md(`**\u9879\u76EE\u8BBE\u7F6E** \xB7 ${project.name}`),
       note(`${kindLabel(kind)}${project.cwd ? `   \xB7   \u{1F4C2} \`${project.cwd}\`` : ""}`),
       hr(),
+      actions([button("\u{1F510} \u6743\u9650", { a: DM.permission, n: project.name }, "primary")]),
+      note(`\u5F53\u524D ${permissionSummary(project)}\u3000\xB7\u3000codex \u6C99\u7BB1\u53EF\u8BBF\u95EE\u7684\u8303\u56F4\uFF08\u7BA1\u7406\u5458 / \u666E\u901A\u7528\u6237\u53EF\u5206\u8BBE\uFF09\u3002`),
+      hr(),
       md("\u270B \u514D@\uFF08\u4E0D\u7528 @ \u4E5F\u56DE\u590D\uFF09"),
       actions([
         button("\u5F00", { a: DM.setNoMentionDm, v: "on", n: project.name }, noMention ? "primary" : "default"),
@@ -4547,9 +4642,19 @@ async function createProject(channel, input2) {
     params: { member_id_type: "open_id" },
     data: { manager_ids: [input2.ownerOpenId] }
   }).catch((err) => log.fail("project", err, { phase: "add-manager" }));
-  const project = { name, chatId, cwd, blank, createdAt: Date.now(), kind: input2.kind ?? "multi", origin: "created" };
+  const project = {
+    name,
+    chatId,
+    cwd,
+    blank,
+    createdAt: Date.now(),
+    kind: input2.kind ?? "multi",
+    origin: "created",
+    mode: input2.mode ?? "full",
+    network: input2.network ?? false
+  };
   await addProject(project);
-  log.info("project", "create", { name, chatId, cwd, blank });
+  log.info("project", "create", { name, chatId, cwd, blank, mode: project.mode });
   await setAnnouncement(channel, project).catch((err) => log.fail("project", err, { phase: "announcement" }));
   await onboardGroup(channel, project).catch((err) => log.fail("project", err, { phase: "onboard" }));
   return project;
@@ -4569,10 +4674,12 @@ async function joinExistingGroup(channel, input2) {
     createdAt: Date.now(),
     kind: input2.kind ?? "multi",
     origin: "joined",
-    addedBy: input2.addedBy
+    addedBy: input2.addedBy,
+    mode: input2.mode ?? "qa",
+    network: input2.network ?? false
   };
   await addProject(project);
-  log.info("project", "join", { name, chatId: input2.chatId, cwd, blank, kind: project.kind });
+  log.info("project", "join", { name, chatId: input2.chatId, cwd, blank, kind: project.kind, mode: project.mode });
   await onboardGroup(channel, project).catch((err) => log.fail("project", err, { phase: "onboard-join" }));
   return project;
 }
@@ -5095,6 +5202,21 @@ function pickOpenId(formValue) {
   }
   return void 0;
 }
+function selectValue(formValue, name) {
+  const c = (() => {
+    const raw = formValue?.[name];
+    return Array.isArray(raw) ? raw[0] : raw;
+  })();
+  if (typeof c === "string") return c;
+  if (c && typeof c === "object") {
+    const o = c;
+    for (const v of [o.value, o.id]) if (typeof v === "string") return v;
+  }
+  return void 0;
+}
+function asTier(v) {
+  return v === "qa" || v === "write" || v === "full" ? v : void 0;
+}
 function createOrchestrator(channel, cfg, fallbackCwd) {
   const backend = createBackend();
   const sessions = /* @__PURE__ */ new Map();
@@ -5198,11 +5320,12 @@ function createOrchestrator(channel, cfg, fallbackCwd) {
         await postGroupSettings(msg, project);
         return;
       }
+      const ts = turnSession(msg.chatId, project, msg.senderId);
       if (cmd === "model") {
-        await postModelCard(msg, msg.chatId);
+        await postModelCard(msg, ts.sessionKey);
         return;
       }
-      handleTurn(msg, text, msg.chatId, true, project);
+      handleTurn(msg, text, ts.sessionKey, true, project, ts);
       return;
     }
     if (msg.threadId) {
@@ -5210,11 +5333,12 @@ function createOrchestrator(channel, cfg, fallbackCwd) {
         await postHelpCard(msg, "topic", true, project);
         return;
       }
+      const ts = turnSession(msg.threadId, project, msg.senderId);
       if (cmd === "model") {
-        await postModelCard(msg, msg.threadId);
+        await postModelCard(msg, ts.sessionKey);
         return;
       }
-      handleTurn(msg, text, msg.threadId, false, project);
+      handleTurn(msg, text, ts.sessionKey, false, project, ts);
       return;
     }
     if (cmd === "help") {
@@ -5264,13 +5388,22 @@ function createOrchestrator(channel, cfg, fallbackCwd) {
       log.info("card", "group-settings", { project: project.name });
     });
   }
-  async function handleTurn(msg, text, sessionKey, flat, project) {
+  function turnPerm(project, senderId) {
+    if (!project) return {};
+    const t = turnTier(project, isAdmin(cfg, senderId));
+    return { mode: t.mode, network: project.network, roleSuffix: t.split ? t.role : void 0 };
+  }
+  function turnSession(baseKey, project, senderId) {
+    const perm = turnPerm(project, senderId);
+    return { sessionKey: perm.roleSuffix ? `${baseKey}#${perm.roleSuffix}` : baseKey, ...perm };
+  }
+  async function handleTurn(msg, text, sessionKey, flat, project, perm) {
     const existing = active.get(sessionKey);
     if (existing) {
       const images = messageHasImages(msg) ? await collectInboundImages(channel, msg) : void 0;
       const cur = active.get(sessionKey);
       if (!cur) {
-        startReservedRun(msg, text, sessionKey, flat, project, images);
+        startReservedRun(msg, text, sessionKey, flat, project, perm, images);
         return;
       }
       if (getPendingPolicy(cfg) === "steer" && cur.run && cur.thread) {
@@ -5289,9 +5422,9 @@ function createOrchestrator(channel, cfg, fallbackCwd) {
       log.info("intake", "queued", { depth: cur.queue.length });
       return;
     }
-    startReservedRun(msg, text, sessionKey, flat, project);
+    startReservedRun(msg, text, sessionKey, flat, project, perm);
   }
-  function startReservedRun(msg, text, sessionKey, flat, project, preloadedImages) {
+  function startReservedRun(msg, text, sessionKey, flat, project, perm, preloadedImages) {
     const existing = active.get(sessionKey);
     if (existing) {
       existing.queue.push({ text, images: preloadedImages });
@@ -5304,10 +5437,10 @@ function createOrchestrator(channel, cfg, fallbackCwd) {
       const reaction = runReaction(msg.messageId, !sema.hasFree());
       try {
         const images = preloadedImages ?? (messageHasImages(msg) ? await collectInboundImages(channel, msg) : void 0);
-        let thread = await resolveThread(sessionKey, msg.chatId);
+        let thread = await resolveThread(sessionKey, msg.chatId, { mode: perm.mode, network: perm.network });
         if (!thread) {
           const cwd = project?.cwd ?? fallbackCwd;
-          thread = await backend.startThread({ cwd });
+          thread = await backend.startThread({ cwd, mode: perm.mode, network: perm.network });
           sessions.set(sessionKey, thread);
           await upsertSession({
             threadId: sessionKey,
@@ -5342,7 +5475,7 @@ function createOrchestrator(channel, cfg, fallbackCwd) {
       }
     });
   }
-  async function resolveThread(threadId, chatId) {
+  async function resolveThread(threadId, chatId, perm) {
     const live = sessions.get(threadId);
     if (live) return live;
     const rec = await getSession(threadId);
@@ -5352,7 +5485,9 @@ function createOrchestrator(channel, cfg, fallbackCwd) {
         cwd: rec.cwd,
         codexThreadId: rec.codexThreadId,
         model: rec.model,
-        effort: rec.effort
+        effort: rec.effort,
+        mode: perm?.mode,
+        network: perm?.network
       });
       sessions.set(threadId, resumed);
       return resumed;
@@ -5360,20 +5495,39 @@ function createOrchestrator(channel, cfg, fallbackCwd) {
       log.fail("agent", err, { phase: "resume-on-turn", threadId });
       const project = await getProjectByChatId(chatId);
       const cwd = project?.cwd ?? rec.cwd ?? fallbackCwd;
-      const fresh = await backend.startThread({ cwd, model: rec.model, effort: rec.effort });
+      const fresh = await backend.startThread({
+        cwd,
+        model: rec.model,
+        effort: rec.effort,
+        mode: perm?.mode ?? project?.mode,
+        network: perm?.network ?? project?.network
+      });
       sessions.set(threadId, fresh);
       return fresh;
     }
   }
+  async function evictLiveSessionsForChat(chatId) {
+    let closed = 0;
+    for (const rec of await listSessions()) {
+      if (rec.chatId !== chatId) continue;
+      const live = sessions.get(rec.threadId);
+      if (!live) continue;
+      sessions.delete(rec.threadId);
+      void live.close().catch(() => void 0);
+      closed++;
+    }
+    if (closed) log.info("console", "tier-evict", { chatId, closed });
+  }
   function startTopicDirectly(msg, text, project) {
     void withTrace({ chatId: msg.chatId, msgId: msg.messageId }, async () => {
       const reaction = runReaction(msg.messageId, !sema.hasFree());
       const cwd = project?.cwd ?? fallbackCwd;
+      const perm = turnPerm(project, msg.senderId);
       if (project) void refreshBranch(channel, project).catch(() => void 0);
       const { model, effort } = pickDefault(await listModels());
       let thread;
       try {
-        thread = await backend.startThread({ cwd, model, effort });
+        thread = await backend.startThread({ cwd, model, effort, mode: perm.mode, network: perm.network });
       } catch (err) {
         reaction.done();
         log.fail("card", err, { phase: "start-topic" });
@@ -5395,7 +5549,8 @@ function createOrchestrator(channel, cfg, fallbackCwd) {
           effort,
           cwd,
           summary: text.slice(0, 80) || "(\u7A7A)",
-          requesterOpenId: msg.senderId
+          requesterOpenId: msg.senderId,
+          roleSuffix: perm.roleSuffix
         },
         reaction,
         () => reaction.done()
@@ -5872,6 +6027,31 @@ ${tail}` }, { replyTo: evt.messageId }).catch(() => void 0);
       await updateProject(name, { noMention: on });
       return buildProjectSettingsCard({ ...p, noMention: on });
     });
+  }).on(DM.permission, ({ evt, value }) => {
+    if (!dmAdmin(evt.operator?.openId)) return;
+    const name = typeof value.n === "string" ? value.n : "";
+    patch(evt, async () => {
+      const p = await getProjectByName(name);
+      return p ? buildPermissionCard(p) : buildDmMenuCard();
+    });
+  }).on(DM.permissionSubmit, ({ evt, value, formValue }) => {
+    if (!dmAdmin(evt.operator?.openId)) return;
+    const name = typeof value.n === "string" ? value.n : "";
+    const mode = asTier(selectValue(formValue, "mode"));
+    const guestMode = asTier(selectValue(formValue, "guestMode"));
+    const network = selectValue(formValue, "network") === "on";
+    void (async () => {
+      const p = await getProjectByName(name);
+      if (!p) return;
+      await updateProject(name, { ...mode ? { mode } : {}, ...guestMode ? { guestMode } : {}, network });
+      await evictLiveSessionsForChat(p.chatId);
+      log.info("console", "permission", { project: name, mode, guestMode, network });
+      const fresh = await getProjectByName(name);
+      if (!fresh) return;
+      await sendManagedCard(channel, evt.chatId, buildProjectSettingsCard(fresh)).catch(
+        (e) => log.fail("console", e, { phase: "permission-result" })
+      );
+    })();
   });
   async function resumeFromCard(evt, state, codexThreadId) {
     try {
@@ -5973,13 +6153,14 @@ ${tail}` }, { replyTo: evt.messageId }).catch(() => void 0);
           if (activeKey.startsWith("pending:")) {
             const tid = await getThreadId(channel, messageId);
             if (tid) {
+              const key = opts.roleSuffix ? `${tid}#${opts.roleSuffix}` : tid;
               active.delete(activeKey);
-              active.set(tid, state);
-              sessions.set(tid, opts.thread);
-              activeKey = tid;
-              topicThreadId = tid;
-              rc.threadId = tid;
-              await persist(tid);
+              active.set(key, state);
+              sessions.set(key, opts.thread);
+              activeKey = key;
+              topicThreadId = key;
+              rc.threadId = key;
+              await persist(key);
             }
           } else {
             topicThreadId = activeKey;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@modelzen/feishu-codex-bridge",
-  "version": "0.3.2",
+  "version": "0.3.3",
   "description": "Bridge Feishu/Lark messenger with local Codex via app-server (project=group, thread=session)",
   "type": "module",
   "bin": {