typeclaw 0.1.5 → 0.1.6

package/src/channels/router.ts

@@ -6,7 +6,9 @@ import { SessionManager } from '@mariozechner/pi-coding-agent'
 import { createSession, type AgentSession } from '@/agent'
 import type { ChannelParticipant, SessionOrigin } from '@/agent/session-origin'
 import { createCommandRegistry } from '@/commands'
+import { CORE_PERMISSIONS, type PermissionService } from '@/permissions'
 import type { HookBus } from '@/plugin'
+import { extractClaimCode } from '@/role-claim'
 
 import { decideEngagement, grantStickyForReplyTargets, StickyLedger, type EngagementDecision } from './engagement'
 import {
@@ -75,6 +77,18 @@ export const MAX_TYPING_HEARTBEAT_MS = 2 * 60 * 1000
 export const SESSION_IDLE_MS = 30 * 60 * 1000
 export const SESSION_GC_INTERVAL_MS = 60 * 1000
 
+/**
+ * Maximum age of the last engaged inbound before the next inbound triggers a fresh session.
+ * Set to the LLM provider's KV-cache TTL (5 min) so the new session's system prompt is
+ * guaranteed to be a cache hit on the provider side.
+ *
+ * Unlike SESSION_IDLE_MS (which evicts the in-memory entry without rollover), this constant
+ * triggers a full tearDownLive + recreate on the next engaged inbound. The old session's
+ * transcript is preserved on disk; only the in-memory live entry and sessions.json pointer
+ * are replaced.
+ */
+export const SESSION_FRESHNESS_TTL_MS = 5 * 60 * 1000
+
 // Watchdog ceiling for ensureLive's full async chain (resolve names →
 // fetch membership → open session manager → persist mapping → prefetch
 // history). A legitimate cold-start completes in well under a second;
@@ -154,6 +168,12 @@ export type CreateSessionForChannel = (params: {
   existingSessionFile?: string
   participants: readonly ChannelParticipant[]
   origin: SessionOrigin
+  // Mutable holder the router updates per turn (with the current turn's
+  // lastInboundAuthorId, participants, etc.) so tool.before events stamp
+  // the live actor identity rather than the cold-start snapshot. The
+  // factory is expected to pass this through to createSession as
+  // `options.originRef`.
+  originRef: { current: SessionOrigin | undefined }
 }) => Promise<{
   session: AgentSession
   sessionId: string
@@ -201,6 +221,7 @@ type LiveSession = {
   getTranscriptPath: (() => string | undefined) | undefined
   participants: ChannelParticipant[]
   resolvedNames: ResolvedChannelNames
+  originRef: { current: SessionOrigin | undefined }
   promptQueue: QueuedInbound[]
   contextBuffer: ObservedInbound[]
   draining: boolean
@@ -308,6 +329,46 @@ export type CreateChannelRouterOptions = {
   // Test seam: bound the session.idle hook chain so the timeout path is
   // exercisable in tens of milliseconds instead of the 30s default.
   sessionIdleTimeoutMs?: number
+  // Wake-up gate: every inbound is gated by `permissions.has(partialOrigin,
+  // 'channel.respond')` BEFORE ensureLive. Required by the production
+  // wiring (manager.ts forwards `pluginsLoaded.permissions`); defaulted
+  // to a grant-all service inside the factory so existing direct test
+  // instantiations don't need to inject one. The default is intentionally
+  // permissive — the manager-to-router seam is the place where production
+  // injection is enforced; direct-router tests opt into gate semantics by
+  // passing their own service.
+  permissions?: PermissionService
+  // Optional role-claim handler. When set, the router intercepts DM
+  // inbounds whose text contains a claim code BEFORE the channel.respond
+  // gate, hands the inbound to the handler, and short-circuits the normal
+  // route path (no session creation, no permission check, no engagement
+  // pipeline). The handler returns the reply text the router should send
+  // back over the same chat, or null to fall through to normal routing
+  // when no pending claim window matches.
+  claimHandler?: ClaimHandler
+}
+
+export type ClaimHandlerInput = {
+  adapter: ChannelKey['adapter']
+  workspace: string
+  chat: string
+  isDm: boolean
+  authorId: string
+  text: string
+}
+
+export type ClaimHandlerOutcome =
+  | { kind: 'consumed'; reply: string }
+  | { kind: 'fail'; reply: string }
+  | { kind: 'fallthrough' }
+
+export type ClaimHandler = (input: ClaimHandlerInput) => Promise<ClaimHandlerOutcome>
+
+const GRANT_ALL_PERMISSIONS: PermissionService = {
+  has: () => true,
+  resolveRole: () => 'owner',
+  describe: () => ({ role: 'owner', permissions: [CORE_PERMISSIONS.channelRespond] }),
+  replaceRoles: () => {},
 }
 
 export function createChannelRouter(options: CreateChannelRouterOptions): ChannelRouter {
@@ -317,6 +378,8 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
   const resolveChannelNamesTimeoutMs = options.resolveChannelNamesTimeoutMs ?? RESOLVE_CHANNEL_NAMES_TIMEOUT_MS
   const fetchHistoryTimeoutMs = options.fetchHistoryTimeoutMs ?? FETCH_HISTORY_TIMEOUT_MS
   const sessionIdleTimeoutMs = options.sessionIdleTimeoutMs ?? SESSION_IDLE_TIMEOUT_MS
+  const permissions = options.permissions ?? GRANT_ALL_PERMISSIONS
+  const claimHandler = options.claimHandler
   const liveSessions = new Map<string, LiveSession>()
   const creating = new Map<string, Promise<LiveSession>>()
   const outboundCallbacks = new Map<ChannelKey['adapter'], Set<OutboundCallback>>()
@@ -355,6 +418,7 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
 
   let mappings: ChannelSessionRecord[] | null = null
   let loadOnce: Promise<void> | null = null
+  let persistChain: Promise<void> = Promise.resolve()
 
   const ensureLoaded = async (): Promise<void> => {
     if (mappings !== null) return
@@ -368,12 +432,16 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
 
   const persist = async (): Promise<void> => {
     if (mappings === null) return
-    await saveChannelSessions(options.agentDir, mappings, logger)
+    persistChain = persistChain.then(async () => {
+      if (mappings === null) return
+      await saveChannelSessions(options.agentDir, mappings, logger)
+    })
+    await persistChain
   }
 
   const createForChannel: CreateSessionForChannel =
     options.createSessionForChannel ??
-    (async ({ key, existingSessionId, existingSessionFile, origin }) => {
+    (async ({ key, existingSessionId, existingSessionFile, origin, originRef }) => {
       const sessionDir = options.sessionDir ?? `${options.agentDir}/sessions`
       const sessionManager =
         existingSessionId !== undefined
@@ -382,6 +450,7 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
       const session = await createSession({
         sessionManager,
         origin,
+        originRef,
       })
       const sessionId = sessionManager.getSessionId()
       void key
@@ -476,10 +545,44 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
     return membership
   }
 
-  const ensureLive = async (key: ChannelKey, triggeringMessageId?: string): Promise<LiveSession> => {
+  const ensureLive = async (
+    key: ChannelKey,
+    triggeringMessageId?: string,
+    triggeringAuthorId?: string,
+  ): Promise<LiveSession> => {
     const keyId = channelKeyId(key)
     const existing = liveSessions.get(keyId)
-    if (existing && !existing.destroyed) return existing
+    if (existing && !existing.destroyed) {
+      const idleMs = now() - existing.lastInboundAt
+      if (idleMs > SESSION_FRESHNESS_TTL_MS) {
+        logger.info(`[channels] ${keyId}: stale-rollover (live: ${idleMs}ms idle)`)
+        await tearDownLive(existing)
+        liveSessions.delete(keyId)
+        if (mappings) {
+          const idx = mappings.findIndex(
+            (s) =>
+              s.adapter === key.adapter &&
+              s.workspace === key.workspace &&
+              s.chat === key.chat &&
+              (s.thread ?? null) === (key.thread ?? null),
+          )
+          if (idx >= 0) {
+            const prev = mappings[idx]!
+            mappings[idx] = {
+              adapter: prev.adapter,
+              workspace: prev.workspace,
+              chat: prev.chat,
+              thread: prev.thread,
+              participants: prev.participants,
+              lastInboundAt: 0,
+            }
+            await persist()
+          }
+        }
+      } else {
+        return existing
+      }
+    }
 
     const inFlight = creating.get(keyId)
     if (inFlight) return inFlight
@@ -487,14 +590,51 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
     const promise = (async () => {
       await ensureLoaded()
       const record = mappings ? findRecord(mappings, key) : undefined
-      const phase = record?.sessionId === undefined ? 'cold-start' : 'rehydrate'
+      let resolvedRecord = record
+      if (
+        record?.sessionId !== undefined &&
+        existing === undefined &&
+        now() - (record.lastInboundAt ?? 0) > SESSION_FRESHNESS_TTL_MS
+      ) {
+        const idleMs = now() - (record.lastInboundAt ?? 0)
+        logger.info(`[channels] ${keyId}: stale-rollover (persisted: ${idleMs}ms idle)`)
+        resolvedRecord = {
+          adapter: record.adapter,
+          workspace: record.workspace,
+          chat: record.chat,
+          thread: record.thread,
+          participants: record.participants,
+          lastInboundAt: 0,
+        }
+        if (mappings) {
+          const idx = mappings.findIndex(
+            (s) =>
+              s.adapter === key.adapter &&
+              s.workspace === key.workspace &&
+              s.chat === key.chat &&
+              (s.thread ?? null) === (key.thread ?? null),
+          )
+          if (idx >= 0) {
+            mappings[idx] = resolvedRecord
+            await persist()
+          }
+        }
+      }
+      const phase = resolvedRecord?.sessionId === undefined ? 'cold-start' : 'rehydrate'
       logger.info(`[channels] ${keyId}: ensureLive begin (${phase})`)
-      const participants = (record?.participants ?? []) as ChannelParticipant[]
+      const participants = (resolvedRecord?.participants ?? []) as ChannelParticipant[]
       const membershipFetch = warmMembership(key)
       const resolvedNames = await resolveChannelNames(key)
       logger.info(`[channels] ${keyId}: ensureLive resolved-names`)
       const membership = await membershipForPrompt(key, membershipFetch)
       logger.info(`[channels] ${keyId}: ensureLive resolved-membership`)
+      // The session-creation origin is what the resource loader sees when it
+      // renders the role/permissions block into the system prompt. It must
+      // include the triggering author so author-scoped roles
+      // (`slack:T/C author:U_ME`) resolve to the same role here that the
+      // channel.respond gate just admitted on. Per-turn updates after this
+      // point are handled by `originRef.current = buildLiveOrigin(live)`
+      // before each prompt() call.
       const origin: SessionOrigin = {
         kind: 'channel',
         adapter: key.adapter,
@@ -503,18 +643,24 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
         chat: key.chat,
         ...(resolvedNames.chatName !== undefined ? { chatName: resolvedNames.chatName } : {}),
         thread: key.thread,
+        ...(triggeringAuthorId !== undefined ? { lastInboundAuthorId: triggeringAuthorId } : {}),
         participants,
         ...(membership !== null ? { membership } : {}),
       }
 
-      const isColdStart = record?.sessionId === undefined
+      const isColdStart = resolvedRecord?.sessionId === undefined
+
+      // The router writes into this holder before every prompt() so the
+      // tool wrappers' getOrigin() sees the current-turn origin.
+      const originRef: { current: SessionOrigin | undefined } = { current: origin }
 
       const created = await createForChannel({
         key,
-        ...(record?.sessionId ? { existingSessionId: record.sessionId } : {}),
-        ...(record?.sessionFile ? { existingSessionFile: record.sessionFile } : {}),
+        ...(resolvedRecord?.sessionId ? { existingSessionId: resolvedRecord.sessionId } : {}),
+        ...(resolvedRecord?.sessionFile ? { existingSessionFile: resolvedRecord.sessionFile } : {}),
         participants,
         origin,
+        originRef,
       })
       logger.info(`[channels] ${keyId}: ensureLive session-created sessionId=${created.sessionId}`)
 
@@ -526,6 +672,7 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
         thread: key.thread,
         sessionId: created.sessionId,
         ...(transcriptPath ? { sessionFile: basename(transcriptPath) } : {}),
+        lastInboundAt: now(),
         participants,
       }
       if (mappings) {
@@ -553,6 +700,7 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
         getTranscriptPath: created.getTranscriptPath,
         participants,
         resolvedNames,
+        originRef,
         promptQueue: [],
         contextBuffer: [],
         draining: false,
@@ -697,8 +845,6 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
     await persist()
   }
 
-  const regenerateOrigin = (live: LiveSession): SessionOrigin => buildLiveOrigin(live)
-
   const fireTyping = async (live: LiveSession, phase: 'tick' | 'stop'): Promise<void> => {
     const callbacks = typingCallbacks.get(live.key.adapter)
     if (!callbacks || callbacks.size === 0) return
@@ -860,13 +1006,13 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
         live.currentTurnAuthorIds = new Set(batch.map((m) => m.authorId))
         if (batch.length > 0) live.consecutiveSends.clear()
 
-        // The agent's view of the channel should reflect the current
-        // participants + last inbound author. We update the in-memory
-        // origin via the session-origin renderer, but the loader was
-        // captured at session creation. v0.1 keeps the per-session loader
-        // (so origin reflects participants at session-creation time);
-        // per-prompt regeneration of system prompts is a v0.2 work.
-        void regenerateOrigin
+        // Update the live origin holder so this turn's tool.before events
+        // carry the current actor's id. The DefaultResourceLoader still
+        // renders the session-creation origin into the system prompt (v0.2
+        // work to regenerate that per-turn); but permission gating off
+        // `lastInboundAuthorId` happens in the tool layer and now sees the
+        // live value.
+        live.originRef.current = buildLiveOrigin(live)
 
         // Bracketing logs around the LLM call so a hung prompt() is
         // diagnosable from logs alone (we see prompting without prompted).
@@ -906,6 +1052,19 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
     const elapsedSinceFirst = t - live.firstUnprocessedAt
     const wait = Math.max(0, Math.min(baseWait, MAX_DEBOUNCE_MS - elapsedSinceFirst))
     live.lastInboundAt = t
+    if (mappings) {
+      const idx = mappings.findIndex(
+        (s) =>
+          s.adapter === live.key.adapter &&
+          s.workspace === live.key.workspace &&
+          s.chat === live.key.chat &&
+          (s.thread ?? null) === (live.key.thread ?? null),
+      )
+      if (idx >= 0) {
+        mappings[idx] = { ...mappings[idx]!, lastInboundAt: t }
+        void persist()
+      }
+    }
     live.debounceTimer = setTimeout(() => {
       live.debounceTimer = null
       live.firstUnprocessedAt = 0
@@ -924,8 +1083,46 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
       thread: event.thread,
     }
 
+    // Role-claim intercept runs BEFORE the channel.respond gate so the
+    // operator can bootstrap permissions on a fresh agent that has no
+    // role match rules yet. Cheap pre-check: only DMs whose text contains
+    // a `claim-` prefix can be claim attempts, and only when a handler
+    // is registered. Everything else falls straight through to the gate.
+    if (claimHandler !== undefined && event.isDm && extractClaimCode(event.text) !== null) {
+      const outcome = await claimHandler({
+        adapter: event.adapter,
+        workspace: event.workspace,
+        chat: event.chat,
+        isDm: event.isDm,
+        authorId: event.authorId,
+        text: event.text,
+      })
+      if (outcome.kind !== 'fallthrough') {
+        logger.info(
+          `[channels] ${channelKeyId(key)}: claim ${outcome.kind} author=${event.authorId} id=${event.externalMessageId}`,
+        )
+        await send({
+          adapter: event.adapter,
+          workspace: event.workspace,
+          chat: event.chat,
+          thread: event.thread,
+          text: outcome.reply,
+        })
+        return
+      }
+    }
+
+    if (isChannelRespondDenied(event)) {
+      logger.info(
+        `[channels] ${channelKeyId(key)}: denied by permissions (channel.respond) author=${event.authorId} id=${event.externalMessageId}`,
+      )
+      return
+    }
+
     const parsedCommand = commands.parse(event.text)
     if (parsedCommand !== null) {
+      // Commands are control traffic, not engaged inbounds; if the session is stale,
+      // the next engaged inbound will perform the rollover before prompting.
       const keyId = channelKeyId(key)
       if (!commands.has(parsedCommand.name)) {
         logger.info(`[channels] ${keyId}: ignoring unknown command /${parsedCommand.name}`)
@@ -940,7 +1137,7 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
       if (commandResult.kind !== 'not-command') return
     }
 
-    const live = await ensureLive(key, event.externalMessageId)
+    const live = await ensureLive(key, event.externalMessageId, event.authorId)
 
     const isNewAuthor = !live.participants.some((p) => p.authorId === event.authorId)
     live.participants = updateParticipants(
@@ -1010,6 +1207,18 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
     scheduleDebouncedDrain(live)
   }
 
+  const isChannelRespondDenied = (event: InboundMessage): boolean => {
+    const partial: SessionOrigin = {
+      kind: 'channel',
+      adapter: event.adapter,
+      workspace: event.workspace,
+      chat: event.chat,
+      thread: event.thread,
+      lastInboundAuthorId: event.authorId,
+    }
+    return !permissions.has(partial, CORE_PERMISSIONS.channelRespond)
+  }
+
   const updateLoopGuard = (live: LiveSession, event: InboundMessage): void => {
     if (!event.authorIsBot) {
       live.recentEngagedPeerBotTurns.length = 0

package/src/channels/schema.ts

@@ -4,11 +4,6 @@ export const ADAPTER_IDS = ['discord-bot', 'kakaotalk', 'slack-bot', 'telegram-b
 
 export type AdapterId = (typeof ADAPTER_IDS)[number]
 
-const allowRuleSchema = z.string().min(1).refine(isValidAllowRule, {
-  message:
-    'allow rule must be one of: *, guild:*, guild:<id>, guild:<id>/<channel>, team:*, team:<id>, team:<id>/<channel>, tg:*, tg:<chat_id>, channel:<id>, dm:*, dm:<id>, im:*, im:<id>, kakao:*, kakao:<chat>, kakao:dm/*, kakao:group/*, kakao:open/*',
-})
-
 const engagementTriggerSchema = z.enum(['mention', 'reply', 'dm'])
 
 const stickinessSchema = z.union([
@@ -92,8 +87,13 @@ const historySchema = z
     },
   })
 
+// Deliberately non-strict: a stale on-disk file may still carry the
+// legacy `allow` field (`migrateLegacyConfigShape` lifts it into
+// `roles.member.match[]` on load, but a between-reload window can
+// briefly contain both). Zod silently drops unknown keys here, which is
+// exactly what we want — a hard `.strict()` reject would brick recovery
+// for any user mid-migration.
 const adapterSchema = z.object({
-  allow: z.array(allowRuleSchema).default([]),
   engagement: engagementSchema,
   history: historySchema,
   enabled: z.boolean().default(true),
@@ -118,156 +118,6 @@ export const channelsSchema = z
   })
   .default({})
 
-export type AllowRule = string
 export type EngagementConfig = z.infer<typeof engagementSchema>
 export type ChannelAdapterConfig = z.infer<typeof adapterSchema>
-export type KakaotalkAdapterConfig = ChannelAdapterConfig
 export type ChannelsConfig = z.infer<typeof channelsSchema>
-
-// Discord IDs are numeric snowflakes; Slack IDs start with a single uppercase
-// letter (T for teams, C/D/G for channels) followed by alphanumerics; Telegram
-// chat IDs are signed integers (negative for groups, `-100…` for supergroups
-// and channels); KakaoTalk chat IDs are LOCO-protocol decimal integers
-// (large enough to need BigInt at the protocol layer, but rendered as plain
-// decimal strings here). All shapes are accepted on every adapter so the
-// allow list stays declarative — the runtime ensures only the right adapter
-// ever sees its own IDs.
-const RULE_PATTERNS = [
-  /^\*$/,
-  // Discord
-  /^guild:\*$/,
-  /^guild:[0-9]+$/,
-  /^guild:[0-9]+\/[0-9]+$/,
-  /^dm:\*$/,
-  /^dm:[0-9]+$/,
-  // Slack
-  /^team:\*$/,
-  /^team:[A-Z0-9]+$/,
-  /^team:[A-Z0-9]+\/[A-Z0-9]+$/,
-  /^im:\*$/,
-  /^im:[A-Z0-9]+$/,
-  // Telegram (`tg:*` admits all chats; `tg:<chat_id>` scopes to one chat —
-  // numeric, may be negative). There is no team/guild concept; every chat is
-  // identified by its absolute id.
-  /^tg:\*$/,
-  /^tg:-?[0-9]+$/,
-  // KakaoTalk: a single workspace per logged-in account, so the rules scope
-  // by chat-type (1:1 / group / open) rather than by workspace. `kakao:*`
-  // admits every chat the account can see; `kakao:dm/*`, `kakao:group/*`,
-  // `kakao:open/*` admit one chat-type bucket; `kakao:<chat-id>` admits a
-  // single chat. The runtime classifies each chat into a bucket based on
-  // KakaoChat.type at chat-resolver time and surfaces the bucket via the
-  // workspace coordinate.
-  /^kakao:\*$/,
-  /^kakao:dm\/\*$/,
-  /^kakao:group\/\*$/,
-  /^kakao:open\/\*$/,
-  /^kakao:[0-9]+$/,
-  // Shared (channel ids are unique on both platforms)
-  /^channel:[A-Z0-9]+$/,
-  /^channel:-?[0-9]+$/,
-]
-
-function isValidAllowRule(rule: string): boolean {
-  return RULE_PATTERNS.some((p) => p.test(rule))
-}
-
-export function isAllowed(rules: readonly AllowRule[], workspace: string, chat: string): boolean {
-  for (const rule of rules) {
-    if (matchRule(rule, workspace, chat)) return true
-  }
-  return false
-}
-
-// `*`              → every workspace channel + every DM (catch-all)
-// `guild:*`        → every Discord guild channel (no DMs)
-// `guild:G`        → every channel in guild G
-// `guild:G/C`      → channel C in guild G only
-// `team:*`         → every Slack team channel (no DMs)
-// `team:T`         → every channel in team T
-// `team:T/C`       → channel C in team T only
-// `tg:*`           → every Telegram chat (DMs, groups, supergroups, channels)
-// `tg:C`           → Telegram chat C only (signed numeric chat id)
-// `channel:C`      → channel C in any workspace (IDs are globally unique on
-//                    Discord/Slack and Telegram chat ids are also globally
-//                    unique numeric values)
-// `dm:*`           → every Discord DM
-// `dm:C`           → Discord DM channel C only
-// `im:*`           → every Slack DM (im channel)
-// `im:D`           → Slack DM channel D only
-// `kakao:*`            → every KakaoTalk chat the account is in
-// `kakao:dm/*`         → every KakaoTalk 1:1 chat
-// `kakao:group/*`      → every KakaoTalk group chat
-// `kakao:open/*`       → every KakaoTalk open chat
-// `kakao:<id>`         → KakaoTalk chat with the given numeric chat_id
-//
-// `guild:`/`dm:`, `team:`/`im:`, `tg:`, and `kakao:` identify which adapter
-// the rule was written for, but the matcher applies any rule that the
-// (workspace, chat) pair satisfies. That keeps the adapter-side coupling at
-// the schema/UX layer (Slack users write `team:`, Discord users write
-// `guild:`, Telegram users write `tg:`, KakaoTalk users write `kakao:`)
-// without bloating the matching logic. Telegram has no workspace concept;
-// the adapter pins workspace to `'telegram'` so `tg:*` only ever admits
-// Telegram chats. KakaoTalk uses `@kakao-dm` / `@kakao-group` / `@kakao-open`
-// as workspace coordinates so the bucket-* rules are pure prefix matches
-// against `workspace`.
-function matchRule(rule: string, workspace: string, chat: string): boolean {
-  // KakaoTalk workspaces accept the global `*` catch-all or any `kakao:`
-  // rule. Adapter-specific non-kakao rules (`team:*`, `guild:*`, `dm:*`,
-  // `im:*`, `tg:*`) never admit kakao workspaces — those are scoped to
-  // their own adapter's coordinate space and would be meaningless here.
-  // The init wizard still defaults kakaotalk to the narrower `kakao:dm/*`
-  // (group chats with personal accounts are sensitive — every member sees
-  // every reply), so opting into `*` is an explicit, per-adapter decision
-  // made in `channels.kakaotalk.allow`.
-  if (KAKAO_WORKSPACES.has(workspace)) {
-    if (rule === '*') return true
-    if (rule.startsWith('kakao:')) return matchKakaoRule(rule.slice(6), workspace, chat)
-    return false
-  }
-
-  if (rule === '*') return true
-  if (rule.startsWith('kakao:')) return false
-
-  if (workspace === '@dm') {
-    if (rule === 'dm:*' || rule === 'im:*') return true
-    if (rule.startsWith('dm:')) return rule.slice(3) === chat
-    if (rule.startsWith('im:')) return rule.slice(3) === chat
-    if (rule.startsWith('channel:')) return rule.slice(8) === chat
-    return false
-  }
-
-  if (workspace === 'telegram') {
-    if (rule === 'tg:*') return true
-    if (rule.startsWith('tg:')) return rule.slice(3) === chat
-    if (rule.startsWith('channel:')) return rule.slice(8) === chat
-    return false
-  }
-
-  if (rule === 'guild:*' || rule === 'team:*') return true
-  if (rule.startsWith('channel:')) return rule.slice(8) === chat
-  if (rule.startsWith('guild:')) {
-    const body = rule.slice(6)
-    const slash = body.indexOf('/')
-    if (slash === -1) return body === workspace
-    return body.slice(0, slash) === workspace && body.slice(slash + 1) === chat
-  }
-  if (rule.startsWith('team:')) {
-    const body = rule.slice(5)
-    const slash = body.indexOf('/')
-    if (slash === -1) return body === workspace
-    return body.slice(0, slash) === workspace && body.slice(slash + 1) === chat
-  }
-  return false
-}
-
-const KAKAO_WORKSPACES = new Set(['@kakao-dm', '@kakao-group', '@kakao-open'])
-
-function matchKakaoRule(body: string, workspace: string, chat: string): boolean {
-  if (!KAKAO_WORKSPACES.has(workspace)) return false
-  if (body === '*') return true
-  if (body === 'dm/*') return workspace === '@kakao-dm'
-  if (body === 'group/*') return workspace === '@kakao-group'
-  if (body === 'open/*') return workspace === '@kakao-open'
-  return body === chat
-}