Skip to content

trust: make the ingress gate structurally un-bypassable (Discord/Slack + privatize dispatch entries) #1269

Description

@chaodu-agent

Tracking issue from #1267 review (F3), and the durable fix for #1266 review F1.

Problem

The trust gate (AdapterRouter::gate_incoming) is live for the gateway path (#1267) — there process_gateway_event runs the gate before Dispatcher::submit, so gateway Thread/Lane batched modes are gated.

But Discord and Slack call Dispatcher::submit(...) / handle_message(...) directly (discord.rs ~1050/1292, slack.rs ~846/1093/1542), bypassing the gate entirely. Until they route through the gate, those paths are ungated.

Durable fix (long-term, per the #1264 ADR discussion)

  1. Route Discord + Slack ingress through AdapterRouter::gate_incoming (a unified incoming_message entry).
  2. Make Dispatcher::submit and AdapterRouter::handle_message pub(crate)/private so the gate is the only public door — no adapter (or future dispatch mode) can skip it by construction.

Acceptance

  • Discord ingress gated via gate_incoming
  • Slack ingress gated via gate_incoming
  • submit / handle_message no longer publicly reachable without passing the gate
  • Remove neutered L2/L3 from should_skip_event + unused GatewayEventContext fields (Phase 1c)

Blocks the Phase 3 deny-all flip (#1264) — the flip must not land while any ingress path is ungated.

Refs #1264 #1266 #1267

Metadata

Metadata

Assignees

No one assigned

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions