feat(trust): gateway echo-on-deny (Phase 2) + trust-none default (Phase 3)#1273
Open
chaodu-agent wants to merge 2 commits into
Open
feat(trust): gateway echo-on-deny (Phase 2) + trust-none default (Phase 3)#1273chaodu-agent wants to merge 2 commits into
chaodu-agent wants to merge 2 commits into
Conversation
- Phase 2: on Decision::DenyIdentity, echo the sender their ID via adapter.send_message so they can request access (request-access UX). Throttled to 1 echo per (platform,sender) per 5min (LazyLock map) to prevent amplification. DenyScope stays silent (not a security boundary). - Phase 3 (gateway): flip GATEWAY_ALLOW_ALL_USERS default true→false, so gateway L3 is trust-none by default. L2 (channels) stays open. Admit via GATEWAY_ALLOWED_USERS or GATEWAY_ALLOW_ALL_USERS=true. Ships in pre-beta (self-use). emilie unaffected (own image + WS path, which doesn't use this registry/echo). Discord/Slack registry entries unchanged (still behavior-preserving allow-all). Refs #1264 #1269
Collaborator
Author
|
LGTM ✅ — Phase 2 echo-on-deny and Phase 3 trust-none default are well-implemented, correctly scoped, and ship with appropriate safeguards. What This PR DoesImplements the gateway trust echo for denied identity requests (Phase 2) and flips the How It Works
Findings
What's Good (🟢)
Baseline Check
Note: Unbounded throttle map (non-blocking)The |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Enables trust-none for the gateway path (Telegram/LINE/…) with the request-access echo, so you can see the deny + echo UX end-to-end. Scoped intent: only pre-beta (self-use) runs this; emilie is unaffected (its own image + WS path, which doesn't use this registry/echo).
Changes
DenyIdentity, reply to the sender with their ID + how to request access (adapter.send_message). Throttled to 1 echo per (platform, sender) / 5 min (LazyLock map) to prevent amplification.DenyScopestays silent (scope isn't a security boundary).GATEWAY_ALLOW_ALL_USERSdefaulttrue → false. Gateway L3 is now deny-all unlessGATEWAY_ALLOWED_USERSlists the sender (orGATEWAY_ALLOW_ALL_USERS=true). L2 (channels) stays open.Gateway deployments on this image now deny unknown users by default. To keep a bot working:
GATEWAY_ALLOWED_USERS=<uid,…>, orGATEWAY_ALLOW_ALL_USERS=true(old behavior).Discord/Slack registry entries are unchanged (still behavior-preserving allow-all). Deviates from the strict #1269 phase order (deny-flip before privatization) — accepted because it ships only to pre-beta (self-use) for validation.
How to test (Telegram)
GATEWAY_ALLOWED_USERS=<your uid>→ you're admitted.⚠️ You are not on this bot's trusted list. Your ID: <id> …(once per 5 min).Testing
--features unified -D warningsclean; 10/10 gateway tests (incl. newecho_allowed_throttles_repeat_within_window).Refs #1264 #1269