Summary
Migrate WeCom adapter trust configuration from gateway env vars to a first-class [wecom] section in config.toml.
Current State
- Gateway env vars only (
GATEWAY_ALLOW_ALL_USERS, GATEWAY_ALLOWED_USERS)
- No per-platform granularity for WeCom
Target State
[wecom]
allowed_users = ["zhangsan", "lisi"]
trusted_bot_ids = ["bot_app_1"]
# allow_all_users = true # explicit opt-in only
Tasks
Notes
- WeCom UserIDs are freeform strings (tenant-admin-assigned: letters, digits, -, _, @, .)
enter_agent (member-enter event) is user-initiated — must NOT be classified as is_bot
- WeCom UserIDs could match reserved synthetic values — this is why cron bypass only checks
platform, not sender_id
Refs
Summary
Migrate WeCom adapter trust configuration from gateway env vars to a first-class
[wecom]section inconfig.toml.Current State
GATEWAY_ALLOW_ALL_USERS,GATEWAY_ALLOWED_USERS)Target State
Tasks
[wecom]section to config schema (feat(trust): [wecom]/[googlechat]/[teams] first-class trust sections (Phase 1) #1366)PlatformTrustConfigsregistry (feat(trust): [wecom]/[googlechat]/[teams] first-class trust sections (Phase 1) #1366 — embedded/unified path)trusted_bot_idsforis_botderivation (noenter_agent— that is user-initiated)config.toml.example(feat(trust): [wecom]/[googlechat]/[teams] first-class trust sections (Phase 1) #1366)Follow-ups from external review (canyugs/openab#18)
c2e6223+ docs(platforms): wecom quirks — DM-only L2, ISV id formats, is_bot no-op #1386) (channel_typealways"direct", per-user channel idwecom:{corp}:{user}) — L2 scope is effectivelyallow_dmonly;allowed_channelsis meaningless. Drop/futurize "group routing" in the ADR's WeCom EXPECTED box"zhangsan") applies to self-built apps only — verified against official docs, recorded in ADR v2 + docs(platforms): wecom quirks — DM-only L2, ISV id formats, is_bot no-op #1386; external-contact/ISV modes seewmXXXX/OpenUserID formats — document in the ADR table anddocs/platforms/schema/wecom.tomlis_botis hardcodedfalse(wecom.rs:1071) — documented in ADR v2 wording + docs(platforms): wecom quirks — DM-only L2, ISV id formats, is_bot no-op #1386 quirk; implementation (populating from SenderInfo.is_bot) remains open with bot detection so the L3 bot-bypass is a no-op for WeCom;GatewayEvent.SenderInfo.is_botalready exists as a ready source when bot detection landsNotes
enter_agent(member-enter event) is user-initiated — must NOT be classified asis_botplatform, notsender_idRefs