fix(channels): require bound identity for user-owned IM messages (#3578)

* fix(channels): require bound identity for user-owned IM messages * make format * docs: document bound identity channel config * refactor: reuse channel connection config * refactor _requires_bound_identity() * refactor from_app_config() * make format * fix: reject unbound channel chats before semaphore * security enhancement * make format * fix: enforce bound-identity admission at command entry point The bound-identity gate only ran for non-command messages in _handle_message() and as a fallback inside _handle_chat(). Commands had no equivalent boundary, so an unbound platform user could send /new and reach _create_thread() directly, creating an unowned Gateway thread and empty checkpoint. Info commands (/status, /models, /memory) likewise leaked Gateway state to unbound users. Add the same _requires_bound_identity() check at the top of _handle_command(), rejecting via _reject_unbound_channel_message() before any thread creation or Gateway query. The gate is a no-op in legacy open-bot mode (require_bound_identity=False) and auth-disabled mode. Provider-level binding flows (/connect, /start) are consumed by the provider adapter before reaching the manager, so they are unaffected. Tests: - unbound auth-enabled /new is rejected before threads.create - bound auth-enabled /new still creates the thread Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * fix(channels): carry workspace fallback decision on inbound messages * fix(channels): recheck bound identity by normalized workspace * fix(channels): avoid duplicate bound identity checks * fix(channels): preserve verified routing for bound identity rejects * fix(channels): clarify bound identity upgrade failures --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com> Co-authored-by: Willem Jiang <willem.jiang@gmail.com>
2026-06-17 13:05:58 +00:00 · 2026-06-16 17:04:39 +02:00
parent 05be7ea688
commit 0966131b31
7 changed files with 631 additions and 34 deletions
@@ -17,6 +17,7 @@ logger = logging.getLogger(__name__)

 if TYPE_CHECKING:
    from deerflow.config.app_config import AppConfig
+    from deerflow.config.channel_connections_config import ChannelConnectionsConfig

 # Channel name → import path for lazy loading
 _CHANNEL_REGISTRY: dict[str, str] = {
@@ -64,8 +65,7 @@ def _merge_channel_connection_runtime_config(channels_config: dict[str, Any], ap
    merge_runtime_channel_configs(channels_config, connection_config)


-def _make_connection_repo(app_config: AppConfig):
-    connection_config = getattr(app_config, "channel_connections", None)
+def _make_connection_repo(connection_config: ChannelConnectionsConfig | None):
    if connection_config is None or not getattr(connection_config, "enabled", False):
        return None

@@ -90,7 +90,13 @@ class ChannelService:
    instantiates enabled channels, and starts the ChannelManager dispatcher.
    """

-    def __init__(self, channels_config: dict[str, Any] | None = None, *, connection_repo: Any | None = None) -> None:
+    def __init__(
+        self,
+        channels_config: dict[str, Any] | None = None,
+        *,
+        connection_repo: Any | None = None,
+        require_bound_identity: bool = False,
+    ) -> None:
        self.bus = MessageBus()
        self.store = ChannelStore()
        self._connection_repo = connection_repo
@@ -107,6 +113,7 @@ class ChannelService:
            default_session=default_session if isinstance(default_session, dict) else None,
            channel_sessions=channel_sessions,
            connection_repo=connection_repo,
+            require_bound_identity=require_bound_identity,
        )
        self._channels: dict[str, Any] = {}  # name -> Channel instance
        self._config = config
@@ -126,7 +133,14 @@ class ChannelService:
        if "channels" in extra:
            channels_config = dict(extra["channels"] or {})
        _merge_channel_connection_runtime_config(channels_config, app_config)
-        return cls(channels_config=channels_config, connection_repo=_make_connection_repo(app_config))
+        connection_config = getattr(app_config, "channel_connections", None)
+        connections_enabled = connection_config is not None and getattr(connection_config, "enabled", False)
+        require_bound_identity = bool(connections_enabled and getattr(connection_config, "require_bound_identity", True))
+        return cls(
+            channels_config=channels_config,
+            connection_repo=_make_connection_repo(connection_config),
+            require_bound_identity=require_bound_identity,
+        )

    async def start(self) -> None:
        """Start the manager and all enabled channels."""