mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-07-10 13:31:38 +00:00
fix(gateway): fail-closed external-surface defaults + profile-aware multiplex authz
Aligns runtime behaviour with SECURITY.md 2.6: externally reachable messaging adapters must fail closed unless access is explicitly configured. Closes the confirmed multiplex authorization bypass a secondary profile's open dm/group policy no longer inherits the default profile's allowlist trust. - Own-policy adapters (WhatsApp, WeCom, Weixin, QQBot, Yuanbao) default dm_policy/group_policy to pairing/allowlist instead of open; open now requires an explicit GATEWAY_ALLOW_ALL_USERS or per-platform allow-all. - Startup guard (_own_policy_open_startup_violation) refuses to boot when an enabled adapter is open without the allow-all opt-in; the guard now runs for every secondary profile in multiplex mode too. - Profile-aware own-policy authorization: _authorization_adapter / _adapter_for_source resolve the live adapter via SessionSource.profile, so _is_user_authorized and the ingress/pairing/busy/queue paths read the originating profile's adapter policy, not the default profile's. - Fail-closed intake for Email, Feishu P2P, and Discord (blank-principal denial, empty-allowlist deny, missing-interaction.user deny). Salvaged from #44073 (external-surface hardening), split into a focused gateway-authz PR per maintainer request. Follow-up fix by Hermes Agent: the Discord slash-auth channel bypass now matches DISCORD_ALLOWED_CHANNELS by the same name-inclusive keys (id + name + #name + parent) the on_message scope gate uses, so a name-form channel allowlist authorizes slash interactions consistently (was id-only, breaking #name matching). Co-authored-by: Hermes Agent <agent@nousresearch.com>
This commit is contained in:
parent
8e94e8f882
commit
bb304b4914
24 changed files with 1386 additions and 136 deletions
|
|
@ -4200,6 +4200,17 @@ class FeishuAdapter(BasePlatformAdapter):
|
|||
return "bot_not_mentioned"
|
||||
|
||||
if not is_group:
|
||||
if os.getenv("FEISHU_ALLOW_ALL_USERS", "").strip().lower() in {"true", "1", "yes"}:
|
||||
return None
|
||||
if os.getenv("GATEWAY_ALLOW_ALL_USERS", "").strip().lower() in {"true", "1", "yes"}:
|
||||
return None
|
||||
# Empty FEISHU_ALLOWED_USERS is the pairing-mode default from setup:
|
||||
# forward DMs to gateway intake so the pairing handshake can run.
|
||||
# Gateway auth fail-closes agent access until approval.
|
||||
if not self._allowed_group_users:
|
||||
return None
|
||||
if not (sender_ids and (sender_ids & self._allowed_group_users)):
|
||||
return "dm_policy_rejected"
|
||||
return None
|
||||
|
||||
if not self._allow_group_message(
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue