mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-07-08 13:12:08 +00:00
Slack Workflow Builder posts (and other app/bot messages) arrive as subtype=bot_message with user=None. _is_user_authorized rejected them at the `if not user_id: return False` guard, which runs *before* the #4466 {PLATFORM}_ALLOW_BOTS bypass — so @mentioning the bot from a Slack workflow silently did nothing, even with SLACK_ALLOW_BOTS (or SLACK_ALLOW_ALL_USERS) set. The chat-scoped allowlist for Telegram/QQ already runs before that guard for the same reason (channel broadcasts with no from_user); Slack was both missing from the bot-bypass map and had the bypass running too late. - gateway/authz_mixin: move the {PLATFORM}_ALLOW_BOTS bypass ahead of the no-user-id guard and add Platform.SLACK -> SLACK_ALLOW_BOTS. - plugins/platforms/slack/adapter: set is_bot=True on inbound bot_message events so the gateway can identify workflow/app senders (they carry no user_id to match against the allowlist). Tested: new tests/gateway/test_slack_bot_auth_bypass.py plus the existing Discord/Feishu bot-auth and gateway authz/gating suites all pass. |
||
|---|---|---|
| .. | ||
| browser | ||
| context_engine | ||
| cron_providers | ||
| dashboard_auth | ||
| disk-cleanup | ||
| google_meet | ||
| hermes-achievements | ||
| image_gen | ||
| kanban | ||
| memory | ||
| model-providers | ||
| observability | ||
| platforms | ||
| security-guidance | ||
| spotify | ||
| teams_pipeline | ||
| video_gen | ||
| web | ||
| __init__.py | ||
| plugin_utils.py | ||