hermes-agent/plugins/platforms
Tao Chen d3c8667462 fix(slack): authorize bot/workflow senders before the no-user-id guard
Slack Workflow Builder posts (and other app/bot messages) arrive as
subtype=bot_message with user=None. _is_user_authorized rejected them at
the `if not user_id: return False` guard, which runs *before* the #4466
{PLATFORM}_ALLOW_BOTS bypass — so @mentioning the bot from a Slack
workflow silently did nothing, even with SLACK_ALLOW_BOTS (or
SLACK_ALLOW_ALL_USERS) set. The chat-scoped allowlist for Telegram/QQ
already runs before that guard for the same reason (channel broadcasts
with no from_user); Slack was both missing from the bot-bypass map and
had the bypass running too late.

- gateway/authz_mixin: move the {PLATFORM}_ALLOW_BOTS bypass ahead of the
  no-user-id guard and add Platform.SLACK -> SLACK_ALLOW_BOTS.
- plugins/platforms/slack/adapter: set is_bot=True on inbound
  bot_message events so the gateway can identify workflow/app senders
  (they carry no user_id to match against the allowlist).

Tested: new tests/gateway/test_slack_bot_auth_bypass.py plus the existing
Discord/Feishu bot-auth and gateway authz/gating suites all pass.
2026-07-01 16:32:32 +05:30
..
dingtalk fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
discord fix(gateway): fail-closed external-surface defaults + profile-aware multiplex authz 2026-07-01 03:56:28 -07:00
email fix(gateway): fail-closed external-surface defaults + profile-aware multiplex authz 2026-07-01 03:56:28 -07:00
feishu fix(gateway): fail-closed external-surface defaults + profile-aware multiplex authz 2026-07-01 03:56:28 -07:00
google_chat fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
homeassistant fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
irc fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
line fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
matrix fix(matrix): block unsafe image redirects per-hop 2026-07-01 02:44:57 -07:00
mattermost fix(matrix,mattermost): invite auth check + API path traversal guard 2026-06-28 20:47:33 -07:00
ntfy fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
photon revert(windows): roll back terminal-popup PRs #53791 #53810 #53829 (#53853) 2026-06-27 15:59:00 -07:00
raft feat(raft): add gateway setup wizard 2026-07-01 02:45:11 -07:00
simplex fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
slack fix(slack): authorize bot/workflow senders before the no-user-id guard 2026-07-01 16:32:32 +05:30
sms fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
teams fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
telegram fix(telegram): keep polling alive during transient bootstrap outages 2026-07-01 03:42:32 -07:00
wecom fix(gateway): fail-closed external-surface defaults + profile-aware multiplex authz 2026-07-01 03:56:28 -07:00
whatsapp fix(gateway): fail-closed external-surface defaults + profile-aware multiplex authz 2026-07-01 03:56:28 -07:00