Summary
Migrate Feishu adapter trust configuration from gateway env vars to a first-class [feishu] section in config.toml.
Current State
FEISHU_ALLOWED_USERS / FEISHU_ALLOWED_GROUPS env vars in gateway crate
- Double-gating: gateway crate checks AND core checks (can diverge, core side fails open when list empty)
trusted_bot_ids needed by Receiver for is_bot (Feishu marks bots as sender_type="user")
Target State
[feishu]
allowed_users = ["ou_xxxxxxxxxxxxxxxxxxxx"]
trusted_bot_ids = ["ou_bot1", "ou_bot2"]
# allow_all_users = true # explicit opt-in only
Tasks
Notes
open_id is per-app — same user has different ID in different Feishu apps (document in gotcha)
- Feishu marks other bots as
sender_type="user" — unreliable; must match against trusted_bot_ids
Refs
Summary
Migrate Feishu adapter trust configuration from gateway env vars to a first-class
[feishu]section inconfig.toml.Current State
FEISHU_ALLOWED_USERS/FEISHU_ALLOWED_GROUPSenv vars in gateway cratetrusted_bot_idsneeded by Receiver foris_bot(Feishu marks bots assender_type="user")Target State
Tasks
[feishu]section to config schemaPlatformTrustConfigsregistryFEISHU_ALLOWED_USERS/FEISHU_ALLOWED_GROUPSto core configtrusted_bot_idsin core config (shared: Receiver reads foris_bot, Handler for admission)config.toml.exampleNotes
open_idis per-app — same user has different ID in different Feishu apps (document in gotcha)sender_type="user"— unreliable; must match againsttrusted_bot_idsRefs