mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-05-03 17:27:37 +08:00
b94cb8e2c4
Add two operator-facing toggles for inbound Feishu admission, enabling
bot-to-bot scenarios such as A2A orchestration and inter-bot
notifications:
FEISHU_ALLOW_BOTS=none|mentions|all (default: none)
Accept messages from other bots. `mentions` requires the peer
bot to @-mention Hermes; `all` admits every peer-bot message.
FEISHU_REQUIRE_MENTION=true|false (default: true)
Whether group messages must @-mention the bot. Override per-chat
via `group_rules.<chat_id>.require_mention` in config.yaml.
Defaults preserve prior behavior. Self-echo protection is always on:
when the bot's identity is unresolved (auto-detection failed and
FEISHU_BOT_OPEN_ID unset), peer-bot messages are rejected fail-closed
to avoid feedback loops.
Admitted peer bots bypass the human-user allowlist
(FEISHU_ALLOWED_USERS) to match existing Discord behavior; humans
still need an explicit allowlist entry. yaml feishu.allow_bots is
bridged to the env var so the adapter and gateway auth layer share
one source of truth.
Resolving peer-bot display names requires the
application:bot.basic_info:read scope; without it, peers still route
but appear as their open_id.
Test: tests/gateway/test_feishu_bot_admission.py covers the admission
pipeline, group-policy bot-bypass, hydration, and event-dispatch
plumbing as a parametrized matrix.
Change-Id: I363cccb578c2a5c8b8bf0f0a890c01c89909e256
114 lines
3.5 KiB
Python
114 lines
3.5 KiB
Python
"""Regression guard for Feishu bot-sender authorization bypass.
|
|
|
|
Mirrors tests/gateway/test_discord_bot_auth_bypass.py for Platform.FEISHU.
|
|
Without the bypass in gateway/run.py, Feishu bot senders admitted by the
|
|
adapter would be rejected at _is_user_authorized with "Unauthorized user"
|
|
— same class of bug as Discord #4466.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
from types import SimpleNamespace
|
|
|
|
import pytest
|
|
|
|
from gateway.session import Platform, SessionSource
|
|
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def _isolate_feishu_env(monkeypatch):
|
|
for var in (
|
|
"FEISHU_ALLOW_BOTS",
|
|
"FEISHU_ALLOWED_USERS",
|
|
"FEISHU_ALLOW_ALL_USERS",
|
|
"GATEWAY_ALLOW_ALL_USERS",
|
|
"GATEWAY_ALLOWED_USERS",
|
|
):
|
|
monkeypatch.delenv(var, raising=False)
|
|
|
|
|
|
def _make_bare_runner():
|
|
from gateway.run import GatewayRunner
|
|
|
|
runner = object.__new__(GatewayRunner)
|
|
runner.pairing_store = SimpleNamespace(is_approved=lambda *_a, **_kw: False)
|
|
return runner
|
|
|
|
|
|
def _make_feishu_bot_source(open_id: str = "ou_peer"):
|
|
return SessionSource(
|
|
platform=Platform.FEISHU,
|
|
chat_id="oc_1",
|
|
chat_type="group",
|
|
user_id=open_id,
|
|
user_name="PeerBot",
|
|
is_bot=True,
|
|
)
|
|
|
|
|
|
def _make_feishu_human_source(open_id: str = "ou_human"):
|
|
return SessionSource(
|
|
platform=Platform.FEISHU,
|
|
chat_id="oc_1",
|
|
chat_type="group",
|
|
user_id=open_id,
|
|
user_name="Human",
|
|
is_bot=False,
|
|
)
|
|
|
|
|
|
def test_feishu_bot_authorized_when_allow_bots_mentions(monkeypatch):
|
|
runner = _make_bare_runner()
|
|
monkeypatch.setenv("FEISHU_ALLOW_BOTS", "mentions")
|
|
monkeypatch.setenv("FEISHU_ALLOWED_USERS", "ou_human")
|
|
|
|
assert runner._is_user_authorized(_make_feishu_bot_source("ou_peer")) is True
|
|
|
|
|
|
def test_feishu_bot_authorized_when_allow_bots_all(monkeypatch):
|
|
runner = _make_bare_runner()
|
|
monkeypatch.setenv("FEISHU_ALLOW_BOTS", "all")
|
|
monkeypatch.setenv("FEISHU_ALLOWED_USERS", "ou_human")
|
|
|
|
assert runner._is_user_authorized(_make_feishu_bot_source()) is True
|
|
|
|
|
|
def test_feishu_bot_NOT_authorized_when_allow_bots_none(monkeypatch):
|
|
runner = _make_bare_runner()
|
|
monkeypatch.setenv("FEISHU_ALLOW_BOTS", "none")
|
|
monkeypatch.setenv("FEISHU_ALLOWED_USERS", "ou_human")
|
|
|
|
assert runner._is_user_authorized(_make_feishu_bot_source("ou_peer")) is False
|
|
|
|
|
|
def test_feishu_bot_NOT_authorized_when_allow_bots_unset(monkeypatch):
|
|
runner = _make_bare_runner()
|
|
monkeypatch.setenv("FEISHU_ALLOWED_USERS", "ou_human")
|
|
|
|
assert runner._is_user_authorized(_make_feishu_bot_source("ou_peer")) is False
|
|
|
|
|
|
def test_feishu_human_still_checked_against_allowlist_when_bot_policy_set(monkeypatch):
|
|
"""FEISHU_ALLOW_BOTS=all must NOT open the gate for humans."""
|
|
runner = _make_bare_runner()
|
|
monkeypatch.setenv("FEISHU_ALLOW_BOTS", "all")
|
|
monkeypatch.setenv("FEISHU_ALLOWED_USERS", "ou_human")
|
|
|
|
assert runner._is_user_authorized(_make_feishu_human_source("ou_stranger")) is False
|
|
assert runner._is_user_authorized(_make_feishu_human_source("ou_human")) is True
|
|
|
|
|
|
def test_feishu_bot_bypass_does_not_leak_to_other_platforms(monkeypatch):
|
|
"""FEISHU_ALLOW_BOTS=all must not authorize Telegram/Discord bot sources."""
|
|
runner = _make_bare_runner()
|
|
monkeypatch.setenv("FEISHU_ALLOW_BOTS", "all")
|
|
|
|
telegram_bot = SessionSource(
|
|
platform=Platform.TELEGRAM,
|
|
chat_id="123",
|
|
chat_type="channel",
|
|
user_id="999",
|
|
is_bot=True,
|
|
)
|
|
assert runner._is_user_authorized(telegram_bot) is False
|