fix(security): harden toolsBySender sender-key matching

2026-04-19 09:48:39 +00:00 · 2026-02-22 21:03:09 +01:00
parent 3461dda880
commit 5547a2275c
10 changed files with 324 additions and 36 deletions
--- a/docs/channels/groups.md
+++ b/docs/channels/groups.md
@@ -254,7 +254,10 @@ Notes:
 Some channel configs support restricting which tools are available **inside a specific group/room/channel**.

 - `tools`: allow/deny tools for the whole group.
- `toolsBySender`: per-sender overrides within the group (keys are sender IDs/usernames/emails/phone numbers depending on the channel). Use `"*"` as a wildcard.
+- `toolsBySender`: per-sender overrides within the group.
+  Use explicit key prefixes:
+  `id:<senderId>`, `e164:<phone>`, `username:<handle>`, `name:<displayName>`, and `"*"` wildcard.
+  Legacy unprefixed keys are still accepted and matched as `id:` only.

 Resolution order (most specific wins):

@@ -274,7 +277,7 @@ Example (Telegram):
        "-1001234567890": {
          tools: { deny: ["exec", "read", "write"] },
          toolsBySender: {
-            "123456789": { alsoAllow: ["exec"] },
+            "id:123456789": { alsoAllow: ["exec"] },
          },
        },
      },