Observation
Every other chat-app adapter in frontends/ reads an allow-list from
mykey.py and either rejects or logs unknown users:
| Adapter |
Reads allow-list |
Behavior on empty list |
tgapp.py |
tg_allowed_users |
exit() (line 122-124) |
fsapp.py |
fs_allowed_users |
public if [*] |
qqapp.py |
qq_allowed_users |
public if [*] |
dingtalkapp.py |
dingtalk_allowed_users |
public if [*] |
wecomapp.py |
wecom_allowed_users |
public if [*] |
wechatapp.py |
(none — keyword grep returns 0 matches) |
n/a — no gate at all |
README.md (Chinese half, line 297) tells the user the wechat adapter
needs no extra config: "扫码登录即可". Today that means after the QR
login, any contact who messages the bound WeChat account drives the
agent — code_run, file_read, file_write, etc. all reachable.
This looks like a documentation/implementation gap rather than a design
choice, since the same author wrote the Telegram adapter that hard-exits
on an empty allow-list.
Proposal (would PR after maintainer alignment)
- Add
wechat_allowed_users = [] example to mykey_template.py with
a short comment matching the QQ/DingTalk pattern.
- In
wechatapp.py message dispatch, drop messages whose sender openid
isn't in the allow-list. Mirror the Telegram pattern (exit() on
empty list) since this adapter has no "public webhook" use case
— every user is talking to the maintainer's personal WeChat.
Two questions before I send a PR:
- Do you want the same
[\"*\"] opt-in escape hatch the other adapters
have, or follow Telegram's stricter "non-empty required" rule?
- WeChat senders are identified by
openid (or the wxid surface that
the iLink bot exposes) — should the key match the rest of the
ecosystem (wechat_allowed_users = [\"<openid>\", ...])?
Happy to align before opening a PR so the change matches your existing
adapter convention.
Observation
Every other chat-app adapter in
frontends/reads an allow-list frommykey.pyand either rejects or logs unknown users:tgapp.pytg_allowed_usersexit()(line 122-124)fsapp.pyfs_allowed_users[*]qqapp.pyqq_allowed_users[*]dingtalkapp.pydingtalk_allowed_users[*]wecomapp.pywecom_allowed_users[*]wechatapp.pyREADME.md(Chinese half, line 297) tells the user the wechat adapterneeds no extra config: "扫码登录即可". Today that means after the QR
login, any contact who messages the bound WeChat account drives the
agent —
code_run,file_read,file_write, etc. all reachable.This looks like a documentation/implementation gap rather than a design
choice, since the same author wrote the Telegram adapter that hard-exits
on an empty allow-list.
Proposal (would PR after maintainer alignment)
wechat_allowed_users = []example tomykey_template.pywitha short comment matching the QQ/DingTalk pattern.
wechatapp.pymessage dispatch, drop messages whose sender openidisn't in the allow-list. Mirror the Telegram pattern (
exit()onempty list) since this adapter has no "public webhook" use case
— every user is talking to the maintainer's personal WeChat.
Two questions before I send a PR:
[\"*\"]opt-in escape hatch the other adaptershave, or follow Telegram's stricter "non-empty required" rule?
openid(or the wxid surface thatthe iLink bot exposes) — should the key match the rest of the
ecosystem (
wechat_allowed_users = [\"<openid>\", ...])?Happy to align before opening a PR so the change matches your existing
adapter convention.