Problem
The [gateway] config section (used by LINE and Telegram) has no access control fields. Unlike [discord] and [slack] which support allowed_users, allowed_channels, allow_all_users, and allow_all_channels, the gateway adapter accepts messages from any user in any chat with no filtering.
This means anyone who adds the LINE bot as a friend (or joins a group with it) can interact with the agent without restriction.
Proposed Solution
Add the same access control pattern used by Discord/Slack to GatewayConfig:
[gateway]
url = "ws://gateway:8080/ws"
platform = "line"
# allow_all_users = true
# allowed_users = ["U1234"]
# allow_all_channels = true
# allowed_channels = ["C5678"]
Implementation:
- Add
allow_all_users, allowed_users, allow_all_channels, allowed_channels fields to GatewayConfig in config.rs
- Add filtering logic in
gateway.rs message handler using the existing resolve_allow_all() helper
- Update
config.toml.example and docs/line.md
This reuses the existing resolve_allow_all() pattern — non-empty list auto-detects as restricted, empty list auto-detects as allow-all.
Problem
The
[gateway]config section (used by LINE and Telegram) has no access control fields. Unlike[discord]and[slack]which supportallowed_users,allowed_channels,allow_all_users, andallow_all_channels, the gateway adapter accepts messages from any user in any chat with no filtering.This means anyone who adds the LINE bot as a friend (or joins a group with it) can interact with the agent without restriction.
Proposed Solution
Add the same access control pattern used by Discord/Slack to
GatewayConfig:Implementation:
allow_all_users,allowed_users,allow_all_channels,allowed_channelsfields toGatewayConfiginconfig.rsgateway.rsmessage handler using the existingresolve_allow_all()helperconfig.toml.exampleanddocs/line.mdThis reuses the existing
resolve_allow_all()pattern — non-empty list auto-detects as restricted, empty list auto-detects as allow-all.