Catch dynamic gateway-scope resolver failures in the dispatcher, narrow
forwarded gateway scope strings with an explicit operator-scope guard, add
regression coverage for admin bypass and resolver-throw behavior, and
refresh bundled plugin metadata after main-branch drift.
Regeneration-Prompt: |
Follow up on review feedback for the centralized plugin command auth
change. Keep the scope tightly limited to the three review items:
catch exceptions from `resolveRequiredGatewayScopes`, replace the raw
`GatewayClientScopes` cast with explicit operator-scope narrowing, and
add dispatcher-level tests for the `operator.admin` bypass plus the safe
failure path when dynamic scope resolution throws.
While landing that patch, the repo hook may report stale bundled plugin
metadata generated files because main advanced. Regenerate those standard
outputs with the repo generator so the branch is consistent enough to
rebase, but do not chase unrelated CI or Discord test failures here.
Update the generated Plugin SDK API baseline files after extending plugin
command types for centralized owner and gateway-scope authorization.
Regeneration-Prompt: |
The prior commit intentionally changed exported plugin SDK types in
`src/plugins/types.ts` by adding richer plugin command auth context and
declarative command requirement fields. CI reported plugin SDK API drift,
which means the generated baseline files under `docs/.generated/` no
longer matched the exported surface.
Regenerate only the plugin SDK API baseline artifacts with the repo's
standard generator, verify `pnpm plugin-sdk:api:check` passes, and keep
this follow-up scoped to those generated files. Do not fold in unrelated
failing tests from untouched surfaces.
Move plugin command authorization toward the GHSA's long-term model by
preserving richer auth context, supporting declarative owner and gateway
scope requirements, and enforcing them in the shared dispatcher. Convert
`/pair approve` to use the centralized requirement path and add regression
coverage for dispatcher-level auth behavior.
Regeneration-Prompt: |
This follow-up hardening is for the plugin command auth gap described in
GHSA-9gwp-pxfh-w6r5. The immediate exploit path was already fixed by
plumbing gateway scopes into the device-pair plugin and checking `/pair
approve` inline, but the longer-term goal is to stop relying on lossy,
plugin-specific auth checks.
Preserve the existing plugin command flow and keep the change additive.
Carry richer authorization context into plugin execution, including owner
status and command surface, and let commands declare owner or internal
gateway-scope requirements that the central dispatcher enforces. Internal
callers should fail closed when required scopes are missing, with admin
scope still satisfying narrower operator requirements, while non-internal
chat surfaces should keep their current auth behavior.
Because `/pair` mixes low-risk actions like `qr` and `status` with the
privileged `approve` action, use a context-sensitive requirement instead
of making the whole command require pairing scope. Add focused regression
tests around dispatcher enforcement and update any command-context test
helpers that now need the richer fields.
