feat(phase-14): implement TA-P14-004 direct session ACL

Author: benjinus

docs/implementation/phase-14/README.md

@@ -1,6 +1,6 @@
 # TelAgent v1 Phase 14 执行产出（产品聚焦与缺陷收敛）
 
-- 文档版本：v1.1
+- 文档版本：v1.2
 - 状态：Phase 14 执行中
 - 最后更新：2026-03-03
 
@@ -18,7 +18,7 @@ Phase 14 回归 P2P 应用核心体验，聚焦“可用性、正确性、收敛
 | TA-P14-001 | DONE | 阶段边界重置（产品聚焦） |
 | TA-P14-002 | DONE | 删除 Web 运维面板，保留核心聊天流程 |
 | TA-P14-003 | DONE | 消息拉取稳定游标改造（替代 offset 风险） |
-| TA-P14-004 | TODO | direct 会话参与方与访问约束强化 |
+| TA-P14-004 | DONE | direct 会话参与方与访问约束强化 |
 | TA-P14-005 | TODO | TS/Python SDK 核心行为收敛与错误语义统一 |
 | TA-P14-006 | TODO | 回归验证与 Gate 收口 |
 
@@ -27,10 +27,15 @@ Phase 14 回归 P2P 应用核心体验，聚焦“可用性、正确性、收敛
 - `ta-p14-001-phase14-product-focus-boundary-2026-03-03.md`
 - `ta-p14-002-web-ops-panel-removal-2026-03-03.md`
 - `ta-p14-003-stable-pull-cursor-2026-03-03.md`
+- `ta-p14-004-direct-session-acl-2026-03-03.md`
 - `logs/2026-03-03-p14-web-build.txt`
 - `logs/2026-03-03-p14-web-ops-removal-check.txt`
 - `logs/2026-03-03-p14-node-build.txt`
 - `logs/2026-03-03-p14-node-test.txt`
 - `logs/2026-03-03-p14-stable-pull-cursor-check-run.txt`
+- `logs/2026-03-03-p14-node-build-ta-p14-004.txt`
+- `logs/2026-03-03-p14-node-test-ta-p14-004.txt`
+- `logs/2026-03-03-p14-direct-session-acl-check-run.txt`
 - `manifests/2026-03-03-p14-web-ops-removal-check.json`
 - `manifests/2026-03-03-p14-stable-pull-cursor-check.json`
+- `manifests/2026-03-03-p14-direct-session-acl-check.json`

docs/implementation/phase-14/logs/2026-03-03-p14-direct-session-acl-check-run.txt

@@ -0,0 +1,6 @@
+[TA-P14-004] firstTwoParticipantsAccepted=true
+[TA-P14-004] nonParticipantRejectedRfc7807=true
+[TA-P14-004] existingParticipantAcceptedAfterRejection=true
+[TA-P14-004] rejectedErrorCode=FORBIDDEN
+[TA-P14-004] decision=PASS
+[TA-P14-004] output=/Users/xiasenhai/Workspace/OpenClaw/telagent/docs/implementation/phase-14/manifests/2026-03-03-p14-direct-session-acl-check.json

docs/implementation/phase-14/logs/2026-03-03-p14-node-build-ta-p14-004.txt

@@ -0,0 +1,4 @@
+
+> @telagent/node@0.1.0 build /Users/xiasenhai/Workspace/OpenClaw/telagent/packages/node
+> tsc -p tsconfig.json
+

docs/implementation/phase-14/logs/2026-03-03-p14-node-test-ta-p14-004.txt

@@ -0,0 +1,109 @@
+
+> @telagent/node@0.1.0 pretest /Users/xiasenhai/Workspace/OpenClaw/telagent/packages/node
+> pnpm build
+
+
+> @telagent/node@0.1.0 build /Users/xiasenhai/Workspace/OpenClaw/telagent/packages/node
+> tsc -p tsconfig.json
+
+
+> @telagent/node@0.1.0 test /Users/xiasenhai/Workspace/OpenClaw/telagent/packages/node
+> node --test dist/*.test.js dist/**/*.test.js
+
+✔ created response returns data envelope and Location header (242.813184ms)
+✔ list response returns paginated envelope shape (39.9615ms)
+✔ validation errors use RFC7807 shape and problem+json content type (15.434415ms)
+✔ node audit snapshot exports de-sensitized envelope and links.self (105.857061ms)
+✔ node audit snapshot rejects invalid query with RFC7807 response (4.608889ms)
+✔ TA-P12-003 revoked DID event isolates session and rejects message send with RFC7807 (11.766103ms)
+✔ TA-P12-004 node metrics exposes federation DLQ replay burn-rate section (3.618223ms)
+✔ not found uses RFC7807 shape (2.940089ms)
+✔ identities and groups endpoints are accessible with expected status codes (99.16139ms)
+✔ messages, attachments and federation endpoints are accessible (86.211749ms)
+✔ routes only serve /api/v1/* prefix (318.562169ms)
+✔ identity endpoint responds with data envelope (59.790735ms)
+✔ mailbox store defaults to sqlite backend (5.842809ms)
+✔ mailbox store parses postgres backend config (1.653589ms)
+✔ postgres backend requires connection url (0.831064ms)
+✔ mailbox backend rejects unsupported value (0.340939ms)
+✔ federation protocol defaults to v1 and supports self version (1.003673ms)
+✔ federation supported protocols auto-include self version (0.419913ms)
+✔ federation replay protection defaults are applied (0.518466ms)
+✔ federation replay protection accepts custom values (0.367184ms)
+✔ federation replay protection requires positive integer values (0.859582ms)
+✔ domain proof config defaults to enforced mode (1.623461ms)
+✔ domain proof config accepts report-only mode and custom values (0.414138ms)
+✔ domain proof mode rejects unsupported value (0.343733ms)
+✔ domain proof numeric settings require positive integers (0.471725ms)
+✔ federation pinning defaults to disabled mode (0.350699ms)
+✔ federation pinning parses current/next keys and cutover timestamp (0.500471ms)
+✔ federation pinning rejects invalid mode (0.458381ms)
+✔ federation pinning enabled requires key mappings (0.294758ms)
+✔ federation pinning map requires domain=keys format (0.271174ms)
+✔ federation SLO automation config defaults are applied (0.295374ms)
+✔ federation SLO automation config accepts custom values (0.297757ms)
+✔ federation SLO burn-rate thresholds require positive values (0.293347ms)
+✔ finalityDepth only materializes finalized blocks (104.666562ms)
+✔ reorg rollback replays canonical events and restores deterministic view (133.846173ms)
+✔ TA-P4-009 E2E main path: create -> invite -> accept -> group chat (text/image/file) (425.232084ms)
+✔ TA-P4-010 E2E offline 24h pull keeps dedupe and per-conversation order (79.988948ms)
+✔ TA-P14-003 E2E pull cursor stays stable when cleanup happens between pages (16.156278ms)
+✔ TA-P14-004 E2E direct conversation blocks non-participant sender with RFC7807 (7.586321ms)
+✔ TA-P4-006 init-upload sanitizes filename and emits attachment objectKey (2.228593ms)
+✔ TA-P4-006 complete-upload enforces manifest and checksum integrity (0.767476ms)
+✔ TA-P4-006 complete-upload is idempotent and rejects checksum divergence (0.265414ms)
+✔ TA-P4-006 expired upload sessions are cleaned and cannot be completed (0.234747ms)
+✔ TA-P11-003 accepts valid domain proof challenge and canonical hash (144.154963ms)
+✔ TA-P11-003 rejects illegal domain challenge on malformed domain (1.091204ms)
+✔ TA-P11-003 rejects when canonical domainProofHash mismatches payload (2.194631ms)
+✔ TA-P11-003 rotates challenge nonce near expiry and accepts renewed domain proof (2.960786ms)
+✔ TA-P11-003 report-only mode returns warning without blocking create flow (1.025951ms)
+✔ TA-P4-007 federation envelopes support idempotent retries (2.08516ms)
+✔ TA-P4-007 federation auth token is enforced when configured (0.59134ms)
+✔ TA-P4-007 federation rate limit rejects burst traffic (0.317469ms)
+✔ TA-P4-008 group-state sync enforces domain consistency (0.852936ms)
+✔ TA-P8-002 group-state sync rejects stale stateVersion and records resilience counters (0.762754ms)
+✔ TA-P8-002 group-state sync detects split-brain on same stateVersion with different state (0.31755ms)
+✔ TA-P9-002 federation accepts compatible protocol versions and tracks usage stats (90.309735ms)
+✔ TA-P9-002 federation rejects unsupported protocol versions (0.525636ms)
+✔ TA-P11-004 federation pinning enforces sourceKeyId with current/next rotation (1.576277ms)
+✔ TA-P11-004 federation pinning report-only mode allows traffic but records warnings (0.381931ms)
+✔ TA-P11-005 federation DLQ captures failures and replays in sequence order (3.196861ms)
+✔ TA-P4-008 node-info publishes domain and federation security policy (0.310182ms)
+✔ TA-P13-005 federation replay applies backoff and opens circuit on repeated failures (2.019657ms)
+✔ TA-P13-005 federation replay protection validates backoff range (0.213324ms)
+✔ TA-P12-004 federation SLO runOnce auto-replays DLQ and records burn-rate metrics (7.803725ms)
+✔ TA-P12-004 federation SLO scheduler periodically replays DLQ (1102.311298ms)
+✔ assertSufficient throws INSUFFICIENT_GAS_TOKEN_BALANCE when native balance is not enough (2.029296ms)
+✔ TA-P11-006 rotate key keeps old key usable in grace window then expires (3.517979ms)
+✔ TA-P11-006 revoke and recover lifecycle is verifiable (0.491ms)
+✔ TA-P11-006 rejects invalid did and malformed key id (0.423718ms)
+✔ TA-P12-007 orchestrator supports staged key rotation with rollback recovery (2.753973ms)
+✔ TA-P4-002 sequence allocator keeps per-conversation monotonic order (4.888052ms)
+✔ TA-P4-003 dedupe keeps idempotent writes for same envelopeId (0.767725ms)
+✔ TA-P4-003 duplicate envelopeId with different payload is rejected (1.039166ms)
+✔ TA-P14-004 direct conversation rejects non-participant writer after two participants are established (1.052266ms)
+✔ TA-P14-004 direct conversation ACL remains effective after repository-backed restart (20.612998ms)
+✔ TA-P4-004 cleanupExpired removes expired envelopes and releases dedupe key (1.444885ms)
+✔ TA-P14-003 conversation pull cursor stays stable after cleanup between pages (1.848464ms)
+✔ TA-P14-003 global pull cursor is keyset token and survives cleanup drift (1.009106ms)
+✔ TA-P4-005 provisional envelopes are retracted when group is reorged back (1.177371ms)
+✔ TA-P4-005 send is rejected when group chain state is REORGED_BACK (0.535927ms)
+✔ TA-P12-002 buildAuditSnapshot exports hashed retraction samples (1.104457ms)
+✔ TA-P12-002 buildAuditSnapshot normalizes sample and scan bounds (0.24018ms)
+✔ TA-P12-003 revoked DID event isolates related sessions and evicts active sessions (1.988008ms)
+✔ TA-P12-003 buildAuditSnapshot includes revocation isolation evidence (1.072063ms)
+✔ TA-P6-001 mailbox persists messages and seq after service restart (22.308847ms)
+✔ TA-P11-006 message send validates signal/mls key lifecycle status (1.720719ms)
+✔ TA-P11-007 revoked DID cannot continue sending new messages (0.491ms)
+✔ TA-P5-002 monitoring snapshot normalizes dynamic route segments and records counters (16.900544ms)
+✔ TA-P5-002 monitoring emits warning/critical alerts when thresholds are exceeded (0.515895ms)
+✔ TA-P12-004 federation DLQ burn-rate alert is emitted and tracked (2.698996ms)
+ℹ tests 89
+ℹ suites 0
+ℹ pass 89
+ℹ fail 0
+ℹ cancelled 0
+ℹ skipped 0
+ℹ todo 0
+ℹ duration_ms 2590.368983

docs/implementation/phase-14/manifests/2026-03-03-p14-direct-session-acl-check.json

@@ -0,0 +1,27 @@
+{
+  "phase": "Phase 14",
+  "taskId": "TA-P14-004",
+  "generatedAt": "2026-03-03T14:59:12.417Z",
+  "summary": {
+    "firstTwoParticipantsAccepted": true,
+    "nonParticipantRejectedRfc7807": true,
+    "existingParticipantAcceptedAfterRejection": true,
+    "rejectedErrorCode": "FORBIDDEN"
+  },
+  "decision": "PASS",
+  "details": {
+    "api": {
+      "rejectedStatus": 403,
+      "rejectedContentType": "application/problem+json; charset=utf-8",
+      "rejectedErrorCode": "FORBIDDEN",
+      "rejectedBody": {
+        "type": "https://telagent.dev/errors/forbidden",
+        "title": "Forbidden",
+        "status": 403,
+        "detail": "senderDid is not a direct conversation participant for conversation(direct:p14-acl-script)",
+        "instance": "/api/v1/messages",
+        "code": "FORBIDDEN"
+      }
+    }
+  }
+}

docs/implementation/phase-14/ta-p14-004-direct-session-acl-2026-03-03.md

@@ -0,0 +1,54 @@
+# TA-P14-004 direct 会话参与方访问控制强化（2026-03-03）
+
+- Task ID：TA-P14-004
+- 阶段：Phase 14
+- 状态：DONE
+- 负责人角色：Backend + Security + QA
+
+## 1. 目标
+
+为 `conversationType=direct` 增加参与方访问约束，确保 direct 会话仅允许已建立参与关系的 DID 写入；非参与方写入必须被拒绝并返回 RFC7807 标准错误。
+
+## 2. 实现摘要
+
+1. `MessageService.send` 在 direct 会话路径增加 ACL 校验：
+   - 第一个发送方自动登记为参与方 A；
+   - 第二个不同发送方登记为参与方 B；
+   - 第三个不同发送方被拒绝（`FORBIDDEN`）。
+2. ACL 持久化落地：
+   - SQLite/Postgres 新增 `mailbox_direct_conversations` 表；
+   - 约束 `conversation_id` 下最多两名参与方；
+   - 重启后约束仍生效（防止重启绕过）。
+3. 非参与方拒绝语义：
+   - 返回 `TelagentError(ErrorCodes.FORBIDDEN, ...)`；
+   - API 层统一转成 `application/problem+json`（RFC7807）。
+
+## 3. 变更文件
+
+- `packages/node/src/services/message-service.ts`
+- `packages/node/src/storage/mailbox-store.ts`
+- `packages/node/src/storage/message-repository.ts`
+- `packages/node/src/storage/postgres-message-repository.ts`
+- `packages/node/src/services/message-service.test.ts`
+- `packages/node/src/phase4-e2e.test.ts`
+- `packages/node/scripts/run-phase14-direct-session-acl-check.ts`
+
+## 4. 验证
+
+1. 服务层新增测试：
+   - `TA-P14-004 direct conversation rejects non-participant writer after two participants are established`
+   - `TA-P14-004 direct conversation ACL remains effective after repository-backed restart`
+2. E2E 新增测试：
+   - `TA-P14-004 E2E direct conversation blocks non-participant sender with RFC7807`
+3. 专项脚本：
+   - `packages/node/scripts/run-phase14-direct-session-acl-check.ts`
+4. 构建与测试：
+   - `corepack pnpm --filter @telagent/node build`
+   - `corepack pnpm --filter @telagent/node test`
+
+## 5. 证据
+
+- 构建日志：`docs/implementation/phase-14/logs/2026-03-03-p14-node-build-ta-p14-004.txt`
+- 测试日志：`docs/implementation/phase-14/logs/2026-03-03-p14-node-test-ta-p14-004.txt`
+- 专项检查日志：`docs/implementation/phase-14/logs/2026-03-03-p14-direct-session-acl-check-run.txt`
+- 机读清单：`docs/implementation/phase-14/manifests/2026-03-03-p14-direct-session-acl-check.json`

docs/implementation/telagent-v1-iteration-board.md

@@ -224,8 +224,9 @@
 - 已完成：`TA-P14-001`（Phase 14 产品聚焦边界冻结）
 - 已完成：`TA-P14-002`（默认 Web 运维面板下线，回归核心聊天流程）
 - 已完成：`TA-P14-003`（消息拉取稳定游标改造，修复 cleanup/retraction 导致分页跳项风险）
+- 已完成：`TA-P14-004`（direct 会话参与方访问控制，非参与方写入返回 RFC7807）
 - 已规划：`TA-P15-001`（WebApp 工业级规划总纲冻结）
-- 下一批 Ready：执行 `TA-P14-004`（direct 会话访问控制）与 `TA-P14-005`（SDK 行为收敛）。
+- 下一批 Ready：执行 `TA-P14-005`（SDK 行为收敛）与 `TA-P14-006`（Phase 14 Gate 收口）。
 
 ## 4.2 Blockers（2026-03-03 更新）
 
@@ -414,7 +415,7 @@
 - `TA-P14-001`：DONE（产品聚焦边界冻结，见 `docs/implementation/phase-14/ta-p14-001-phase14-product-focus-boundary-2026-03-03.md`）。
 - `TA-P14-002`：DONE（默认 Web 运维面板下线，见 `docs/implementation/phase-14/ta-p14-002-web-ops-panel-removal-2026-03-03.md`）。
 - `TA-P14-003`：DONE（消息拉取稳定游标改造，见 `docs/implementation/phase-14/ta-p14-003-stable-pull-cursor-2026-03-03.md`）。
-- `TA-P14-004`：TODO（direct 会话参与方访问控制）。
+- `TA-P14-004`：DONE（direct 会话参与方访问控制，见 `docs/implementation/phase-14/ta-p14-004-direct-session-acl-2026-03-03.md`）。
 - `TA-P14-005`：TODO（TS/Python SDK 行为收敛）。
 - `TA-P14-006`：TODO（Phase 14 Gate 收口）。
 - 阶段状态：Phase 14 执行中（产品核心能力与高优缺陷收敛）。

docs/implementation/telagent-v1-task-breakdown.md

@@ -148,7 +148,7 @@ flowchart LR
 | TA-P14-001 | Phase 14 | 冻结产品聚焦边界（回归核心 P2P 应用） | TL + BE + FE + QA | 0.5 | TA-P13-007 | boundary decision doc | Phase 14 范围与 Phase 15 分工冻结 | DONE |
 | TA-P14-002 | Phase 14 | 删除默认 Web 运维面板，保留核心聊天流程 | Frontend | 1 | TA-P14-001 | web app cleanup + build log | 默认界面仅保留核心链路入口，构建通过 | DONE |
 | TA-P14-003 | Phase 14 | 消息拉取稳定游标改造（替代 offset 风险） | Backend + QA | 1.5 | TA-P14-001 | pull cursor upgrade + tests | 清理/撤回场景下分页稳定无重复/跳项 | DONE |
-| TA-P14-004 | Phase 14 | direct 会话访问控制强化（参与方约束） | Backend + Security | 1.5 | TA-P14-001 | direct ACL guard + tests | 非参与方消息写入被拒绝并返回 RFC7807 | TODO |
+| TA-P14-004 | Phase 14 | direct 会话访问控制强化（参与方约束） | Backend + Security | 1.5 | TA-P14-001 | direct ACL guard + tests | 非参与方消息写入被拒绝并返回 RFC7807 | DONE |
 | TA-P14-005 | Phase 14 | TS/Python SDK 核心行为收敛 | DX + Backend + QA | 1 | TA-P14-003, TA-P14-004 | sdk parity extension + checks | 参数、错误语义、返回结构一致 | TODO |
 | TA-P14-006 | Phase 14 | Phase 14 Gate 评审与收口 | TL + QA | 0.5 | TA-P14-002, TA-P14-003, TA-P14-004, TA-P14-005 | gate 结论文档 | Phase 14 正式关闭 | TODO |
 | TA-P15-001 | Phase 15 | Web App 工业级规划总纲冻结 | TL + FE + BE + QA + DX | 1 | TA-P14-001 | industrial planning doc | 功能/架构/平台/质量主线冻结 | DONE |
@@ -357,8 +357,8 @@ flowchart LR
 | TA-P14-001 | DONE | `docs/implementation/phase-14/ta-p14-001-phase14-product-focus-boundary-2026-03-03.md`, `docs/implementation/phase-14/README.md` | 无 | 进入 `TA-P14-002`（删除默认 Web 运维面板） |
 | TA-P14-002 | DONE | `docs/implementation/phase-14/ta-p14-002-web-ops-panel-removal-2026-03-03.md`, `packages/web/src/index.html`, `packages/web/src/main.js` | 无 | 进入 `TA-P14-003`（消息拉取稳定游标改造） |
 | TA-P14-003 | DONE | `docs/implementation/phase-14/ta-p14-003-stable-pull-cursor-2026-03-03.md`, `packages/node/src/services/message-service.ts`, `packages/node/src/storage/message-repository.ts`, `packages/node/src/storage/postgres-message-repository.ts`, `packages/node/src/services/message-service.test.ts`, `packages/node/src/phase4-e2e.test.ts`, `packages/node/scripts/run-phase14-stable-pull-cursor-check.ts`, `docs/implementation/phase-14/logs/2026-03-03-p14-node-build.txt`, `docs/implementation/phase-14/logs/2026-03-03-p14-node-test.txt`, `docs/implementation/phase-14/logs/2026-03-03-p14-stable-pull-cursor-check-run.txt`, `docs/implementation/phase-14/manifests/2026-03-03-p14-stable-pull-cursor-check.json` | 无 | 进入 `TA-P14-004`（direct 会话参与方访问控制） |
-| TA-P14-004 | TODO | `docs/implementation/phase-14/README.md` | 无 | 实施 direct 会话参与方访问控制并补齐测试 |
-| TA-P14-005 | TODO | `docs/implementation/phase-14/README.md` | 无 | TS/Python SDK 行为与错误语义收敛 |
+| TA-P14-004 | DONE | `docs/implementation/phase-14/ta-p14-004-direct-session-acl-2026-03-03.md`, `packages/node/src/services/message-service.ts`, `packages/node/src/storage/message-repository.ts`, `packages/node/src/storage/postgres-message-repository.ts`, `packages/node/src/services/message-service.test.ts`, `packages/node/src/phase4-e2e.test.ts`, `packages/node/scripts/run-phase14-direct-session-acl-check.ts`, `docs/implementation/phase-14/logs/2026-03-03-p14-node-build-ta-p14-004.txt`, `docs/implementation/phase-14/logs/2026-03-03-p14-node-test-ta-p14-004.txt`, `docs/implementation/phase-14/logs/2026-03-03-p14-direct-session-acl-check-run.txt`, `docs/implementation/phase-14/manifests/2026-03-03-p14-direct-session-acl-check.json` | 无 | 进入 `TA-P14-005`（TS/Python SDK 行为收敛） |
+| TA-P14-005 | TODO | `docs/implementation/phase-14/README.md` | 无 | TS/Python SDK 行为与错误语义收敛并补齐专项校验 |
 | TA-P14-006 | TODO | `docs/implementation/phase-14/README.md` | 无 | 阶段回归与 Gate 收口 |
 
 ## 21. Phase 15 Web App 工业级设计与多平台建设（2026-03-03）