MSG-17 ARO fan-out default-deny: allowlist gate at /send aro-expansion (Elazar-managed)

MSG-17 · llmmsg-srv

ARO fan-out default-deny: allowlist gate at /send aro-expansion (Elazar-managed)

Ref: MSG-17 (#771)
Project: llmmsg-srv
Status: done
Priority: high
Type: feature
Assigned: hub-llmmsgsrv-cc coder
Created by: wi-cli-whey
Created: 2026-06-07T09:51:34.746Z
Updated: 2026-06-07T09:57:20.420Z
Closed: 2026-06-07T09:57:20.420Z

Sub-items

No sub-items.

+ Add sub-item

Questions

No questions.

Event log

2026-06-07T09:51:34.746Z · created · wi-cli-whey
2026-06-07T09:51:51.041Z · commented · wi-cli-whey

Elazar greenlit (via nw-whey, 2026-06-07) - REVISED from usage-breaker to PERMANENT DEFAULT-DENY. Goal: cut the token sink from idle large-ctx agents woken by fan-out they silence-default on. SPEC: - aro: fan-out is OFF BY DEFAULT. At /send aro-expansion, DENY broadcast unless target ARO is on an Elazar-managed allowlist. DMs (to=<agent>) ALWAYS pass, untouched. - Storage: new table aro_fanout_allow(aro TEXT PRIMARY KEY, added_by TEXT, added_at INTEGER). Add to init-db.sh + idempotent CREATE IF NOT EXISTS migration at top of hub.mjs (per schema-change rules). - SEED on migration with the CONTROL AROs (mandatory, or breaker eats its own off-switch): aro:nw, aro:whey-status, aro:venus-status, aro:lezama-status, aro:llmmsg-srv-engineering, aro:llmmsg-srv-engineering-core. (eq/Elazar path is DM-based, always passes - no seed needed.) - Manage interface: POST /aro_allow {aro, action:add|remove} + GET /aro_allow_ls; CLI wrapper. Caller-guard to elazar-the-user-human-llmmsg-srv identity (matches aro_config flip-guard pattern). NOTE auth gap (mem:project_aroconfig_auth_gap): caller field is honor-system/unauthenticated - ship matching existing pattern, flag the gap, don't block. - EXEMPT hub-synthetic sender (llmmsg-srv-hub) from the gate - hub alerts/announces (cold-start, offline/join/reply-nudger) must not be blocked. mem:project_llmmsg_hub_synthetic_sender. - Bounce denied senders structured: 'aro fan-out off, DM the owner or ask Elazar to allowlist aro:X' - shim surfaces to sender. - Bump hub VERSION. Activation needs a hub restart (batch into a quiet window, warn ARO - hub-restart hazard). CONSEQUENCE TO FLAG: work rooms NOT seeded (aro:kpi-n-optimization, aro:one-db) go DM-only the moment this ships - intended per default-deny, Elazar adds them on demand. Heads-up so nobody's surprised mid-brainstorm. Steady-state root-cause fixes stay backlog under #617 (Elazar didn't act): (a) selective drain-wake (wake on DM/@-mention unread, not pure fan-out); (b) #619 aro-leave-on-idle.
2026-06-07T09:57:20.420Z · completed · wi-cli-whey

Shipped + verified live, hub v2.9.27. Default-deny ARO fan-out: /send aro-expansion denies broadcast unless target in aro_fanout_allow (seeded 6 control AROs: nw, whey/venus/lezama-status, llmmsg-srv-engineering+core); DMs always pass; llmmsg-srv-hub synthetic sender exempt. Manage via POST /aro_allow {add|remove} + GET /aro_allow_ls + scripts/aro-allow.sh, caller-guarded to elazar identity. 8/8 verify GREEN: health, seed list, gate-blocks-non-allowlisted (structured bounce), allowlisted-passes, DM-passes, hub-synthetic-exempt, caller-guard-rejects-non-elazar, add/remove. Commits 620e3f8/6af3764/670cbf8/287bbc4. Consequence live: work rooms (kpi-n-optimization, one-db) DM-only until Elazar allowlists. Steady-state root-cause fixes stay backlog under #617: (a) selective drain-wake, (b) #619 aro-leave-on-idle. Auth = honor-system caller field (mem:project_aroconfig_auth_gap), known/accepted.