zzstoatzz.io / bot
a digital entity named phi that roams bsky phi.zzstoatzz.io
2
fork

Configure Feed

Select the types of activity you want to include in your feed.

harden like-as-authorization: scope to likes/reposts only, add prompt guard

_is_owner in batch mode now only counts owner likes/reposts (not
mentions/follows), and operational instructions explicitly state that
a like only authorizes the specific action in that thread, not other
requests that happen to land in the same batch.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

zzstoatzz 370106f7 bd855507

+8 -3
+1 -1
src/bot/agent.py
··· 37 37 mention consent: @handle text only notifies if they're on the allowlist (@{settings.owner_handle}, yourself, conversation participants, opted-in handles). manage_mentionable is OWNER-ONLY. 38 38 39 39 create_feed and follow_user are OWNER-ONLY (restricted to @{settings.owner_handle}). 40 - a like from the owner on a post where you requested authorization counts as approval — act on it. 40 + a like from the owner on a post where you requested authorization counts as approval — act on it. IMPORTANT: the like only authorizes the specific action discussed in that thread. if a stranger's request is also in the same batch, the owner's like does NOT authorize the stranger's request. 41 41 42 42 check_services checks nate's infrastructure, not yours. only use during reflection or when explicitly asked about services. 43 43 """.strip()
+7 -2
src/bot/tools/_helpers.py
··· 43 43 """Check if the bot's owner is participating in this interaction. 44 44 45 45 In single-message mode, checks author_handle directly. In batch mode 46 - (author_handle is empty), checks whether any notification in the batch 47 - came from the owner — a like counts as presence. 46 + (author_handle is empty), only unlocks when the owner liked or 47 + reposted one of phi's posts. Like/repost notifications only fire 48 + for engagement on phi's own content (protocol-level guarantee), so 49 + a stranger mentioning phi in the same batch can't inherit owner 50 + authorization. Direct mentions/replies from the owner still go 51 + through the single-message path where author_handle is set. 48 52 """ 49 53 if ctx.deps.author_handle == settings.owner_handle: 50 54 return True 51 55 if ctx.deps.notifications_context: 52 56 return any( 53 57 e.get("author_handle") == settings.owner_handle 58 + and e.get("reason") in ("like", "repost") 54 59 for e in ctx.deps.notifications_context.values() 55 60 ) 56 61 return False