Skip to content

Commit 58d3349

Browse files
committed
docs: document trusted_member_group_ids (config example + both READMEs + v3.9.0 changelog)
1 parent e459767 commit 58d3349

4 files changed

Lines changed: 22 additions & 3 deletions

File tree

CHANGELOG.md

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,21 @@ All notable changes to this project are documented here. The format is based on
44
[Keep a Changelog](https://keepachangelog.com/), and this project adheres to
55
[Semantic Versioning](https://semver.org/).
66

7+
## [3.9.0] - 2026-06-23
8+
9+
### Added
10+
- **Trusted-member group bypass** (`trusted_member_group_ids`) — an applicant who is **already a member
11+
of a configured trusted group** is auto-approved without the quiz, so verified members of a trusted
12+
group (e.g. the main group) don't re-verify when joining a sub-group. Global default + per-group
13+
override (same style as `required_channel_id`). Treated as an **access-control bypass, not a required
14+
channel**: it **fails CLOSED** — if the source-group membership can't be confirmed (lookup error / bot
15+
not in the group / non-member), the applicant just runs the normal verification; a failed auto-approve
16+
is logged + alerted and also falls back, so a request is never left stuck. On a successful bypass it
17+
clears any prior failed-verify strikes and records the approval — creating no pending and posting no
18+
quiz. The trusted source groups are treated as **known chats** (`IsKnownChat`), so the auto-leave logic
19+
never kicks the bot out of a group it needs to read membership from. A startup probe logs whether the
20+
bot can read each trusted group's membership.
21+
722
## [3.8.1] - 2026-06-23
823

924
### Changed

README.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@ Everything else lives in `config.json` (copy `config.example.json`):
8383

8484
| key | meaning |
8585
| --- | --- |
86-
| `groups` | per-group config: `[{id, required_channel_id?, channel_display?, channel_invite_url?, questions?}]`. Each optional field **falls back to the global default** below, so groups can share settings or be configured independently. A bare `group_ids` list (or singular `group_id`) is also accepted and treated as groups with no overrides |
86+
| `groups` | per-group config: `[{id, required_channel_id?, channel_display?, channel_invite_url?, trusted_member_group_ids?, questions?}]`. Each optional field **falls back to the global default** below, so groups can share settings or be configured independently. A bare `group_ids` list (or singular `group_id`) is also accepted and treated as groups with no overrides |
8787
| `required_channel_id` | **global default** channel applicants must join; `0` disables it (override per-group in `groups`) |
8888
| `channel_display` | **global default** channel shown to users, e.g. `@YourChannel` |
8989
| `channel_invite_url` | **global default** explicit join link; required for a **private** channel (no `@handle`) |
@@ -97,6 +97,7 @@ Everything else lives in `config.json` (copy `config.example.json`):
9797
| `verify_retry_seconds` | a declined applicant must wait this long before re-applying (default 180; negative = no cooldown) |
9898
| `verify_max_fails` | failed verifications before an applicant is auto-banned (default 3; negative = never auto-ban) |
9999
| `required_channel_fail_open` | when the bot can't read the required channel's membership, let verified applicants through (`true`, default) or hold them back (`false`). Admins are alerted either way |
100+
| `trusted_member_group_ids` | **trusted-member bypass**: an applicant who is **already a member of any of these chats** is auto-approved without a quiz (e.g. a sub-group trusting the main group's members). **Global default; override per-group** in `groups`. Use real chat ids (groups are `-100…`); the bot must be in each listed chat to read membership (they're treated as known chats, never auto-left). Unlike a required channel this **fails closed** — if membership can't be confirmed, the applicant just does the normal verification |
100101
| `admin_log_chat_id` | optional chat that receives a line per moderation / failed-approve event |
101102
| `overlays` | `/pkg` GitHub overlays `[{name,repo,branch}]` (default: gentoo-zh + guru) |
102103
| `news_url` | `/news` source index URL (default: gentoo.org news-items) |

README.zh-CN.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ GITHUB_TOKEN=ghp_xxx
6868

6969
|| 含义 |
7070
| --- | --- |
71-
| `groups` | 每个群单独配置:`[{id, required_channel_id?, channel_display?, channel_invite_url?, questions?}]`。每个可选字段**缺省时回落到下面的全局默认**,所以两个群既能共享设置、也能各自独立配置。也接受裸 `group_ids` 列表(或单数 `group_id`),当作无覆盖的群 |
71+
| `groups` | 每个群单独配置:`[{id, required_channel_id?, channel_display?, channel_invite_url?, trusted_member_group_ids?, questions?}]`。每个可选字段**缺省时回落到下面的全局默认**,所以两个群既能共享设置、也能各自独立配置。也接受裸 `group_ids` 列表(或单数 `group_id`),当作无覆盖的群 |
7272
| `required_channel_id` | **全局默认**:申请人必须关注的频道数字 id;`0` 关闭(可在 `groups` 里按群覆盖) |
7373
| `channel_display` | **全局默认**:展示给用户的频道,如 `@YourChannel` |
7474
| `channel_invite_url` | **全局默认**:频道邀请链接;**私有频道**(无 `@` 用户名)必填 |
@@ -82,6 +82,7 @@ GITHUB_TOKEN=ghp_xxx
8282
| `verify_retry_seconds` | 被拒申请人需等待多久才能重新申请(默认 180;负数 = 无冷却) |
8383
| `verify_max_fails` | 连续验证失败多少次后自动封禁(默认 3;负数 = 永不自动封禁) |
8484
| `required_channel_fail_open` | 当 bot 读不到必关频道成员状态时,放行已答题的申请人(`true`,默认)还是拦下(`false`)。两种情况都会告警管理员 |
85+
| `trusted_member_group_ids` | **可信成员免验证**:申请人若**已经是这些群之一的成员**,直接批准、跳过答题(例:子群信任主群的成员)。**全局默认,可在 `groups` 里按群覆盖**。用真实 chat id(群是 `-100…`);bot 必须在每个列出的群里才能读成员状态(它们会被当作已知聊天、不会被自动退出)。与必关频道不同,这里**fail-closed**——读不到成员身份就走正常验证,绝不直接放行 |
8586
| `admin_log_chat_id` | 可选:接收每次管理操作 / 批准失败的日志 |
8687
| `overlays` | `/pkg` 的 GitHub overlay `[{name,repo,branch}]`(默认 gentoo-zh + guru) |
8788
| `news_url` | `/news` 源索引 URL(默认 gentoo.org) |

config.example.json

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
11
{
22
"groups": [
33
{"id": -1001234567890},
4-
{"id": -1009876543210, "required_channel_id": -1001112223334, "channel_display": "@OtherChannel"}
4+
{"id": -1009876543210, "required_channel_id": -1001112223334, "channel_display": "@OtherChannel"},
5+
{"id": -1005556667778, "trusted_member_group_ids": [-1001234567890]}
56
],
67
"required_channel_id": 0,
78
"channel_display": "@YourChannel",
@@ -16,6 +17,7 @@
1617
"verify_retry_seconds": 180,
1718
"verify_max_fails": 3,
1819
"required_channel_fail_open": true,
20+
"trusted_member_group_ids": [],
1921
"admin_log_chat_id": 0,
2022
"rich_messages": false,
2123
"user_agent": "",

0 commit comments

Comments
 (0)