feat: cross-session message query (read permission + search shared-groups)

[Jerry-Xin]

Summary

Enable DMWork Bot users to query message history from other sessions (groups/DMs) they participate in, with proper permission checks.

Key Features

1. read action — add permission checks

• Currently read allows querying any channel with zero permission checks
• Add requesterSenderId validation: users can only read channels they participate in
• Owner can read any channel
• Cross-channel results wrapped with prompt injection protection

2. search action — shared-groups discovery

• New search action (query=shared-groups) returns groups shared between requester and bot
• Uses cached group member data with reverse index for performance

3. Supporting infrastructure

• permission.ts: centralized permission check logic
• member-cache.ts: group member cache with reverse index, TTL-based expiry, startup preloading
• owner-registry.ts: module-level owner_uid storage (extracted from startAccount closure)
• audit.ts: structured audit logging for all cross-channel queries

Security Model

• Permission checks use framework-injected requesterSenderId (trusted, not from LLM)
• DM: only channelId === requesterSenderId allowed (or owner)
• Group: only current members allowed (or owner)
• Owner: full access to all bot channels
• Zero OpenClaw core changes required

References

• Design doc: v3 (reviewed by Ken/Claude Code ×2, Angie/Codex ×2)
• Related OpenClaw PR: feat: pass requesterSenderId and senderIsOwner to ChannelAgentToolFactory openclaw/openclaw#58808 (agentTools sender context)

[Jerry-Xin]

I'll take this one. Working on branch feat/cross-session-search.