feat(acl): caller identity transmission for cross-bot access control

[wonb168]

Summary

• Add CallerInfo type — carries name, platform, appId, peerName, userId across bot calls
• Enforce caller identity on all /api/talk requests: no caller → 403, so agents must use mb talk (not raw curl)
• Auto-inject METABOT_CALLER env var into Claude/Codex subprocess so mb talk calls chain identity automatically
• Append own Feishu appId + mb-talk guidance to agent system prompt for downstream ACL
• Add --as flag to mb CLI for manual caller override
• Fix X-MetaBot-Origin header: now sends actual peer name instead of literal "peer"
• Remove unused Kimi engine

Use case

Enables caiwu-agent (or any agent) to require a valid Feishu appId from callers and look up project permissions in a config table — without any changes to the MetaBot core routing layer.

Test plan

• mb talk <bot> <chatId> <prompt> auto-includes caller identity (no manual --as needed)
• Direct curl /api/talk without caller field returns 403
• Cross-peer forwarded requests carry peerName in caller identity
• Agent system prompt contains Caller identity: line with appId when called via peer

🤖 Generated with Claude Code

[floodsung]

Thanks for the contribution! The ACL work itself looks solid and is a real gap we want filled. Before we can merge, though, the PR needs to be split — it currently bundles three unrelated changes, and one of them is a regression we can't take.

1. ✅ Caller identity / ACL (keep — this is what we want)

• CallerInfo type
• /api/talk 403 on missing caller
• mb talk auto-inject + --as override
• METABOT_CALLER env propagation through Claude/Codex executors
• X-MetaBot-Origin peer-name fix
• Agent system-prompt caller-identity line

If you re-base just these into a fresh feature branch (e.g. feat/caller-identity-acl), we'd be happy to review and merge.

2. 🟡 Markdown table → Feishu column_set (split into its own PR)

The card-builder.ts change (the splitMarkdownByTables + tableToColumnSet helpers, ~120 lines) is a separate UX improvement, unrelated to ACL. Please open it as its own PR so we can review the rendering behavior independently — tests around table parsing, column-count limits, and how it interacts with truncateContent deserve a focused review.

3. ❌ Kimi engine removal (please revert)

src/engines/kimi/executor.ts (484 lines) + src/engines/kimi/index.ts (29 lines) being deleted is a blocker. Kimi Code is one of three first-class engines, documented in:

• README.md / README_EN.md (the "Multi-Engine: Claude Code ✕ Kimi Code ✕ Codex CLI" section + the engine-choice badges in the header)
• CLAUDE.md (the "Prerequisites" engine matrix)
• install.sh / install.ps1 (the engine picker in the installer)
• bots.example.json (engine field documentation)

It's actively supported and chosen by users running on Moonshot subscriptions. Could you drop the deletion (src/engines/kimi/** + the references removed from src/engines/index.ts, src/config.ts, src/bridge/command-handler.ts, src/engines/types.ts) from this PR?

One more thing: the branch is your fork's main — for future PRs, please cut from dev to a feature branch (e.g. feat/...), per CONTRIBUTING. That avoids your main drifting from upstream and lets CI run cleanly on the fork.

Thanks again — happy to review as soon as the ACL piece is on its own branch. 🙏