fix(line): add CommandAuthorized to inbound context (#26996)

[Glucksberg]

Summary

• Fix LINE channel silently rejecting all slash commands (/new, /model, /status, etc.) by adding missing CommandAuthorized field to the inbound context
• LINE was the only channel that did not compute or pass CommandAuthorized via resolveControlCommandGate(), causing finalizeInboundContext to coerce it from undefined to false, which silently blocked all commands

Details

The root cause was in src/line/bot-message-context.ts where the finalizeInboundContext() call did not include a CommandAuthorized field. In inbound-context.ts, the normalization normalized.CommandAuthorized = normalized.CommandAuthorized === true turns undefined into false, which then causes resolveCommandAuthorization to deny all commands.

The fix:

• src/line/bot-handlers.ts: shouldProcessLineEvent() now returns a LineAccessDecision object with both allowed and commandAuthorized fields (previously returned just boolean). It computes commandAuthorized via resolveControlCommandGate() using the same pattern as Telegram, Discord, Slack, and other channels.
• src/line/bot-message-context.ts: buildLineMessageContext(), buildLinePostbackContext(), and finalizeLineInboundContext() now accept and thread through the commandAuthorized parameter, including it in the finalizeInboundContext() payload.
• src/line/bot-message-context.test.ts: Added tests verifying CommandAuthorized is correctly set to true and false for both message and postback contexts.

Closes #26996

Test plan

• All 18 LINE test files pass (116 tests total)
• pnpm check (format + lint + typecheck) passes
• Manual: Send /new via LINE DM with dmPolicy: "pairing" and no commands.allowFrom configured -- command should now be processed instead of silently ignored

[greptile-apps]

Greptile Summary

This PR fixes a critical bug where LINE channel silently rejected all slash commands (/new, /model, /status, etc.) because it failed to compute and pass the CommandAuthorized field to finalizeInboundContext.

Root Cause: The normalization logic in src/auto-reply/reply/inbound-context.ts:91 converts undefined to false via normalized.CommandAuthorized = normalized.CommandAuthorized === true, causing all LINE commands to be denied.

The Fix:

• Modified shouldProcessLineEvent() to return LineAccessDecision object with both allowed and commandAuthorized fields (previously returned only boolean)
• Added resolveControlCommandGate() calls for both group (lines 205-216) and DM (lines 242-253) scenarios, using the same pattern as Telegram, Discord, and Slack
• Threaded commandAuthorized parameter through buildLineMessageContext(), buildLinePostbackContext(), and finalizeLineInboundContext()
• Added helper function resolveEventRawText() to extract text from both message and postback events for command detection

Test Coverage: Added 3 new tests verifying CommandAuthorized is correctly set to both true and false for message and postback contexts.

Code Quality: The implementation is consistent with other channels (Telegram at src/telegram/bot-message-context.ts:306-312, Discord at src/discord/monitor/message-handler.preflight.ts:602-612, Slack at src/slack/monitor/message-handler/prepare.ts:256-265). Type safety improved by changing return type from boolean to structured LineAccessDecision.

Confidence Score: 5/5

• This PR is safe to merge with no identified risks
• Score of 5 (safe to merge) based on: (1) The fix directly addresses a well-defined bug with clear root cause analysis, (2) Implementation exactly mirrors the established pattern used in Telegram, Discord, and Slack channels, (3) Type safety improved by replacing boolean with structured LineAccessDecision type, (4) Comprehensive test coverage added for both true/false authorization states and message/postback event types, (5) No breaking changes or side effects - only adds the missing CommandAuthorized field that was causing silent command rejections, (6) PR description indicates all 116 LINE tests pass and pnpm check (format + lint + typecheck) passes
• No files require special attention

_{Last reviewed commit: 043b24f}

[Takhoffman]

Superseded by #32546, which consolidates this LINE workstream into the merged canonical fix set.