Owner-only command routing now requires true owner identity or internal operator admin context.
Owner-command enforcement hardening
Owner-enforced commands now require one of:
- an owner-candidate identity match, or
- internal
operator.admin
Permissive channel allowFrom fallback and empty owner-candidate lists no longer satisfy owner-only command checks when owner enforcement is enabled.