deps: bump github.com/chainreactors/ioa from 0.1.1-0.20260618070057-ec99736bed74 to 0.1.1 in the chainreactors group

[dependabot]

Bumps the chainreactors group with 1 update: github.com/chainreactors/ioa.

Updates github.com/chainreactors/ioa from 0.1.1-0.20260618070057-ec99736bed74 to 0.1.1

Release notes

Sourced from github.com/chainreactors/ioa's releases.

v0.1.1 — 认证默认开启 + 广播消息修复 + 文档重构

本版本聚焦于安全默认值、消息路由修复和文档体系重构。

安全

认证默认开启

Server 启动时默认启用 token 认证。未指定 --access-key 时自动生成并输出包含 access key 的连接 URL：

[*] ioa_server status=starting url=http://<access-key>@127.0.0.1:8765

Client 支持从 URL 中解析 access key 并自动注册：

c, _ := client.NewClient("http://<access-key>@127.0.0.1:8765", "")
c.EnsureRegistered(ctx, "my-agent", "", nil)  // 自动使用 URL 中的 access key

破坏性变更：v0.1.0 中未设置 --access-key 时认证关闭，v0.1.1 中认证始终开启。已有的无认证部署需要更新客户端配置。

消息路由

广播消息修复

修复了 GetMessagesForNode 和 GetInboxMessages 的路由逻辑：

• 广播消息（refs.messages = [] 且 refs.nodes = []）现在对 Space 内所有节点可见
• 发送者自身的消息不再出现在自己的收件箱中
• isBroadcast() 判定：refs.nodes 和 refs.messages 均为空的 Root Message

这修复了 Swarm 模式中 Commander 广播目标后，其他节点通过 ioa_read（无 --all）无法看到广播消息的问题。

文档

文档体系重构

删除 spec.md 和 protocol-design.md，重构为结构化文档：

文件	内容
README.md / README_zh.md	核心设计理念、安装、Claude Code 使用、Swarm 协同、集成
docs/design.md / docs/design_zh.md	完整协议规格与理论基础
docs/cli.md / docs/cli_zh.md	CLI 全部命令和参数
docs/extension.md / docs/extension_zh.md	Skill + 子命令 L2 扩展指南

README 内联精简的设计理念（4 概念 / 3 操作 / Message Graph / L2 涌现），取代单独的设计文档入口。全部文档提供中英双语版本。

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, go. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Looks like github.com/chainreactors/ioa is updatable in another way, so this is no longer needed.