pub fn delete(
conn: &Connection,
id: &str,
caller_agent_id: Option<&str>,
) -> Result<bool>Expand description
Delete a subscription by id, optionally scoped to its owner.
Cross-tenant authorization (#870, security-high, 2026-05-18):
When caller_agent_id is Some(aid), the DELETE only matches rows
where created_by = aid — preventing tenant A from unsubscribing
tenant B’s webhook. When None, the DELETE matches by id alone
(admin path: federation receive, GC, operator CLI). Callers exposed
to untrusted input (MCP memory_unsubscribe, HTTP
DELETE /api/v1/subscriptions) MUST pass Some(<authenticated caller>) — anything else is a bypass.
Returns true if a row was removed (i.e. it both existed AND matched the owner clause when one was supplied).