refactor: clarify approval binding helpers

2026-04-10 08:41:13 +00:00 · 2026-04-03 13:19:58 -04:00
parent cae169cd4f
commit 223e7a6eb8
1 changed files with 20 additions and 13 deletions
--- a/src/infra/exec-approval-session-target.ts
+++ b/src/infra/exec-approval-session-target.ts
@@ -115,7 +115,7 @@ export function resolveExecApprovalSessionTarget(params: {
  };
 }

-function resolveApprovalRequestSessionBinding(params: {
+function resolvePersistedApprovalRequestSessionBinding(params: {
  cfg: OpenClawConfig;
  request: ApprovalRequestLike;
 }): ApprovalRequestSessionBinding | null {
@@ -163,18 +163,19 @@ function resolveApprovalRequestStoredSessionTarget(params: {
  });
 }

-function resolveApprovalRequestSessionAccountBinding(params: {
+// Account scoping uses the persisted same-channel binding first. The generic
+// session target only backfills legacy sessions that never stored `origin.*`.
+function resolveApprovalRequestAccountBinding(params: {
  cfg: OpenClawConfig;
  request: ApprovalRequestLike;
-  useStoredSessionTarget?: boolean;
+  sessionTarget?: ExecApprovalSessionTarget | null;
 }): ApprovalRequestSessionBinding | null {
-  const sessionTarget = params.useStoredSessionTarget
-    ? resolveApprovalRequestStoredSessionTarget(params)
-    : resolveApprovalRequestSessionTarget(params);
-  const sessionBinding = resolveApprovalRequestSessionBinding(params);
-  const channel = normalizeOptionalChannel(sessionBinding?.channel ?? sessionTarget?.channel);
+  const sessionBinding = resolvePersistedApprovalRequestSessionBinding(params);
+  const channel = normalizeOptionalChannel(
+    sessionBinding?.channel ?? params.sessionTarget?.channel,
+  );
  const accountId = normalizeOptionalAccountId(
-    sessionBinding?.accountId ?? sessionTarget?.accountId,
+    sessionBinding?.accountId ?? params.sessionTarget?.accountId,
  );
  return channel || accountId ? { channel, accountId } : null;
 }
@@ -197,7 +198,10 @@ export function resolveApprovalRequestAccountId(params: {
    return turnSourceAccountId;
  }

-  const sessionBinding = resolveApprovalRequestSessionAccountBinding(params);
+  const sessionBinding = resolveApprovalRequestAccountBinding({
+    ...params,
+    sessionTarget: resolveApprovalRequestSessionTarget(params),
+  });
  const sessionChannel = sessionBinding?.channel;
  if (expectedChannel && sessionChannel && sessionChannel !== expectedChannel) {
    return null;
@@ -221,9 +225,9 @@ export function resolveApprovalRequestChannelAccountId(params: {
    return resolveApprovalRequestAccountId(params);
  }

-  const sessionBinding = resolveApprovalRequestSessionAccountBinding({
+  const sessionBinding = resolveApprovalRequestAccountBinding({
    ...params,
-    useStoredSessionTarget: true,
+    sessionTarget: resolveApprovalRequestStoredSessionTarget(params),
  });
  const sessionChannel = sessionBinding?.channel;
  if (sessionChannel && sessionChannel !== expectedChannel) {
@@ -257,7 +261,10 @@ export function doesApprovalRequestMatchChannelAccount(params: {
    return !expectedAccountId || expectedAccountId === turnSourceAccountId;
  }

-  const sessionBinding = resolveApprovalRequestSessionAccountBinding(params);
+  const sessionBinding = resolveApprovalRequestAccountBinding({
+    ...params,
+    sessionTarget: resolveApprovalRequestSessionTarget(params),
+  });
  const sessionChannel = sessionBinding?.channel;
  if (sessionChannel && sessionChannel !== expectedChannel) {
    return false;