fix(matrix): hot-reload dm.allowFrom and groupAllowFrom on each inbound message

Re-read raw allowlist entries from live config on each inbound message, merging with the startup-time resolved values. This allows new entries in dm.allowFrom and groupAllowFrom to take effect immediately without restarting the gateway. Display-name resolution still only runs at startup, so newly added entries should use full Matrix IDs (@user:server) for reliable matching. Closes #68544
2026-05-14 09:20:43 +00:00 · 2026-04-18 20:39:30 +08:00
parent 55f094ea33
commit 2289f56c49
2 changed files with 20 additions and 3 deletions
--- a/extensions/matrix/src/matrix/monitor/handler.test-helpers.ts
+++ b/extensions/matrix/src/matrix/monitor/handler.test-helpers.ts
@@ -115,6 +115,7 @@ export function createMatrixHandlerTestHarness(
      counts: { final: 0, block: 0, tool: 0 },
    }));
  const enqueueSystemEvent = options.enqueueSystemEvent ?? vi.fn();
+  const cfgForHandler = options.cfg ?? {};

  const handler = createMatrixRoomMessageHandler({
    client: {
@@ -123,6 +124,9 @@ export function createMatrixHandlerTestHarness(
      ...options.client,
    } as never,
    core: {
+      config: {
+        loadConfig: () => cfgForHandler,
+      },
      channel: {
        pairing: {
          readAllowFromStore,
@@ -193,7 +197,7 @@ export function createMatrixHandlerTestHarness(
        enqueueSystemEvent,
      },
    } as never,
-    cfg: (options.cfg ?? {}) as never,
+    cfg: cfgForHandler as never,
    accountId: options.accountId ?? "ops",
    runtime:
      options.runtime ??
--- a/extensions/matrix/src/matrix/monitor/handler.ts
+++ b/extensions/matrix/src/matrix/monitor/handler.ts
@@ -14,6 +14,7 @@ import type {
  MatrixStreamingMode,
  ReplyToMode,
 } from "../../types.js";
+import { resolveMatrixAccountConfig } from "../account-config.js";
 import { formatMatrixErrorMessage } from "../errors.js";
 import { isMatrixMediaSizeLimitError } from "../media-errors.js";
 import {
@@ -638,10 +639,22 @@ export function createMatrixRoomMessageHandler(params: MatrixMonitorHandlerParam
        };
        const storeAllowFrom = isDirectMessage ? await readStoreAllowFrom() : [];
        const roomUsers = roomConfig?.users ?? [];
+        // Hot-reload: re-read raw allowlist entries from live config on each
+        // inbound message so additions to dm.allowFrom / groupAllowFrom take
+        // effect without restarting the gateway. Display-name resolution still
+        // only runs at startup, so new entries must be full Matrix IDs
+        // (@user:server). Merging with the closure values preserves any
+        // startup-time resolution work.
+        const liveAccountCfg = resolveMatrixAccountConfig({
+          cfg: core.config.loadConfig() as CoreConfig,
+          accountId,
+        });
+        const liveDmAllowFrom = (liveAccountCfg.dm?.allowFrom ?? []).map(String);
+        const liveGroupAllowFrom = (liveAccountCfg.groupAllowFrom ?? []).map(String);
        const accessState = resolveMatrixMonitorAccessState({
-          allowFrom,
+          allowFrom: [...allowFrom, ...liveDmAllowFrom],
          storeAllowFrom,
-          groupAllowFrom,
+          groupAllowFrom: [...groupAllowFrom, ...liveGroupAllowFrom],
          roomUsers,
          senderId,
          isRoom,