vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 20:10:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Route sensitive group commands to the owner privately (#73872)

Browse Source 
* fix(commands): route sensitive group approvals privately

* fix(commands): require owner private routes

* test(commands): cover owner-derived Telegram diagnostics routing
This commit is contained in:
pashpashpash
2026-04-28 17:27:18 -07:00
committed by GitHub
parent e94e9347a4
commit 4aa8da3756
10 changed files with 500 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/channels/discord.md
View File

@@ -904,6 +904,8 @@ Default slash command settings:
Discord auto-enables native exec approvals when `enabled` is unset or `"auto"` and at least one approver can be resolved, either from `execApprovals.approvers` or from `commands.ownerAllowFrom`. Discord does not infer exec approvers from channel `allowFrom`, legacy `dm.allowFrom`, or direct-message `defaultTo`. Set `enabled: false` to disable Discord as a native approval client explicitly.
For sensitive owner-only group commands such as `/diagnostics` and `/export-trajectory`, OpenClaw sends approval prompts and final results privately. It tries Discord DM first when the invoking owner has a Discord owner route; if that is not available, it falls back to the first available owner route from `commands.ownerAllowFrom`, such as Telegram.
When `target` is `channel` or `both`, the approval prompt is visible in the channel. Only resolved approvers can use the buttons; other users receive an ephemeral denial. Approval prompts include the command text, so only enable channel delivery in trusted channels. If the channel ID cannot be derived from the session key, OpenClaw falls back to DM delivery.
Discord also renders the shared approval buttons used by other chat channels. The native Discord adapter mainly adds approver DM routing and channel fanout.

7
docs/tools/exec-approvals-advanced.md
View File

@@ -313,6 +313,13 @@ Shared behavior:
- pending exec approvals expire after 30 minutes by default
- if no operator UI or configured approval client can accept the request, the prompt falls back to `askFallback`
Sensitive owner-only group commands such as `/diagnostics` and `/export-trajectory` use private
owner routing for approval prompts and final results. OpenClaw first tries a private route on the
same surface where the owner ran the command. If that surface has no private owner route, it falls
back to the first available owner route from `commands.ownerAllowFrom`, so a Discord group command
can still send the approval and result to the owner's Telegram DM when Telegram is the configured
primary private interface. The group chat only gets a short acknowledgement.
Telegram defaults to approver DMs (`target: "dm"`). You can switch to `channel` or `both` when you
want approval prompts to appear in the originating Telegram chat/topic as well. For Telegram forum
topics, OpenClaw preserves the topic for the approval prompt and the post-approval follow-up.