mirror of
https://github.com/openclaw/openclaw.git
synced 2026-03-12 07:20:45 +00:00
refactor: unify channel open-group-policy warning builders
This commit is contained in:
Peter Steinberger
@@ -1,3 +1,4 @@
|
||||
import { buildOpenGroupPolicyRestrictSendersWarning } from "openclaw/plugin-sdk";
|
||||
import type {
|
||||
ChannelAccountSnapshot,
|
||||
ChannelPlugin,
|
||||
@@ -144,7 +145,13 @@ export const bluebubblesPlugin: ChannelPlugin<ResolvedBlueBubblesAccount> = {
|
||||
return [];
|
||||
}
|
||||
return [
|
||||
`- BlueBubbles groups: groupPolicy="open" allows any member to trigger the bot. Set channels.bluebubbles.groupPolicy="allowlist" + channels.bluebubbles.groupAllowFrom to restrict senders.`,
|
||||
buildOpenGroupPolicyRestrictSendersWarning({
|
||||
surface: "BlueBubbles groups",
|
||||
openScope: "any member",
|
||||
groupPolicyPath: "channels.bluebubbles.groupPolicy",
|
||||
groupAllowFromPath: "channels.bluebubbles.groupAllowFrom",
|
||||
mentionGated: false,
|
||||
}),
|
||||
];
|
||||
},
|
||||
},
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
import {
|
||||
buildOpenGroupPolicyConfigureRouteAllowlistWarning,
|
||||
buildOpenGroupPolicyWarning,
|
||||
} from "openclaw/plugin-sdk";
|
||||
import {
|
||||
applyAccountNameToChannelSection,
|
||||
buildComputedAccountStatusSnapshot,
|
||||
@@ -151,11 +155,22 @@ export const discordPlugin: ChannelPlugin<ResolvedDiscordAccount> = {
|
||||
if (groupPolicy === "open") {
|
||||
if (channelAllowlistConfigured) {
|
||||
warnings.push(
|
||||
`- Discord guilds: groupPolicy="open" allows any channel not explicitly denied to trigger (mention-gated). Set channels.discord.groupPolicy="allowlist" and configure channels.discord.guilds.<id>.channels.`,
|
||||
buildOpenGroupPolicyConfigureRouteAllowlistWarning({
|
||||
surface: "Discord guilds",
|
||||
openScope: "any channel not explicitly denied",
|
||||
groupPolicyPath: "channels.discord.groupPolicy",
|
||||
routeAllowlistPath: "channels.discord.guilds.<id>.channels",
|
||||
}),
|
||||
);
|
||||
} else {
|
||||
warnings.push(
|
||||
`- Discord guilds: groupPolicy="open" with no guild/channel allowlist; any channel can trigger (mention-gated). Set channels.discord.groupPolicy="allowlist" and configure channels.discord.guilds.<id>.channels.`,
|
||||
buildOpenGroupPolicyWarning({
|
||||
surface: "Discord guilds",
|
||||
openBehavior:
|
||||
"with no guild/channel allowlist; any channel can trigger (mention-gated)",
|
||||
remediation:
|
||||
'Set channels.discord.groupPolicy="allowlist" and configure channels.discord.guilds.<id>.channels',
|
||||
}),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
import { buildOpenGroupPolicyRestrictSendersWarning } from "openclaw/plugin-sdk";
|
||||
import type { ChannelMeta, ChannelPlugin, ClawdbotConfig } from "openclaw/plugin-sdk/feishu";
|
||||
import {
|
||||
buildProbeChannelStatusSummary,
|
||||
@@ -268,7 +269,12 @@ export const feishuPlugin: ChannelPlugin<ResolvedFeishuAccount> = {
|
||||
});
|
||||
if (groupPolicy !== "open") return [];
|
||||
return [
|
||||
`- Feishu[${account.accountId}] groups: groupPolicy="open" allows any member to trigger (mention-gated). Set channels.feishu.groupPolicy="allowlist" + channels.feishu.groupAllowFrom to restrict senders.`,
|
||||
buildOpenGroupPolicyRestrictSendersWarning({
|
||||
surface: `Feishu[${account.accountId}] groups`,
|
||||
openScope: "any member",
|
||||
groupPolicyPath: "channels.feishu.groupPolicy",
|
||||
groupAllowFromPath: "channels.feishu.groupAllowFrom",
|
||||
}),
|
||||
];
|
||||
},
|
||||
},
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
import { buildOpenGroupPolicyConfigureRouteAllowlistWarning } from "openclaw/plugin-sdk";
|
||||
import {
|
||||
applyAccountNameToChannelSection,
|
||||
applySetupAccountConfigPatch,
|
||||
@@ -212,7 +213,12 @@ export const googlechatPlugin: ChannelPlugin<ResolvedGoogleChatAccount> = {
|
||||
});
|
||||
if (groupPolicy === "open") {
|
||||
warnings.push(
|
||||
`- Google Chat spaces: groupPolicy="open" allows any space to trigger (mention-gated). Set channels.googlechat.groupPolicy="allowlist" and configure channels.googlechat.groups.`,
|
||||
buildOpenGroupPolicyConfigureRouteAllowlistWarning({
|
||||
surface: "Google Chat spaces",
|
||||
openScope: "any space",
|
||||
groupPolicyPath: "channels.googlechat.groupPolicy",
|
||||
routeAllowlistPath: "channels.googlechat.groups",
|
||||
}),
|
||||
);
|
||||
}
|
||||
if (account.config.dm?.policy === "open") {
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
import { buildOpenGroupPolicyRestrictSendersWarning } from "openclaw/plugin-sdk";
|
||||
import {
|
||||
applyAccountNameToChannelSection,
|
||||
buildChannelConfigSchema,
|
||||
@@ -155,7 +156,13 @@ export const imessagePlugin: ChannelPlugin<ResolvedIMessageAccount> = {
|
||||
return [];
|
||||
}
|
||||
return [
|
||||
`- iMessage groups: groupPolicy="open" allows any member to trigger the bot. Set channels.imessage.groupPolicy="allowlist" + channels.imessage.groupAllowFrom to restrict senders.`,
|
||||
buildOpenGroupPolicyRestrictSendersWarning({
|
||||
surface: "iMessage groups",
|
||||
openScope: "any member",
|
||||
groupPolicyPath: "channels.imessage.groupPolicy",
|
||||
groupAllowFromPath: "channels.imessage.groupAllowFrom",
|
||||
mentionGated: false,
|
||||
}),
|
||||
];
|
||||
},
|
||||
},
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
import { buildOpenGroupPolicyWarning } from "openclaw/plugin-sdk";
|
||||
import {
|
||||
buildBaseAccountStatusSnapshot,
|
||||
buildBaseChannelStatusSummary,
|
||||
@@ -146,7 +147,11 @@ export const ircPlugin: ChannelPlugin<ResolvedIrcAccount, IrcProbe> = {
|
||||
});
|
||||
if (groupPolicy === "open") {
|
||||
warnings.push(
|
||||
'- IRC channels: groupPolicy="open" allows all channels and senders (mention-gated). Prefer channels.irc.groupPolicy="allowlist" with channels.irc.groups.',
|
||||
buildOpenGroupPolicyWarning({
|
||||
surface: "IRC channels",
|
||||
openBehavior: "allows all channels and senders (mention-gated)",
|
||||
remediation: 'Prefer channels.irc.groupPolicy="allowlist" with channels.irc.groups',
|
||||
}),
|
||||
);
|
||||
}
|
||||
if (!account.config.tls) {
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
import { buildOpenGroupPolicyRestrictSendersWarning } from "openclaw/plugin-sdk";
|
||||
import {
|
||||
buildChannelConfigSchema,
|
||||
buildComputedAccountStatusSnapshot,
|
||||
@@ -185,7 +186,13 @@ export const linePlugin: ChannelPlugin<ResolvedLineAccount> = {
|
||||
return [];
|
||||
}
|
||||
return [
|
||||
`- LINE groups: groupPolicy="open" allows any member in groups to trigger. Set channels.line.groupPolicy="allowlist" + channels.line.groupAllowFrom to restrict senders.`,
|
||||
buildOpenGroupPolicyRestrictSendersWarning({
|
||||
surface: "LINE groups",
|
||||
openScope: "any member in groups",
|
||||
groupPolicyPath: "channels.line.groupPolicy",
|
||||
groupAllowFromPath: "channels.line.groupAllowFrom",
|
||||
mentionGated: false,
|
||||
}),
|
||||
];
|
||||
},
|
||||
},
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
import { buildOpenGroupPolicyWarning } from "openclaw/plugin-sdk";
|
||||
import {
|
||||
applyAccountNameToChannelSection,
|
||||
buildChannelConfigSchema,
|
||||
@@ -184,7 +185,12 @@ export const matrixPlugin: ChannelPlugin<ResolvedMatrixAccount> = {
|
||||
return [];
|
||||
}
|
||||
return [
|
||||
'- Matrix rooms: groupPolicy="open" allows any room to trigger (mention-gated). Set channels.matrix.groupPolicy="allowlist" + channels.matrix.groups (and optionally channels.matrix.groupAllowFrom) to restrict rooms.',
|
||||
buildOpenGroupPolicyWarning({
|
||||
surface: "Matrix rooms",
|
||||
openBehavior: "allows any room to trigger (mention-gated)",
|
||||
remediation:
|
||||
'Set channels.matrix.groupPolicy="allowlist" + channels.matrix.groups (and optionally channels.matrix.groupAllowFrom) to restrict rooms',
|
||||
}),
|
||||
];
|
||||
},
|
||||
},
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
import { buildOpenGroupPolicyRestrictSendersWarning } from "openclaw/plugin-sdk";
|
||||
import {
|
||||
applyAccountNameToChannelSection,
|
||||
applySetupAccountConfigPatch,
|
||||
@@ -305,7 +306,12 @@ export const mattermostPlugin: ChannelPlugin<ResolvedMattermostAccount> = {
|
||||
return [];
|
||||
}
|
||||
return [
|
||||
`- Mattermost channels: groupPolicy="open" allows any member to trigger (mention-gated). Set channels.mattermost.groupPolicy="allowlist" + channels.mattermost.groupAllowFrom to restrict senders.`,
|
||||
buildOpenGroupPolicyRestrictSendersWarning({
|
||||
surface: "Mattermost channels",
|
||||
openScope: "any member",
|
||||
groupPolicyPath: "channels.mattermost.groupPolicy",
|
||||
groupAllowFromPath: "channels.mattermost.groupAllowFrom",
|
||||
}),
|
||||
];
|
||||
},
|
||||
},
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
import { buildOpenGroupPolicyRestrictSendersWarning } from "openclaw/plugin-sdk";
|
||||
import type {
|
||||
ChannelMessageActionName,
|
||||
ChannelPlugin,
|
||||
@@ -144,7 +145,12 @@ export const msteamsPlugin: ChannelPlugin<ResolvedMSTeamsAccount> = {
|
||||
return [];
|
||||
}
|
||||
return [
|
||||
`- MS Teams groups: groupPolicy="open" allows any member to trigger (mention-gated). Set channels.msteams.groupPolicy="allowlist" + channels.msteams.groupAllowFrom to restrict senders.`,
|
||||
buildOpenGroupPolicyRestrictSendersWarning({
|
||||
surface: "MS Teams groups",
|
||||
openScope: "any member",
|
||||
groupPolicyPath: "channels.msteams.groupPolicy",
|
||||
groupAllowFromPath: "channels.msteams.groupAllowFrom",
|
||||
}),
|
||||
];
|
||||
},
|
||||
},
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
import {
|
||||
buildOpenGroupPolicyNoRouteAllowlistWarning,
|
||||
buildOpenGroupPolicyRestrictSendersWarning,
|
||||
} from "openclaw/plugin-sdk";
|
||||
import {
|
||||
applyAccountNameToChannelSection,
|
||||
buildBaseChannelStatusSummary,
|
||||
@@ -148,11 +152,22 @@ export const nextcloudTalkPlugin: ChannelPlugin<ResolvedNextcloudTalkAccount> =
|
||||
account.config.rooms && Object.keys(account.config.rooms).length > 0;
|
||||
if (roomAllowlistConfigured) {
|
||||
return [
|
||||
`- Nextcloud Talk rooms: groupPolicy="open" allows any member in allowed rooms to trigger (mention-gated). Set channels.nextcloud-talk.groupPolicy="allowlist" + channels.nextcloud-talk.groupAllowFrom to restrict senders.`,
|
||||
buildOpenGroupPolicyRestrictSendersWarning({
|
||||
surface: "Nextcloud Talk rooms",
|
||||
openScope: "any member in allowed rooms",
|
||||
groupPolicyPath: "channels.nextcloud-talk.groupPolicy",
|
||||
groupAllowFromPath: "channels.nextcloud-talk.groupAllowFrom",
|
||||
}),
|
||||
];
|
||||
}
|
||||
return [
|
||||
`- Nextcloud Talk rooms: groupPolicy="open" with no channels.nextcloud-talk.rooms allowlist; any room can add + ping (mention-gated). Set channels.nextcloud-talk.groupPolicy="allowlist" + channels.nextcloud-talk.groupAllowFrom or configure channels.nextcloud-talk.rooms.`,
|
||||
buildOpenGroupPolicyNoRouteAllowlistWarning({
|
||||
surface: "Nextcloud Talk rooms",
|
||||
routeAllowlistPath: "channels.nextcloud-talk.rooms",
|
||||
routeScope: "room",
|
||||
groupPolicyPath: "channels.nextcloud-talk.groupPolicy",
|
||||
groupAllowFromPath: "channels.nextcloud-talk.groupAllowFrom",
|
||||
}),
|
||||
];
|
||||
},
|
||||
},
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
import { buildOpenGroupPolicyRestrictSendersWarning } from "openclaw/plugin-sdk";
|
||||
import {
|
||||
applyAccountNameToChannelSection,
|
||||
buildBaseAccountStatusSnapshot,
|
||||
@@ -179,7 +180,13 @@ export const signalPlugin: ChannelPlugin<ResolvedSignalAccount> = {
|
||||
return [];
|
||||
}
|
||||
return [
|
||||
`- Signal groups: groupPolicy="open" allows any member to trigger the bot. Set channels.signal.groupPolicy="allowlist" + channels.signal.groupAllowFrom to restrict senders.`,
|
||||
buildOpenGroupPolicyRestrictSendersWarning({
|
||||
surface: "Signal groups",
|
||||
openScope: "any member",
|
||||
groupPolicyPath: "channels.signal.groupPolicy",
|
||||
groupAllowFromPath: "channels.signal.groupAllowFrom",
|
||||
mentionGated: false,
|
||||
}),
|
||||
];
|
||||
},
|
||||
},
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
import {
|
||||
buildOpenGroupPolicyConfigureRouteAllowlistWarning,
|
||||
buildOpenGroupPolicyWarning,
|
||||
} from "openclaw/plugin-sdk";
|
||||
import {
|
||||
applyAccountNameToChannelSection,
|
||||
buildComputedAccountStatusSnapshot,
|
||||
@@ -200,11 +204,21 @@ export const slackPlugin: ChannelPlugin<ResolvedSlackAccount> = {
|
||||
if (groupPolicy === "open") {
|
||||
if (channelAllowlistConfigured) {
|
||||
warnings.push(
|
||||
`- Slack channels: groupPolicy="open" allows any channel not explicitly denied to trigger (mention-gated). Set channels.slack.groupPolicy="allowlist" and configure channels.slack.channels.`,
|
||||
buildOpenGroupPolicyConfigureRouteAllowlistWarning({
|
||||
surface: "Slack channels",
|
||||
openScope: "any channel not explicitly denied",
|
||||
groupPolicyPath: "channels.slack.groupPolicy",
|
||||
routeAllowlistPath: "channels.slack.channels",
|
||||
}),
|
||||
);
|
||||
} else {
|
||||
warnings.push(
|
||||
`- Slack channels: groupPolicy="open" with no channel allowlist; any channel can trigger (mention-gated). Set channels.slack.groupPolicy="allowlist" and configure channels.slack.channels.`,
|
||||
buildOpenGroupPolicyWarning({
|
||||
surface: "Slack channels",
|
||||
openBehavior: "with no channel allowlist; any channel can trigger (mention-gated)",
|
||||
remediation:
|
||||
'Set channels.slack.groupPolicy="allowlist" and configure channels.slack.channels',
|
||||
}),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
import {
|
||||
buildOpenGroupPolicyNoRouteAllowlistWarning,
|
||||
buildOpenGroupPolicyRestrictSendersWarning,
|
||||
} from "openclaw/plugin-sdk";
|
||||
import {
|
||||
applyAccountNameToChannelSection,
|
||||
buildChannelConfigSchema,
|
||||
@@ -216,11 +220,22 @@ export const telegramPlugin: ChannelPlugin<ResolvedTelegramAccount, TelegramProb
|
||||
account.config.groups && Object.keys(account.config.groups).length > 0;
|
||||
if (groupAllowlistConfigured) {
|
||||
return [
|
||||
`- Telegram groups: groupPolicy="open" allows any member in allowed groups to trigger (mention-gated). Set channels.telegram.groupPolicy="allowlist" + channels.telegram.groupAllowFrom to restrict senders.`,
|
||||
buildOpenGroupPolicyRestrictSendersWarning({
|
||||
surface: "Telegram groups",
|
||||
openScope: "any member in allowed groups",
|
||||
groupPolicyPath: "channels.telegram.groupPolicy",
|
||||
groupAllowFromPath: "channels.telegram.groupAllowFrom",
|
||||
}),
|
||||
];
|
||||
}
|
||||
return [
|
||||
`- Telegram groups: groupPolicy="open" with no channels.telegram.groups allowlist; any group can add + ping (mention-gated). Set channels.telegram.groupPolicy="allowlist" + channels.telegram.groupAllowFrom or configure channels.telegram.groups.`,
|
||||
buildOpenGroupPolicyNoRouteAllowlistWarning({
|
||||
surface: "Telegram groups",
|
||||
routeAllowlistPath: "channels.telegram.groups",
|
||||
routeScope: "group",
|
||||
groupPolicyPath: "channels.telegram.groupPolicy",
|
||||
groupAllowFromPath: "channels.telegram.groupAllowFrom",
|
||||
}),
|
||||
];
|
||||
},
|
||||
},
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
import {
|
||||
buildOpenGroupPolicyNoRouteAllowlistWarning,
|
||||
buildOpenGroupPolicyRestrictSendersWarning,
|
||||
} from "openclaw/plugin-sdk";
|
||||
import {
|
||||
applyAccountNameToChannelSection,
|
||||
buildChannelConfigSchema,
|
||||
@@ -149,11 +153,22 @@ export const whatsappPlugin: ChannelPlugin<ResolvedWhatsAppAccount> = {
|
||||
Boolean(account.groups) && Object.keys(account.groups ?? {}).length > 0;
|
||||
if (groupAllowlistConfigured) {
|
||||
return [
|
||||
`- WhatsApp groups: groupPolicy="open" allows any member in allowed groups to trigger (mention-gated). Set channels.whatsapp.groupPolicy="allowlist" + channels.whatsapp.groupAllowFrom to restrict senders.`,
|
||||
buildOpenGroupPolicyRestrictSendersWarning({
|
||||
surface: "WhatsApp groups",
|
||||
openScope: "any member in allowed groups",
|
||||
groupPolicyPath: "channels.whatsapp.groupPolicy",
|
||||
groupAllowFromPath: "channels.whatsapp.groupAllowFrom",
|
||||
}),
|
||||
];
|
||||
}
|
||||
return [
|
||||
`- WhatsApp groups: groupPolicy="open" with no channels.whatsapp.groups allowlist; any group can add + ping (mention-gated). Set channels.whatsapp.groupPolicy="allowlist" + channels.whatsapp.groupAllowFrom or configure channels.whatsapp.groups.`,
|
||||
buildOpenGroupPolicyNoRouteAllowlistWarning({
|
||||
surface: "WhatsApp groups",
|
||||
routeAllowlistPath: "channels.whatsapp.groups",
|
||||
routeScope: "group",
|
||||
groupPolicyPath: "channels.whatsapp.groupPolicy",
|
||||
groupAllowFromPath: "channels.whatsapp.groupAllowFrom",
|
||||
}),
|
||||
];
|
||||
},
|
||||
},
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
import {
|
||||
buildOpenGroupPolicyRestrictSendersWarning,
|
||||
buildOpenGroupPolicyWarning,
|
||||
} from "openclaw/plugin-sdk";
|
||||
import type {
|
||||
ChannelAccountSnapshot,
|
||||
ChannelDock,
|
||||
@@ -171,11 +175,21 @@ export const zaloPlugin: ChannelPlugin<ResolvedZaloAccount> = {
|
||||
explicitGroupAllowFrom.length > 0 ? explicitGroupAllowFrom : dmAllowFrom;
|
||||
if (effectiveAllowFrom.length > 0) {
|
||||
return [
|
||||
`- Zalo groups: groupPolicy="open" allows any member to trigger (mention-gated). Set channels.zalo.groupPolicy="allowlist" + channels.zalo.groupAllowFrom to restrict senders.`,
|
||||
buildOpenGroupPolicyRestrictSendersWarning({
|
||||
surface: "Zalo groups",
|
||||
openScope: "any member",
|
||||
groupPolicyPath: "channels.zalo.groupPolicy",
|
||||
groupAllowFromPath: "channels.zalo.groupAllowFrom",
|
||||
}),
|
||||
];
|
||||
}
|
||||
return [
|
||||
`- Zalo groups: groupPolicy="open" with no groupAllowFrom/allowFrom allowlist; any member can trigger (mention-gated). Set channels.zalo.groupPolicy="allowlist" + channels.zalo.groupAllowFrom.`,
|
||||
buildOpenGroupPolicyWarning({
|
||||
surface: "Zalo groups",
|
||||
openBehavior:
|
||||
"with no groupAllowFrom/allowFrom allowlist; any member can trigger (mention-gated)",
|
||||
remediation: 'Set channels.zalo.groupPolicy="allowlist" + channels.zalo.groupAllowFrom',
|
||||
}),
|
||||
];
|
||||
},
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user