diff --git a/extensions/bluebubbles/src/channel.ts b/extensions/bluebubbles/src/channel.ts index 99930658aa1..69fdffc1bac 100644 --- a/extensions/bluebubbles/src/channel.ts +++ b/extensions/bluebubbles/src/channel.ts @@ -1,6 +1,6 @@ import { buildAccountScopedDmSecurityPolicy, - buildOpenGroupPolicyRestrictSendersWarning, + collectOpenGroupPolicyRestrictSendersWarnings, } from "openclaw/plugin-sdk"; import type { ChannelAccountSnapshot, @@ -140,18 +140,14 @@ export const bluebubblesPlugin: ChannelPlugin = { }, collectWarnings: ({ account }) => { const groupPolicy = account.config.groupPolicy ?? "allowlist"; - if (groupPolicy !== "open") { - return []; - } - return [ - buildOpenGroupPolicyRestrictSendersWarning({ - surface: "BlueBubbles groups", - openScope: "any member", - groupPolicyPath: "channels.bluebubbles.groupPolicy", - groupAllowFromPath: "channels.bluebubbles.groupAllowFrom", - mentionGated: false, - }), - ]; + return collectOpenGroupPolicyRestrictSendersWarnings({ + groupPolicy, + surface: "BlueBubbles groups", + openScope: "any member", + groupPolicyPath: "channels.bluebubbles.groupPolicy", + groupAllowFromPath: "channels.bluebubbles.groupAllowFrom", + mentionGated: false, + }); }, }, messaging: { diff --git a/extensions/discord/src/channel.ts b/extensions/discord/src/channel.ts index 767666cb568..43cdb441066 100644 --- a/extensions/discord/src/channel.ts +++ b/extensions/discord/src/channel.ts @@ -1,7 +1,6 @@ import { buildAccountScopedDmSecurityPolicy, - buildOpenGroupPolicyConfigureRouteAllowlistWarning, - buildOpenGroupPolicyWarning, + collectOpenGroupPolicyConfiguredRouteWarnings, } from "openclaw/plugin-sdk"; import { applyAccountNameToChannelSection, @@ -150,28 +149,25 @@ export const discordPlugin: ChannelPlugin = { const guildsConfigured = Object.keys(guildEntries).length > 0; const channelAllowlistConfigured = guildsConfigured; - if (groupPolicy === "open") { - if (channelAllowlistConfigured) { - warnings.push( - buildOpenGroupPolicyConfigureRouteAllowlistWarning({ - surface: "Discord guilds", - openScope: "any channel not explicitly denied", - groupPolicyPath: "channels.discord.groupPolicy", - routeAllowlistPath: "channels.discord.guilds..channels", - }), - ); - } else { - warnings.push( - buildOpenGroupPolicyWarning({ - surface: "Discord guilds", - openBehavior: - "with no guild/channel allowlist; any channel can trigger (mention-gated)", - remediation: - 'Set channels.discord.groupPolicy="allowlist" and configure channels.discord.guilds..channels', - }), - ); - } - } + warnings.push( + ...collectOpenGroupPolicyConfiguredRouteWarnings({ + groupPolicy, + routeAllowlistConfigured: channelAllowlistConfigured, + configureRouteAllowlist: { + surface: "Discord guilds", + openScope: "any channel not explicitly denied", + groupPolicyPath: "channels.discord.groupPolicy", + routeAllowlistPath: "channels.discord.guilds..channels", + }, + missingRouteAllowlist: { + surface: "Discord guilds", + openBehavior: + "with no guild/channel allowlist; any channel can trigger (mention-gated)", + remediation: + 'Set channels.discord.groupPolicy="allowlist" and configure channels.discord.guilds..channels', + }, + }), + ); return warnings; }, diff --git a/extensions/feishu/src/channel.ts b/extensions/feishu/src/channel.ts index 3f2cf6d286d..102c12f07d6 100644 --- a/extensions/feishu/src/channel.ts +++ b/extensions/feishu/src/channel.ts @@ -1,4 +1,4 @@ -import { buildOpenGroupPolicyRestrictSendersWarning } from "openclaw/plugin-sdk"; +import { collectOpenGroupPolicyRestrictSendersWarnings } from "openclaw/plugin-sdk"; import type { ChannelMeta, ChannelPlugin, ClawdbotConfig } from "openclaw/plugin-sdk/feishu"; import { buildProbeChannelStatusSummary, @@ -267,15 +267,13 @@ export const feishuPlugin: ChannelPlugin = { groupPolicy: feishuCfg?.groupPolicy, defaultGroupPolicy, }); - if (groupPolicy !== "open") return []; - return [ - buildOpenGroupPolicyRestrictSendersWarning({ - surface: `Feishu[${account.accountId}] groups`, - openScope: "any member", - groupPolicyPath: "channels.feishu.groupPolicy", - groupAllowFromPath: "channels.feishu.groupAllowFrom", - }), - ]; + return collectOpenGroupPolicyRestrictSendersWarnings({ + groupPolicy, + surface: `Feishu[${account.accountId}] groups`, + openScope: "any member", + groupPolicyPath: "channels.feishu.groupPolicy", + groupAllowFromPath: "channels.feishu.groupAllowFrom", + }); }, }, setup: { diff --git a/extensions/imessage/src/channel.ts b/extensions/imessage/src/channel.ts index 4e2e23be129..6823197077c 100644 --- a/extensions/imessage/src/channel.ts +++ b/extensions/imessage/src/channel.ts @@ -1,6 +1,6 @@ import { buildAccountScopedDmSecurityPolicy, - buildOpenGroupPolicyRestrictSendersWarning, + collectOpenGroupPolicyRestrictSendersWarnings, } from "openclaw/plugin-sdk"; import { applyAccountNameToChannelSection, @@ -151,18 +151,14 @@ export const imessagePlugin: ChannelPlugin = { groupPolicy: account.config.groupPolicy, defaultGroupPolicy, }); - if (groupPolicy !== "open") { - return []; - } - return [ - buildOpenGroupPolicyRestrictSendersWarning({ - surface: "iMessage groups", - openScope: "any member", - groupPolicyPath: "channels.imessage.groupPolicy", - groupAllowFromPath: "channels.imessage.groupAllowFrom", - mentionGated: false, - }), - ]; + return collectOpenGroupPolicyRestrictSendersWarnings({ + groupPolicy, + surface: "iMessage groups", + openScope: "any member", + groupPolicyPath: "channels.imessage.groupPolicy", + groupAllowFromPath: "channels.imessage.groupAllowFrom", + mentionGated: false, + }); }, }, groups: { diff --git a/extensions/line/src/channel.ts b/extensions/line/src/channel.ts index d2883ab52fd..ac59e457005 100644 --- a/extensions/line/src/channel.ts +++ b/extensions/line/src/channel.ts @@ -1,6 +1,6 @@ import { buildAccountScopedDmSecurityPolicy, - buildOpenGroupPolicyRestrictSendersWarning, + collectOpenGroupPolicyRestrictSendersWarnings, } from "openclaw/plugin-sdk"; import { buildChannelConfigSchema, @@ -181,18 +181,14 @@ export const linePlugin: ChannelPlugin = { groupPolicy: account.config.groupPolicy, defaultGroupPolicy, }); - if (groupPolicy !== "open") { - return []; - } - return [ - buildOpenGroupPolicyRestrictSendersWarning({ - surface: "LINE groups", - openScope: "any member in groups", - groupPolicyPath: "channels.line.groupPolicy", - groupAllowFromPath: "channels.line.groupAllowFrom", - mentionGated: false, - }), - ]; + return collectOpenGroupPolicyRestrictSendersWarnings({ + groupPolicy, + surface: "LINE groups", + openScope: "any member in groups", + groupPolicyPath: "channels.line.groupPolicy", + groupAllowFromPath: "channels.line.groupAllowFrom", + mentionGated: false, + }); }, }, groups: { diff --git a/extensions/mattermost/src/channel.ts b/extensions/mattermost/src/channel.ts index bb0a95cb15b..073e64faddf 100644 --- a/extensions/mattermost/src/channel.ts +++ b/extensions/mattermost/src/channel.ts @@ -1,6 +1,6 @@ import { buildAccountScopedDmSecurityPolicy, - buildOpenGroupPolicyRestrictSendersWarning, + collectOpenGroupPolicyRestrictSendersWarnings, } from "openclaw/plugin-sdk"; import { applyAccountNameToChannelSection, @@ -301,17 +301,13 @@ export const mattermostPlugin: ChannelPlugin = { groupPolicy: account.config.groupPolicy, defaultGroupPolicy, }); - if (groupPolicy !== "open") { - return []; - } - return [ - buildOpenGroupPolicyRestrictSendersWarning({ - surface: "Mattermost channels", - openScope: "any member", - groupPolicyPath: "channels.mattermost.groupPolicy", - groupAllowFromPath: "channels.mattermost.groupAllowFrom", - }), - ]; + return collectOpenGroupPolicyRestrictSendersWarnings({ + groupPolicy, + surface: "Mattermost channels", + openScope: "any member", + groupPolicyPath: "channels.mattermost.groupPolicy", + groupAllowFromPath: "channels.mattermost.groupAllowFrom", + }); }, }, groups: { diff --git a/extensions/msteams/src/channel.ts b/extensions/msteams/src/channel.ts index 2bee9c7096f..7e2786a7279 100644 --- a/extensions/msteams/src/channel.ts +++ b/extensions/msteams/src/channel.ts @@ -1,4 +1,4 @@ -import { buildOpenGroupPolicyRestrictSendersWarning } from "openclaw/plugin-sdk"; +import { collectOpenGroupPolicyRestrictSendersWarnings } from "openclaw/plugin-sdk"; import type { ChannelMessageActionName, ChannelPlugin, @@ -141,17 +141,13 @@ export const msteamsPlugin: ChannelPlugin = { groupPolicy: cfg.channels?.msteams?.groupPolicy, defaultGroupPolicy, }); - if (groupPolicy !== "open") { - return []; - } - return [ - buildOpenGroupPolicyRestrictSendersWarning({ - surface: "MS Teams groups", - openScope: "any member", - groupPolicyPath: "channels.msteams.groupPolicy", - groupAllowFromPath: "channels.msteams.groupAllowFrom", - }), - ]; + return collectOpenGroupPolicyRestrictSendersWarnings({ + groupPolicy, + surface: "MS Teams groups", + openScope: "any member", + groupPolicyPath: "channels.msteams.groupPolicy", + groupAllowFromPath: "channels.msteams.groupAllowFrom", + }); }, }, setup: { diff --git a/extensions/nextcloud-talk/src/channel.ts b/extensions/nextcloud-talk/src/channel.ts index fcb020595a3..1f48e00e8ea 100644 --- a/extensions/nextcloud-talk/src/channel.ts +++ b/extensions/nextcloud-talk/src/channel.ts @@ -1,7 +1,6 @@ import { buildAccountScopedDmSecurityPolicy, - buildOpenGroupPolicyNoRouteAllowlistWarning, - buildOpenGroupPolicyRestrictSendersWarning, + collectOpenGroupPolicyRouteAllowlistWarnings, } from "openclaw/plugin-sdk"; import { applyAccountNameToChannelSection, @@ -140,30 +139,25 @@ export const nextcloudTalkPlugin: ChannelPlugin = groupPolicy: account.config.groupPolicy, defaultGroupPolicy, }); - if (groupPolicy !== "open") { - return []; - } const roomAllowlistConfigured = account.config.rooms && Object.keys(account.config.rooms).length > 0; - if (roomAllowlistConfigured) { - return [ - buildOpenGroupPolicyRestrictSendersWarning({ - surface: "Nextcloud Talk rooms", - openScope: "any member in allowed rooms", - groupPolicyPath: "channels.nextcloud-talk.groupPolicy", - groupAllowFromPath: "channels.nextcloud-talk.groupAllowFrom", - }), - ]; - } - return [ - buildOpenGroupPolicyNoRouteAllowlistWarning({ + return collectOpenGroupPolicyRouteAllowlistWarnings({ + groupPolicy, + routeAllowlistConfigured: roomAllowlistConfigured, + restrictSenders: { + surface: "Nextcloud Talk rooms", + openScope: "any member in allowed rooms", + groupPolicyPath: "channels.nextcloud-talk.groupPolicy", + groupAllowFromPath: "channels.nextcloud-talk.groupAllowFrom", + }, + noRouteAllowlist: { surface: "Nextcloud Talk rooms", routeAllowlistPath: "channels.nextcloud-talk.rooms", routeScope: "room", groupPolicyPath: "channels.nextcloud-talk.groupPolicy", groupAllowFromPath: "channels.nextcloud-talk.groupAllowFrom", - }), - ]; + }, + }); }, }, groups: { diff --git a/extensions/signal/src/channel.ts b/extensions/signal/src/channel.ts index 52a59cc058b..f9a020b7f63 100644 --- a/extensions/signal/src/channel.ts +++ b/extensions/signal/src/channel.ts @@ -1,6 +1,6 @@ import { buildAccountScopedDmSecurityPolicy, - buildOpenGroupPolicyRestrictSendersWarning, + collectOpenGroupPolicyRestrictSendersWarnings, } from "openclaw/plugin-sdk"; import { applyAccountNameToChannelSection, @@ -175,18 +175,14 @@ export const signalPlugin: ChannelPlugin = { groupPolicy: account.config.groupPolicy, defaultGroupPolicy, }); - if (groupPolicy !== "open") { - return []; - } - return [ - buildOpenGroupPolicyRestrictSendersWarning({ - surface: "Signal groups", - openScope: "any member", - groupPolicyPath: "channels.signal.groupPolicy", - groupAllowFromPath: "channels.signal.groupAllowFrom", - mentionGated: false, - }), - ]; + return collectOpenGroupPolicyRestrictSendersWarnings({ + groupPolicy, + surface: "Signal groups", + openScope: "any member", + groupPolicyPath: "channels.signal.groupPolicy", + groupAllowFromPath: "channels.signal.groupAllowFrom", + mentionGated: false, + }); }, }, messaging: { diff --git a/extensions/slack/src/channel.ts b/extensions/slack/src/channel.ts index c3871182665..8c695e98fa2 100644 --- a/extensions/slack/src/channel.ts +++ b/extensions/slack/src/channel.ts @@ -1,7 +1,6 @@ import { buildAccountScopedDmSecurityPolicy, - buildOpenGroupPolicyConfigureRouteAllowlistWarning, - buildOpenGroupPolicyWarning, + collectOpenGroupPolicyConfiguredRouteWarnings, } from "openclaw/plugin-sdk"; import { applyAccountNameToChannelSection, @@ -199,27 +198,24 @@ export const slackPlugin: ChannelPlugin = { const channelAllowlistConfigured = Boolean(account.config.channels) && Object.keys(account.config.channels ?? {}).length > 0; - if (groupPolicy === "open") { - if (channelAllowlistConfigured) { - warnings.push( - buildOpenGroupPolicyConfigureRouteAllowlistWarning({ - surface: "Slack channels", - openScope: "any channel not explicitly denied", - groupPolicyPath: "channels.slack.groupPolicy", - routeAllowlistPath: "channels.slack.channels", - }), - ); - } else { - warnings.push( - buildOpenGroupPolicyWarning({ - surface: "Slack channels", - openBehavior: "with no channel allowlist; any channel can trigger (mention-gated)", - remediation: - 'Set channels.slack.groupPolicy="allowlist" and configure channels.slack.channels', - }), - ); - } - } + warnings.push( + ...collectOpenGroupPolicyConfiguredRouteWarnings({ + groupPolicy, + routeAllowlistConfigured: channelAllowlistConfigured, + configureRouteAllowlist: { + surface: "Slack channels", + openScope: "any channel not explicitly denied", + groupPolicyPath: "channels.slack.groupPolicy", + routeAllowlistPath: "channels.slack.channels", + }, + missingRouteAllowlist: { + surface: "Slack channels", + openBehavior: "with no channel allowlist; any channel can trigger (mention-gated)", + remediation: + 'Set channels.slack.groupPolicy="allowlist" and configure channels.slack.channels', + }, + }), + ); return warnings; }, diff --git a/extensions/telegram/src/channel.ts b/extensions/telegram/src/channel.ts index 65ece56e50e..90ed9aadf24 100644 --- a/extensions/telegram/src/channel.ts +++ b/extensions/telegram/src/channel.ts @@ -1,7 +1,6 @@ import { buildAccountScopedDmSecurityPolicy, - buildOpenGroupPolicyNoRouteAllowlistWarning, - buildOpenGroupPolicyRestrictSendersWarning, + collectOpenGroupPolicyRouteAllowlistWarnings, } from "openclaw/plugin-sdk"; import { applyAccountNameToChannelSection, @@ -210,30 +209,25 @@ export const telegramPlugin: ChannelPlugin 0; - if (groupAllowlistConfigured) { - return [ - buildOpenGroupPolicyRestrictSendersWarning({ - surface: "Telegram groups", - openScope: "any member in allowed groups", - groupPolicyPath: "channels.telegram.groupPolicy", - groupAllowFromPath: "channels.telegram.groupAllowFrom", - }), - ]; - } - return [ - buildOpenGroupPolicyNoRouteAllowlistWarning({ + return collectOpenGroupPolicyRouteAllowlistWarnings({ + groupPolicy, + routeAllowlistConfigured: groupAllowlistConfigured, + restrictSenders: { + surface: "Telegram groups", + openScope: "any member in allowed groups", + groupPolicyPath: "channels.telegram.groupPolicy", + groupAllowFromPath: "channels.telegram.groupAllowFrom", + }, + noRouteAllowlist: { surface: "Telegram groups", routeAllowlistPath: "channels.telegram.groups", routeScope: "group", groupPolicyPath: "channels.telegram.groupPolicy", groupAllowFromPath: "channels.telegram.groupAllowFrom", - }), - ]; + }, + }); }, }, groups: { diff --git a/extensions/whatsapp/src/channel.ts b/extensions/whatsapp/src/channel.ts index c2dbc1e9e4b..0e034fe1df6 100644 --- a/extensions/whatsapp/src/channel.ts +++ b/extensions/whatsapp/src/channel.ts @@ -1,7 +1,6 @@ import { buildAccountScopedDmSecurityPolicy, - buildOpenGroupPolicyNoRouteAllowlistWarning, - buildOpenGroupPolicyRestrictSendersWarning, + collectOpenGroupPolicyRouteAllowlistWarnings, } from "openclaw/plugin-sdk"; import { applyAccountNameToChannelSection, @@ -143,30 +142,25 @@ export const whatsappPlugin: ChannelPlugin = { groupPolicy: account.groupPolicy, defaultGroupPolicy, }); - if (groupPolicy !== "open") { - return []; - } const groupAllowlistConfigured = Boolean(account.groups) && Object.keys(account.groups ?? {}).length > 0; - if (groupAllowlistConfigured) { - return [ - buildOpenGroupPolicyRestrictSendersWarning({ - surface: "WhatsApp groups", - openScope: "any member in allowed groups", - groupPolicyPath: "channels.whatsapp.groupPolicy", - groupAllowFromPath: "channels.whatsapp.groupAllowFrom", - }), - ]; - } - return [ - buildOpenGroupPolicyNoRouteAllowlistWarning({ + return collectOpenGroupPolicyRouteAllowlistWarnings({ + groupPolicy, + routeAllowlistConfigured: groupAllowlistConfigured, + restrictSenders: { + surface: "WhatsApp groups", + openScope: "any member in allowed groups", + groupPolicyPath: "channels.whatsapp.groupPolicy", + groupAllowFromPath: "channels.whatsapp.groupAllowFrom", + }, + noRouteAllowlist: { surface: "WhatsApp groups", routeAllowlistPath: "channels.whatsapp.groups", routeScope: "group", groupPolicyPath: "channels.whatsapp.groupPolicy", groupAllowFromPath: "channels.whatsapp.groupAllowFrom", - }), - ]; + }, + }); }, }, setup: { diff --git a/src/channels/plugins/group-policy-warnings.test.ts b/src/channels/plugins/group-policy-warnings.test.ts index ee1d67a468c..e09bcfdaf2c 100644 --- a/src/channels/plugins/group-policy-warnings.test.ts +++ b/src/channels/plugins/group-policy-warnings.test.ts @@ -1,5 +1,8 @@ import { describe, expect, it } from "vitest"; import { + collectOpenGroupPolicyConfiguredRouteWarnings, + collectOpenGroupPolicyRestrictSendersWarnings, + collectOpenGroupPolicyRouteAllowlistWarnings, buildOpenGroupPolicyConfigureRouteAllowlistWarning, buildOpenGroupPolicyNoRouteAllowlistWarning, buildOpenGroupPolicyRestrictSendersWarning, @@ -58,4 +61,91 @@ describe("group policy warning builders", () => { '- Example channels: groupPolicy="open" allows any channel not explicitly denied to trigger (mention-gated). Set channels.example.groupPolicy="allowlist" and configure channels.example.channels.', ); }); + + it("collects restrict-senders warning only for open policy", () => { + expect( + collectOpenGroupPolicyRestrictSendersWarnings({ + groupPolicy: "allowlist", + surface: "Example groups", + openScope: "any member", + groupPolicyPath: "channels.example.groupPolicy", + groupAllowFromPath: "channels.example.groupAllowFrom", + }), + ).toEqual([]); + + expect( + collectOpenGroupPolicyRestrictSendersWarnings({ + groupPolicy: "open", + surface: "Example groups", + openScope: "any member", + groupPolicyPath: "channels.example.groupPolicy", + groupAllowFromPath: "channels.example.groupAllowFrom", + }), + ).toHaveLength(1); + }); + + it("collects route allowlist warning variants", () => { + const params = { + groupPolicy: "open" as const, + restrictSenders: { + surface: "Example groups", + openScope: "any member in allowed groups", + groupPolicyPath: "channels.example.groupPolicy", + groupAllowFromPath: "channels.example.groupAllowFrom", + }, + noRouteAllowlist: { + surface: "Example groups", + routeAllowlistPath: "channels.example.groups", + routeScope: "group", + groupPolicyPath: "channels.example.groupPolicy", + groupAllowFromPath: "channels.example.groupAllowFrom", + }, + }; + + expect( + collectOpenGroupPolicyRouteAllowlistWarnings({ + ...params, + routeAllowlistConfigured: true, + }), + ).toEqual([buildOpenGroupPolicyRestrictSendersWarning(params.restrictSenders)]); + + expect( + collectOpenGroupPolicyRouteAllowlistWarnings({ + ...params, + routeAllowlistConfigured: false, + }), + ).toEqual([buildOpenGroupPolicyNoRouteAllowlistWarning(params.noRouteAllowlist)]); + }); + + it("collects configured-route warning variants", () => { + const params = { + groupPolicy: "open" as const, + configureRouteAllowlist: { + surface: "Example channels", + openScope: "any channel not explicitly denied", + groupPolicyPath: "channels.example.groupPolicy", + routeAllowlistPath: "channels.example.channels", + }, + missingRouteAllowlist: { + surface: "Example channels", + openBehavior: "with no route allowlist; any channel can trigger (mention-gated)", + remediation: + 'Set channels.example.groupPolicy="allowlist" and configure channels.example.channels', + }, + }; + + expect( + collectOpenGroupPolicyConfiguredRouteWarnings({ + ...params, + routeAllowlistConfigured: true, + }), + ).toEqual([buildOpenGroupPolicyConfigureRouteAllowlistWarning(params.configureRouteAllowlist)]); + + expect( + collectOpenGroupPolicyConfiguredRouteWarnings({ + ...params, + routeAllowlistConfigured: false, + }), + ).toEqual([buildOpenGroupPolicyWarning(params.missingRouteAllowlist)]); + }); }); diff --git a/src/channels/plugins/group-policy-warnings.ts b/src/channels/plugins/group-policy-warnings.ts index a2bb4e87742..7f6501662c7 100644 --- a/src/channels/plugins/group-policy-warnings.ts +++ b/src/channels/plugins/group-policy-warnings.ts @@ -51,3 +51,44 @@ export function buildOpenGroupPolicyConfigureRouteAllowlistWarning(params: { remediation: `Set ${params.groupPolicyPath}="allowlist" and configure ${params.routeAllowlistPath}`, }); } + +export function collectOpenGroupPolicyRestrictSendersWarnings( + params: Parameters[0] & { + groupPolicy: "open" | "allowlist" | "disabled"; + }, +): string[] { + if (params.groupPolicy !== "open") { + return []; + } + return [buildOpenGroupPolicyRestrictSendersWarning(params)]; +} + +export function collectOpenGroupPolicyRouteAllowlistWarnings(params: { + groupPolicy: "open" | "allowlist" | "disabled"; + routeAllowlistConfigured: boolean; + restrictSenders: Parameters[0]; + noRouteAllowlist: Parameters[0]; +}): string[] { + if (params.groupPolicy !== "open") { + return []; + } + if (params.routeAllowlistConfigured) { + return [buildOpenGroupPolicyRestrictSendersWarning(params.restrictSenders)]; + } + return [buildOpenGroupPolicyNoRouteAllowlistWarning(params.noRouteAllowlist)]; +} + +export function collectOpenGroupPolicyConfiguredRouteWarnings(params: { + groupPolicy: "open" | "allowlist" | "disabled"; + routeAllowlistConfigured: boolean; + configureRouteAllowlist: Parameters[0]; + missingRouteAllowlist: Parameters[0]; +}): string[] { + if (params.groupPolicy !== "open") { + return []; + } + if (params.routeAllowlistConfigured) { + return [buildOpenGroupPolicyConfigureRouteAllowlistWarning(params.configureRouteAllowlist)]; + } + return [buildOpenGroupPolicyWarning(params.missingRouteAllowlist)]; +} diff --git a/src/plugin-sdk/index.ts b/src/plugin-sdk/index.ts index 6c1558185c2..f3589732685 100644 --- a/src/plugin-sdk/index.ts +++ b/src/plugin-sdk/index.ts @@ -536,6 +536,9 @@ export { buildOpenGroupPolicyNoRouteAllowlistWarning, buildOpenGroupPolicyRestrictSendersWarning, buildOpenGroupPolicyWarning, + collectOpenGroupPolicyConfiguredRouteWarnings, + collectOpenGroupPolicyRestrictSendersWarnings, + collectOpenGroupPolicyRouteAllowlistWarnings, } from "../channels/plugins/group-policy-warnings.js"; export { buildAccountScopedDmSecurityPolicy,