perf: narrow Matrix reaction approval imports

2026-05-06 06:20:43 +00:00 · 2026-04-17 16:17:01 +01:00
parent 2a0a498b0d
commit bac3d26fe7
2 changed files with 48 additions and 10 deletions
--- a/extensions/matrix/src/approval-reaction-auth.ts
+++ b/extensions/matrix/src/approval-reaction-auth.ts
@@ -0,0 +1,45 @@
+import { resolveApprovalApprovers } from "openclaw/plugin-sdk/approval-auth-runtime";
+import { normalizeMatrixApproverId } from "./approval-ids.js";
+import { resolveMatrixAccount } from "./matrix/accounts.js";
+import type { CoreConfig } from "./types.js";
+
+type MatrixApprovalReactionKind = "exec" | "plugin";
+
+function normalizeMatrixExecApproverId(value: string | number): string | undefined {
+  const normalized = normalizeMatrixApproverId(value);
+  return normalized === "*" ? undefined : normalized;
+}
+
+function getMatrixApprovalReactionApprovers(params: {
+  cfg: CoreConfig;
+  accountId?: string | null;
+  approvalKind: MatrixApprovalReactionKind;
+}): string[] {
+  const account = resolveMatrixAccount(params).config;
+  if (params.approvalKind === "plugin") {
+    return resolveApprovalApprovers({
+      allowFrom: account.dm?.allowFrom,
+      normalizeApprover: normalizeMatrixApproverId,
+    });
+  }
+  return resolveApprovalApprovers({
+    explicit: account.execApprovals?.approvers,
+    allowFrom: account.dm?.allowFrom,
+    normalizeApprover: normalizeMatrixExecApproverId,
+  });
+}
+
+export function isMatrixApprovalReactionAuthorizedSender(params: {
+  cfg: CoreConfig;
+  accountId?: string | null;
+  senderId?: string | null;
+  approvalKind: MatrixApprovalReactionKind;
+}): boolean {
+  const normalizedSenderId = params.senderId
+    ? normalizeMatrixApproverId(params.senderId)
+    : undefined;
+  if (!normalizedSenderId) {
+    return false;
+  }
+  return getMatrixApprovalReactionApprovers(params).includes(normalizedSenderId);
+}
--- a/extensions/matrix/src/matrix/monitor/reaction-events.ts
+++ b/extensions/matrix/src/matrix/monitor/reaction-events.ts
@@ -1,5 +1,5 @@
 import { getSessionBindingService } from "openclaw/plugin-sdk/session-binding-runtime";
-import { matrixApprovalCapability } from "../../approval-native.js";
+import { isMatrixApprovalReactionAuthorizedSender } from "../../approval-reaction-auth.js";
 import {
  resolveMatrixApprovalReactionTarget,
  unregisterMatrixApprovalReactionTarget,
@@ -40,15 +40,8 @@ async function maybeResolveMatrixApprovalReaction(params: {
  if (!params.target) {
    return false;
  }
-  if (
-    !matrixApprovalCapability.authorizeActorAction?.({
-      cfg: params.cfg,
-      accountId: params.accountId,
-      senderId: params.senderId,
-      action: "approve",
-      approvalKind: params.target.approvalId.startsWith("plugin:") ? "plugin" : "exec",
-    })?.authorized
-  ) {
+  const approvalKind = params.target.approvalId.startsWith("plugin:") ? "plugin" : "exec";
+  if (!isMatrixApprovalReactionAuthorizedSender({ ...params, approvalKind })) {
    return false;
  }
  try {