fix: align open DM allowlist policy (#74112)

* fix: harden telegram open dm allowlist merging * fix: align open dm allowlist policy
2026-05-15 19:40:45 +00:00 · 2026-04-29 06:52:12 +01:00
parent fda8cc2a9d
commit bd1d1f0f2b
61 changed files with 740 additions and 262 deletions
--- a/extensions/feishu/src/comment-handler.ts
+++ b/extensions/feishu/src/comment-handler.ts
@@ -1,4 +1,5 @@
 import type { ResolvedAgentRoute } from "openclaw/plugin-sdk/routing";
+import { resolveOpenDmAllowlistAccess } from "openclaw/plugin-sdk/security-runtime";
 import { resolveFeishuRuntimeAccount } from "./accounts.js";
 import { createFeishuClient } from "./client.js";
 import { createFeishuCommentReplyDispatcher } from "./comment-dispatcher.js";
@@ -96,7 +97,19 @@ export async function handleFeishuCommentEvent(
    senderId: turn.senderId,
    senderIds: [turn.senderUserId],
  }).allowed;
-  if (dmPolicy !== "open" && !senderAllowed) {
+  const dmAccessAllowed =
+    dmPolicy === "open"
+      ? resolveOpenDmAllowlistAccess({
+          effectiveAllowFrom: effectiveDmAllowFrom,
+          isSenderAllowed: (allowFrom) =>
+            resolveFeishuAllowlistMatch({
+              allowFrom,
+              senderId: turn.senderId,
+              senderIds: [turn.senderUserId],
+            }).allowed,
+        }).decision === "allow"
+      : senderAllowed;
+  if (!dmAccessAllowed) {
    if (dmPolicy === "pairing") {
      const client = createFeishuClient(account);
      await pairing.issueChallenge({