fix(config): enforce resolved runtime channel config

2026-05-06 11:40:42 +00:00 · 2026-04-22 06:14:00 +01:00
parent b70531bf24
commit e1897419de
5 changed files with 119 additions and 0 deletions
--- a/scripts/check-no-runtime-action-load-config.mjs
+++ b/scripts/check-no-runtime-action-load-config.mjs
@@ -0,0 +1,104 @@
+#!/usr/bin/env node
+import fs from "node:fs";
+import path from "node:path";
+
+const repoRoot = path.resolve(new URL("..", import.meta.url).pathname);
+
+const CHANNEL_EXTENSION_IDS = new Set([
+  "discord",
+  "imessage",
+  "irc",
+  "line",
+  "matrix",
+  "mattermost",
+  "nextcloud-talk",
+  "signal",
+  "slack",
+  "telegram",
+  "whatsapp",
+]);
+
+const HELPER_BASENAME_PATTERNS = [
+  /^action-runtime\.ts$/,
+  /^actions(?:\..*)?\.ts$/,
+  /^active-listener\.ts$/,
+  /^access-control\.ts$/,
+  /^channel\.ts$/,
+  /^client(?:[-.].*)?\.ts$/,
+  /^recipient-resolution\.ts$/,
+  /^rich-menu\.ts$/,
+  /^send(?:[-.].*)?\.ts$/,
+  /^sent-message-cache\.ts$/,
+  /^thread-bindings\.ts$/,
+];
+
+const FORBIDDEN_PATTERNS = [/\bloadConfig\s*\(/, /\.config\.loadConfig\s*\(/];
+
+function* walk(dir) {
+  for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
+    if (entry.name === "node_modules" || entry.name === "dist") {
+      continue;
+    }
+    const absolute = path.join(dir, entry.name);
+    if (entry.isDirectory()) {
+      yield* walk(absolute);
+      continue;
+    }
+    yield absolute;
+  }
+}
+
+function isCandidate(relativePath) {
+  const parts = relativePath.split(path.sep);
+  if (parts[0] !== "extensions" || parts[2] !== "src") {
+    return false;
+  }
+  if (!CHANNEL_EXTENSION_IDS.has(parts[1])) {
+    return false;
+  }
+  if (
+    relativePath.endsWith(".test.ts") ||
+    relativePath.endsWith(".test-harness.ts") ||
+    relativePath.endsWith(".d.ts")
+  ) {
+    return false;
+  }
+  if (parts.includes("monitor") || parts.includes("cli")) {
+    return false;
+  }
+  if (parts.includes("actions")) {
+    return true;
+  }
+  const basename = path.basename(relativePath);
+  return HELPER_BASENAME_PATTERNS.some((pattern) => pattern.test(basename));
+}
+
+function main() {
+  const violations = [];
+  for (const absolute of walk(path.join(repoRoot, "extensions"))) {
+    const relativePath = path.relative(repoRoot, absolute);
+    if (!isCandidate(relativePath)) {
+      continue;
+    }
+    const lines = fs.readFileSync(absolute, "utf8").split(/\r?\n/);
+    lines.forEach((line, index) => {
+      if (FORBIDDEN_PATTERNS.some((pattern) => pattern.test(line))) {
+        violations.push(`${relativePath}:${index + 1}: ${line.trim()}`);
+      }
+    });
+  }
+  if (violations.length === 0) {
+    return;
+  }
+  console.error(
+    [
+      "Runtime channel send/action/client/pairing helpers must not call loadConfig().",
+      "Load and resolve config at the command/gateway/monitor boundary, then pass cfg through.",
+      "",
+      ...violations,
+    ].join("\n"),
+  );
+  process.exitCode = 1;
+}
+
+main();
--- a/scripts/check.mjs
+++ b/scripts/check.mjs
@@ -9,6 +9,7 @@ export async function main(argv = process.argv.slice(2)) {

  const tailChecks = [
    { name: "webhook body guard", args: ["lint:webhook:no-low-level-body-read"] },
+    { name: "runtime action config guard", args: ["check:no-runtime-action-load-config"] },
    { name: "temp path guard", args: ["check:temp-path-guardrails"] },
    { name: "pairing store guard", args: ["lint:auth:no-pairing-store-group"] },
    { name: "pairing account guard", args: ["lint:auth:pairing-account-scope"] },