fix: resolve explicit channel owner ids

2026-05-06 11:00:42 +00:00 · 2026-04-21 20:30:17 -04:00
parent dca770ae01
commit f76f6212b2
3 changed files with 31 additions and 0 deletions
--- a/src/plugins/channel-plugin-ids.test.ts
+++ b/src/plugins/channel-plugin-ids.test.ts
@@ -643,6 +643,25 @@ describe("resolveConfiguredChannelPluginIds", () => {
    ).toEqual([]);
  });

+  it("keeps explicitly configured bundled channel owners under restrictive allowlists", () => {
+    expect(
+      resolveConfiguredChannelPluginIds({
+        config: {
+          channels: {
+            "demo-channel": {
+              token: "configured",
+            },
+          },
+          plugins: {
+            allow: ["browser"],
+          },
+        } as OpenClawConfig,
+        workspaceDir: "/tmp",
+        env: {},
+      }),
+    ).toEqual(["demo-channel"]);
+  });
+
  it("blocks bundled activation owners when explicitly denied", () => {
    expect(
      resolveConfiguredChannelPluginIds({
--- a/src/plugins/channel-presence-policy.ts
+++ b/src/plugins/channel-presence-policy.ts
@@ -196,11 +196,20 @@ function isChannelPluginEligibleForScopedOwnership(params: {
  plugin: PluginManifestRecord;
  normalizedConfig: ReturnType<typeof normalizePluginsConfig>;
  rootConfig: OpenClawConfig;
+  channelId?: string;
 }): boolean {
+  const allowRestrictiveAllowlistBypass =
+    params.channelId !== undefined &&
+    isBundledManifestOwner(params.plugin) &&
+    hasExplicitChannelConfig({
+      config: params.rootConfig,
+      channelId: params.channelId,
+    });
  if (
    !passesManifestOwnerBasePolicy({
      plugin: params.plugin,
      normalizedConfig: params.normalizedConfig,
+      allowRestrictiveAllowlistBypass,
    })
  ) {
    return false;
@@ -495,6 +504,7 @@ function resolveScopedChannelOwnerPluginIds(params: {
        plugin,
        normalizedConfig,
        rootConfig: trustConfig,
+        channelId: channelIds.find((channelId) => recordDeclaresChannel(plugin, channelId)),
      });
    })
    .map((plugin) => plugin.id)
--- a/src/plugins/manifest-owner-policy.ts
+++ b/src/plugins/manifest-owner-policy.ts
@@ -24,6 +24,7 @@ export function passesManifestOwnerBasePolicy(params: {
  plugin: Pick<PluginManifestRecord, "id">;
  normalizedConfig: NormalizedPluginsConfig;
  allowExplicitlyDisabled?: boolean;
+  allowRestrictiveAllowlistBypass?: boolean;
 }): boolean {
  if (!params.normalizedConfig.enabled) {
    return false;
@@ -38,6 +39,7 @@ export function passesManifestOwnerBasePolicy(params: {
    return false;
  }
  if (
+    params.allowRestrictiveAllowlistBypass !== true &&
    params.normalizedConfig.allow.length > 0 &&
    !params.normalizedConfig.allow.includes(params.plugin.id)
  ) {