vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 15:30:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
vincentkoc-code/docker-cache-layer-fixes
openclaw/docs/experiments/proposals/acp-bound-command-auth.md
Bob 6a705a37f2 ACP: add persistent Discord channel and Telegram topic bindings (#34873) 
* docs: add ACP persistent binding experiment plan

* docs: align ACP persistent binding spec to channel-local config

* docs: scope Telegram ACP bindings to forum topics only

* docs: lock bound /new and /reset behavior to in-place ACP reset

* ACP: add persistent discord/telegram conversation bindings

* ACP: fix persistent binding reuse and discord thread parent context

* docs: document channel-specific persistent ACP bindings

* ACP: split persistent bindings and share conversation id helpers

* ACP: defer configured binding init until preflight passes

* ACP: fix discord thread parent fallback and explicit disable inheritance

* ACP: keep bound /new and /reset in-place

* ACP: honor configured bindings in native command flows

* ACP: avoid configured fallback after runtime bind failure

* docs: refine ACP bindings experiment config examples

* acp: cut over to typed top-level persistent bindings

* ACP bindings: harden reset recovery and native command auth

* Docs: add ACP bound command auth proposal

* Tests: normalize i18n registry zh-CN assertion encoding

* ACP bindings: address review findings for reset and fallback routing

* ACP reset: gate hooks on success and preserve /new arguments

* ACP bindings: fix auth and binding-priority review findings

* Telegram ACP: gate ensure on auth and accepted messages

* ACP bindings: fix session-key precedence and unavailable handling

* ACP reset/native commands: honor fallback targets and abort on bootstrap failure

* Config schema: validate ACP binding channel and Telegram topic IDs

* Discord ACP: apply configured DM bindings to native commands

* ACP reset tails: dispatch through ACP after command handling

* ACP tails/native reset auth: fix target dispatch and restore full auth

* ACP reset detection: fallback to active ACP keys for DM contexts

* Tests: type runTurn mock input in ACP dispatch test

* ACP: dedup binding route bootstrap and reset target resolution

* reply: align ACP reset hooks with bound session key

* docs: replace personal discord ids with placeholders

* fix: add changelog entry for ACP persistent bindings (#34873) (thanks @dutifulbob)

---------

Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
2026-03-05 09:38:12 +01:00

3.0 KiB
Raw Permalink Blame History

summary, read_when, title
summary read_when title
Proposal: long-term command authorization model for ACP-bound conversations
Designing native command auth behavior in Telegram/Discord ACP-bound channels/topics
ACP Bound Command Authorization (Proposal)

ACP Bound Command Authorization (Proposal)

Status: Proposed, not implemented yet.

This document describes a long-term authorization model for native commands in ACP-bound conversations. It is an experiments proposal and does not replace current production behavior.

For implemented behavior, read source and tests in:

  • src/telegram/bot-native-commands.ts
  • src/discord/monitor/native-command.ts
  • src/auto-reply/reply/commands-core.ts

Problem

Today we have command-specific checks (for example /new and /reset) that need to work inside ACP-bound channels/topics even when allowlists are empty. This solves immediate UX pain, but command-name-based exceptions do not scale.

Long-term shape

Move command authorization from ad-hoc handler logic to command metadata plus a shared policy evaluator.

1) Add auth policy metadata to command definitions

Each command definition should declare an auth policy. Example shape:

type CommandAuthPolicy =
  | { mode: "owner_or_allowlist" } // default, current strict behavior
  | { mode: "bound_acp_or_owner_or_allowlist" } // allow in explicitly bound ACP conversations
  | { mode: "owner_only" };

/new and /reset would use bound_acp_or_owner_or_allowlist. Most other commands would remain owner_or_allowlist.

2) Share one evaluator across channels

Introduce one helper that evaluates command auth using:

  • command policy metadata
  • sender authorization state
  • resolved conversation binding state

Both Telegram and Discord native handlers should call the same helper to avoid behavior drift.

3) Use binding-match as the bypass boundary

When policy allows bound ACP bypass, authorize only if a configured binding match was resolved for the current conversation (not just because current session key looks ACP-like).

This keeps the boundary explicit and minimizes accidental widening.

Why this is better

  • Scales to future commands without adding more command-name conditionals.
  • Keeps behavior consistent across channels.
  • Preserves current security model by requiring explicit binding match.
  • Keeps allowlists optional hardening instead of a universal requirement.

Rollout plan (future)

  1. Add command auth policy field to command registry types and command data.
  2. Implement shared evaluator and migrate Telegram + Discord native handlers.
  3. Move /new and /reset to metadata-driven policy.
  4. Add tests per policy mode and channel surface.

Non-goals

  • This proposal does not change ACP session lifecycle behavior.
  • This proposal does not require allowlists for all ACP-bound commands.
  • This proposal does not change existing route binding semantics.

Note

This proposal is intentionally additive and does not delete or replace existing experiments documents.

Reference in New Issue View Git Blame Copy Permalink