openclaw/extensions/phone-control/index.ts

import type { OpenClawConfig } from "openclaw/plugin-sdk/config-contracts";
import { createPluginStateKeyedStore } from "openclaw/plugin-sdk/plugin-state-runtime";
import {
  normalizeLowercaseStringOrEmpty,
  normalizeOptionalLowercaseString,
  normalizeStringEntries,
  sortUniqueStrings,
} from "openclaw/plugin-sdk/string-coerce-runtime";
import {
  definePluginEntry,
  type OpenClawPluginApi,
  type OpenClawPluginService,
} from "./runtime-api.js";

type ArmGroup = "camera" | "screen" | "writes" | "all";

type ArmStateFileV1 = {
  version: 1;
  armedAtMs: number;
  expiresAtMs: number | null;
  removedFromDeny: string[];
};

type ArmStateFileV2 = {
  version: 2;
  armedAtMs: number;
  expiresAtMs: number | null;
  group: ArmGroup;
  armedCommands: string[];
  addedToAllow: string[];
  removedFromDeny: string[];
};

type ArmStateFile = ArmStateFileV1 | ArmStateFileV2;

const STATE_VERSION = 2;
const ARM_STATE_NAMESPACE = "arm-state";
const ARM_STATE_KEY = "current";
const armStateStore = createPluginStateKeyedStore<ArmStateFile>("phone-control", {
  namespace: ARM_STATE_NAMESPACE,
  maxEntries: 4,
});
const PHONE_ADMIN_SCOPE = "operator.admin";

const GROUP_COMMANDS: Record<Exclude<ArmGroup, "all">, string[]> = {
  camera: ["camera.snap", "camera.clip"],
  screen: ["screen.record"],
  writes: ["calendar.add", "contacts.add", "reminders.add", "sms.send"],
};

function uniqSorted(values: string[]): string[] {
  return sortUniqueStrings(normalizeStringEntries(values));
}

function resolveCommandsForGroup(group: ArmGroup): string[] {
  if (group === "all") {
    return uniqSorted(Object.values(GROUP_COMMANDS).flat());
  }
  return uniqSorted(GROUP_COMMANDS[group]);
}

function formatGroupList(): string {
  return ["camera", "screen", "writes", "all"].join(", ");
}

function parseDurationMs(input: string | undefined): number | null {
  const raw = normalizeOptionalLowercaseString(input);
  if (!raw) {
    return null;
  }
  const m = raw.match(/^(\d+)(s|m|h|d)$/);
  if (!m) {
    return null;
  }
  const n = Number.parseInt(m[1] ?? "", 10);
  if (!Number.isFinite(n) || n <= 0) {
    return null;
  }
  const unit = m[2];
  const mult = unit === "s" ? 1000 : unit === "m" ? 60_000 : unit === "h" ? 3_600_000 : 86_400_000;
  return n * mult;
}

function formatDuration(ms: number): string {
  const s = Math.max(0, Math.floor(ms / 1000));
  if (s < 60) {
    return `${s}s`;
  }
  const m = Math.floor(s / 60);
  if (m < 60) {
    return `${m}m`;
  }
  const h = Math.floor(m / 60);
  if (h < 48) {
    return `${h}h`;
  }
  const d = Math.floor(h / 24);
  return `${d}d`;
}

function isArmStateFile(parsed: unknown): parsed is ArmStateFile {
  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
    return false;
  }
  const record = parsed as Record<string, unknown>;
  if (record.version !== 1 && record.version !== 2) {
    return false;
  }
  if (typeof record.armedAtMs !== "number") {
    return false;
  }
  if (!(record.expiresAtMs === null || typeof record.expiresAtMs === "number")) {
    return false;
  }

  if (record.version === 1) {
    return (
      Array.isArray(record.removedFromDeny) &&
      record.removedFromDeny.every((v: unknown) => typeof v === "string")
    );
  }

  const group = typeof record.group === "string" ? record.group : "";
  return (
    (group === "camera" || group === "screen" || group === "writes" || group === "all") &&
    Array.isArray(record.armedCommands) &&
    record.armedCommands.every((v: unknown) => typeof v === "string") &&
    Array.isArray(record.addedToAllow) &&
    record.addedToAllow.every((v: unknown) => typeof v === "string") &&
    Array.isArray(record.removedFromDeny) &&
    record.removedFromDeny.every((v: unknown) => typeof v === "string")
  );
}

async function readArmState(): Promise<ArmStateFile | null> {
  const state = await armStateStore.lookup(ARM_STATE_KEY);
  return isArmStateFile(state) ? state : null;
}

async function writeArmState(state: ArmStateFile | null): Promise<void> {
  if (!state) {
    await armStateStore.delete(ARM_STATE_KEY);
    return;
  }
  await armStateStore.register(ARM_STATE_KEY, state);
}

function normalizeDenyList(cfg: OpenClawPluginApi["config"]): string[] {
  return uniqSorted([...(cfg.gateway?.nodes?.denyCommands ?? [])]);
}

function normalizeAllowList(cfg: OpenClawPluginApi["config"]): string[] {
  return uniqSorted([...(cfg.gateway?.nodes?.allowCommands ?? [])]);
}

function patchConfigNodeLists(
  cfg: OpenClawPluginApi["config"],
  next: { allowCommands: string[]; denyCommands: string[] },
): OpenClawPluginApi["config"] {
  return {
    ...cfg,
    gateway: {
      ...cfg.gateway,
      nodes: {
        ...cfg.gateway?.nodes,
        allowCommands: next.allowCommands,
        denyCommands: next.denyCommands,
      },
    },
  };
}

async function disarmNow(params: {
  api: OpenClawPluginApi;
  stateDir: string;
  reason: string;
}): Promise<{ changed: boolean; restored: string[]; removed: string[] }> {
  const { api, stateDir, reason } = params;
  const state = await readArmState();
  if (!state) {
    return { changed: false, restored: [], removed: [] };
  }
  const cfg = api.runtime.config.current() as OpenClawConfig;
  const allow = new Set(normalizeAllowList(cfg));
  const deny = new Set(normalizeDenyList(cfg));
  const removed: string[] = [];
  const restored: string[] = [];

  if (state.version === 1) {
    for (const cmd of state.removedFromDeny) {
      if (!deny.has(cmd)) {
        deny.add(cmd);
        restored.push(cmd);
      }
    }
  } else {
    for (const cmd of state.addedToAllow) {
      if (allow.delete(cmd)) {
        removed.push(cmd);
      }
    }
    for (const cmd of state.removedFromDeny) {
      if (!deny.has(cmd)) {
        deny.add(cmd);
        restored.push(cmd);
      }
    }
  }

  if (removed.length > 0 || restored.length > 0) {
    await api.runtime.config.mutateConfigFile({
      afterWrite: { mode: "auto" },
      mutate: (draft) => {
        const next = patchConfigNodeLists(draft, {
          allowCommands: uniqSorted([...allow]),
          denyCommands: uniqSorted([...deny]),
        });
        Object.assign(draft, next);
      },
    });
  }
  await writeArmState(null);
  api.logger.info(`phone-control: disarmed (${reason}) stateDir=${stateDir}`);
  return {
    changed: removed.length > 0 || restored.length > 0,
    removed: uniqSorted(removed),
    restored: uniqSorted(restored),
  };
}

function formatHelp(): string {
  return [
    "Phone control commands:",
    "",
    "/phone status",
    "/phone arm <group> [duration]",
    "/phone disarm",
    "",
    "Groups:",
    `- ${formatGroupList()}`,
    "",
    "Duration format: 30s | 10m | 2h | 1d (default: 10m).",
    "",
    "Notes:",
    "- This only toggles what the gateway is allowed to invoke on phone nodes.",
    "- iOS will still ask for permissions (camera, photos, contacts, etc.) on first use.",
  ].join("\n");
}

function parseGroup(raw: string | undefined): ArmGroup | null {
  const value = normalizeOptionalLowercaseString(raw) ?? "";
  if (!value) {
    return null;
  }
  if (value === "camera" || value === "screen" || value === "writes" || value === "all") {
    return value;
  }
  return null;
}

function requiresAdminToMutatePhoneControl(
  channel: string,
  gatewayClientScopes?: readonly string[],
): boolean {
  if (Array.isArray(gatewayClientScopes)) {
    return !gatewayClientScopes.includes(PHONE_ADMIN_SCOPE);
  }
  return channel === "webchat";
}

function formatStatus(state: ArmStateFile | null): string {
  if (!state) {
    return "Phone control: disarmed.";
  }
  const until =
    state.expiresAtMs == null
      ? "manual disarm required"
      : `expires in ${formatDuration(Math.max(0, state.expiresAtMs - Date.now()))}`;
  const cmds = uniqSorted(
    state.version === 1
      ? state.removedFromDeny
      : state.armedCommands.length > 0
        ? state.armedCommands
        : [...state.addedToAllow, ...state.removedFromDeny],
  );
  const cmdLabel = cmds.length > 0 ? cmds.join(", ") : "none";
  return `Phone control: armed (${until}).\nTemporarily allowed: ${cmdLabel}`;
}

export default definePluginEntry({
  id: "phone-control",
  name: "Phone Control",
  description: "Temporary allowlist control for phone automation commands",
  register(api: OpenClawPluginApi) {
    let expiryInterval: ReturnType<typeof setInterval> | null = null;

    const timerService: OpenClawPluginService = {
      id: "phone-control-expiry",
      start: async (ctx) => {
        const tick = async () => {
          const state = await readArmState();
          if (!state || state.expiresAtMs == null) {
            return;
          }
          if (Date.now() < state.expiresAtMs) {
            return;
          }
          await disarmNow({
            api,
            stateDir: ctx.stateDir,
            reason: "expired",
          });
        };

        // Best effort; don't crash the gateway if state is corrupt.
        await tick().catch(() => {});

        expiryInterval = setInterval(() => {
          tick().catch(() => {});
        }, 15_000);
        expiryInterval.unref?.();

        return;
      },
      stop: async () => {
        if (expiryInterval) {
          clearInterval(expiryInterval);
          expiryInterval = null;
        }
        return;
      },
    };

    api.registerService(timerService);

    api.registerCommand({
      name: "phone",
      description: "Arm/disarm high-risk phone node commands (camera/screen/writes).",
      acceptsArgs: true,
      handler: async (ctx) => {
        const args = ctx.args?.trim() ?? "";
        const tokens = args.split(/\s+/).filter(Boolean);
        const action = normalizeLowercaseStringOrEmpty(tokens[0]);

        const stateDir = api.runtime.state.resolveStateDir();

        if (!action || action === "help") {
          const state = await readArmState();
          return { text: `${formatStatus(state)}\n\n${formatHelp()}` };
        }

        if (action === "status") {
          const state = await readArmState();
          return { text: formatStatus(state) };
        }

        if (action === "disarm") {
          if (requiresAdminToMutatePhoneControl(ctx.channel, ctx.gatewayClientScopes)) {
            return {
              text: "⚠️ /phone disarm requires operator.admin.",
            };
          }
          const res = await disarmNow({
            api,
            stateDir,
            reason: "manual",
          });
          if (!res.changed) {
            return { text: "Phone control: disarmed." };
          }
          const restoredLabel = res.restored.length > 0 ? res.restored.join(", ") : "none";
          const removedLabel = res.removed.length > 0 ? res.removed.join(", ") : "none";
          return {
            text: `Phone control: disarmed.\nRemoved allowlist: ${removedLabel}\nRestored denylist: ${restoredLabel}`,
          };
        }

        if (action === "arm") {
          if (requiresAdminToMutatePhoneControl(ctx.channel, ctx.gatewayClientScopes)) {
            return {
              text: "⚠️ /phone arm requires operator.admin.",
            };
          }
          const group = parseGroup(tokens[1]);
          if (!group) {
            return { text: `Usage: /phone arm <group> [duration]\nGroups: ${formatGroupList()}` };
          }
          const durationMs = parseDurationMs(tokens[2]) ?? 10 * 60_000;
          const expiresAtMs = Date.now() + durationMs;

          const commands = resolveCommandsForGroup(group);
          const cfg = api.runtime.config.current() as OpenClawConfig;
          const allowSet = new Set(normalizeAllowList(cfg));
          const denySet = new Set(normalizeDenyList(cfg));

          const addedToAllow: string[] = [];
          const removedFromDeny: string[] = [];
          for (const cmd of commands) {
            if (!allowSet.has(cmd)) {
              allowSet.add(cmd);
              addedToAllow.push(cmd);
            }
            if (denySet.delete(cmd)) {
              removedFromDeny.push(cmd);
            }
          }
          await api.runtime.config.mutateConfigFile({
            afterWrite: { mode: "auto" },
            mutate: (draft) => {
              const next = patchConfigNodeLists(draft, {
                allowCommands: uniqSorted([...allowSet]),
                denyCommands: uniqSorted([...denySet]),
              });
              Object.assign(draft, next);
            },
          });

          await writeArmState({
            version: STATE_VERSION,
            armedAtMs: Date.now(),
            expiresAtMs,
            group,
            armedCommands: uniqSorted(commands),
            addedToAllow: uniqSorted(addedToAllow),
            removedFromDeny: uniqSorted(removedFromDeny),
          });

          const allowedLabel = uniqSorted(commands).join(", ");
          return {
            text:
              `Phone control: armed for ${formatDuration(durationMs)}.\n` +
              `Temporarily allowed: ${allowedLabel}\n` +
              `To disarm early: /phone disarm`,
          };
        }

        return { text: formatHelp() };
      },
    });
  },
});