mirror of
https://github.com/openclaw/openclaw.git
synced 2026-06-23 18:08:13 +00:00
0b8aabe864
* docs: document markdown marker renderer * docs: document rendered markdown chunking * docs: document markdown text chunking * docs: document shared text chunking * docs: document plugin text chunking exports * docs: document avatar policy constants * docs: document node match candidates * docs: document scoped expiring id cache * docs: document runtime import normalization * docs: document string sample summaries * docs: document session usage timeseries types * docs: document session usage response types * docs: document manifest frontmatter shapes * docs: document channel route input metadata * docs: document pair loop guard settings * docs: document migration config patch helpers * docs: document api provider registry * docs: document tool call repair payloads * docs: document plugin tool payload helpers * docs: document lazy promise loader * docs: document store writer queue state * docs: document thread binding lifecycle * docs: document concurrency helper contract * docs: document gateway client info contract * docs: document delivery context contracts * docs: document secret ref defaults contract * docs: document command gating contract * docs: document avatar policy contract * docs: document node match policy * docs: document message channel normalization * docs: document boolean parsing contract * docs: document zod parse helpers * docs: document direct dm guard policy * docs: document fixed window limiter contract * docs: document node presence event contract * docs: document secret normalization contract * docs: document progress draft line removal * docs: document usage formatting contracts * docs: document agent run status contract * docs: document runtime import helpers * docs: document provider utility ownership * docs: document invalid config helpers * docs: document json compat parser * docs: document channel config metadata ownership * docs: document channel logging helpers * docs: document sender identity validation ownership * docs: document string sampling helper * docs: document global singleton helpers * docs: document transcript tool helpers * docs: document exec safe-bin normalization * docs: document reaction level resolver * docs: document account snapshot redaction boundary * docs: document messaging target helpers * docs: document thread binding messages * docs: document conversation binding context * docs: document conversation resolution helper * docs: document owner display secret retention * docs: document provider request config types * docs: document skills config types * docs: document memory config types * docs: document imessage config types * docs: document crestodian config types * docs: document tools config policies * docs: document shared config base types * docs: document channel config contracts * docs: document openclaw config state types * docs: document model config contracts * docs: document shared agent config types * docs: document agent defaults config types * docs: document secret input contracts * docs: document auth config contracts * docs: document gateway config contracts * docs: document tool call stream repair contracts * docs: document memory host facades * docs: document llm core contracts * docs: document markdown core contracts * docs: document gateway connect error contracts * docs: document gateway protocol primitives * docs: document gateway frame schemas * docs: document gateway device schemas * docs: document gateway environment schemas * docs: document gateway push schemas * docs: document gateway plugin schemas * docs: document gateway artifact schemas * docs: document gateway command schemas * docs: document gateway task schemas * docs: document gateway exec approval schemas * docs: document gateway secret schemas * docs: document gateway config schemas * docs: document gateway snapshot schemas * docs: document gateway chat schemas * docs: document gateway wizard schemas * docs: document gateway node schemas * docs: document gateway plugin approval schemas * docs: document gateway talk schemas * docs: document gateway agent schemas * docs: document gateway session schemas * docs: document gateway cron schemas * docs: document gateway agent model skill schemas * docs: document gateway skill proposal tool schemas * docs: document gateway protocol registry * docs: document gateway channel status schemas * docs: document gateway schema regression tests * docs: document gateway schema barrel * docs: document gateway validator tests * docs: document gateway primitive push tests * docs: document gateway contract tests * docs: document native protocol guard * docs: document channel schema tests * docs: document gateway protocol smoke tests * docs: document gateway protocol entrypoint * docs: document gateway protocol type exports * docs: document gateway error codes * docs: document protocol schema registry * docs: document talk audio codec * docs: document talk activation names * docs: document talk consult questions * docs: document talk consult tool * docs: document talk run control contracts * docs: document talk run control adapter * docs: document talkback consult queue * docs: document talk consult transcript guard * docs: document talk fast context runtime * docs: document forced talk consult coordinator * docs: document talk output activity tracker * docs: document talk event metrics * docs: document talk diagnostics * docs: document talk observability hook * docs: document talk provider resolver * docs: document talk provider registry * docs: document talk runtime primitives * docs: document talk consult controller logs * docs: document channel identity helpers * docs: document channel account allowlist helpers * docs: document channel metadata draft controls * docs: document channel ingress policy * docs: document channel sender access gates * docs: document channel catalog message contracts * docs: document channel account plugin helpers * docs: document configured binding helpers * docs: document channel acp approval config helpers * docs: document channel bundled config write helpers * docs: document channel plugin utility contracts * docs: document channel config access helpers * docs: document channel message action helpers * docs: document channel outbound runtime helpers * docs: document channel pairing promotion helpers * docs: document channel registry helpers * docs: document channel setup wizard helpers * docs: document channel lifecycle status helpers * docs: document channel target thread helpers * docs: document channel session binding helpers * docs: document channel package module probes * docs: document channel setup wizard contracts * docs: document channel plugin API barrels * docs: document channel contract test helpers * docs: document channel core helpers * docs: document small core facades * docs: document provider runtime helpers * docs: document persistence and realtime helpers * docs: document mcp and state helpers * docs: document tool planner contracts * docs: document music generation runtime * docs: document crestodian command flow * docs: document utility helpers * docs: document node host helpers * docs: document transcript contracts * docs: document trajectory export contracts * docs: document image generation contracts * docs: document routing helper contracts * docs: document session helper contracts * docs: document video generation contracts * docs: document model catalog contracts * docs: document proxy capture contracts * docs: document status rendering contracts * docs: document test helper contracts * docs: document wizard setup contracts * docs: document process contracts * docs: document memory host sdk contracts * docs: document tts contracts * docs: document secrets runtime contracts * docs: document shared helper contracts * docs: document hook runtime contracts * docs: document security audit contracts * docs: document flow contracts * docs: document media understanding contracts * docs: document tui contracts * docs: document logging contracts * docs: document llm contracts * docs: document cron contracts * docs: document daemon contracts * docs: document task contracts * docs: document acp contracts * docs: document test utility contracts * docs: document skill contracts * docs: document config contracts * docs: document outbound infra contracts * docs: document command analysis contracts * docs: document provider usage infra contracts * docs: document file safety infra contracts * docs: document exec approval infra contracts * docs: document gateway runtime infra contracts * docs: document infra utility contracts * docs: document infra queue storage contracts * docs: document heartbeat infra contracts * docs: document remaining infra contracts * docs: document gateway auth contracts * docs: document gateway display helpers * docs: document gateway http helpers * docs: document gateway node helpers * docs: document gateway mcp helpers * docs: document gateway support helpers * docs: document gateway server runtime helpers * docs: document gateway runtime bootstrap helpers * docs: document gateway session events * docs: document gateway utility helpers * docs: document gateway talk helpers * docs: document gateway helper contracts * docs: document gateway server method helpers * docs: document gateway server auth helpers * docs: document gateway server tests * docs: document gateway test helpers * docs: document gateway node tests * docs: document gateway channel tests * docs: document gateway session tests * docs: document gateway server startup tests * docs: document gateway tool test helpers * docs: document gateway server test helpers * docs: document gateway server method tests * docs: document remaining gateway tests * docs: document plugin sdk public subpaths * docs: document plugin sdk runtime helpers * docs: document plugin sdk memory provider helpers * docs: document plugin sdk runtime facades * docs: document plugin sdk command approval helpers * docs: document plugin sdk runtime types * docs: document plugin sdk browser account helpers * docs: document plugin sdk media memory helpers * docs: document plugin sdk core tests * docs: document plugin sdk contract helpers * docs: document plugin sdk test helpers * docs: document remaining plugin sdk tests * docs: document cli utility helpers * docs: document cli runtime helpers * docs: document cli command registration helpers * docs: document node cli helpers * docs: document cli program registration * docs: document message cli registration * docs: document daemon cli helpers * docs: document cli route parsers
318 lines
11 KiB
TypeScript
318 lines
11 KiB
TypeScript
/**
|
|
* @deprecated Public SDK subpath has no bundled extension production imports.
|
|
* Use channel ingress/runtime authorization helpers or command-status helpers
|
|
* instead of this broad compatibility surface.
|
|
*/
|
|
|
|
import {
|
|
buildCommandsMessage as buildCommandsMessageCompat,
|
|
buildCommandsMessagePaginated as buildCommandsMessagePaginatedCompat,
|
|
buildHelpMessage as buildHelpMessageCompat,
|
|
} from "../auto-reply/command-status-builders.js";
|
|
import type { ChannelId } from "../channels/plugins/types.public.js";
|
|
import type { OpenClawConfig } from "../config/types.openclaw.js";
|
|
import {
|
|
expandAllowFromWithAccessGroups,
|
|
type AccessGroupMembershipResolver,
|
|
} from "./access-groups.js";
|
|
import { resolveDmGroupAccessWithLists } from "./channel-access-compat.js";
|
|
export {
|
|
ACCESS_GROUP_ALLOW_FROM_PREFIX,
|
|
expandAllowFromWithAccessGroups,
|
|
parseAccessGroupAllowFromEntry,
|
|
resolveAccessGroupAllowFromMatches,
|
|
resolveAccessGroupAllowFromState,
|
|
type AccessGroupMembershipResolver,
|
|
type AccessGroupMembershipLookup,
|
|
type ResolvedAccessGroupAllowFromState,
|
|
} from "./access-groups.js";
|
|
export { buildCommandsPaginationKeyboard } from "./telegram-command-ui.js";
|
|
export {
|
|
createPreCryptoDirectDmAuthorizer,
|
|
resolveInboundDirectDmAccessWithRuntime,
|
|
type DirectDmCommandAuthorizationRuntime,
|
|
type ResolvedInboundDirectDmAccess,
|
|
} from "../channels/direct-dm-access.js";
|
|
|
|
export {
|
|
hasControlCommand,
|
|
hasInlineCommandTokens,
|
|
isControlCommandMessage,
|
|
shouldComputeCommandAuthorized,
|
|
} from "../auto-reply/command-detection.js";
|
|
export {
|
|
buildCommandText,
|
|
buildCommandTextFromArgs,
|
|
findCommandByNativeName,
|
|
formatCommandArgMenuTitle,
|
|
getCommandDetection,
|
|
isCommandEnabled,
|
|
isCommandMessage,
|
|
isNativeCommandSurface,
|
|
listChatCommands,
|
|
listChatCommandsForConfig,
|
|
listNativeCommandSpecs,
|
|
listNativeCommandSpecsForConfig,
|
|
maybeResolveTextAlias,
|
|
normalizeCommandBody,
|
|
parseCommandArgs,
|
|
resolveCommandArgChoices,
|
|
resolveCommandArgMenu,
|
|
resolveTextCommand,
|
|
serializeCommandArgs,
|
|
shouldHandleTextCommands,
|
|
} from "../auto-reply/commands-registry.js";
|
|
export type {
|
|
ChatCommandDefinition,
|
|
CommandArgChoiceContext,
|
|
CommandArgDefinition,
|
|
CommandArgMenuSpec,
|
|
CommandArgValues,
|
|
CommandArgs,
|
|
CommandDetection,
|
|
CommandNormalizeOptions,
|
|
CommandScope,
|
|
NativeCommandSpec,
|
|
ResolvedCommandArgChoice,
|
|
ShouldHandleTextCommandsParams,
|
|
} from "../auto-reply/commands-registry.js";
|
|
export type { CommandArgsParsing } from "../auto-reply/commands-registry.types.js";
|
|
export {
|
|
resolveCommandAuthorizedFromAuthorizers,
|
|
resolveControlCommandGate,
|
|
resolveDualTextControlCommandGate,
|
|
type CommandAuthorizer,
|
|
type CommandGatingModeWhenAccessGroupsOff,
|
|
} from "../channels/command-gating.js";
|
|
export {
|
|
resolveNativeCommandSessionTargets,
|
|
type ResolveNativeCommandSessionTargetsParams,
|
|
} from "../channels/native-command-session-targets.js";
|
|
export {
|
|
resolveCommandAuthorization,
|
|
type CommandAuthorization,
|
|
} from "../auto-reply/command-auth.js";
|
|
export {
|
|
listReservedChatSlashCommandNames,
|
|
listSkillCommandsForAgents,
|
|
listSkillCommandsForWorkspace,
|
|
resolveSkillCommandInvocation,
|
|
} from "../skills/discovery/chat-commands.js";
|
|
export { getPluginCommandSpecs, listProviderPluginCommandSpecs } from "../plugins/command-specs.js";
|
|
export type { SkillCommandSpec } from "../skills/types.js";
|
|
export {
|
|
buildModelsProviderData,
|
|
formatModelsAvailableHeader,
|
|
resolveModelsCommandReply,
|
|
} from "../auto-reply/reply/commands-models.js";
|
|
export type { ModelsProviderData } from "../auto-reply/reply/commands-models.js";
|
|
export { resolveStoredModelOverride } from "../auto-reply/reply/stored-model-override.js";
|
|
export type { StoredModelOverride } from "../auto-reply/reply/stored-model-override.js";
|
|
|
|
/**
|
|
* Inputs for legacy sender command authorization.
|
|
* Kept for plugins that still compose command auth from DM/group allowlists instead of channel ingress.
|
|
*
|
|
* @deprecated Use `resolveChannelMessageIngress` from `openclaw/plugin-sdk/channel-ingress-runtime`.
|
|
*/
|
|
export type ResolveSenderCommandAuthorizationParams = {
|
|
cfg: OpenClawConfig;
|
|
rawBody: string;
|
|
isGroup: boolean;
|
|
dmPolicy: string;
|
|
configuredAllowFrom: string[];
|
|
configuredGroupAllowFrom?: string[];
|
|
senderId: string;
|
|
isSenderAllowed: (senderId: string, allowFrom: string[]) => boolean;
|
|
channel?: ChannelId;
|
|
accountId?: string;
|
|
resolveAccessGroupMembership?: AccessGroupMembershipResolver;
|
|
readAllowFromStore: () => Promise<string[]>;
|
|
shouldComputeCommandAuthorized: (rawBody: string, cfg: OpenClawConfig) => boolean;
|
|
/** @deprecated Command authorization is resolved by channel ingress. Kept for runtime injection compatibility. */
|
|
resolveCommandAuthorizedFromAuthorizers?: (params: {
|
|
useAccessGroups: boolean;
|
|
authorizers: Array<{ configured: boolean; allowed: boolean }>;
|
|
}) => boolean;
|
|
};
|
|
|
|
/**
|
|
* Injectable runtime hooks for legacy command authorization tests and channel adapters.
|
|
*
|
|
* @deprecated Use `resolveChannelMessageIngress` from `openclaw/plugin-sdk/channel-ingress-runtime`.
|
|
*/
|
|
export type CommandAuthorizationRuntime = {
|
|
shouldComputeCommandAuthorized: (rawBody: string, cfg: OpenClawConfig) => boolean;
|
|
resolveCommandAuthorizedFromAuthorizers: (params: {
|
|
useAccessGroups: boolean;
|
|
authorizers: Array<{ configured: boolean; allowed: boolean }>;
|
|
}) => boolean;
|
|
};
|
|
|
|
/**
|
|
* Legacy command authorization params with runtime hooks grouped for dependency injection.
|
|
*
|
|
* @deprecated Use `resolveChannelMessageIngress` from `openclaw/plugin-sdk/channel-ingress-runtime`.
|
|
*/
|
|
export type ResolveSenderCommandAuthorizationWithRuntimeParams = Omit<
|
|
ResolveSenderCommandAuthorizationParams,
|
|
"shouldComputeCommandAuthorized" | "resolveCommandAuthorizedFromAuthorizers"
|
|
> & {
|
|
runtime: CommandAuthorizationRuntime;
|
|
};
|
|
|
|
/**
|
|
* Classify direct-DM command handling after sender authorization has been computed.
|
|
*
|
|
* @deprecated Use `resolveChannelMessageIngress` from `openclaw/plugin-sdk/channel-ingress-runtime`.
|
|
*/
|
|
export function resolveDirectDmAuthorizationOutcome(params: {
|
|
isGroup: boolean;
|
|
dmPolicy: string;
|
|
senderAllowedForCommands: boolean;
|
|
}): "disabled" | "unauthorized" | "allowed" {
|
|
if (params.isGroup) {
|
|
return "allowed";
|
|
}
|
|
if (params.dmPolicy === "disabled") {
|
|
return "disabled";
|
|
}
|
|
if (!params.senderAllowedForCommands) {
|
|
return "unauthorized";
|
|
}
|
|
return "allowed";
|
|
}
|
|
|
|
/**
|
|
* Resolve legacy command authorization using an injected runtime object.
|
|
*
|
|
* @deprecated Use `resolveChannelMessageIngress` from `openclaw/plugin-sdk/channel-ingress-runtime`.
|
|
*/
|
|
export async function resolveSenderCommandAuthorizationWithRuntime(
|
|
params: ResolveSenderCommandAuthorizationWithRuntimeParams,
|
|
): ReturnType<typeof resolveSenderCommandAuthorization> {
|
|
return resolveSenderCommandAuthorization({
|
|
...params,
|
|
shouldComputeCommandAuthorized: params.runtime.shouldComputeCommandAuthorized,
|
|
resolveCommandAuthorizedFromAuthorizers: params.runtime.resolveCommandAuthorizedFromAuthorizers,
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Resolve whether a sender may run slash/control commands under legacy DM/group policy.
|
|
* Returns effective allowlists so callers can report the exact source set used for authorization.
|
|
*
|
|
* @deprecated Use `resolveChannelMessageIngress` from `openclaw/plugin-sdk/channel-ingress-runtime`.
|
|
*/
|
|
export async function resolveSenderCommandAuthorization(
|
|
params: ResolveSenderCommandAuthorizationParams,
|
|
): Promise<{
|
|
shouldComputeAuth: boolean;
|
|
effectiveAllowFrom: string[];
|
|
effectiveGroupAllowFrom: string[];
|
|
senderAllowedForCommands: boolean;
|
|
commandAuthorized: boolean | undefined;
|
|
}> {
|
|
const shouldComputeAuth = params.shouldComputeCommandAuthorized(params.rawBody, params.cfg);
|
|
// Pairing-store allowlists apply to DM sender authorization only; group commands
|
|
// must rely on configured group allowlists or access-group expansion.
|
|
const storeAllowFrom =
|
|
!params.isGroup && params.dmPolicy !== "allowlist" && params.dmPolicy !== "open"
|
|
? await params.readAllowFromStore().catch(() => [])
|
|
: [];
|
|
const channel = params.channel;
|
|
const accountId = params.accountId ?? "default";
|
|
let configuredAllowFrom = params.configuredAllowFrom;
|
|
let configuredGroupAllowFrom = params.configuredGroupAllowFrom ?? [];
|
|
let dmStoreAllowFrom = storeAllowFrom;
|
|
if (channel) {
|
|
[configuredAllowFrom, configuredGroupAllowFrom] = await Promise.all([
|
|
expandAllowFromWithAccessGroups({
|
|
cfg: params.cfg,
|
|
allowFrom: params.configuredAllowFrom,
|
|
channel,
|
|
accountId,
|
|
senderId: params.senderId,
|
|
isSenderAllowed: params.isSenderAllowed,
|
|
resolveMembership: params.resolveAccessGroupMembership,
|
|
}),
|
|
expandAllowFromWithAccessGroups({
|
|
cfg: params.cfg,
|
|
allowFrom: params.configuredGroupAllowFrom ?? [],
|
|
channel,
|
|
accountId,
|
|
senderId: params.senderId,
|
|
isSenderAllowed: params.isSenderAllowed,
|
|
resolveMembership: params.resolveAccessGroupMembership,
|
|
}),
|
|
]);
|
|
if (!params.isGroup) {
|
|
dmStoreAllowFrom = await expandAllowFromWithAccessGroups({
|
|
cfg: params.cfg,
|
|
allowFrom: storeAllowFrom,
|
|
channel,
|
|
accountId,
|
|
senderId: params.senderId,
|
|
isSenderAllowed: params.isSenderAllowed,
|
|
resolveMembership: params.resolveAccessGroupMembership,
|
|
});
|
|
}
|
|
}
|
|
const access = resolveDmGroupAccessWithLists({
|
|
isGroup: params.isGroup,
|
|
dmPolicy: params.dmPolicy,
|
|
groupPolicy: "allowlist",
|
|
allowFrom: configuredAllowFrom,
|
|
groupAllowFrom: configuredGroupAllowFrom,
|
|
storeAllowFrom: dmStoreAllowFrom,
|
|
isSenderAllowed: (allowFrom) => params.isSenderAllowed(params.senderId, allowFrom),
|
|
});
|
|
const effectiveAllowFrom = access.effectiveAllowFrom;
|
|
const effectiveGroupAllowFrom = access.effectiveGroupAllowFrom;
|
|
const useAccessGroups = params.cfg.commands?.useAccessGroups !== false;
|
|
const senderAllowedForCommands = params.isSenderAllowed(
|
|
params.senderId,
|
|
params.isGroup ? effectiveGroupAllowFrom : effectiveAllowFrom,
|
|
);
|
|
const ownerAllowedForCommands = params.isSenderAllowed(params.senderId, effectiveAllowFrom);
|
|
const groupAllowedForCommands = params.isSenderAllowed(params.senderId, effectiveGroupAllowFrom);
|
|
const commandAuthorized = shouldComputeAuth
|
|
? (params.resolveCommandAuthorizedFromAuthorizers?.({
|
|
useAccessGroups,
|
|
authorizers: [
|
|
{ configured: effectiveAllowFrom.length > 0, allowed: ownerAllowedForCommands },
|
|
{ configured: effectiveGroupAllowFrom.length > 0, allowed: groupAllowedForCommands },
|
|
],
|
|
}) ?? senderAllowedForCommands)
|
|
: undefined;
|
|
|
|
return {
|
|
shouldComputeAuth,
|
|
effectiveAllowFrom,
|
|
effectiveGroupAllowFrom,
|
|
senderAllowedForCommands,
|
|
commandAuthorized,
|
|
};
|
|
}
|
|
|
|
/** @deprecated Use `openclaw/plugin-sdk/command-status` instead. */
|
|
export function buildCommandsMessage(
|
|
...args: Parameters<typeof buildCommandsMessageCompat>
|
|
): ReturnType<typeof buildCommandsMessageCompat> {
|
|
return buildCommandsMessageCompat(...args);
|
|
}
|
|
|
|
/** @deprecated Use `openclaw/plugin-sdk/command-status` instead. */
|
|
export function buildCommandsMessagePaginated(
|
|
...args: Parameters<typeof buildCommandsMessagePaginatedCompat>
|
|
): ReturnType<typeof buildCommandsMessagePaginatedCompat> {
|
|
return buildCommandsMessagePaginatedCompat(...args);
|
|
}
|
|
|
|
/** @deprecated Use `openclaw/plugin-sdk/command-status` instead. */
|
|
export function buildHelpMessage(
|
|
...args: Parameters<typeof buildHelpMessageCompat>
|
|
): ReturnType<typeof buildHelpMessageCompat> {
|
|
return buildHelpMessageCompat(...args);
|
|
}
|