mirror of
https://github.com/openclaw/openclaw.git
synced 2026-06-25 10:39:33 +00:00
d7759c6a35
## Summary - Adds native Google Chat approval cards for exec and plugin approval requests that originate from Google Chat spaces or threads. - Uses opaque server-side action tokens for Google Chat `cardsV2` button callbacks and updates delivered approval messages after resolution or expiry. - Preserves the shipped Google Chat typing-message default while keeping approval cards on the channel-local native path. - Suppresses duplicate manual `/approve ...` follow-up delivery inside `extensions/googlechat/` when the native card path owns the approval prompt. - Documents Google Chat native approval behavior and the `typingIndicator: "message"` default. ## Linked context Which issue does this close? Closes # Which issues, PRs, or discussions are related? Related Spec 24.8: Google Chat native approval cards. Was this requested by a maintainer or owner? Requested by maintainer in the Codex task thread. ## Real behavior proof (required for external PRs) - Behavior addressed: Google Chat exec and plugin approvals render as native cards and resolve through Google Chat button clicks. The latest change verifies an exec approval card is not accompanied by a duplicate manual `/approve` instruction bubble. - Real environment tested: OpenClaw dev profile with a real Google Chat DM to the OpenClaw app, local gateway behind a temporary Cloudflare quick tunnel, and Arc/Computer Use against the signed-in Google Chat session. - Exact steps or command run after this patch: Rebuilt the gateway runtime, started the dev-profile gateway with the Google Chat webhook routed through the tunnel, sent a fresh exec request from Google Chat, verified only the native approval card appeared, clicked `Allow Once` in Google Chat, and checked the command output reply plus marker file. - Evidence after fix (screenshot, recording, terminal capture, console output, redacted runtime log, linked artifact, or copied live output): Latest proof used nonce `GCHAT_NODOUBLE_LIVE_20260604070730`, approval id `949bc08c-9e57-47c0-b045-137603782292`, and proof directory `.mem/main/proofs/demo-89502-dev-gchat-exec-approval-no-double-send-channel-race/`. `raw/google-chat-gchat-nodouble-request-card-only-clean.png` shows the fresh user message followed by a single native `Exec Approval Required` card with `Allow Once`/`Deny` and no manual `/approve` follow-up bubble. `raw/google-chat-gchat-nodouble-resolved-clean.png` shows the card edited to `Exec Approval: Allowed once` and the final successful command reply. `raw/gchat-nodouble-live-filtered-log.txt` contains `googlechat approval resolved id=949bc08c-9e57-47c0-b045-137603782292 decision=allow-once`. `raw/marker-file-check.txt` records `/tmp/openclaw-gchat-no-double-GCHAT_NODOUBLE_LIVE_20260604070730` as created. - Observed result after fix: The approval prompt posted as a native Google Chat card only. No duplicate manual approval-instruction bubble was sent. Clicking `Allow Once` resolved the approval through the gateway and OpenClaw replied with the successful exec output in the same Google Chat DM. - What was not tested: A persistent production Google Chat app URL; live proof used a temporary Cloudflare tunnel for the local dev callback. - Proof limitations or environment constraints: Video was not captured for the final resumed manual UI run; still screenshots, gateway/proxy logs, a marker-file artifact, and Showboat verification were captured. - Before evidence (optional but encouraged): Before the final channel-local suppression path, Google Chat could show both the native approval card and a separate manual `/approve` instruction bubble. ## Tests and validation Which commands did you run? - `node scripts/build-all.mjs gatewayWatch` - `node scripts/run-vitest.mjs extensions/googlechat/src/monitor-webhook.test.ts extensions/googlechat/src/monitor.test.ts extensions/googlechat/src/monitor.reply-delivery.test.ts extensions/googlechat/src/monitor-durable.test.ts extensions/googlechat/src/approval-card-actions.test.ts extensions/googlechat/src/approval-handler.runtime.test.ts extensions/googlechat/src/approval-native.test.ts extensions/googlechat/src/approval-card-click.test.ts extensions/googlechat/src/channel-config.test.ts extensions/googlechat/src/targets.test.ts` - `git diff --check` - `pnpm docs:list` - `uvx showboat --workdir .mem/main/proofs/demo-89502-dev-gchat-exec-approval-no-double-send-channel-race verify .mem/main/proofs/demo-89502-dev-gchat-exec-approval-no-double-send-channel-race/raw/showboat-summary.md` - Live dev-profile Google Chat proof described above. What regression coverage was added or updated? - Added Google Chat native approval capability, runtime delivery, card token, and card-click resolver tests. - Added in-flight native card send suppression coverage so manual follow-up text is suppressed while native card delivery is pending. - Added cleanup coverage so manual follow-ups are restored if native card send fails. - Updated webhook ACK coverage for card-click events and default typing-indicator behavior coverage. What failed before this fix, if known? Google Chat could deliver the native approval card and still allow a model/message-tool manual `/approve` follow-up to appear as a second visible bubble. If no test was added, why not? Tests were added for the changed runtime and webhook behavior. ## Risk checklist Did user-visible behavior change? (`Yes/No`) Yes. Did config, environment, or migration behavior change? (`Yes/No`) No migration. The shipped Google Chat `typingIndicator: "message"` default is preserved. Did security, auth, secrets, network, or tool execution behavior change? (`Yes/No`) Yes. What is the highest-risk area? Approval authorization and callback token handling for native Google Chat card actions. How is that risk mitigated? Callbacks carry opaque action tokens only, token bindings check account, space, message, expiry, allowed decision, and in-flight state, and actor authorization reuses the existing Google Chat approver allowlist adapter based on stable `users/<id>` principals. ## Current review state What is the next action? Merge after current-head CI for `5923f2af46`. What is still waiting on author, maintainer, CI, or external proof? Current-head CI is green for `5923f2af46`; live dev-profile proof is complete. Which bot or reviewer comments were addressed? Addressed duplicate approval delivery by keeping the final suppression path inside `extensions/googlechat/`, preserving default typing-message behavior, and proving the current Google Chat surface sends only the native approval card.
362 lines
12 KiB
TypeScript
362 lines
12 KiB
TypeScript
// Googlechat plugin module implements monitor webhook behavior.
|
|
import type { IncomingMessage, ServerResponse } from "node:http";
|
|
import { normalizeLowercaseStringOrEmpty } from "openclaw/plugin-sdk/string-coerce-runtime";
|
|
import {
|
|
normalizeWebhookPath,
|
|
resolveRequestClientIp,
|
|
type FixedWindowRateLimiter,
|
|
} from "openclaw/plugin-sdk/webhook-ingress";
|
|
import type { WebhookInFlightLimiter } from "openclaw/plugin-sdk/webhook-request-guards";
|
|
import { readJsonWebhookBodyOrReject } from "openclaw/plugin-sdk/webhook-request-guards";
|
|
import {
|
|
resolveWebhookTargetWithAuthOrReject,
|
|
withResolvedWebhookRequestPipeline,
|
|
} from "openclaw/plugin-sdk/webhook-targets";
|
|
import { verifyGoogleChatRequest } from "./auth.js";
|
|
import type { WebhookTarget } from "./monitor-types.js";
|
|
import type {
|
|
GoogleChatAction,
|
|
GoogleChatActionParameter,
|
|
GoogleChatEvent,
|
|
GoogleChatMessage,
|
|
GoogleChatSpace,
|
|
GoogleChatUser,
|
|
} from "./types.js";
|
|
|
|
function extractBearerToken(header: unknown): string {
|
|
const authHeader = Array.isArray(header)
|
|
? typeof header[0] === "string"
|
|
? header[0]
|
|
: ""
|
|
: typeof header === "string"
|
|
? header
|
|
: "";
|
|
return normalizeLowercaseStringOrEmpty(authHeader).startsWith("bearer ")
|
|
? authHeader.slice("bearer ".length).trim()
|
|
: "";
|
|
}
|
|
|
|
const ADD_ON_PREAUTH_MAX_BYTES = 16 * 1024;
|
|
const ADD_ON_PREAUTH_TIMEOUT_MS = 3_000;
|
|
|
|
type ParsedGoogleChatInboundPayload =
|
|
| { ok: true; event: GoogleChatEvent; addOnBearerToken: string }
|
|
| { ok: false };
|
|
type ParsedGoogleChatInboundSuccess = Extract<ParsedGoogleChatInboundPayload, { ok: true }>;
|
|
|
|
function recordParamsToActionParameters(
|
|
params?: Record<string, string>,
|
|
): GoogleChatActionParameter[] | undefined {
|
|
if (!params) {
|
|
return undefined;
|
|
}
|
|
const entries = Object.entries(params)
|
|
.filter((entry): entry is [string, string] => typeof entry[1] === "string")
|
|
.map(([key, value]) => ({ key, value }));
|
|
return entries.length > 0 ? entries : undefined;
|
|
}
|
|
|
|
function parseGoogleChatInboundPayload(
|
|
raw: unknown,
|
|
res: ServerResponse,
|
|
): ParsedGoogleChatInboundPayload {
|
|
if (!raw || typeof raw !== "object" || Array.isArray(raw)) {
|
|
res.statusCode = 400;
|
|
res.end("invalid payload");
|
|
return { ok: false };
|
|
}
|
|
|
|
let eventPayload = raw;
|
|
let addOnBearerToken = "";
|
|
|
|
// Transform Google Workspace Add-on format to standard Chat API format.
|
|
const rawObj = raw as {
|
|
commonEventObject?: {
|
|
hostApp?: string;
|
|
invokedFunction?: string;
|
|
parameters?: Record<string, string>;
|
|
};
|
|
chat?: {
|
|
messagePayload?: { space?: GoogleChatSpace; message?: GoogleChatMessage };
|
|
buttonClickedPayload?: {
|
|
space?: GoogleChatSpace;
|
|
message?: GoogleChatMessage;
|
|
user?: GoogleChatUser;
|
|
action?: GoogleChatAction;
|
|
};
|
|
user?: GoogleChatUser;
|
|
eventTime?: string;
|
|
};
|
|
authorizationEventObject?: { systemIdToken?: string };
|
|
};
|
|
|
|
if (rawObj.commonEventObject?.hostApp === "CHAT") {
|
|
addOnBearerToken =
|
|
typeof rawObj.authorizationEventObject?.systemIdToken === "string"
|
|
? rawObj.authorizationEventObject.systemIdToken.trim()
|
|
: "";
|
|
}
|
|
|
|
if (rawObj.commonEventObject?.hostApp === "CHAT" && rawObj.chat?.messagePayload) {
|
|
const chat = rawObj.chat;
|
|
const messagePayload = chat.messagePayload;
|
|
eventPayload = {
|
|
type: "MESSAGE",
|
|
space: messagePayload?.space,
|
|
message: messagePayload?.message,
|
|
user: chat.user,
|
|
eventTime: chat.eventTime,
|
|
};
|
|
} else if (rawObj.commonEventObject?.hostApp === "CHAT") {
|
|
const chat = rawObj.chat;
|
|
const buttonClickedPayload = chat?.buttonClickedPayload;
|
|
if (buttonClickedPayload) {
|
|
const invokedFunction = rawObj.commonEventObject.invokedFunction;
|
|
const actionParameters = recordParamsToActionParameters(rawObj.commonEventObject.parameters);
|
|
eventPayload = {
|
|
type: "CARD_CLICKED",
|
|
space: buttonClickedPayload.space,
|
|
message: buttonClickedPayload.message,
|
|
user: buttonClickedPayload.user ?? chat.user,
|
|
eventTime: chat.eventTime,
|
|
action:
|
|
buttonClickedPayload.action ??
|
|
({
|
|
...(typeof invokedFunction === "string" ? { actionMethodName: invokedFunction } : {}),
|
|
...(actionParameters ? { parameters: actionParameters } : {}),
|
|
} satisfies GoogleChatAction),
|
|
commonEventObject: {
|
|
...(typeof invokedFunction === "string" ? { invokedFunction } : {}),
|
|
parameters: rawObj.commonEventObject.parameters,
|
|
},
|
|
};
|
|
}
|
|
}
|
|
|
|
const event = eventPayload as GoogleChatEvent;
|
|
const eventType = event.type ?? (eventPayload as { eventType?: string }).eventType;
|
|
if (typeof eventType !== "string") {
|
|
res.statusCode = 400;
|
|
res.end("invalid payload");
|
|
return { ok: false };
|
|
}
|
|
|
|
if (!event.space || typeof event.space !== "object" || Array.isArray(event.space)) {
|
|
res.statusCode = 400;
|
|
res.end("invalid payload");
|
|
return { ok: false };
|
|
}
|
|
|
|
if (eventType === "MESSAGE") {
|
|
if (!event.message || typeof event.message !== "object" || Array.isArray(event.message)) {
|
|
res.statusCode = 400;
|
|
res.end("invalid payload");
|
|
return { ok: false };
|
|
}
|
|
} else if (eventType === "CARD_CLICKED") {
|
|
if (!event.user || typeof event.user !== "object" || Array.isArray(event.user)) {
|
|
res.statusCode = 400;
|
|
res.end("invalid payload");
|
|
return { ok: false };
|
|
}
|
|
}
|
|
|
|
return { ok: true, event, addOnBearerToken };
|
|
}
|
|
|
|
type GoogleChatWebhookAuthRejection = {
|
|
target: WebhookTarget;
|
|
reason: string;
|
|
};
|
|
|
|
async function verifyGoogleChatTargetAuth(
|
|
target: WebhookTarget,
|
|
bearer: string,
|
|
): Promise<{ ok: true } | { ok: false; reason: string }> {
|
|
const verification = await verifyGoogleChatRequest({
|
|
bearer,
|
|
audienceType: target.audienceType,
|
|
audience: target.audience,
|
|
expectedAddOnPrincipal: target.account.config.appPrincipal,
|
|
});
|
|
return verification.ok ? { ok: true } : { ok: false, reason: verification.reason ?? "unknown" };
|
|
}
|
|
|
|
function logGoogleChatWebhookAuthRejections(rejections: GoogleChatWebhookAuthRejection[]): void {
|
|
for (const rejection of rejections) {
|
|
rejection.target.runtime.log?.(
|
|
`[${rejection.target.account.accountId}] Google Chat webhook auth rejected: ${rejection.reason}`,
|
|
);
|
|
}
|
|
}
|
|
|
|
function logGoogleChatWebhookAuthRejectedForTargets(
|
|
targets: readonly WebhookTarget[],
|
|
reason: string,
|
|
): void {
|
|
logGoogleChatWebhookAuthRejections(targets.map((target) => ({ target, reason })));
|
|
}
|
|
|
|
async function resolveGoogleChatWebhookTargetWithAuthOrReject(params: {
|
|
targets: readonly WebhookTarget[];
|
|
res: ServerResponse;
|
|
bearer: string;
|
|
}): Promise<WebhookTarget | null> {
|
|
const rejections: GoogleChatWebhookAuthRejection[] = [];
|
|
let verifiedTargetCount = 0;
|
|
const selectedTarget = await resolveWebhookTargetWithAuthOrReject({
|
|
targets: params.targets,
|
|
res: params.res,
|
|
isMatch: async (target) => {
|
|
const verification = await verifyGoogleChatTargetAuth(target, params.bearer);
|
|
if (verification.ok) {
|
|
verifiedTargetCount += 1;
|
|
return true;
|
|
}
|
|
rejections.push({ target, reason: verification.reason });
|
|
return false;
|
|
},
|
|
});
|
|
if (!selectedTarget && verifiedTargetCount === 0) {
|
|
logGoogleChatWebhookAuthRejections(rejections);
|
|
}
|
|
return selectedTarget;
|
|
}
|
|
|
|
export function warnAppPrincipalMisconfiguration(params: {
|
|
accountId: string;
|
|
audienceType?: string;
|
|
appPrincipal?: string | null;
|
|
log?: (message: string) => void;
|
|
}): void {
|
|
if (params.audienceType !== "app-url") {
|
|
return;
|
|
}
|
|
const principal = params.appPrincipal?.trim();
|
|
if (!principal) {
|
|
params.log?.(
|
|
`[${params.accountId}] appPrincipal is missing for audienceType "app-url"; add-on token verification will fail. Set appPrincipal to the numeric OAuth 2.0 client ID (uniqueId, 21 digits), not an email.`,
|
|
);
|
|
} else if (principal.includes("@")) {
|
|
params.log?.(
|
|
`[${params.accountId}] appPrincipal "${principal}" looks like an email address. Set appPrincipal to the numeric OAuth 2.0 client ID (uniqueId, 21 digits), not an email.`,
|
|
);
|
|
}
|
|
}
|
|
|
|
export function createGoogleChatWebhookRequestHandler(params: {
|
|
webhookTargets: Map<string, WebhookTarget[]>;
|
|
webhookRateLimiter: FixedWindowRateLimiter;
|
|
webhookInFlightLimiter: WebhookInFlightLimiter;
|
|
processEvent: (event: GoogleChatEvent, target: WebhookTarget) => Promise<void>;
|
|
}): (req: IncomingMessage, res: ServerResponse) => Promise<boolean> {
|
|
return async (req: IncomingMessage, res: ServerResponse): Promise<boolean> => {
|
|
const path = normalizeWebhookPath(new URL(req.url ?? "/", "http://localhost").pathname);
|
|
// Shared-path registrations use the same gateway proxy settings in normal runtime setup.
|
|
const config = params.webhookTargets.get(path)?.[0]?.config;
|
|
const clientIp =
|
|
resolveRequestClientIp(
|
|
req,
|
|
config?.gateway?.trustedProxies,
|
|
config?.gateway?.allowRealIpFallback === true,
|
|
) ?? "unknown";
|
|
|
|
return await withResolvedWebhookRequestPipeline({
|
|
req,
|
|
res,
|
|
targetsByPath: params.webhookTargets,
|
|
allowMethods: ["POST"],
|
|
requireJsonContentType: true,
|
|
rateLimiter: params.webhookRateLimiter,
|
|
rateLimitKey: `${path}:${clientIp}`,
|
|
inFlightLimiter: params.webhookInFlightLimiter,
|
|
handle: async ({ targets }) => {
|
|
const headerBearer = extractBearerToken(req.headers.authorization);
|
|
let selectedTarget: WebhookTarget | null;
|
|
let parsedEvent: GoogleChatEvent | null;
|
|
const readAndParseEvent = async (
|
|
profile: "pre-auth" | "post-auth",
|
|
): Promise<ParsedGoogleChatInboundSuccess | null> => {
|
|
const body = await readJsonWebhookBodyOrReject({
|
|
req,
|
|
res,
|
|
profile,
|
|
...(profile === "pre-auth"
|
|
? {
|
|
maxBytes: ADD_ON_PREAUTH_MAX_BYTES,
|
|
timeoutMs: ADD_ON_PREAUTH_TIMEOUT_MS,
|
|
}
|
|
: {}),
|
|
emptyObjectOnEmpty: false,
|
|
invalidJsonMessage: "invalid payload",
|
|
});
|
|
if (!body.ok) {
|
|
return null;
|
|
}
|
|
|
|
const parsed = parseGoogleChatInboundPayload(body.value, res);
|
|
return parsed.ok ? parsed : null;
|
|
};
|
|
|
|
if (headerBearer) {
|
|
selectedTarget = await resolveGoogleChatWebhookTargetWithAuthOrReject({
|
|
targets,
|
|
res,
|
|
bearer: headerBearer,
|
|
});
|
|
if (!selectedTarget) {
|
|
return true;
|
|
}
|
|
|
|
const parsed = await readAndParseEvent("post-auth");
|
|
if (!parsed) {
|
|
return true;
|
|
}
|
|
parsedEvent = parsed.event;
|
|
} else {
|
|
const parsed = await readAndParseEvent("pre-auth");
|
|
if (!parsed) {
|
|
return true;
|
|
}
|
|
parsedEvent = parsed.event;
|
|
|
|
if (!parsed.addOnBearerToken) {
|
|
logGoogleChatWebhookAuthRejectedForTargets(targets, "missing token");
|
|
res.statusCode = 401;
|
|
res.end("unauthorized");
|
|
return true;
|
|
}
|
|
|
|
selectedTarget = await resolveGoogleChatWebhookTargetWithAuthOrReject({
|
|
targets,
|
|
res,
|
|
bearer: parsed.addOnBearerToken,
|
|
});
|
|
if (!selectedTarget) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
if (!selectedTarget || !parsedEvent) {
|
|
res.statusCode = 401;
|
|
res.end("unauthorized");
|
|
return true;
|
|
}
|
|
|
|
const dispatchTarget = selectedTarget;
|
|
dispatchTarget.statusSink?.({ lastInboundAt: Date.now() });
|
|
params.processEvent(parsedEvent, dispatchTarget).catch((err: unknown) => {
|
|
dispatchTarget.runtime.error?.(
|
|
`[${dispatchTarget.account.accountId}] Google Chat webhook failed: ${String(err)}`,
|
|
);
|
|
});
|
|
|
|
res.statusCode = 200;
|
|
res.setHeader("Content-Type", "application/json");
|
|
res.end("{}");
|
|
return true;
|
|
},
|
|
});
|
|
};
|
|
}
|