refactor: standardize control command gating

2026-01-23 23:10:59 +00:00
parent 1113f17d4c
commit 07ce1d73ff
8 changed files with 82 additions and 74 deletions
--- a/src/imessage/monitor/monitor-provider.ts
+++ b/src/imessage/monitor/monitor-provider.ts
@@ -41,7 +41,7 @@ import {
 } from "../../pairing/pairing-store.js";
 import { resolveAgentRoute } from "../../routing/resolve-route.js";
 import { truncateUtf16Safe } from "../../utils.js";
-import { resolveCommandAuthorizedFromAuthorizers } from "../../channels/command-gating.js";
+import { resolveControlCommandGate } from "../../channels/command-gating.js";
 import { resolveIMessageAccount } from "../accounts.js";
 import { createIMessageRpcClient } from "../client.js";
 import { probeIMessage } from "../probe.js";
@@ -372,25 +372,23 @@ export async function monitorIMessageProvider(opts: MonitorIMessageOpts = {}): P
            chatIdentifier,
          })
        : false;
-    const commandAuthorized = isGroup
-      ? resolveCommandAuthorizedFromAuthorizers({
-          useAccessGroups,
-          authorizers: [
-            { configured: effectiveDmAllowFrom.length > 0, allowed: ownerAllowedForCommands },
-            { configured: effectiveGroupAllowFrom.length > 0, allowed: groupAllowedForCommands },
-          ],
-        })
-      : dmAuthorized;
-    if (isGroup && hasControlCommand(messageText, cfg) && !commandAuthorized) {
+    const hasControlCommandInMessage = hasControlCommand(messageText, cfg);
+    const commandGate = resolveControlCommandGate({
+      useAccessGroups,
+      authorizers: [
+        { configured: effectiveDmAllowFrom.length > 0, allowed: ownerAllowedForCommands },
+        { configured: effectiveGroupAllowFrom.length > 0, allowed: groupAllowedForCommands },
+      ],
+      allowTextCommands: true,
+      hasControlCommand: hasControlCommandInMessage,
+    });
+    const commandAuthorized = isGroup ? commandGate.commandAuthorized : dmAuthorized;
+    if (isGroup && commandGate.shouldBlock) {
      logVerbose(`imessage: drop control command from unauthorized sender ${sender}`);
      return;
    }
    const shouldBypassMention =
-      isGroup &&
-      requireMention &&
-      !mentioned &&
-      commandAuthorized &&
-      hasControlCommand(messageText);
+      isGroup && requireMention && !mentioned && commandAuthorized && hasControlCommandInMessage;
    const effectiveWasMentioned = mentioned || shouldBypassMention;
    if (isGroup && requireMention && canDetectMention && !mentioned && !shouldBypassMention) {
      logVerbose(`imessage: skipping group message (no mention)`);
--- a/src/plugin-sdk/index.ts
+++ b/src/plugin-sdk/index.ts
@@ -134,6 +134,7 @@ export { createReplyPrefixContext } from "../channels/reply-prefix.js";
 export { resolveChannelMediaMaxBytes } from "../channels/plugins/media-limits.js";
 export type { NormalizedLocation } from "../channels/location.js";
 export { formatLocationText, toLocationContext } from "../channels/location.js";
+export { resolveControlCommandGate } from "../channels/command-gating.js";
 export {
  resolveBlueBubblesGroupRequireMention,
  resolveDiscordGroupRequireMention,
--- a/src/signal/monitor/event-handler.ts
+++ b/src/signal/monitor/event-handler.ts
@@ -30,7 +30,7 @@ import {
 } from "../../pairing/pairing-store.js";
 import { resolveAgentRoute } from "../../routing/resolve-route.js";
 import { normalizeE164 } from "../../utils.js";
-import { resolveCommandAuthorizedFromAuthorizers } from "../../channels/command-gating.js";
+import { resolveControlCommandGate } from "../../channels/command-gating.js";
 import {
  formatSignalPairingIdLine,
  formatSignalSenderDisplay,
@@ -439,16 +439,18 @@ export function createSignalEventHandler(deps: SignalEventHandlerDeps) {
    const useAccessGroups = deps.cfg.commands?.useAccessGroups !== false;
    const ownerAllowedForCommands = isSignalSenderAllowed(sender, effectiveDmAllow);
    const groupAllowedForCommands = isSignalSenderAllowed(sender, effectiveGroupAllow);
-    const commandAuthorized = isGroup
-      ? resolveCommandAuthorizedFromAuthorizers({
-          useAccessGroups,
-          authorizers: [
-            { configured: effectiveDmAllow.length > 0, allowed: ownerAllowedForCommands },
-            { configured: effectiveGroupAllow.length > 0, allowed: groupAllowedForCommands },
-          ],
-        })
-      : dmAllowed;
-    if (isGroup && hasControlCommand(messageText, deps.cfg) && !commandAuthorized) {
+    const hasControlCommandInMessage = hasControlCommand(messageText, deps.cfg);
+    const commandGate = resolveControlCommandGate({
+      useAccessGroups,
+      authorizers: [
+        { configured: effectiveDmAllow.length > 0, allowed: ownerAllowedForCommands },
+        { configured: effectiveGroupAllow.length > 0, allowed: groupAllowedForCommands },
+      ],
+      allowTextCommands: true,
+      hasControlCommand: hasControlCommandInMessage,
+    });
+    const commandAuthorized = isGroup ? commandGate.commandAuthorized : dmAllowed;
+    if (isGroup && commandGate.shouldBlock) {
      logVerbose(`signal: drop control command from unauthorized sender ${senderDisplay}`);
      return;
    }