let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: surface match metadata in audits and slack logs

Browse Source 
Co-authored-by: thewilloftheshadow <thewilloftheshadow@users.noreply.github.com>
This commit is contained in:
Peter Steinberger
2026-01-18 00:50:33 +00:00
parent 79a44d0da4
commit 22c7f659f6
5 changed files with 59 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/channels/plugins/status-issues/discord.ts
View File

@@ -24,6 +24,8 @@ type DiscordPermissionsAuditSummary = {
ok?: boolean;
missing?: string[];
error?: string | null;
matchKey?: string;
matchSource?: string;
}>;
};
@@ -72,11 +74,15 @@ function readDiscordPermissionsAuditSummary(value: unknown): DiscordPermissionsA
? entry.missing.map((v) => asString(v)).filter(Boolean)
: undefined;
const error = asString(entry.error) ?? null;
const matchKey = asString(entry.matchKey) ?? undefined;
const matchSource = asString(entry.matchSource) ?? undefined;
return {
channelId,
ok,
missing: missing?.length ? missing : undefined,
error,
matchKey,
matchSource,
};
})
.filter(Boolean) as DiscordPermissionsAuditSummary["channels"])
@@ -122,11 +128,15 @@ export function collectDiscordStatusIssues(
if (channel.ok === true) continue;
const missing = channel.missing?.length ? ` missing ${channel.missing.join(", ")}` : "";
const error = channel.error ? `: ${channel.error}` : "";
const matchMeta =
channel.matchKey || channel.matchSource
? ` (matchKey=${channel.matchKey ?? "none"} matchSource=${channel.matchSource ?? "none"})`
: "";
issues.push({
channel: "discord",
accountId,
kind: "permissions",
message: `Channel ${channel.channelId} permission check failed.${missing}${error}`,
message: `Channel ${channel.channelId} permission check failed.${missing}${error}${matchMeta}`,
fix: "Ensure the bot role can view + send in this channel (and that channel overrides don't deny it).",
});
}

12
src/channels/plugins/status-issues/telegram.ts
View File

@@ -17,6 +17,8 @@ type TelegramGroupMembershipAuditSummary = {
ok?: boolean;
status?: string | null;
error?: string | null;
matchKey?: string;
matchSource?: string;
}>;
};
@@ -53,7 +55,9 @@ function readTelegramGroupMembershipAuditSummary(
const ok = typeof entry.ok === "boolean" ? entry.ok : undefined;
const status = asString(entry.status) ?? null;
const error = asString(entry.error) ?? null;
return { chatId, ok, status, error };
const matchKey = asString(entry.matchKey) ?? undefined;
const matchSource = asString(entry.matchSource) ?? undefined;
return { chatId, ok, status, error, matchKey, matchSource };
})
.filter(Boolean) as TelegramGroupMembershipAuditSummary["groups"])
: undefined;
@@ -107,11 +111,15 @@ export function collectTelegramStatusIssues(
if (group.ok === true) continue;
const status = group.status ? ` status=${group.status}` : "";
const err = group.error ? `: ${group.error}` : "";
const matchMeta =
group.matchKey || group.matchSource
? ` (matchKey=${group.matchKey ?? "none"} matchSource=${group.matchSource ?? "none"})`
: "";
issues.push({
channel: "telegram",
accountId,
kind: "runtime",
message: `Group ${group.chatId} not reachable by bot.${status}${err}`,
message: `Group ${group.chatId} not reachable by bot.${status}${err}${matchMeta}`,
fix: "Invite the bot to the group, then DM the bot once (/start) and restart the gateway.",
});
}

6
src/discord/audit.ts
View File

@@ -8,6 +8,8 @@ export type DiscordChannelPermissionsAuditEntry = {
ok: boolean;
missing?: string[];
error?: string | null;
matchKey?: string;
matchSource?: "id";
};
export type DiscordChannelPermissionsAudit = {
@@ -97,12 +99,16 @@ export async function auditDiscordChannelPermissions(params: {
ok: missing.length === 0,
missing: missing.length ? missing : undefined,
error: null,
matchKey: channelId,
matchSource: "id",
});
} catch (err) {
channels.push({
channelId,
ok: false,
error: err instanceof Error ? err.message : String(err),
matchKey: channelId,
matchSource: "id",
});
}
}

21
src/slack/monitor/slash.ts
View File

@@ -25,9 +25,9 @@ import { resolveCommandAuthorizedFromAuthorizers } from "../../channels/command-
import type { ResolvedSlackAccount } from "../accounts.js";
import {
allowListMatches,
normalizeAllowList,
normalizeAllowListLower,
resolveSlackAllowListMatch,
resolveSlackUserAllowed,
} from "./allow-list.js";
import { resolveSlackChannelConfig, type SlackChannelConfigResolved } from "./channel-config.js";
@@ -201,12 +201,15 @@ export function registerSlackMonitorSlashCommands(params: {
if (ctx.dmPolicy !== "open") {
const sender = await ctx.resolveUserName(command.user_id);
const senderName = sender?.name ?? undefined;
const permitted = allowListMatches({
const allowMatch = resolveSlackAllowListMatch({
allowList: effectiveAllowFromLower,
id: command.user_id,
name: senderName,
});
if (!permitted) {
const allowMatchMeta = `matchKey=${allowMatch.matchKey ?? "none"} matchSource=${
allowMatch.matchSource ?? "none"
}`;
if (!allowMatch.allowed) {
if (ctx.dmPolicy === "pairing") {
const { code, created } = await upsertChannelPairingRequest({
channel: "slack",
@@ -214,6 +217,11 @@ export function registerSlackMonitorSlashCommands(params: {
meta: { name: senderName },
});
if (created) {
logVerbose(
`slack pairing request sender=${command.user_id} name=${
senderName ?? "unknown"
} (${allowMatchMeta})`,
);
await respond({
text: buildPairingReply({
channel: "slack",
@@ -224,6 +232,9 @@ export function registerSlackMonitorSlashCommands(params: {
});
}
} else {
logVerbose(
`slack: blocked slash sender ${command.user_id} (dmPolicy=${ctx.dmPolicy}, ${allowMatchMeta})`,
);
await respond({
text: "You are not authorized to use this command.",
response_type: "ephemeral",
@@ -289,11 +300,11 @@ export function registerSlackMonitorSlashCommands(params: {
return;
}
const ownerAllowed = allowListMatches({
const ownerAllowed = resolveSlackAllowListMatch({
allowList: effectiveAllowFromLower,
id: command.user_id,
name: senderName,
});
}).allowed;
if (isRoomish) {
commandAuthorized = resolveCommandAuthorizedFromAuthorizers({
useAccessGroups: ctx.useAccessGroups,

19
src/telegram/audit.ts
View File

@@ -8,6 +8,8 @@ export type TelegramGroupMembershipAuditEntry = {
ok: boolean;
status?: string | null;
error?: string | null;
matchKey?: string;
matchSource?: "id";
};
export type TelegramGroupMembershipAudit = {
@@ -105,9 +107,16 @@ export async function auditTelegramGroupMembership(params: {
isRecord(json) && json.ok === false && typeof json.description === "string"
? json.description
: `getChatMember failed (${res.status})`;
groups.push({ chatId, ok: false, status: null, error: desc });
continue;
}
groups.push({
chatId,
ok: false,
status: null,
error: desc,
matchKey: chatId,
matchSource: "id",
});
continue;
}
const status = isRecord((json as TelegramApiOk<unknown>).result)
? ((json as TelegramApiOk<{ status?: string }>).result.status ?? null)
: null;
@@ -117,6 +126,8 @@ export async function auditTelegramGroupMembership(params: {
ok,
status,
error: ok ? null : "bot not in group",
matchKey: chatId,
matchSource: "id",
});
} catch (err) {
groups.push({
@@ -124,6 +135,8 @@ export async function auditTelegramGroupMembership(params: {
ok: false,
status: null,
error: err instanceof Error ? err.message : String(err),
matchKey: chatId,
matchSource: "id",
});
}
}