let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: default groupPolicy to allowlist

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-12 08:21:50 +00:00
parent ba3158e01a
commit 842e91d019
28 changed files with 183 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/providers/plugins/discord.ts
View File

@@ -117,6 +117,21 @@ export const discordPlugin: ProviderPlugin<ResolvedDiscordAccount> = {
raw.replace(/^(discord|user):/i, "").replace(/^<@!?(\d+)>$/, "$1"),
};
},
collectWarnings: ({ account }) => {
const groupPolicy = account.config.groupPolicy ?? "allowlist";
if (groupPolicy !== "open") return [];
const channelAllowlistConfigured =
Boolean(account.config.guilds) &&
Object.keys(account.config.guilds ?? {}).length > 0;
if (channelAllowlistConfigured) {
return [
`- Discord guilds: groupPolicy="open" allows any channel not explicitly denied to trigger (mention-gated). Set discord.groupPolicy="allowlist" and configure discord.guilds.<id>.channels.`,
];
}
return [
`- Discord guilds: groupPolicy="open" with no guild/channel allowlist; any channel can trigger (mention-gated). Set discord.groupPolicy="allowlist" and configure discord.guilds.<id>.channels.`,
];
},
},
groups: {
resolveRequireMention: resolveDiscordGroupRequireMention,

7
src/providers/plugins/imessage.ts
View File

@@ -99,6 +99,13 @@ export const imessagePlugin: ProviderPlugin<ResolvedIMessageAccount> = {
approveHint: formatPairingApproveHint("imessage"),
};
},
collectWarnings: ({ account }) => {
const groupPolicy = account.config.groupPolicy ?? "allowlist";
if (groupPolicy !== "open") return [];
return [
`- iMessage groups: groupPolicy="open" allows any member to trigger the bot. Set imessage.groupPolicy="allowlist" + imessage.groupAllowFrom to restrict senders.`,
];
},
},
groups: {
resolveRequireMention: resolveIMessageGroupRequireMention,

7
src/providers/plugins/signal.ts
View File

@@ -117,6 +117,13 @@ export const signalPlugin: ProviderPlugin<ResolvedSignalAccount> = {
normalizeE164(raw.replace(/^signal:/i, "").trim()),
};
},
collectWarnings: ({ account }) => {
const groupPolicy = account.config.groupPolicy ?? "allowlist";
if (groupPolicy !== "open") return [];
return [
`- Signal groups: groupPolicy="open" allows any member to trigger the bot. Set signal.groupPolicy="allowlist" + signal.groupAllowFrom to restrict senders.`,
];
},
},
messaging: {
normalizeTarget: normalizeSignalMessagingTarget,

15
src/providers/plugins/slack.ts
View File

@@ -113,6 +113,21 @@ export const slackPlugin: ProviderPlugin<ResolvedSlackAccount> = {
normalizeEntry: (raw) => raw.replace(/^(slack|user):/i, ""),
};
},
collectWarnings: ({ account }) => {
const groupPolicy = account.config.groupPolicy ?? "allowlist";
if (groupPolicy !== "open") return [];
const channelAllowlistConfigured =
Boolean(account.config.channels) &&
Object.keys(account.config.channels ?? {}).length > 0;
if (channelAllowlistConfigured) {
return [
`- Slack channels: groupPolicy="open" allows any channel not explicitly denied to trigger (mention-gated). Set slack.groupPolicy="allowlist" and configure slack.channels.`,
];
}
return [
`- Slack channels: groupPolicy="open" with no channel allowlist; any channel can trigger (mention-gated). Set slack.groupPolicy="allowlist" and configure slack.channels.`,
];
},
},
groups: {
resolveRequireMention: resolveSlackGroupRequireMention,

11
src/providers/plugins/telegram.ts
View File

@@ -123,12 +123,17 @@ export const telegramPlugin: ProviderPlugin<ResolvedTelegramAccount> = {
};
},
collectWarnings: ({ account }) => {
const groupPolicy = account.config.groupPolicy ?? "open";
const groupPolicy = account.config.groupPolicy ?? "allowlist";
if (groupPolicy !== "open") return [];
const groupAllowlistConfigured =
account.config.groups && Object.keys(account.config.groups).length > 0;
if (groupPolicy !== "open" || groupAllowlistConfigured) return [];
if (groupAllowlistConfigured) {
return [
`- Telegram groups: groupPolicy="open" allows any member in allowed groups to trigger (mention-gated). Set telegram.groupPolicy="allowlist" + telegram.groupAllowFrom to restrict senders.`,
];
}
return [
`- Telegram groups: open (groupPolicy="open") with no telegram.groups allowlist; mention-gating applies but any group can add + ping.`,
`- Telegram groups: groupPolicy="open" with no telegram.groups allowlist; any group can add + ping (mention-gated). Set telegram.groupPolicy="allowlist" + telegram.groupAllowFrom or configure telegram.groups.`,
];
},
},

14
src/providers/plugins/whatsapp.ts
View File

@@ -148,6 +148,20 @@ export const whatsappPlugin: ProviderPlugin<ResolvedWhatsAppAccount> = {
normalizeEntry: (raw) => normalizeE164(raw),
};
},
collectWarnings: ({ account }) => {
const groupPolicy = account.groupPolicy ?? "allowlist";
if (groupPolicy !== "open") return [];
const groupAllowlistConfigured =
Boolean(account.groups) && Object.keys(account.groups ?? {}).length > 0;
if (groupAllowlistConfigured) {
return [
`- WhatsApp groups: groupPolicy="open" allows any member in allowed groups to trigger (mention-gated). Set whatsapp.groupPolicy="allowlist" + whatsapp.groupAllowFrom to restrict senders.`,
];
}
return [
`- WhatsApp groups: groupPolicy="open" with no whatsapp.groups allowlist; any group can add + ping (mention-gated). Set whatsapp.groupPolicy="allowlist" + whatsapp.groupAllowFrom or configure whatsapp.groups.`,
];
},
},
setup: {
resolveAccountId: ({ accountId }) => normalizeAccountId(accountId),