feat: add dm allowlist match metadata logs

Co-authored-by: thewilloftheshadow <thewilloftheshadow@users.noreply.github.com>
2026-01-18 00:14:41 +00:00
parent 1bf3861ca4
commit a5aa48beea
8 changed files with 211 additions and 59 deletions
--- a/extensions/matrix/src/matrix/monitor/allowlist.ts
+++ b/extensions/matrix/src/matrix/monitor/allowlist.ts
@@ -10,23 +10,49 @@ function normalizeMatrixUser(raw?: string | null): string {
  return (raw ?? "").trim().toLowerCase();
 }

+export type MatrixAllowListMatch = {
+  allowed: boolean;
+  matchKey?: string;
+  matchSource?: "wildcard" | "id" | "prefixed-id" | "prefixed-user" | "name" | "localpart";
+};
+
+export function resolveMatrixAllowListMatch(params: {
+  allowList: string[];
+  userId?: string;
+  userName?: string;
+}): MatrixAllowListMatch {
+  const allowList = params.allowList;
+  if (allowList.length === 0) return { allowed: false };
+  if (allowList.includes("*")) {
+    return { allowed: true, matchKey: "*", matchSource: "wildcard" };
+  }
+  const userId = normalizeMatrixUser(params.userId);
+  const userName = normalizeMatrixUser(params.userName);
+  const localPart = userId.startsWith("@") ? (userId.slice(1).split(":")[0] ?? "") : "";
+  const candidates: Array<{ value?: string; source: MatrixAllowListMatch["matchSource"] }> = [
+    { value: userId, source: "id" },
+    { value: userId ? `matrix:${userId}` : "", source: "prefixed-id" },
+    { value: userId ? `user:${userId}` : "", source: "prefixed-user" },
+    { value: userName, source: "name" },
+    { value: localPart, source: "localpart" },
+  ];
+  for (const candidate of candidates) {
+    if (!candidate.value) continue;
+    if (allowList.includes(candidate.value)) {
+      return {
+        allowed: true,
+        matchKey: candidate.value,
+        matchSource: candidate.source,
+      };
+    }
+  }
+  return { allowed: false };
+}
+
 export function resolveMatrixAllowListMatches(params: {
  allowList: string[];
  userId?: string;
  userName?: string;
 }) {
-  const allowList = params.allowList;
-  if (allowList.length === 0) return false;
-  if (allowList.includes("*")) return true;
-  const userId = normalizeMatrixUser(params.userId);
-  const userName = normalizeMatrixUser(params.userName);
-  const localPart = userId.startsWith("@") ? (userId.slice(1).split(":")[0] ?? "") : "";
-  const candidates = [
-    userId,
-    userId ? `matrix:${userId}` : "",
-    userId ? `user:${userId}` : "",
-    userName,
-    localPart,
-  ].filter(Boolean);
-  return candidates.some((value) => allowList.includes(value));
+  return resolveMatrixAllowListMatch(params).allowed;
 }
--- a/extensions/matrix/src/matrix/monitor/index.ts
+++ b/extensions/matrix/src/matrix/monitor/index.ts
@@ -41,7 +41,11 @@ import {
  parsePollStartContent,
 } from "../poll-types.js";
 import { reactMatrixMessage, sendMessageMatrix, sendTypingMatrix } from "../send.js";
-import { resolveMatrixAllowListMatches, normalizeAllowListLower } from "./allowlist.js";
+import {
+  resolveMatrixAllowListMatch,
+  resolveMatrixAllowListMatches,
+  normalizeAllowListLower,
+} from "./allowlist.js";
 import { registerMatrixAutoJoin } from "./auto-join.js";
 import { createDirectRoomTracker } from "./direct.js";
 import { downloadMatrixMedia } from "./media.js";
@@ -210,14 +214,15 @@ export async function monitorMatrixProvider(opts: MonitorMatrixOpts = {}): Promi
      if (isDirectMessage) {
        if (!dmEnabled || dmPolicy === "disabled") return;
        if (dmPolicy !== "open") {
-          const permitted =
-            effectiveAllowFrom.length > 0 &&
-            resolveMatrixAllowListMatches({
-              allowList: effectiveAllowFrom,
-              userId: senderId,
-              userName: senderName,
-            });
-          if (!permitted) {
+          const allowMatch = resolveMatrixAllowListMatch({
+            allowList: effectiveAllowFrom,
+            userId: senderId,
+            userName: senderName,
+          });
+          const allowMatchMeta = `matchKey=${allowMatch.matchKey ?? "none"} matchSource=${
+            allowMatch.matchSource ?? "none"
+          }`;
+          if (!allowMatch.allowed) {
            if (dmPolicy === "pairing") {
              const { code, created } = await upsertChannelPairingRequest({
                channel: "matrix",
@@ -225,6 +230,9 @@ export async function monitorMatrixProvider(opts: MonitorMatrixOpts = {}): Promi
                meta: { name: senderName },
              });
              if (created) {
+                logVerbose(
+                  `matrix pairing request sender=${senderId} name=${senderName ?? "unknown"} (${allowMatchMeta})`,
+                );
                try {
                  await sendMessageMatrix(
                    `room:${roomId}`,
@@ -243,6 +251,11 @@ export async function monitorMatrixProvider(opts: MonitorMatrixOpts = {}): Promi
                }
              }
            }
+            if (dmPolicy !== "pairing") {
+              logVerbose(
+                `matrix: blocked dm sender ${senderId} (dmPolicy=${dmPolicy}, ${allowMatchMeta})`,
+              );
+            }
            return;
          }
        }
@@ -261,6 +274,9 @@ export async function monitorMatrixProvider(opts: MonitorMatrixOpts = {}): Promi
          return;
        }
      }
+      if (isRoom) {
+        logVerbose(`matrix: allow room ${roomId} (${roomMatchMeta})`);
+      }

      const rawBody = content.body.trim();
      let media: {