feat(session): add dmScope for multi-user DM isolation
Co-authored-by: Alphonse-arianee <Alphonse-arianee@users.noreply.github.com>
This commit is contained in:
Ubuntu
committed by
Peter Steinberger
Peter Steinberger
parent
e6364d031d
commit
ca9688b5cc
@@ -34,6 +34,8 @@ export async function noteSecurityWarnings(cfg: ClawdbotConfig) {
|
||||
.map((v) => v.trim())
|
||||
.filter(Boolean);
|
||||
const allowCount = Array.from(new Set([...normalizedCfg, ...normalizedStore])).length;
|
||||
const dmScope = cfg.session?.dmScope ?? "main";
|
||||
const isMultiUserDm = hasWildcard || allowCount > 1;
|
||||
|
||||
if (dmPolicy === "open") {
|
||||
const allowFromPath = `${params.allowFromPath}allowFrom`;
|
||||
@@ -43,7 +45,6 @@ export async function noteSecurityWarnings(cfg: ClawdbotConfig) {
|
||||
`- ${params.label} DMs: config invalid — "open" requires ${allowFromPath} to include "*".`,
|
||||
);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
if (dmPolicy === "disabled") {
|
||||
@@ -51,12 +52,18 @@ export async function noteSecurityWarnings(cfg: ClawdbotConfig) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (allowCount === 0) {
|
||||
if (dmPolicy !== "open" && allowCount === 0) {
|
||||
warnings.push(
|
||||
`- ${params.label} DMs: locked (${policyPath}="${dmPolicy}") with no allowlist; unknown senders will be blocked / get a pairing code.`,
|
||||
);
|
||||
warnings.push(` ${params.approveHint}`);
|
||||
}
|
||||
|
||||
if (dmScope === "main" && isMultiUserDm) {
|
||||
warnings.push(
|
||||
`- ${params.label} DMs: multiple senders share the main session; set session.dmScope="per-channel-peer" to isolate sessions.`,
|
||||
);
|
||||
}
|
||||
};
|
||||
|
||||
for (const plugin of listChannelPlugins()) {
|
||||
|
||||
@@ -167,6 +167,7 @@ async function noteChannelPrimer(
|
||||
"DM security: default is pairing; unknown DMs get a pairing code.",
|
||||
"Approve with: clawdbot pairing approve <channel> <code>",
|
||||
'Public DMs require dmPolicy="open" + allowFrom=["*"].',
|
||||
'Multi-user DMs: set session.dmScope="per-channel-peer" to isolate sessions.',
|
||||
`Docs: ${formatDocsLink("/start/pairing", "start/pairing")}`,
|
||||
"",
|
||||
...channelLines,
|
||||
@@ -212,6 +213,7 @@ async function maybeConfigureDmPolicies(params: {
|
||||
"Default: pairing (unknown DMs get a pairing code).",
|
||||
`Approve: clawdbot pairing approve ${policy.channel} <code>`,
|
||||
`Public DMs: ${policy.policyKey}="open" + ${policy.allowFromKey} includes "*".`,
|
||||
'Multi-user DMs: set session.dmScope="per-channel-peer" to isolate sessions.',
|
||||
`Docs: ${formatDocsLink("/start/pairing", "start/pairing")}`,
|
||||
].join("\n"),
|
||||
`${policy.label} DM access`,
|
||||
|
||||
Reference in New Issue
Block a user