feat: add sessions tools and send policy

2026-01-03 23:44:38 +01:00
parent 919d5d1dbb
commit e7c9b9a749
24 changed files with 1304 additions and 4 deletions
--- a/src/sessions/send-policy.test.ts
+++ b/src/sessions/send-policy.test.ts
@@ -0,0 +1,53 @@
+import { describe, expect, it } from "vitest";
+import type { ClawdisConfig } from "../config/config.js";
+import type { SessionEntry } from "../config/sessions.js";
+import { resolveSendPolicy } from "./send-policy.js";
+
+describe("resolveSendPolicy", () => {
+  it("defaults to allow", () => {
+    const cfg = {} as ClawdisConfig;
+    expect(resolveSendPolicy({ cfg })).toBe("allow");
+  });
+
+  it("entry override wins", () => {
+    const cfg = {
+      session: { sendPolicy: { default: "allow" } },
+    } as ClawdisConfig;
+    const entry: SessionEntry = { sessionId: "s", updatedAt: 0, sendPolicy: "deny" };
+    expect(resolveSendPolicy({ cfg, entry })).toBe("deny");
+  });
+
+  it("rule match by surface + chatType", () => {
+    const cfg = {
+      session: {
+        sendPolicy: {
+          default: "allow",
+          rules: [
+            { action: "deny", match: { surface: "discord", chatType: "group" } },
+          ],
+        },
+      },
+    } as ClawdisConfig;
+    const entry: SessionEntry = {
+      sessionId: "s",
+      updatedAt: 0,
+      surface: "discord",
+      chatType: "group",
+    };
+    expect(resolveSendPolicy({ cfg, entry, sessionKey: "discord:group:dev" })).toBe(
+      "deny",
+    );
+  });
+
+  it("rule match by keyPrefix", () => {
+    const cfg = {
+      session: {
+        sendPolicy: {
+          default: "allow",
+          rules: [{ action: "deny", match: { keyPrefix: "cron:" } }],
+        },
+      },
+    } as ClawdisConfig;
+    expect(resolveSendPolicy({ cfg, sessionKey: "cron:job-1" })).toBe("deny");
+  });
+});
--- a/src/sessions/send-policy.ts
+++ b/src/sessions/send-policy.ts
@@ -0,0 +1,79 @@
+import type { ClawdisConfig } from "../config/config.js";
+import type { SessionEntry, SessionChatType } from "../config/sessions.js";
+
+export type SessionSendPolicyDecision = "allow" | "deny";
+
+export function normalizeSendPolicy(
+  raw?: string | null,
+): SessionSendPolicyDecision | undefined {
+  const value = raw?.trim().toLowerCase();
+  if (value === "allow") return "allow";
+  if (value === "deny") return "deny";
+  return undefined;
+}
+
+function normalizeMatchValue(raw?: string | null) {
+  const value = raw?.trim().toLowerCase();
+  return value ? value : undefined;
+}
+
+function deriveSurfaceFromKey(key?: string) {
+  if (!key) return undefined;
+  const parts = key.split(":").filter(Boolean);
+  if (parts.length >= 3 && (parts[1] === "group" || parts[1] === "channel")) {
+    return normalizeMatchValue(parts[0]);
+  }
+  return undefined;
+}
+
+function deriveChatTypeFromKey(key?: string): SessionChatType | undefined {
+  if (!key) return undefined;
+  if (key.startsWith("group:") || key.includes(":group:")) return "group";
+  if (key.includes(":channel:")) return "room";
+  return undefined;
+}
+
+export function resolveSendPolicy(params: {
+  cfg: ClawdisConfig;
+  entry?: SessionEntry;
+  sessionKey?: string;
+  surface?: string;
+  chatType?: SessionChatType;
+}): SessionSendPolicyDecision {
+  const override = normalizeSendPolicy(params.entry?.sendPolicy);
+  if (override) return override;
+
+  const policy = params.cfg.session?.sendPolicy;
+  if (!policy) return "allow";
+
+  const surface =
+    normalizeMatchValue(params.surface) ??
+    normalizeMatchValue(params.entry?.surface) ??
+    normalizeMatchValue(params.entry?.lastChannel) ??
+    deriveSurfaceFromKey(params.sessionKey);
+  const chatType =
+    normalizeMatchValue(params.chatType ?? params.entry?.chatType) ??
+    normalizeMatchValue(deriveChatTypeFromKey(params.sessionKey));
+  const sessionKey = params.sessionKey ?? "";
+
+  let allowedMatch = false;
+  for (const rule of policy.rules ?? []) {
+    if (!rule) continue;
+    const action = normalizeSendPolicy(rule.action) ?? "allow";
+    const match = rule.match ?? {};
+    const matchSurface = normalizeMatchValue(match.surface);
+    const matchChatType = normalizeMatchValue(match.chatType);
+    const matchPrefix = normalizeMatchValue(match.keyPrefix);
+
+    if (matchSurface && matchSurface !== surface) continue;
+    if (matchChatType && matchChatType !== chatType) continue;
+    if (matchPrefix && !sessionKey.startsWith(matchPrefix)) continue;
+    if (action === "deny") return "deny";
+    allowedMatch = true;
+  }
+
+  if (allowedMatch) return "allow";
+
+  const fallback = normalizeSendPolicy(policy.default);
+  return fallback ?? "allow";
+}