refactor: harden plugin install flow and main DM route pinning

2026-05-11 18:03:44 +00:00 · 2026-03-02 21:22:32 +00:00
parent af637deed1
commit b782ecb7eb
22 changed files with 737 additions and 269 deletions
--- a/src/signal/identity.ts
+++ b/src/signal/identity.ts
@@ -95,6 +95,14 @@ function parseSignalAllowEntry(entry: string): SignalAllowEntry | null {
  return { kind: "phone", e164: normalizeE164(stripped) };
 }

+export function normalizeSignalAllowRecipient(entry: string): string | undefined {
+  const parsed = parseSignalAllowEntry(entry);
+  if (!parsed || parsed.kind === "any") {
+    return undefined;
+  }
+  return parsed.kind === "phone" ? parsed.e164 : parsed.raw;
+}
+
 export function isSignalSenderAllowed(sender: SignalSender, allowFrom: string[]): boolean {
  if (allowFrom.length === 0) {
    return false;
--- a/src/signal/monitor/event-handler.ts
+++ b/src/signal/monitor/event-handler.ts
@@ -31,13 +31,17 @@ import { danger, logVerbose, shouldLogVerbose } from "../../globals.js";
 import { enqueueSystemEvent } from "../../infra/system-events.js";
 import { mediaKindFromMime } from "../../media/constants.js";
 import { resolveAgentRoute } from "../../routing/resolve-route.js";
-import { DM_GROUP_ACCESS_REASON } from "../../security/dm-policy-shared.js";
+import {
+  DM_GROUP_ACCESS_REASON,
+  resolvePinnedMainDmOwnerFromAllowlist,
+} from "../../security/dm-policy-shared.js";
 import { normalizeE164 } from "../../utils.js";
 import {
  formatSignalPairingIdLine,
  formatSignalSenderDisplay,
  formatSignalSenderId,
  isSignalSenderAllowed,
+  normalizeSignalAllowRecipient,
  resolveSignalPeerId,
  resolveSignalRecipient,
  resolveSignalSender,
@@ -184,6 +188,25 @@ export function createSignalEventHandler(deps: SignalEventHandlerDeps) {
            channel: "signal",
            to: entry.senderRecipient,
            accountId: route.accountId,
+            mainDmOwnerPin: (() => {
+              const pinnedOwner = resolvePinnedMainDmOwnerFromAllowlist({
+                dmScope: deps.cfg.session?.dmScope,
+                allowFrom: deps.allowFrom,
+                normalizeEntry: normalizeSignalAllowRecipient,
+              });
+              if (!pinnedOwner) {
+                return undefined;
+              }
+              return {
+                ownerRecipient: pinnedOwner,
+                senderRecipient: entry.senderRecipient,
+                onSkip: ({ ownerRecipient, senderRecipient }) => {
+                  logVerbose(
+                    `signal: skip main-session last route for ${senderRecipient} (pinned owner ${ownerRecipient})`,
+                  );
+                },
+              };
+            })(),
          }
        : undefined,
      onRecordError: (err) => {