fix: harden dm command authorization in open mode

2026-05-10 11:24:58 +00:00 · 2026-02-26 19:48:33 +01:00
parent 3f20c43308
commit dc6e4a5b13
8 changed files with 168 additions and 8 deletions
--- a/src/imessage/monitor/inbound-processing.test.ts
+++ b/src/imessage/monitor/inbound-processing.test.ts
@@ -58,3 +58,71 @@ describe("describeIMessageEchoDropLog", () => {
    ).toContain("id=abc-123");
  });
 });
+
+describe("resolveIMessageInboundDecision command auth", () => {
+  const cfg = {} as OpenClawConfig;
+
+  it("does not auto-authorize DM commands in open mode without allowlists", () => {
+    const decision = resolveIMessageInboundDecision({
+      cfg,
+      accountId: "default",
+      message: {
+        id: 100,
+        sender: "+15555550123",
+        text: "/status",
+        is_from_me: false,
+        is_group: false,
+      },
+      opts: undefined,
+      messageText: "/status",
+      bodyText: "/status",
+      allowFrom: [],
+      groupAllowFrom: [],
+      groupPolicy: "open",
+      dmPolicy: "open",
+      storeAllowFrom: [],
+      historyLimit: 0,
+      groupHistories: new Map(),
+      echoCache: undefined,
+      logVerbose: undefined,
+    });
+
+    expect(decision.kind).toBe("dispatch");
+    if (decision.kind !== "dispatch") {
+      return;
+    }
+    expect(decision.commandAuthorized).toBe(false);
+  });
+
+  it("authorizes DM commands for senders in pairing-store allowlist", () => {
+    const decision = resolveIMessageInboundDecision({
+      cfg,
+      accountId: "default",
+      message: {
+        id: 101,
+        sender: "+15555550123",
+        text: "/status",
+        is_from_me: false,
+        is_group: false,
+      },
+      opts: undefined,
+      messageText: "/status",
+      bodyText: "/status",
+      allowFrom: [],
+      groupAllowFrom: [],
+      groupPolicy: "open",
+      dmPolicy: "open",
+      storeAllowFrom: ["+15555550123"],
+      historyLimit: 0,
+      groupHistories: new Map(),
+      echoCache: undefined,
+      logVerbose: undefined,
+    });
+
+    expect(decision.kind).toBe("dispatch");
+    if (decision.kind !== "dispatch") {
+      return;
+    }
+    expect(decision.commandAuthorized).toBe(true);
+  });
+});
--- a/src/imessage/monitor/inbound-processing.ts
+++ b/src/imessage/monitor/inbound-processing.ts
@@ -161,7 +161,6 @@ export function resolveIMessageInboundDecision(params: {
  });
  const effectiveDmAllowFrom = accessDecision.effectiveAllowFrom;
  const effectiveGroupAllowFrom = accessDecision.effectiveGroupAllowFrom;
-  const dmAuthorized = !isGroup && accessDecision.decision === "allow";

  if (accessDecision.decision !== "allow") {
    if (isGroup) {
@@ -287,7 +286,7 @@ export function resolveIMessageInboundDecision(params: {
    allowTextCommands: true,
    hasControlCommand: hasControlCommandInMessage,
  });
-  const commandAuthorized = isGroup ? commandGate.commandAuthorized : dmAuthorized;
+  const commandAuthorized = commandGate.commandAuthorized;
  if (isGroup && commandGate.shouldBlock) {
    if (params.logVerbose) {
      logInboundDrop({