github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 05:37:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
cc03c097c5eb0044266c7c0fef500be0db1ab966
openclaw/src/channels/plugins/group-policy-warnings.ts
Peter Steinberger cc03c097c5 refactor: share provider group-policy warning collectors
2026-03-08 00:05:24 +00:00

158 lines
5.7 KiB
TypeScript
Raw Blame History

import type { OpenClawConfig } from "../../config/config.js";
import {
resolveAllowlistProviderRuntimeGroupPolicy,
resolveDefaultGroupPolicy,
resolveOpenProviderRuntimeGroupPolicy,
} from "../../config/runtime-group-policy.js";
import type { GroupPolicy } from "../../config/types.base.js";
type GroupPolicyWarningCollector = (groupPolicy: GroupPolicy) => string[];
export function buildOpenGroupPolicyWarning(params: {
surface: string;
openBehavior: string;
remediation: string;
}): string {
return `- ${params.surface}: groupPolicy="open" ${params.openBehavior}. ${params.remediation}.`;
}
export function buildOpenGroupPolicyRestrictSendersWarning(params: {
surface: string;
openScope: string;
groupPolicyPath: string;
groupAllowFromPath: string;
mentionGated?: boolean;
}): string {
const mentionSuffix = params.mentionGated === false ? "" : " (mention-gated)";
return buildOpenGroupPolicyWarning({
surface: params.surface,
openBehavior: `allows ${params.openScope} to trigger${mentionSuffix}`,
remediation: `Set ${params.groupPolicyPath}="allowlist" + ${params.groupAllowFromPath} to restrict senders`,
});
}
export function buildOpenGroupPolicyNoRouteAllowlistWarning(params: {
surface: string;
routeAllowlistPath: string;
routeScope: string;
groupPolicyPath: string;
groupAllowFromPath: string;
mentionGated?: boolean;
}): string {
const mentionSuffix = params.mentionGated === false ? "" : " (mention-gated)";
return buildOpenGroupPolicyWarning({
surface: params.surface,
openBehavior: `with no ${params.routeAllowlistPath} allowlist; any ${params.routeScope} can add + ping${mentionSuffix}`,
remediation: `Set ${params.groupPolicyPath}="allowlist" + ${params.groupAllowFromPath} or configure ${params.routeAllowlistPath}`,
});
}
export function buildOpenGroupPolicyConfigureRouteAllowlistWarning(params: {
surface: string;
openScope: string;
groupPolicyPath: string;
routeAllowlistPath: string;
mentionGated?: boolean;
}): string {
const mentionSuffix = params.mentionGated === false ? "" : " (mention-gated)";
return buildOpenGroupPolicyWarning({
surface: params.surface,
openBehavior: `allows ${params.openScope} to trigger${mentionSuffix}`,
remediation: `Set ${params.groupPolicyPath}="allowlist" and configure ${params.routeAllowlistPath}`,
});
}
export function collectOpenGroupPolicyRestrictSendersWarnings(
params: Parameters<typeof buildOpenGroupPolicyRestrictSendersWarning>[0] & {
groupPolicy: "open" | "allowlist" | "disabled";
},
): string[] {
if (params.groupPolicy !== "open") {
return [];
}
return [buildOpenGroupPolicyRestrictSendersWarning(params)];
}
export function collectAllowlistProviderRestrictSendersWarnings(
params: {
cfg: OpenClawConfig;
providerConfigPresent: boolean;
configuredGroupPolicy?: GroupPolicy | null;
} & Omit<Parameters<typeof collectOpenGroupPolicyRestrictSendersWarnings>[0], "groupPolicy">,
): string[] {
return collectAllowlistProviderGroupPolicyWarnings({
cfg: params.cfg,
providerConfigPresent: params.providerConfigPresent,
configuredGroupPolicy: params.configuredGroupPolicy,
collect: (groupPolicy) =>
collectOpenGroupPolicyRestrictSendersWarnings({
groupPolicy,
surface: params.surface,
openScope: params.openScope,
groupPolicyPath: params.groupPolicyPath,
groupAllowFromPath: params.groupAllowFromPath,
mentionGated: params.mentionGated,
}),
});
}
export function collectAllowlistProviderGroupPolicyWarnings(params: {
cfg: OpenClawConfig;
providerConfigPresent: boolean;
configuredGroupPolicy?: GroupPolicy | null;
collect: GroupPolicyWarningCollector;
}): string[] {
const defaultGroupPolicy = resolveDefaultGroupPolicy(params.cfg);
const { groupPolicy } = resolveAllowlistProviderRuntimeGroupPolicy({
providerConfigPresent: params.providerConfigPresent,
groupPolicy: params.configuredGroupPolicy ?? undefined,
defaultGroupPolicy,
});
return params.collect(groupPolicy);
}
export function collectOpenProviderGroupPolicyWarnings(params: {
cfg: OpenClawConfig;
providerConfigPresent: boolean;
configuredGroupPolicy?: GroupPolicy | null;
collect: GroupPolicyWarningCollector;
}): string[] {
const defaultGroupPolicy = resolveDefaultGroupPolicy(params.cfg);
const { groupPolicy } = resolveOpenProviderRuntimeGroupPolicy({
providerConfigPresent: params.providerConfigPresent,
groupPolicy: params.configuredGroupPolicy ?? undefined,
defaultGroupPolicy,
});
return params.collect(groupPolicy);
}
export function collectOpenGroupPolicyRouteAllowlistWarnings(params: {
groupPolicy: "open" | "allowlist" | "disabled";
routeAllowlistConfigured: boolean;
restrictSenders: Parameters<typeof buildOpenGroupPolicyRestrictSendersWarning>[0];
noRouteAllowlist: Parameters<typeof buildOpenGroupPolicyNoRouteAllowlistWarning>[0];
}): string[] {
if (params.groupPolicy !== "open") {
return [];
}
if (params.routeAllowlistConfigured) {
return [buildOpenGroupPolicyRestrictSendersWarning(params.restrictSenders)];
}
return [buildOpenGroupPolicyNoRouteAllowlistWarning(params.noRouteAllowlist)];
}
export function collectOpenGroupPolicyConfiguredRouteWarnings(params: {
groupPolicy: "open" | "allowlist" | "disabled";
routeAllowlistConfigured: boolean;
configureRouteAllowlist: Parameters<typeof buildOpenGroupPolicyConfigureRouteAllowlistWarning>[0];
missingRouteAllowlist: Parameters<typeof buildOpenGroupPolicyWarning>[0];
}): string[] {
if (params.groupPolicy !== "open") {
return [];
}
if (params.routeAllowlistConfigured) {
return [buildOpenGroupPolicyConfigureRouteAllowlistWarning(params.configureRouteAllowlist)];
}
return [buildOpenGroupPolicyWarning(params.missingRouteAllowlist)];
}
Reference in New Issue View Git Blame Copy Permalink