feat: cross-session message query with permission checks (#144)#145
Open
Jerry-Xin wants to merge 3 commits intodmwork-org:mainfrom
Open
feat: cross-session message query with permission checks (#144)#145Jerry-Xin wants to merge 3 commits intodmwork-org:mainfrom
Jerry-Xin wants to merge 3 commits intodmwork-org:mainfrom
Conversation
added 3 commits
April 1, 2026 16:04
) - Extend read action with requesterSenderId permission validation - Add search action (query=shared-groups) for shared group discovery - New modules: permission.ts, member-cache.ts, owner-registry.ts, audit.ts - Pass requesterSenderId from handleAction to action handlers - Startup preload of group member cache with reverse index - Cross-channel results wrapped with prompt injection protection - Content truncation (500 chars) and non-text type tags - Structured audit logging for all cross-channel queries - 342 tests passing (54 action tests, 10 permission, 11 cache)
…ork-org#144) - Add describeMessageTool for new OpenClaw SDK compatibility - Keep listActions for backward compatibility with older versions - Extract getAvailableActions shared helper to avoid duplication - Add messageToolHints for read (DM/group history) and search (shared-groups) - 342 tests passing
Change _groupToAccount from Map<string, string> (last-write-wins) to Map<string, Set<string>> to track all accounts per group. When multiple bots share a group, resolveAccountForGroup now returns undefined instead of a random winner, preserving the framework-provided accountId. Only corrects when the current accountId is definitively not registered for the group (single-bot groups). Fixes cross-session send failures and DM read returning wrong bot's messages in multi-account deployments.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements cross-session message query capability for DMWork adapter, allowing bots to read message history from other channels with proper permission checks.
Changes
New modules:
permission.ts— Permission validation: owner=full access, DM=self only, group=member onlymember-cache.ts— Group member cache with 5-min TTL + reverse index (uid → groups)owner-registry.ts— Maps accountId → owner_uid for owner privilege checksaudit.ts— Structured audit logging for all cross-session queriesModified:
actions.ts— Enhancedreadwith cross-channel permission checks, newsearchaction (query=shared-groups), content truncation (500 chars), non-text type tagschannel.ts— PassrequesterSenderIdto action handlers,describeMessageToolsupport,listActionsnow includessearch, fix group-to-account race condition (Map<string, string>→Map<string, Set<string>>)types.ts— SharedLogSinktypeSecurity
requesterSenderId(trusted, not from LLM)owner-registryTests
Closes #144