0d3326aae5
Replaces the agent-group-centric "main group" concept with user-level
privileges and adds the cold-DM infrastructure needed for proactive
outbound messaging (pairing, approvals, welcome flows).
Privilege model
- New tables: users, user_roles (owner global-only; admin global or
scoped to an agent_group), agent_group_members (explicit non-
privileged access; admin/owner imply membership), user_dms (cold-DM
resolution cache).
- Removed agent_groups.is_admin, messaging_groups.admin_user_id. Replaced
with messaging_groups.unknown_sender_policy (strict | request_approval
| public) for per-chat unknown-sender gating.
- src/access.ts: canAccessAgentGroup, pickApprover, pickApprovalDelivery.
- src/router.ts: access gate on every inbound, honoring
unknown_sender_policy for unknown senders.
- src/channels/telegram.ts: pairing interceptor upserts the paired user
and promotes them to owner if hasAnyOwner() is false (first-pair-wins).
Cold DM infrastructure
- ChannelAdapter.openDM?(handle) — optional method. Chat-SDK-bridge wires
it to chat.openDM() for resolution-required channels (Discord, Slack,
Teams, Webex, gChat); direct-addressable channels (Telegram, WhatsApp,
iMessage, Matrix, Resend) fall through to the handle directly.
- src/user-dm.ts: ensureUserDm(userId) — resolves + caches via user_dms.
Approval routing
- onecli-approvals + delivery use pickApprover + pickApprovalDelivery:
scoped admins → global admins → owners (dedup), first reachable via
ensureUserDm, same-channel-kind tie-break. Approvals land in the
approver's DM, not the origin chat.
Delivery fixes
- delivery.ts ACL rejection now throws instead of returning undefined —
the outer loop previously marked rejected messages as delivered.
- Implicit-origin allow: session.messaging_group_id === target skips the
destination check.
- createMessagingGroupAgent auto-creates the companion agent_destinations
row (normalized local_name from the messaging group's name, collision-
broken within the agent's namespace).
Container
- container-runner.ts: /workspace/global always read-only; drops
NANOCLAW_IS_ADMIN; adds NANOCLAW_ADMIN_USER_IDS (owners + global admins
+ scoped admins for this agent group). Agent-runner poll-loop gates
slash commands against that set.
New skill: /init-first-agent
- Walks the operator through standing up the first agent for a channel:
channel pick → identity lookup (reads each channel SKILL.md's
## Channel Info > how-to-find-id) → DM platform_id resolution (direct-
addressable, cold-DM via "user DMs bot first + sqlite lookup", or
Telegram pair-code fallback) → run scripts/init-first-agent.ts →
verify via tail of nanoclaw.log.
- scripts/init-first-agent.ts: parameterized helper that upserts the
user + grants owner (if none), creates dm-with-<display-name> agent
group + initGroupFilesystem, reuses/creates the DM messaging_group,
wires it (auto-creates destination), resolves the session, and writes
a kind:'chat' / sender:'system' welcome message into inbound.db. Host
sweep wakes the container and the agent DMs the operator via the
normal delivery path.
/manage-channels rewrite
- Drops --is-main / --jid / main-vs-non-main isolation references.
- First-channel flow delegates to /init-first-agent.
- Explains createMessagingGroupAgent auto-creates destinations.
- Adds a privileged-users show section.
setup/
- register.ts: drop --is-main, --jid, --local-name, --trigger
requiresTrigger defaults; call initGroupFilesystem; normalize to
v2 schema (no is_admin, no admin_user_id, sets unknown_sender_policy
'strict'); let createMessagingGroupAgent handle the destination row.
- pair-telegram.ts: emit PAIRED_USER_ID (namespaced "telegram:<id>")
instead of ADMIN_USER_ID; update header comment.
- register.test.ts deleted — was v1-only, tested a registered_groups
table that no longer exists.
Docs
- v2-architecture-diagram.{md,html}: ER diagram updated to drop
is_admin/admin_user_id, add unknown_sender_policy, and include
users/user_roles/agent_group_members/user_dms.
- v2-architecture-draft.md: approval-routing paragraph rewritten for
pickApprover/pickApprovalDelivery/ensureUserDm; SQL schema block
updated; admin-verification paragraph references
NANOCLAW_ADMIN_USER_IDS.
- v2-setup-wiring.md: entity-model sketch rewritten.
- v2-checklist.md: marked privilege refactor / container filtering /
approval routing / unknown-sender gating done; removed obsolete
admin_user_id and main-vs-non-main items.
Scripts
- scripts/init-first-agent.ts (new) replaces scripts/welcome-owner-dm.ts
(removed; welcome-owner was a Discord-specific one-off).
- test-v2-host.ts, test-v2-channel-e2e.ts, seed-discord.ts: drop
is_admin + admin_user_id, use unknown_sender_policy.
Tests
- src/access.test.ts (new): 14 tests for canAccessAgentGroup, role
helpers, pickApprover, ensureUserDm, pickApprovalDelivery.
- src/db/db-v2.test.ts: adds 3 tests for the auto-created
agent_destinations row (normalized name, no duplicates, collision
break within an agent group).
- host-core.test.ts, channel-registry.test.ts: updated fixtures to
use unknown_sender_policy: 'public' where the test exercises routing
rather than the access gate.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
210 lines
7.3 KiB
TypeScript
210 lines
7.3 KiB
TypeScript
import { findByRouting } from './destinations.js';
|
|
import type { MessageInRow } from './db/messages-in.js';
|
|
|
|
/**
|
|
* Command categories for messages starting with '/'.
|
|
* - admin: sender must be in NANOCLAW_ADMIN_USER_IDS
|
|
* - filtered: silently drop (mark completed without processing)
|
|
* - passthrough: pass raw to the agent (no XML wrapping)
|
|
* - none: not a command — format normally
|
|
*/
|
|
export type CommandCategory = 'admin' | 'filtered' | 'passthrough' | 'none';
|
|
|
|
const ADMIN_COMMANDS = new Set(['/remote-control', '/clear', '/compact', '/context', '/cost', '/files']);
|
|
const FILTERED_COMMANDS = new Set(['/help', '/login', '/logout', '/doctor', '/config']);
|
|
|
|
export interface CommandInfo {
|
|
category: CommandCategory;
|
|
command: string; // the command name (e.g., '/clear')
|
|
text: string; // full original text
|
|
senderId: string | null;
|
|
}
|
|
|
|
/**
|
|
* Categorize a message as a command or not.
|
|
* Only applies to chat/chat-sdk messages.
|
|
*/
|
|
export function categorizeMessage(msg: MessageInRow): CommandInfo {
|
|
const content = parseContent(msg.content);
|
|
const text = (content.text || '').trim();
|
|
const senderId = content.senderId || content.author?.userId || null;
|
|
|
|
if (!text.startsWith('/')) {
|
|
return { category: 'none', command: '', text, senderId };
|
|
}
|
|
|
|
// Extract the command name (e.g., '/clear' from '/clear some args')
|
|
const command = text.split(/\s/)[0].toLowerCase();
|
|
|
|
if (ADMIN_COMMANDS.has(command)) {
|
|
return { category: 'admin', command, text, senderId };
|
|
}
|
|
|
|
if (FILTERED_COMMANDS.has(command)) {
|
|
return { category: 'filtered', command, text, senderId };
|
|
}
|
|
|
|
return { category: 'passthrough', command, text, senderId };
|
|
}
|
|
|
|
/**
|
|
* Routing context extracted from messages_in rows.
|
|
* Copied to messages_out by default so responses go back to the sender.
|
|
*/
|
|
export interface RoutingContext {
|
|
platformId: string | null;
|
|
channelType: string | null;
|
|
threadId: string | null;
|
|
inReplyTo: string | null;
|
|
}
|
|
|
|
/**
|
|
* Extract routing context from a batch of messages.
|
|
* Uses the first message's routing fields.
|
|
*/
|
|
export function extractRouting(messages: MessageInRow[]): RoutingContext {
|
|
const first = messages[0];
|
|
return {
|
|
platformId: first?.platform_id ?? null,
|
|
channelType: first?.channel_type ?? null,
|
|
threadId: first?.thread_id ?? null,
|
|
inReplyTo: first?.id ?? null,
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Format a batch of messages_in rows into a prompt string.
|
|
* Strips routing fields — the agent never sees platform_id, channel_type, thread_id.
|
|
*/
|
|
export function formatMessages(messages: MessageInRow[]): string {
|
|
if (messages.length === 0) return '';
|
|
|
|
// Group by kind
|
|
const chatMessages = messages.filter((m) => m.kind === 'chat' || m.kind === 'chat-sdk');
|
|
const taskMessages = messages.filter((m) => m.kind === 'task');
|
|
const webhookMessages = messages.filter((m) => m.kind === 'webhook');
|
|
const systemMessages = messages.filter((m) => m.kind === 'system');
|
|
|
|
const parts: string[] = [];
|
|
|
|
if (chatMessages.length > 0) {
|
|
parts.push(formatChatMessages(chatMessages));
|
|
}
|
|
if (taskMessages.length > 0) {
|
|
parts.push(...taskMessages.map(formatTaskMessage));
|
|
}
|
|
if (webhookMessages.length > 0) {
|
|
parts.push(...webhookMessages.map(formatWebhookMessage));
|
|
}
|
|
if (systemMessages.length > 0) {
|
|
parts.push(...systemMessages.map(formatSystemMessage));
|
|
}
|
|
|
|
return parts.join('\n\n');
|
|
}
|
|
|
|
function formatChatMessages(messages: MessageInRow[]): string {
|
|
if (messages.length === 1) {
|
|
return formatSingleChat(messages[0]);
|
|
}
|
|
|
|
const lines = ['<messages>'];
|
|
for (const msg of messages) {
|
|
lines.push(formatSingleChat(msg));
|
|
}
|
|
lines.push('</messages>');
|
|
return lines.join('\n');
|
|
}
|
|
|
|
function formatSingleChat(msg: MessageInRow): string {
|
|
const content = parseContent(msg.content);
|
|
const sender = content.sender || content.author?.fullName || content.author?.userName || 'Unknown';
|
|
const time = formatTime(msg.timestamp);
|
|
const text = content.text || '';
|
|
const idAttr = msg.seq != null ? ` id="${msg.seq}"` : '';
|
|
const replyPrefix = formatReplyContext(content.replyTo);
|
|
const attachmentsSuffix = formatAttachments(content.attachments);
|
|
|
|
// Look up the destination name for the origin (reverse map lookup).
|
|
// If not found, fall back to a raw channel:platform_id marker so nothing
|
|
// gets silently dropped — this should only happen if the destination was
|
|
// removed between when the message was received and when it's being processed.
|
|
const fromDest = findByRouting(msg.channel_type, msg.platform_id);
|
|
const fromAttr = fromDest
|
|
? ` from="${escapeXml(fromDest.name)}"`
|
|
: msg.channel_type || msg.platform_id
|
|
? ` from="unknown:${escapeXml(msg.channel_type || '')}:${escapeXml(msg.platform_id || '')}"`
|
|
: '';
|
|
|
|
return `<message${idAttr}${fromAttr} sender="${escapeXml(sender)}" time="${time}">${replyPrefix}${escapeXml(text)}${attachmentsSuffix}</message>`;
|
|
}
|
|
|
|
function formatTaskMessage(msg: MessageInRow): string {
|
|
const content = parseContent(msg.content);
|
|
const parts = ['[SCHEDULED TASK]'];
|
|
if (content.scriptOutput) {
|
|
parts.push('', 'Script output:', JSON.stringify(content.scriptOutput, null, 2));
|
|
}
|
|
parts.push('', 'Instructions:', content.prompt || '');
|
|
return parts.join('\n');
|
|
}
|
|
|
|
function formatWebhookMessage(msg: MessageInRow): string {
|
|
const content = parseContent(msg.content);
|
|
const source = content.source || 'unknown';
|
|
const event = content.event || 'unknown';
|
|
return `[WEBHOOK: ${source}/${event}]\n\n${JSON.stringify(content.payload || content, null, 2)}`;
|
|
}
|
|
|
|
function formatSystemMessage(msg: MessageInRow): string {
|
|
const content = parseContent(msg.content);
|
|
return `[SYSTEM RESPONSE]\n\nAction: ${content.action || 'unknown'}\nStatus: ${content.status || 'unknown'}\nResult: ${JSON.stringify(content.result || null)}`;
|
|
}
|
|
|
|
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
function formatReplyContext(replyTo: any): string {
|
|
if (!replyTo) return '';
|
|
const sender = replyTo.sender || 'Unknown';
|
|
const text = replyTo.text || '';
|
|
const preview = text.length > 100 ? text.slice(0, 100) + '…' : text;
|
|
return `\n<reply-to sender="${escapeXml(sender)}">${escapeXml(preview)}</reply-to>\n`;
|
|
}
|
|
|
|
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
function formatAttachments(attachments: any[] | undefined): string {
|
|
if (!Array.isArray(attachments) || attachments.length === 0) return '';
|
|
const parts = attachments.map((a) => {
|
|
const name = a.name || a.filename || 'attachment';
|
|
const type = a.type || 'file';
|
|
const localPath = a.localPath ? `/workspace/${a.localPath}` : '';
|
|
const url = a.url || '';
|
|
if (localPath) {
|
|
return `[${type}: ${escapeXml(name)} — saved to ${escapeXml(localPath)}]`;
|
|
}
|
|
return url ? `[${type}: ${escapeXml(name)} (${escapeXml(url)})]` : `[${type}: ${escapeXml(name)}]`;
|
|
});
|
|
return '\n' + parts.join('\n');
|
|
}
|
|
|
|
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
function parseContent(json: string): any {
|
|
try {
|
|
return JSON.parse(json);
|
|
} catch {
|
|
return { text: json };
|
|
}
|
|
}
|
|
|
|
function formatTime(timestamp: string): string {
|
|
try {
|
|
const d = new Date(timestamp);
|
|
return `${d.getHours().toString().padStart(2, '0')}:${d.getMinutes().toString().padStart(2, '0')}`;
|
|
} catch {
|
|
return timestamp;
|
|
}
|
|
}
|
|
|
|
function escapeXml(str: string): string {
|
|
return str.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>').replace(/"/g, '"');
|
|
}
|