2026-01-23 03:17:10 +00:00
|
|
|
/**
|
|
|
|
|
* Plugin Command Registry
|
|
|
|
|
*
|
|
|
|
|
* Manages commands registered by plugins that bypass the LLM agent.
|
|
|
|
|
* These commands are processed before built-in commands and before agent invocation.
|
|
|
|
|
*/
|
|
|
|
|
|
2026-03-16 00:24:40 -07:00
|
|
|
import { parseExplicitTargetForChannel } from "../channels/plugins/target-parsing.js";
|
2026-01-30 03:15:10 +01:00
|
|
|
import type { OpenClawConfig } from "../config/config.js";
|
2026-02-18 01:34:35 +00:00
|
|
|
import { logVerbose } from "../globals.js";
|
2026-03-15 19:06:11 -04:00
|
|
|
import {
|
|
|
|
|
detachPluginConversationBinding,
|
|
|
|
|
getCurrentPluginConversationBinding,
|
|
|
|
|
requestPluginConversationBinding,
|
|
|
|
|
} from "./conversation-binding.js";
|
2026-01-25 07:22:36 -05:00
|
|
|
import type {
|
2026-01-30 03:15:10 +01:00
|
|
|
OpenClawPluginCommandDefinition,
|
2026-01-25 07:22:36 -05:00
|
|
|
PluginCommandContext,
|
|
|
|
|
PluginCommandResult,
|
|
|
|
|
} from "./types.js";
|
2026-01-23 03:17:10 +00:00
|
|
|
|
2026-01-30 03:15:10 +01:00
|
|
|
type RegisteredPluginCommand = OpenClawPluginCommandDefinition & {
|
2026-01-23 03:17:10 +00:00
|
|
|
pluginId: string;
|
2026-03-15 19:06:11 -04:00
|
|
|
pluginName?: string;
|
|
|
|
|
pluginRoot?: string;
|
2026-01-23 03:17:10 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// Registry of plugin commands
|
|
|
|
|
const pluginCommands: Map<string, RegisteredPluginCommand> = new Map();
|
|
|
|
|
|
2026-01-23 17:00:33 +00:00
|
|
|
// Lock to prevent modifications during command execution
|
|
|
|
|
let registryLocked = false;
|
|
|
|
|
|
|
|
|
|
// Maximum allowed length for command arguments (defense in depth)
|
|
|
|
|
const MAX_ARGS_LENGTH = 4096;
|
|
|
|
|
|
2026-01-23 03:21:46 +00:00
|
|
|
/**
|
|
|
|
|
* Reserved command names that plugins cannot override.
|
|
|
|
|
* These are built-in commands from commands-registry.data.ts.
|
|
|
|
|
*/
|
|
|
|
|
const RESERVED_COMMANDS = new Set([
|
|
|
|
|
// Core commands
|
|
|
|
|
"help",
|
|
|
|
|
"commands",
|
|
|
|
|
"status",
|
|
|
|
|
"whoami",
|
|
|
|
|
"context",
|
2026-03-14 17:27:54 +02:00
|
|
|
"btw",
|
2026-01-23 03:21:46 +00:00
|
|
|
// Session management
|
|
|
|
|
"stop",
|
|
|
|
|
"restart",
|
|
|
|
|
"reset",
|
|
|
|
|
"new",
|
|
|
|
|
"compact",
|
|
|
|
|
// Configuration
|
|
|
|
|
"config",
|
|
|
|
|
"debug",
|
|
|
|
|
"allowlist",
|
|
|
|
|
"activation",
|
|
|
|
|
// Agent control
|
|
|
|
|
"skill",
|
|
|
|
|
"subagents",
|
Agents: add nested subagent orchestration controls and reduce subagent token waste (#14447)
* Agents: add subagent orchestration controls
* Agents: add subagent orchestration controls (WIP uncommitted changes)
* feat(subagents): add depth-based spawn gating for sub-sub-agents
* feat(subagents): tool policy, registry, and announce chain for nested agents
* feat(subagents): system prompt, docs, changelog for nested sub-agents
* fix(subagents): prevent model fallback override, show model during active runs, and block context overflow fallback
Bug 1: When a session has an explicit model override (e.g., gpt/openai-codex),
the fallback candidate logic in resolveFallbackCandidates silently appended the
global primary model (opus) as a backstop. On reinjection/steer with a transient
error, the session could fall back to opus which has a smaller context window
and crash. Fix: when storedModelOverride is set, pass fallbacksOverride ?? []
instead of undefined, preventing the implicit primary backstop.
Bug 2: Active subagents showed 'model n/a' in /subagents list because
resolveModelDisplay only read entry.model/modelProvider (populated after run
completes). Fix: fall back to modelOverride/providerOverride fields which are
populated at spawn time via sessions.patch.
Bug 3: Context overflow errors (prompt too long, context_length_exceeded) could
theoretically escape runEmbeddedPiAgent and be treated as failover candidates
in runWithModelFallback, causing a switch to a model with a smaller context
window. Fix: in runWithModelFallback, detect context overflow errors via
isLikelyContextOverflowError and rethrow them immediately instead of trying the
next model candidate.
* fix(subagents): track spawn depth in session store and fix announce routing for nested agents
* Fix compaction status tracking and dedupe overflow compaction triggers
* fix(subagents): enforce depth block via session store and implement cascade kill
* fix: inject group chat context into system prompt
* fix(subagents): always write model to session store at spawn time
* Preserve spawnDepth when agent handler rewrites session entry
* fix(subagents): suppress announce on steer-restart
* fix(subagents): fallback spawned session model to runtime default
* fix(subagents): enforce spawn depth when caller key resolves by sessionId
* feat(subagents): implement active-first ordering for numeric targets and enhance task display
- Added a test to verify that subagents with numeric targets follow an active-first list ordering.
- Updated `resolveSubagentTarget` to sort subagent runs based on active status and recent activity.
- Enhanced task display in command responses to prevent truncation of long task descriptions.
- Introduced new utility functions for compacting task text and managing subagent run states.
* fix(subagents): show model for active runs via run record fallback
When the spawned model matches the agent's default model, the session
store's override fields are intentionally cleared (isDefault: true).
The model/modelProvider fields are only populated after the run
completes. This left active subagents showing 'model n/a'.
Fix: store the resolved model on SubagentRunRecord at registration
time, and use it as a fallback in both display paths (subagents tool
and /subagents command) when the session store entry has no model info.
Changes:
- SubagentRunRecord: add optional model field
- registerSubagentRun: accept and persist model param
- sessions-spawn-tool: pass resolvedModel to registerSubagentRun
- subagents-tool: pass run record model as fallback to resolveModelDisplay
- commands-subagents: pass run record model as fallback to resolveModelDisplay
* feat(chat): implement session key resolution and reset on sidebar navigation
- Added functions to resolve the main session key and reset chat state when switching sessions from the sidebar.
- Updated the `renderTab` function to handle session key changes when navigating to the chat tab.
- Introduced a test to verify that the session resets to "main" when opening chat from the sidebar navigation.
* fix: subagent timeout=0 passthrough and fallback prompt duplication
Bug 1: runTimeoutSeconds=0 now means 'no timeout' instead of applying 600s default
- sessions-spawn-tool: default to undefined (not 0) when neither timeout param
is provided; use != null check so explicit 0 passes through to gateway
- agent.ts: accept 0 as valid timeout (resolveAgentTimeoutMs already handles
0 → MAX_SAFE_TIMEOUT_MS)
Bug 2: model fallback no longer re-injects the original prompt as a duplicate
- agent.ts: track fallback attempt index; on retries use a short continuation
message instead of the full original prompt since the session file already
contains it from the first attempt
- Also skip re-sending images on fallback retries (already in session)
* feat(subagents): truncate long task descriptions in subagents command output
- Introduced a new utility function to format task previews, limiting their length to improve readability.
- Updated the command handler to use the new formatting function, ensuring task descriptions are truncated appropriately.
- Adjusted related tests to verify that long task descriptions are now truncated in the output.
* refactor(subagents): update subagent registry path resolution and improve command output formatting
- Replaced direct import of STATE_DIR with a utility function to resolve the state directory dynamically.
- Enhanced the formatting of command output for active and recent subagents, adding separators for better readability.
- Updated related tests to reflect changes in command output structure.
* fix(subagent): default sessions_spawn to no timeout when runTimeoutSeconds omitted
The previous fix (75a791106) correctly handled the case where
runTimeoutSeconds was explicitly set to 0 ("no timeout"). However,
when models omit the parameter entirely (which is common since the
schema marks it as optional), runTimeoutSeconds resolved to undefined.
undefined flowed through the chain as:
sessions_spawn → timeout: undefined (since undefined != null is false)
→ gateway agent handler → agentCommand opts.timeout: undefined
→ resolveAgentTimeoutMs({ overrideSeconds: undefined })
→ DEFAULT_AGENT_TIMEOUT_SECONDS (600s = 10 minutes)
This caused subagents to be killed at exactly 10 minutes even though
the user's intent (via TOOLS.md) was for subagents to run without a
timeout.
Fix: default runTimeoutSeconds to 0 (no timeout) when neither
runTimeoutSeconds nor timeoutSeconds is provided by the caller.
Subagent spawns are long-running by design and should not inherit the
600s agent-command default timeout.
* fix(subagent): accept timeout=0 in agent-via-gateway path (second 600s default)
* fix: thread timeout override through getReplyFromConfig dispatch path
getReplyFromConfig called resolveAgentTimeoutMs({ cfg }) with no override,
always falling back to the config default (600s). Add timeoutOverrideSeconds
to GetReplyOptions and pass it through as overrideSeconds so callers of the
dispatch chain can specify a custom timeout (0 = no timeout).
This complements the existing timeout threading in agentCommand and the
cron isolated-agent runner, which already pass overrideSeconds correctly.
* feat(model-fallback): normalize OpenAI Codex model references and enhance fallback handling
- Added normalization for OpenAI Codex model references, specifically converting "gpt-5.3-codex" to "openai-codex" before execution.
- Updated the `resolveFallbackCandidates` function to utilize the new normalization logic.
- Enhanced tests to verify the correct behavior of model normalization and fallback mechanisms.
- Introduced a new test case to ensure that the normalization process works as expected for various input formats.
* feat(tests): add unit tests for steer failure behavior in openclaw-tools
- Introduced a new test file to validate the behavior of subagents when steer replacement dispatch fails.
- Implemented tests to ensure that the announce behavior is restored correctly and that the suppression reason is cleared as expected.
- Enhanced the subagent registry with a new function to clear steer restart suppression.
- Updated related components to support the new test scenarios.
* fix(subagents): replace stop command with kill in slash commands and documentation
- Updated the `/subagents` command to replace `stop` with `kill` for consistency in controlling sub-agent runs.
- Modified related documentation to reflect the change in command usage.
- Removed legacy timeoutSeconds references from the sessions-spawn-tool schema and tests to streamline timeout handling.
- Enhanced tests to ensure correct behavior of the updated commands and their interactions.
* feat(tests): add unit tests for readLatestAssistantReply function
- Introduced a new test file for the `readLatestAssistantReply` function to validate its behavior with various message scenarios.
- Implemented tests to ensure the function correctly retrieves the latest assistant message and handles cases where the latest message has no text.
- Mocked the gateway call to simulate different message histories for comprehensive testing.
* feat(tests): enhance subagent kill-all cascade tests and announce formatting
- Added a new test to verify that the `kill-all` command cascades through ended parents to active descendants in subagents.
- Updated the subagent announce formatting tests to reflect changes in message structure, including the replacement of "Findings:" with "Result:" and the addition of new expectations for message content.
- Improved the handling of long findings and stats in the announce formatting logic to ensure concise output.
- Refactored related functions to enhance clarity and maintainability in the subagent registry and tools.
* refactor(subagent): update announce formatting and remove unused constants
- Modified the subagent announce formatting to replace "Findings:" with "Result:" and adjusted related expectations in tests.
- Removed constants for maximum announce findings characters and summary words, simplifying the announcement logic.
- Updated the handling of findings to retain full content instead of truncating, ensuring more informative outputs.
- Cleaned up unused imports in the commands-subagents file to enhance code clarity.
* feat(tests): enhance billing error handling in user-facing text
- Added tests to ensure that normal text mentioning billing plans is not rewritten, preserving user context.
- Updated the `isBillingErrorMessage` and `sanitizeUserFacingText` functions to improve handling of billing-related messages.
- Introduced new test cases for various scenarios involving billing messages to ensure accurate processing and output.
- Enhanced the subagent announce flow to correctly manage active descendant runs, preventing premature announcements.
* feat(subagent): enhance workflow guidance and auto-announcement clarity
- Added a new guideline in the subagent system prompt to emphasize trust in push-based completion, discouraging busy polling for status updates.
- Updated documentation to clarify that sub-agents will automatically announce their results, improving user understanding of the workflow.
- Enhanced tests to verify the new guidance on avoiding polling loops and to ensure the accuracy of the updated prompts.
* fix(cron): avoid announcing interim subagent spawn acks
* chore: clean post-rebase imports
* fix(cron): fall back to child replies when parent stays interim
* fix(subagents): make active-run guidance advisory
* fix(subagents): update announce flow to handle active descendants and enhance test coverage
- Modified the announce flow to defer announcements when active descendant runs are present, ensuring accurate status reporting.
- Updated tests to verify the new behavior, including scenarios where no fallback requester is available and ensuring proper handling of finished subagents.
- Enhanced the announce formatting to include an `expectFinal` flag for better clarity in the announcement process.
* fix(subagents): enhance announce flow and formatting for user updates
- Updated the announce flow to provide clearer instructions for user updates based on active subagent runs and requester context.
- Refactored the announcement logic to improve clarity and ensure internal context remains private.
- Enhanced tests to verify the new message expectations and formatting, including updated prompts for user-facing updates.
- Introduced a new function to build reply instructions based on session context, improving the overall announcement process.
* fix: resolve prep blockers and changelog placement (#14447) (thanks @tyler6204)
* fix: restore cron delivery-plan import after rebase (#14447) (thanks @tyler6204)
* fix: resolve test failures from rebase conflicts (#14447) (thanks @tyler6204)
* fix: apply formatting after rebase (#14447) (thanks @tyler6204)
2026-02-14 22:03:45 -08:00
|
|
|
"kill",
|
|
|
|
|
"steer",
|
|
|
|
|
"tell",
|
2026-01-23 03:21:46 +00:00
|
|
|
"model",
|
|
|
|
|
"models",
|
|
|
|
|
"queue",
|
|
|
|
|
// Messaging
|
|
|
|
|
"send",
|
|
|
|
|
// Execution
|
|
|
|
|
"bash",
|
|
|
|
|
"exec",
|
|
|
|
|
// Mode toggles
|
|
|
|
|
"think",
|
|
|
|
|
"verbose",
|
|
|
|
|
"reasoning",
|
|
|
|
|
"elevated",
|
|
|
|
|
// Billing
|
|
|
|
|
"usage",
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Validate a command name.
|
|
|
|
|
* Returns an error message if invalid, or null if valid.
|
|
|
|
|
*/
|
|
|
|
|
export function validateCommandName(name: string): string | null {
|
|
|
|
|
const trimmed = name.trim().toLowerCase();
|
|
|
|
|
|
|
|
|
|
if (!trimmed) {
|
|
|
|
|
return "Command name cannot be empty";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Must start with a letter, contain only letters, numbers, hyphens, underscores
|
2026-01-23 17:00:33 +00:00
|
|
|
// Note: trimmed is already lowercased, so no need for /i flag
|
|
|
|
|
if (!/^[a-z][a-z0-9_-]*$/.test(trimmed)) {
|
2026-01-23 03:21:46 +00:00
|
|
|
return "Command name must start with a letter and contain only letters, numbers, hyphens, and underscores";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check reserved commands
|
|
|
|
|
if (RESERVED_COMMANDS.has(trimmed)) {
|
|
|
|
|
return `Command name "${trimmed}" is reserved by a built-in command`;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export type CommandRegistrationResult = {
|
|
|
|
|
ok: boolean;
|
|
|
|
|
error?: string;
|
|
|
|
|
};
|
|
|
|
|
|
2026-03-16 07:52:08 +08:00
|
|
|
/**
|
|
|
|
|
* Validate a plugin command definition without registering it.
|
|
|
|
|
* Returns an error message if invalid, or null if valid.
|
|
|
|
|
* Shared by both the global registration path and snapshot (non-activating) loads.
|
|
|
|
|
*/
|
|
|
|
|
export function validatePluginCommandDefinition(
|
|
|
|
|
command: OpenClawPluginCommandDefinition,
|
|
|
|
|
): string | null {
|
|
|
|
|
if (typeof command.handler !== "function") {
|
|
|
|
|
return "Command handler must be a function";
|
|
|
|
|
}
|
|
|
|
|
if (typeof command.name !== "string") {
|
|
|
|
|
return "Command name must be a string";
|
|
|
|
|
}
|
|
|
|
|
if (typeof command.description !== "string") {
|
|
|
|
|
return "Command description must be a string";
|
|
|
|
|
}
|
|
|
|
|
if (!command.description.trim()) {
|
|
|
|
|
return "Command description cannot be empty";
|
|
|
|
|
}
|
|
|
|
|
return validateCommandName(command.name.trim());
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-23 03:17:10 +00:00
|
|
|
/**
|
|
|
|
|
* Register a plugin command.
|
2026-01-23 03:21:46 +00:00
|
|
|
* Returns an error if the command name is invalid or reserved.
|
2026-01-23 03:17:10 +00:00
|
|
|
*/
|
|
|
|
|
export function registerPluginCommand(
|
|
|
|
|
pluginId: string,
|
2026-01-30 03:15:10 +01:00
|
|
|
command: OpenClawPluginCommandDefinition,
|
2026-03-15 19:06:11 -04:00
|
|
|
opts?: { pluginName?: string; pluginRoot?: string },
|
2026-01-23 03:21:46 +00:00
|
|
|
): CommandRegistrationResult {
|
2026-01-23 17:00:33 +00:00
|
|
|
// Prevent registration while commands are being processed
|
|
|
|
|
if (registryLocked) {
|
|
|
|
|
return { ok: false, error: "Cannot register commands while processing is in progress" };
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-16 07:52:08 +08:00
|
|
|
const definitionError = validatePluginCommandDefinition(command);
|
|
|
|
|
if (definitionError) {
|
|
|
|
|
return { ok: false, error: definitionError };
|
2026-03-02 19:04:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const name = command.name.trim();
|
|
|
|
|
const description = command.description.trim();
|
2026-01-23 03:21:46 +00:00
|
|
|
|
2026-03-02 19:04:19 +00:00
|
|
|
const key = `/${name.toLowerCase()}`;
|
2026-01-23 03:21:46 +00:00
|
|
|
|
|
|
|
|
// Check for duplicate registration
|
2026-01-23 03:17:10 +00:00
|
|
|
if (pluginCommands.has(key)) {
|
2026-01-23 03:21:46 +00:00
|
|
|
const existing = pluginCommands.get(key)!;
|
|
|
|
|
return {
|
|
|
|
|
ok: false,
|
2026-03-02 19:04:19 +00:00
|
|
|
error: `Command "${name}" already registered by plugin "${existing.pluginId}"`,
|
2026-01-23 03:21:46 +00:00
|
|
|
};
|
2026-01-23 03:17:10 +00:00
|
|
|
}
|
2026-01-23 03:21:46 +00:00
|
|
|
|
2026-03-15 19:06:11 -04:00
|
|
|
pluginCommands.set(key, {
|
|
|
|
|
...command,
|
|
|
|
|
name,
|
|
|
|
|
description,
|
|
|
|
|
pluginId,
|
|
|
|
|
pluginName: opts?.pluginName,
|
|
|
|
|
pluginRoot: opts?.pluginRoot,
|
|
|
|
|
});
|
2026-01-23 03:17:10 +00:00
|
|
|
logVerbose(`Registered plugin command: ${key} (plugin: ${pluginId})`);
|
2026-01-23 03:21:46 +00:00
|
|
|
return { ok: true };
|
2026-01-23 03:17:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Clear all registered plugin commands.
|
|
|
|
|
* Called during plugin reload.
|
|
|
|
|
*/
|
|
|
|
|
export function clearPluginCommands(): void {
|
|
|
|
|
pluginCommands.clear();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Clear plugin commands for a specific plugin.
|
|
|
|
|
*/
|
|
|
|
|
export function clearPluginCommandsForPlugin(pluginId: string): void {
|
|
|
|
|
for (const [key, cmd] of pluginCommands.entries()) {
|
|
|
|
|
if (cmd.pluginId === pluginId) {
|
|
|
|
|
pluginCommands.delete(key);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check if a command body matches a registered plugin command.
|
|
|
|
|
* Returns the command definition and parsed args if matched.
|
2026-01-23 03:21:46 +00:00
|
|
|
*
|
|
|
|
|
* Note: If a command has `acceptsArgs: false` and the user provides arguments,
|
|
|
|
|
* the command will not match. This allows the message to fall through to
|
|
|
|
|
* built-in handlers or the agent. Document this behavior to plugin authors.
|
2026-01-23 03:17:10 +00:00
|
|
|
*/
|
|
|
|
|
export function matchPluginCommand(
|
|
|
|
|
commandBody: string,
|
|
|
|
|
): { command: RegisteredPluginCommand; args?: string } | null {
|
|
|
|
|
const trimmed = commandBody.trim();
|
2026-01-31 16:19:20 +09:00
|
|
|
if (!trimmed.startsWith("/")) {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
2026-01-23 03:17:10 +00:00
|
|
|
|
|
|
|
|
// Extract command name and args
|
|
|
|
|
const spaceIndex = trimmed.indexOf(" ");
|
|
|
|
|
const commandName = spaceIndex === -1 ? trimmed : trimmed.slice(0, spaceIndex);
|
|
|
|
|
const args = spaceIndex === -1 ? undefined : trimmed.slice(spaceIndex + 1).trim();
|
|
|
|
|
|
|
|
|
|
const key = commandName.toLowerCase();
|
2026-03-16 21:01:10 -07:00
|
|
|
const command =
|
|
|
|
|
pluginCommands.get(key) ??
|
|
|
|
|
Array.from(pluginCommands.values()).find((candidate) =>
|
|
|
|
|
listPluginInvocationNames(candidate).includes(key),
|
|
|
|
|
);
|
2026-01-23 03:17:10 +00:00
|
|
|
|
2026-01-31 16:19:20 +09:00
|
|
|
if (!command) {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
2026-01-23 03:17:10 +00:00
|
|
|
|
|
|
|
|
// If command doesn't accept args but args were provided, don't match
|
2026-01-31 16:19:20 +09:00
|
|
|
if (args && !command.acceptsArgs) {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
2026-01-23 03:17:10 +00:00
|
|
|
|
|
|
|
|
return { command, args: args || undefined };
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-23 17:00:33 +00:00
|
|
|
/**
|
|
|
|
|
* Sanitize command arguments to prevent injection attacks.
|
|
|
|
|
* Removes control characters and enforces length limits.
|
|
|
|
|
*/
|
|
|
|
|
function sanitizeArgs(args: string | undefined): string | undefined {
|
2026-01-31 16:19:20 +09:00
|
|
|
if (!args) {
|
|
|
|
|
return undefined;
|
|
|
|
|
}
|
2026-01-23 17:00:33 +00:00
|
|
|
|
|
|
|
|
// Enforce length limit
|
|
|
|
|
if (args.length > MAX_ARGS_LENGTH) {
|
|
|
|
|
return args.slice(0, MAX_ARGS_LENGTH);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Remove control characters (except newlines and tabs which may be intentional)
|
2026-01-24 07:05:31 +00:00
|
|
|
let sanitized = "";
|
|
|
|
|
for (const char of args) {
|
|
|
|
|
const code = char.charCodeAt(0);
|
|
|
|
|
const isControl = (code <= 0x1f && code !== 0x09 && code !== 0x0a) || code === 0x7f;
|
2026-01-31 16:19:20 +09:00
|
|
|
if (!isControl) {
|
|
|
|
|
sanitized += char;
|
|
|
|
|
}
|
2026-01-24 07:05:31 +00:00
|
|
|
}
|
|
|
|
|
return sanitized;
|
2026-01-23 17:00:33 +00:00
|
|
|
}
|
|
|
|
|
|
2026-03-15 19:06:11 -04:00
|
|
|
function stripPrefix(raw: string | undefined, prefix: string): string | undefined {
|
|
|
|
|
if (!raw) {
|
|
|
|
|
return undefined;
|
|
|
|
|
}
|
|
|
|
|
return raw.startsWith(prefix) ? raw.slice(prefix.length) : raw;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function resolveBindingConversationFromCommand(params: {
|
|
|
|
|
channel: string;
|
|
|
|
|
from?: string;
|
|
|
|
|
to?: string;
|
|
|
|
|
accountId?: string;
|
|
|
|
|
messageThreadId?: number;
|
|
|
|
|
}): {
|
|
|
|
|
channel: string;
|
|
|
|
|
accountId: string;
|
|
|
|
|
conversationId: string;
|
|
|
|
|
parentConversationId?: string;
|
|
|
|
|
threadId?: string | number;
|
|
|
|
|
} | null {
|
|
|
|
|
const accountId = params.accountId?.trim() || "default";
|
|
|
|
|
if (params.channel === "telegram") {
|
|
|
|
|
const rawTarget = params.to ?? params.from;
|
|
|
|
|
if (!rawTarget) {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
2026-03-16 00:24:40 -07:00
|
|
|
const target = parseExplicitTargetForChannel("telegram", rawTarget);
|
|
|
|
|
if (!target) {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
2026-03-15 19:06:11 -04:00
|
|
|
return {
|
|
|
|
|
channel: "telegram",
|
|
|
|
|
accountId,
|
2026-03-16 00:24:40 -07:00
|
|
|
conversationId: target.to,
|
|
|
|
|
threadId: params.messageThreadId ?? target.threadId,
|
2026-03-15 19:06:11 -04:00
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
if (params.channel === "discord") {
|
|
|
|
|
const source = params.from ?? params.to;
|
|
|
|
|
const rawTarget = source?.startsWith("discord:channel:")
|
|
|
|
|
? stripPrefix(source, "discord:")
|
|
|
|
|
: source?.startsWith("discord:user:")
|
|
|
|
|
? stripPrefix(source, "discord:")
|
|
|
|
|
: source;
|
|
|
|
|
if (!rawTarget || rawTarget.startsWith("slash:")) {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
2026-03-16 00:24:40 -07:00
|
|
|
const target = parseExplicitTargetForChannel("discord", rawTarget);
|
2026-03-15 19:06:11 -04:00
|
|
|
if (!target) {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
return {
|
|
|
|
|
channel: "discord",
|
|
|
|
|
accountId,
|
2026-03-16 00:24:40 -07:00
|
|
|
conversationId: `${target.chatType === "direct" ? "user" : "channel"}:${target.to}`,
|
2026-03-15 19:06:11 -04:00
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-23 03:17:10 +00:00
|
|
|
/**
|
|
|
|
|
* Execute a plugin command handler.
|
2026-01-23 17:00:33 +00:00
|
|
|
*
|
|
|
|
|
* Note: Plugin authors should still validate and sanitize ctx.args for their
|
|
|
|
|
* specific use case. This function provides basic defense-in-depth sanitization.
|
2026-01-23 03:17:10 +00:00
|
|
|
*/
|
|
|
|
|
export async function executePluginCommand(params: {
|
|
|
|
|
command: RegisteredPluginCommand;
|
|
|
|
|
args?: string;
|
|
|
|
|
senderId?: string;
|
|
|
|
|
channel: string;
|
2026-02-08 18:07:13 +01:00
|
|
|
channelId?: PluginCommandContext["channelId"];
|
2026-01-23 03:17:10 +00:00
|
|
|
isAuthorizedSender: boolean;
|
|
|
|
|
commandBody: string;
|
2026-01-30 03:15:10 +01:00
|
|
|
config: OpenClawConfig;
|
2026-02-08 18:07:13 +01:00
|
|
|
from?: PluginCommandContext["from"];
|
|
|
|
|
to?: PluginCommandContext["to"];
|
|
|
|
|
accountId?: PluginCommandContext["accountId"];
|
|
|
|
|
messageThreadId?: PluginCommandContext["messageThreadId"];
|
2026-01-25 07:22:36 -05:00
|
|
|
}): Promise<PluginCommandResult> {
|
2026-01-23 17:00:33 +00:00
|
|
|
const { command, args, senderId, channel, isAuthorizedSender, commandBody, config } = params;
|
2026-01-23 03:17:10 +00:00
|
|
|
|
|
|
|
|
// Check authorization
|
|
|
|
|
const requireAuth = command.requireAuth !== false; // Default to true
|
|
|
|
|
if (requireAuth && !isAuthorizedSender) {
|
|
|
|
|
logVerbose(
|
|
|
|
|
`Plugin command /${command.name} blocked: unauthorized sender ${senderId || "<unknown>"}`,
|
|
|
|
|
);
|
2026-01-23 03:21:46 +00:00
|
|
|
return { text: "⚠️ This command requires authorization." };
|
2026-01-23 03:17:10 +00:00
|
|
|
}
|
|
|
|
|
|
2026-01-23 17:00:33 +00:00
|
|
|
// Sanitize args before passing to handler
|
|
|
|
|
const sanitizedArgs = sanitizeArgs(args);
|
2026-03-15 19:06:11 -04:00
|
|
|
const bindingConversation = resolveBindingConversationFromCommand({
|
|
|
|
|
channel,
|
|
|
|
|
from: params.from,
|
|
|
|
|
to: params.to,
|
|
|
|
|
accountId: params.accountId,
|
|
|
|
|
messageThreadId: params.messageThreadId,
|
|
|
|
|
});
|
2026-01-23 17:00:33 +00:00
|
|
|
|
2026-01-23 03:17:10 +00:00
|
|
|
const ctx: PluginCommandContext = {
|
|
|
|
|
senderId,
|
|
|
|
|
channel,
|
2026-02-08 18:07:13 +01:00
|
|
|
channelId: params.channelId,
|
2026-01-23 03:17:10 +00:00
|
|
|
isAuthorizedSender,
|
2026-01-23 17:00:33 +00:00
|
|
|
args: sanitizedArgs,
|
2026-01-23 03:17:10 +00:00
|
|
|
commandBody,
|
|
|
|
|
config,
|
2026-02-08 18:07:13 +01:00
|
|
|
from: params.from,
|
|
|
|
|
to: params.to,
|
|
|
|
|
accountId: params.accountId,
|
|
|
|
|
messageThreadId: params.messageThreadId,
|
2026-03-15 19:06:11 -04:00
|
|
|
requestConversationBinding: async (bindingParams) => {
|
|
|
|
|
if (!command.pluginRoot || !bindingConversation) {
|
|
|
|
|
return {
|
|
|
|
|
status: "error",
|
|
|
|
|
message: "This command cannot bind the current conversation.",
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
return requestPluginConversationBinding({
|
|
|
|
|
pluginId: command.pluginId,
|
|
|
|
|
pluginName: command.pluginName,
|
|
|
|
|
pluginRoot: command.pluginRoot,
|
|
|
|
|
requestedBySenderId: senderId,
|
|
|
|
|
conversation: bindingConversation,
|
|
|
|
|
binding: bindingParams,
|
|
|
|
|
});
|
|
|
|
|
},
|
|
|
|
|
detachConversationBinding: async () => {
|
|
|
|
|
if (!command.pluginRoot || !bindingConversation) {
|
|
|
|
|
return { removed: false };
|
|
|
|
|
}
|
|
|
|
|
return detachPluginConversationBinding({
|
|
|
|
|
pluginRoot: command.pluginRoot,
|
|
|
|
|
conversation: bindingConversation,
|
|
|
|
|
});
|
|
|
|
|
},
|
|
|
|
|
getCurrentConversationBinding: async () => {
|
|
|
|
|
if (!command.pluginRoot || !bindingConversation) {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
return getCurrentPluginConversationBinding({
|
|
|
|
|
pluginRoot: command.pluginRoot,
|
|
|
|
|
conversation: bindingConversation,
|
|
|
|
|
});
|
|
|
|
|
},
|
2026-01-23 03:17:10 +00:00
|
|
|
};
|
|
|
|
|
|
2026-01-23 17:00:33 +00:00
|
|
|
// Lock registry during execution to prevent concurrent modifications
|
|
|
|
|
registryLocked = true;
|
2026-01-23 03:17:10 +00:00
|
|
|
try {
|
|
|
|
|
const result = await command.handler(ctx);
|
2026-01-23 17:00:33 +00:00
|
|
|
logVerbose(
|
|
|
|
|
`Plugin command /${command.name} executed successfully for ${senderId || "unknown"}`,
|
|
|
|
|
);
|
2026-01-25 07:22:36 -05:00
|
|
|
return result;
|
2026-01-23 03:17:10 +00:00
|
|
|
} catch (err) {
|
|
|
|
|
const error = err as Error;
|
|
|
|
|
logVerbose(`Plugin command /${command.name} error: ${error.message}`);
|
2026-01-23 03:21:46 +00:00
|
|
|
// Don't leak internal error details - return a safe generic message
|
|
|
|
|
return { text: "⚠️ Command failed. Please try again later." };
|
2026-01-23 17:00:33 +00:00
|
|
|
} finally {
|
|
|
|
|
registryLocked = false;
|
2026-01-23 03:17:10 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* List all registered plugin commands.
|
|
|
|
|
* Used for /help and /commands output.
|
|
|
|
|
*/
|
|
|
|
|
export function listPluginCommands(): Array<{
|
|
|
|
|
name: string;
|
|
|
|
|
description: string;
|
|
|
|
|
pluginId: string;
|
|
|
|
|
}> {
|
|
|
|
|
return Array.from(pluginCommands.values()).map((cmd) => ({
|
|
|
|
|
name: cmd.name,
|
|
|
|
|
description: cmd.description,
|
|
|
|
|
pluginId: cmd.pluginId,
|
|
|
|
|
}));
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-07 21:59:12 +00:00
|
|
|
function resolvePluginNativeName(
|
|
|
|
|
command: OpenClawPluginCommandDefinition,
|
|
|
|
|
provider?: string,
|
|
|
|
|
): string {
|
|
|
|
|
const providerName = provider?.trim().toLowerCase();
|
|
|
|
|
const providerOverride = providerName ? command.nativeNames?.[providerName] : undefined;
|
|
|
|
|
if (typeof providerOverride === "string" && providerOverride.trim()) {
|
|
|
|
|
return providerOverride.trim();
|
|
|
|
|
}
|
|
|
|
|
const defaultOverride = command.nativeNames?.default;
|
|
|
|
|
if (typeof defaultOverride === "string" && defaultOverride.trim()) {
|
|
|
|
|
return defaultOverride.trim();
|
|
|
|
|
}
|
|
|
|
|
return command.name;
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-16 21:01:10 -07:00
|
|
|
function listPluginInvocationNames(command: OpenClawPluginCommandDefinition): string[] {
|
|
|
|
|
const names = new Set<string>();
|
|
|
|
|
const push = (value: string | undefined) => {
|
|
|
|
|
const normalized = value?.trim().toLowerCase();
|
|
|
|
|
if (!normalized) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
names.add(`/${normalized}`);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
push(command.name);
|
|
|
|
|
push(command.nativeNames?.default);
|
|
|
|
|
push(command.nativeNames?.telegram);
|
|
|
|
|
push(command.nativeNames?.discord);
|
|
|
|
|
|
|
|
|
|
return [...names];
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-23 03:17:10 +00:00
|
|
|
/**
|
|
|
|
|
* Get plugin command specs for native command registration (e.g., Telegram).
|
|
|
|
|
*/
|
2026-03-07 21:59:12 +00:00
|
|
|
export function getPluginCommandSpecs(provider?: string): Array<{
|
2026-01-23 03:17:10 +00:00
|
|
|
name: string;
|
|
|
|
|
description: string;
|
2026-03-03 11:22:32 -06:00
|
|
|
acceptsArgs: boolean;
|
2026-01-23 03:17:10 +00:00
|
|
|
}> {
|
2026-03-15 19:06:11 -04:00
|
|
|
const providerName = provider?.trim().toLowerCase();
|
|
|
|
|
if (providerName && providerName !== "telegram" && providerName !== "discord") {
|
|
|
|
|
return [];
|
|
|
|
|
}
|
2026-01-23 03:17:10 +00:00
|
|
|
return Array.from(pluginCommands.values()).map((cmd) => ({
|
2026-03-07 21:59:12 +00:00
|
|
|
name: resolvePluginNativeName(cmd, provider),
|
2026-01-23 03:17:10 +00:00
|
|
|
description: cmd.description,
|
2026-03-03 11:22:32 -06:00
|
|
|
acceptsArgs: cmd.acceptsArgs ?? false,
|
2026-01-23 03:17:10 +00:00
|
|
|
}));
|
|
|
|
|
}
|
2026-03-15 19:06:11 -04:00
|
|
|
|
|
|
|
|
export const __testing = {
|
|
|
|
|
resolveBindingConversationFromCommand,
|
|
|
|
|
};
|