nav/Dirigent
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(policy-runtime): in-memory policy state with whispergate_policy tool and atomic persist

Browse Source
This commit is contained in:
orion
2026-02-26 00:35:17 +00:00
parent 682d9a336e
commit e5999743fe
5 changed files with 148 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/CONFIG.example.json
View File

@@ -17,6 +17,7 @@
"noReplyProvider": "whisper-gateway", "noReplyProvider": "whisper-gateway",
"noReplyModel": "no-reply", "noReplyModel": "no-reply",
"enableDiscordControlTool": true, "enableDiscordControlTool": true,
"enableWhispergatePolicyTool": true,
"discordControlApiBaseUrl": "http://127.0.0.1:8790", "discordControlApiBaseUrl": "http://127.0.0.1:8790",
"discordControlApiToken": "<DISCORD_CONTROL_AUTH_TOKEN>", "discordControlApiToken": "<DISCORD_CONTROL_AUTH_TOKEN>",
"discordControlCallerId": "agent-main" "discordControlCallerId": "agent-main"

6
docs/INTEGRATION.md
View File

@@ -66,6 +66,12 @@ The script:
- directory: `~/.openclaw/whispergate-install-records/` - directory: `~/.openclaw/whispergate-install-records/`
- latest pointer: `~/.openclaw/whispergate-install-record-latest.json` - latest pointer: `~/.openclaw/whispergate-install-record-latest.json`
Policy state semantics:
- channel policy file is loaded once into memory on startup
- runtime decisions use in-memory state
- use `whispergate_policy` tool to update state (memory first, then file persist)
- manual file edits do not auto-apply until next restart
## Notes ## Notes
- Keep no-reply API bound to loopback/private network. - Keep no-reply API bound to loopback/private network.

7
plugin/README.md
View File

@@ -30,6 +30,7 @@ Optional:
- `humanList` (default []) - `humanList` (default [])
- `agentList` (default []) - `agentList` (default [])
- `channelPoliciesFile` (per-channel overrides in a standalone JSON file) - `channelPoliciesFile` (per-channel overrides in a standalone JSON file)
- `enableWhispergatePolicyTool` (default true)
- `bypassUserIds` (deprecated alias of `humanList`) - `bypassUserIds` (deprecated alias of `humanList`)
- `endSymbols` (default ["🔚"]) - `endSymbols` (default ["🔚"])
- `enableDiscordControlTool` (default true) - `enableDiscordControlTool` (default true)
@@ -39,6 +40,12 @@ Optional:
Per-channel policy file example: `docs/channel-policies.example.json`. Per-channel policy file example: `docs/channel-policies.example.json`.
Policy file behavior:
- loaded once on startup into memory
- runtime decisions read memory state only
- direct file edits do NOT affect memory state
- `whispergate_policy` tool updates memory first, then persists to file (atomic write)
## Optional tool: `discord_control` ## Optional tool: `discord_control`
This plugin now registers an optional tool named `discord_control`. This plugin now registers an optional tool named `discord_control`.

174
plugin/index.ts
View File

@@ -1,4 +1,5 @@
import fs from "node:fs"; import fs from "node:fs";
import path from "node:path";
import type { OpenClawPluginApi } from "openclaw/plugin-sdk"; import type { OpenClawPluginApi } from "openclaw/plugin-sdk";
import { evaluateDecision, type ChannelPolicy, type Decision, type WhisperGateConfig } from "./rules.js"; import { evaluateDecision, type ChannelPolicy, type Decision, type WhisperGateConfig } from "./rules.js";
@@ -9,14 +10,20 @@ type DecisionRecord = {
createdAt: number; createdAt: number;
}; };
type PolicyState = {
filePath: string;
channelPolicies: Record<string, ChannelPolicy>;
};
const sessionDecision = new Map<string, DecisionRecord>(); const sessionDecision = new Map<string, DecisionRecord>();
const MAX_SESSION_DECISIONS = 2000; const MAX_SESSION_DECISIONS = 2000;
const DECISION_TTL_MS = 5 * 60 * 1000; const DECISION_TTL_MS = 5 * 60 * 1000;
const END_MARKER_INSTRUCTION = "你的这次发言必须以🔚作为结尾。"; const END_MARKER_INSTRUCTION = "你的这次发言必须以🔚作为结尾。";
let channelPoliciesCache: Record<string, ChannelPolicy> = {}; const policyState: PolicyState = {
let channelPoliciesFilePath = ""; filePath: "",
let channelPoliciesMtimeMs = -1; channelPolicies: {},
};
function normalizeChannel(ctx: Record<string, unknown>): string { function normalizeChannel(ctx: Record<string, unknown>): string {
const candidates = [ctx.commandSource, ctx.messageProvider, ctx.channelId, ctx.channel]; const candidates = [ctx.commandSource, ctx.messageProvider, ctx.channelId, ctx.channel];
@@ -70,31 +77,43 @@ function getLivePluginConfig(api: OpenClawPluginApi, fallback: WhisperGateConfig
return fallback; return fallback;
} }
function loadChannelPolicies(api: OpenClawPluginApi, config: WhisperGateConfig): Record<string, ChannelPolicy> { function resolvePoliciesPath(api: OpenClawPluginApi, config: WhisperGateConfig): string {
const file = config.channelPoliciesFile; return api.resolvePath(config.channelPoliciesFile || "~/.openclaw/whispergate-channel-policies.json");
if (!file) return {}; }
function ensurePolicyStateLoaded(api: OpenClawPluginApi, config: WhisperGateConfig) {
if (policyState.filePath) return;
const filePath = resolvePoliciesPath(api, config);
policyState.filePath = filePath;
const resolved = api.resolvePath(file);
try { try {
const stat = fs.statSync(resolved); if (!fs.existsSync(filePath)) {
const mtime = Number(stat.mtimeMs || 0); fs.mkdirSync(path.dirname(filePath), { recursive: true });
fs.writeFileSync(filePath, "{}\n", "utf8");
if (resolved === channelPoliciesFilePath && mtime === channelPoliciesMtimeMs) { policyState.channelPolicies = {};
return channelPoliciesCache; return;
} }
const raw = fs.readFileSync(resolved, "utf8"); const raw = fs.readFileSync(filePath, "utf8");
const parsed = JSON.parse(raw) as Record<string, ChannelPolicy>; const parsed = JSON.parse(raw) as Record<string, ChannelPolicy>;
channelPoliciesCache = parsed && typeof parsed === "object" ? parsed : {}; policyState.channelPolicies = parsed && typeof parsed === "object" ? parsed : {};
channelPoliciesFilePath = resolved;
channelPoliciesMtimeMs = mtime;
return channelPoliciesCache;
} catch (err) { } catch (err) {
api.logger.warn(`whispergate: failed loading channelPoliciesFile=${resolved}: ${String(err)}`); api.logger.warn(`whispergate: failed init policy file ${filePath}: ${String(err)}`);
return {}; policyState.channelPolicies = {};
} }
} }
function persistPolicies(api: OpenClawPluginApi): void {
const filePath = policyState.filePath;
if (!filePath) throw new Error("policy file path not initialized");
const before = JSON.stringify(policyState.channelPolicies, null, 2) + "\n";
const tmp = `${filePath}.tmp`;
fs.mkdirSync(path.dirname(filePath), { recursive: true });
fs.writeFileSync(tmp, before, "utf8");
fs.renameSync(tmp, filePath);
api.logger.info(`whispergate: policy file persisted: ${filePath}`);
}
function pickDefined(input: Record<string, unknown>) { function pickDefined(input: Record<string, unknown>) {
const out: Record<string, unknown> = {}; const out: Record<string, unknown> = {};
for (const [k, v] of Object.entries(input)) { for (const [k, v] of Object.entries(input)) {
@@ -112,8 +131,12 @@ export default {
discordControlApiBaseUrl?: string; discordControlApiBaseUrl?: string;
discordControlApiToken?: string; discordControlApiToken?: string;
discordControlCallerId?: string; discordControlCallerId?: string;
enableWhispergatePolicyTool?: boolean;
}; };
const liveAtRegister = getLivePluginConfig(api, baseConfig as WhisperGateConfig);
ensurePolicyStateLoaded(api, liveAtRegister);
if (baseConfig.enableDiscordControlTool !== false) { if (baseConfig.enableDiscordControlTool !== false) {
api.registerTool( api.registerTool(
{ {
@@ -174,24 +197,91 @@ export default {
if (!r.ok) { if (!r.ok) {
return { return {
content: [ content: [{ type: "text", text: `discord_control failed (${r.status}): ${text}` }],
{
type: "text",
text: `discord_control failed (${r.status}): ${text}`,
},
],
isError: true, isError: true,
}; };
} }
return { return { content: [{ type: "text", text }] };
content: [ },
{ },
type: "text", { optional: true },
text, );
}, }
],
}; if (baseConfig.enableWhispergatePolicyTool !== false) {
api.registerTool(
{
name: "whispergate_policy",
description: "Manage WhisperGate in-memory channel policies and persist to file.",
parameters: {
type: "object",
additionalProperties: false,
properties: {
action: {
type: "string",
enum: ["get", "set-channel", "delete-channel"],
},
channelId: { type: "string" },
listMode: { type: "string", enum: ["human-list", "agent-list"] },
humanList: { type: "array", items: { type: "string" } },
agentList: { type: "array", items: { type: "string" } },
endSymbols: { type: "array", items: { type: "string" } },
},
required: ["action"],
},
async execute(_id: string, params: Record<string, unknown>) {
const live = getLivePluginConfig(api, baseConfig as WhisperGateConfig);
ensurePolicyStateLoaded(api, live);
const action = String(params.action || "");
if (action === "get") {
return {
content: [
{
type: "text",
text: JSON.stringify({ file: policyState.filePath, policies: policyState.channelPolicies }, null, 2),
},
],
};
}
if (action === "set-channel") {
const channelId = String(params.channelId || "").trim();
if (!channelId) return { content: [{ type: "text", text: "channelId is required" }], isError: true };
const prev = JSON.parse(JSON.stringify(policyState.channelPolicies));
try {
const next: ChannelPolicy = {
listMode: (params.listMode as "human-list" | "agent-list" | undefined) || undefined,
humanList: Array.isArray(params.humanList) ? (params.humanList as string[]) : undefined,
agentList: Array.isArray(params.agentList) ? (params.agentList as string[]) : undefined,
endSymbols: Array.isArray(params.endSymbols) ? (params.endSymbols as string[]) : undefined,
};
policyState.channelPolicies[channelId] = pickDefined(next as unknown as Record<string, unknown>) as ChannelPolicy;
persistPolicies(api);
return { content: [{ type: "text", text: JSON.stringify({ ok: true, channelId, policy: policyState.channelPolicies[channelId] }) }] };
} catch (err) {
policyState.channelPolicies = prev;
return { content: [{ type: "text", text: `persist failed: ${String(err)}` }], isError: true };
}
}
if (action === "delete-channel") {
const channelId = String(params.channelId || "").trim();
if (!channelId) return { content: [{ type: "text", text: "channelId is required" }], isError: true };
const prev = JSON.parse(JSON.stringify(policyState.channelPolicies));
try {
delete policyState.channelPolicies[channelId];
persistPolicies(api);
return { content: [{ type: "text", text: JSON.stringify({ ok: true, channelId, deleted: true }) }] };
} catch (err) {
policyState.channelPolicies = prev;
return { content: [{ type: "text", text: `persist failed: ${String(err)}` }], isError: true };
}
}
return { content: [{ type: "text", text: `unsupported action: ${action}` }], isError: true };
}, },
}, },
{ optional: true }, { optional: true },
@@ -211,8 +301,15 @@ export default {
const channelId = typeof c.channelId === "string" ? c.channelId : undefined; const channelId = typeof c.channelId === "string" ? c.channelId : undefined;
const live = getLivePluginConfig(api, baseConfig as WhisperGateConfig); const live = getLivePluginConfig(api, baseConfig as WhisperGateConfig);
const channelPolicies = loadChannelPolicies(api, live); ensurePolicyStateLoaded(api, live);
const decision = evaluateDecision({ config: live, channel, channelId, channelPolicies, senderId, content }); const decision = evaluateDecision({
config: live,
channel,
channelId,
channelPolicies: policyState.channelPolicies,
senderId,
content,
});
sessionDecision.set(sessionKey, { decision, createdAt: Date.now() }); sessionDecision.set(sessionKey, { decision, createdAt: Date.now() });
pruneDecisionMap(); pruneDecisionMap();
api.logger.debug?.( api.logger.debug?.(
@@ -236,7 +333,6 @@ export default {
if (!rec.decision.shouldUseNoReply) return; if (!rec.decision.shouldUseNoReply) return;
// no-reply path is consumed here
sessionDecision.delete(key); sessionDecision.delete(key);
const live = getLivePluginConfig(api, baseConfig as WhisperGateConfig); const live = getLivePluginConfig(api, baseConfig as WhisperGateConfig);
api.logger.info( api.logger.info(
@@ -260,15 +356,11 @@ export default {
return; return;
} }
// consume non-no-reply paths here to avoid stale carry-over
sessionDecision.delete(key); sessionDecision.delete(key);
if (!shouldInjectEndMarker(rec.decision.reason)) return; if (!shouldInjectEndMarker(rec.decision.reason)) return;
api.logger.info(`whispergate: prepend end marker instruction for session=${key}, reason=${rec.decision.reason}`); api.logger.info(`whispergate: prepend end marker instruction for session=${key}, reason=${rec.decision.reason}`);
return { return { prependContext: END_MARKER_INSTRUCTION };
prependContext: END_MARKER_INSTRUCTION,
};
}); });
}, },
}; };

1
plugin/openclaw.plugin.json
View File

@@ -19,6 +19,7 @@
"noReplyProvider": { "type": "string" }, "noReplyProvider": { "type": "string" },
"noReplyModel": { "type": "string" }, "noReplyModel": { "type": "string" },
"enableDiscordControlTool": { "type": "boolean", "default": true }, "enableDiscordControlTool": { "type": "boolean", "default": true },
"enableWhispergatePolicyTool": { "type": "boolean", "default": true },
"discordControlApiBaseUrl": { "type": "string", "default": "http://127.0.0.1:8790" }, "discordControlApiBaseUrl": { "type": "string", "default": "http://127.0.0.1:8790" },
"discordControlApiToken": { "type": "string" }, "discordControlApiToken": { "type": "string" },
"discordControlCallerId": { "type": "string" } "discordControlCallerId": { "type": "string" }