admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8214ab507c2947eda4e370c2df66c9f1af2bb69b
Moltbot/src/auto-reply/command-detection.ts
Peter Steinberger 69ba2765de refactor(security): harden CommandAuthorized plumbing
2026-01-17 10:19:34 +00:00

69 lines
2.2 KiB
TypeScript
Raw Blame History

import type { ClawdbotConfig } from "../config/types.js";
import {
type CommandNormalizeOptions,
listChatCommands,
listChatCommandsForConfig,
normalizeCommandBody,
} from "./commands-registry.js";
import { isAbortTrigger } from "./reply/abort.js";
export function hasControlCommand(
text?: string,
cfg?: ClawdbotConfig,
options?: CommandNormalizeOptions,
): boolean {
if (!text) return false;
const trimmed = text.trim();
if (!trimmed) return false;
const normalizedBody = normalizeCommandBody(trimmed, options);
if (!normalizedBody) return false;
const lowered = normalizedBody.toLowerCase();
const commands = cfg ? listChatCommandsForConfig(cfg) : listChatCommands();
for (const command of commands) {
for (const alias of command.textAliases) {
const normalized = alias.trim().toLowerCase();
if (!normalized) continue;
if (lowered === normalized) return true;
if (command.acceptsArgs && lowered.startsWith(normalized)) {
const nextChar = normalizedBody.charAt(normalized.length);
if (nextChar && /\s/.test(nextChar)) return true;
}
}
}
return false;
}
export function isControlCommandMessage(
text?: string,
cfg?: ClawdbotConfig,
options?: CommandNormalizeOptions,
): boolean {
if (!text) return false;
const trimmed = text.trim();
if (!trimmed) return false;
if (hasControlCommand(trimmed, cfg, options)) return true;
const normalized = normalizeCommandBody(trimmed, options).trim().toLowerCase();
return isAbortTrigger(normalized);
}
/**
* Coarse detection for inline directives/shortcuts (e.g. "hey /status") so channel monitors
* can decide whether to compute CommandAuthorized for a message.
*
* This intentionally errs on the side of false positives; CommandAuthorized only gates
* command/directive execution, not normal chat replies.
*/
export function hasInlineCommandTokens(text?: string): boolean {
const body = text ?? "";
if (!body.trim()) return false;
return /(?:^|\s)[/!][a-z]/i.test(body);
}
export function shouldComputeCommandAuthorized(
text?: string,
cfg?: ClawdbotConfig,
options?: CommandNormalizeOptions,
): boolean {
return isControlCommandMessage(text, cfg, options) || hasInlineCommandTokens(text);
}
Reference in New Issue View Git Blame Copy Permalink