@ihazz/bitrix24 1.0.3 → 1.1.1

package/src/commands.ts

@@ -43,9 +43,9 @@ const COMMAND_GROUP_LABELS = {
 export const OPENCLAW_COMMANDS: BotCommandDef[] = [
   // ── Status ──
   { command: 'help', en: 'Show available commands', ru: 'Показать доступные команды', group: 'status' },
-  { command: 'commands', en: 'List all slash commands', ru: 'Список всех команд', group: 'status' },
+  { command: 'commands', en: 'List all slash commands', ru: 'Показать все команды', group: 'status' },
   { command: 'status', en: 'Show current status', ru: 'Показать текущий статус', group: 'status' },
-  { command: 'context', en: 'Explain how context is built', ru: 'Объяснить построение контекста', group: 'status' },
+  { command: 'context', en: 'Explain how context is built', ru: 'Объяснить, как формируется контекст', group: 'status' },
   { command: 'whoami', en: 'Show your sender ID', ru: 'Показать ваш ID', group: 'status' },
   { command: 'usage', en: 'Usage and cost summary', ru: 'Использование и стоимость', params: 'off | tokens | full | cost', group: 'status' },
 
@@ -57,8 +57,8 @@ export const OPENCLAW_COMMANDS: BotCommandDef[] = [
   { command: 'session', en: 'Manage session settings', ru: 'Настройки сессии', params: 'ttl | ...', group: 'session' },
 
   // ── Options ──
-  { command: 'model', en: 'Show or set the model', ru: 'Показать/сменить модель', params: 'model name', group: 'options' },
-  { command: 'models', en: 'List available models', ru: 'Список моделей', params: 'provider', group: 'options' },
+  { command: 'model', en: 'Show or set the model', ru: 'Показать или сменить модель', params: 'model name', group: 'options' },
+  { command: 'models', en: 'List available models', ru: 'Показать модели', params: 'provider', group: 'options' },
   { command: 'think', en: 'Set thinking level', ru: 'Уровень размышлений', params: 'off | low | medium | high', group: 'options' },
   { command: 'verbose', en: 'Toggle verbose mode', ru: 'Подробный режим', params: 'on | off', group: 'options' },
   { command: 'reasoning', en: 'Toggle reasoning visibility', ru: 'Видимость рассуждений', params: 'on | off | stream', group: 'options' },
@@ -67,9 +67,9 @@ export const OPENCLAW_COMMANDS: BotCommandDef[] = [
   { command: 'queue', en: 'Adjust queue settings', ru: 'Настройки очереди', params: 'mode | debounce | cap | drop', group: 'options' },
 
   // ── Management ──
-  { command: 'config', en: 'Show or set config values', ru: 'Показать/задать конфигурацию', params: 'show | get | set | unset', group: 'management' },
+  { command: 'config', en: 'Show or set config values', ru: 'Показать или изменить конфигурацию', params: 'show | get | set | unset', group: 'management' },
   { command: 'debug', en: 'Set runtime debug overrides', ru: 'Отладочные настройки', params: 'show | reset | set | unset', group: 'management' },
-  { command: 'approve', en: 'Approve or deny exec requests', ru: 'Одобрить/отклонить запросы', group: 'management' },
+  { command: 'approve', en: 'Approve or deny exec requests', ru: 'Одобрить или отклонить запросы', group: 'management' },
   { command: 'activation', en: 'Set group activation mode', ru: 'Режим активации в группах', params: 'mention | always', group: 'management' },
   { command: 'send', en: 'Set send policy', ru: 'Политика отправки', params: 'on | off | inherit', group: 'management' },
   { command: 'subagents', en: 'Manage subagent runs', ru: 'Управление субагентами', group: 'management' },
@@ -153,7 +153,7 @@ export function formatModelsCommandReply(
   const isRu = lang?.toLowerCase().startsWith('ru') ?? false;
   const header = isRu ? '[B]Провайдеры[/B]' : '[B]Providers[/B]';
   const showModelsLabel = isRu
-    ? `[COLOR=${COMMAND_META_COLOR}]Посмотреть модели провайдера:[/COLOR]`
+    ? `[COLOR=${COMMAND_META_COLOR}]Модели провайдера:[/COLOR]`
     : `[COLOR=${COMMAND_META_COLOR}]Show provider models:[/COLOR]`;
   const switchModelLabel = isRu
     ? `[COLOR=${COMMAND_META_COLOR}]Сменить модель:[/COLOR]`

package/src/config-schema.ts

@@ -1,5 +1,22 @@
 import { z } from 'zod';
 
+const GroupSchema = z.object({
+  groupPolicy: z.enum(['disabled', 'webhookUser', 'pairing', 'allowlist', 'open']).optional(),
+  requireMention: z.boolean().optional().default(true),
+  allowFrom: z.array(z.string()).optional(),
+  watch: z.array(z.object({
+    userId: z.string().min(1),
+    topics: z.array(z.string().min(1)).optional(),
+    mode: z.enum(['reply', 'notifyOwnerDm']).optional(),
+  })).optional(),
+});
+
+const AgentWatchRuleSchema = z.object({
+  userId: z.string().min(1),
+  topics: z.array(z.string().min(1)).optional(),
+  mode: z.enum(['notifyOwnerDm']).optional(),
+});
+
 const AccountSchema = z.object({
   enabled: z.boolean().optional().default(true),
   webhookUrl: z.string().url().optional(),
@@ -13,7 +30,13 @@ const AccountSchema = z.object({
   agentMode: z.boolean().optional().default(false),
   pollingIntervalMs: z.number().int().min(500).optional().default(3000),
   pollingFastIntervalMs: z.number().int().min(50).optional().default(100),
-  dmPolicy: z.enum(['pairing', 'webhookUser']).optional().default('webhookUser'),
+  dmPolicy: z.enum(['pairing', 'webhookUser', 'allowlist', 'open']).optional().default('webhookUser'),
+  groupPolicy: z.enum(['disabled', 'webhookUser', 'pairing', 'allowlist', 'open']).optional().default('webhookUser'),
+  groupAllowFrom: z.array(z.string()).optional(),
+  requireMention: z.boolean().optional().default(true),
+  historyLimit: z.number().int().min(0).optional().default(100),
+  groups: z.record(z.string(), GroupSchema).optional(),
+  agentWatch: z.record(z.string(), z.array(AgentWatchRuleSchema)).optional(),
   showTyping: z.boolean().optional().default(true),
   streamUpdates: z.boolean().optional().default(false),
   updateIntervalMs: z.number().int().min(500).optional().default(10000),

package/src/config.ts

@@ -51,15 +51,17 @@ export function resolveAccount(
   enabled: boolean;
 } {
   const id = accountId || DEFAULT_ACCOUNT_ID;
-  const config = getConfig(cfg, id);
+  let config = getConfig(cfg, id);
 
-  // Validate config against Zod schema (validation only, no transform)
+  // Validate and normalize config against Zod schema.
   if (config.webhookUrl) {
     const result = Bitrix24ConfigSchema.safeParse(config);
     if (!result.success) {
       const issues = result.error.issues.map((i) => `${i.path.join('.')}: ${i.message}`).join('; ');
       throw new Error(`[bitrix24] Invalid config for account "${id}": ${issues}`);
     }
+
+    config = result.data;
   }
 
   return {

package/src/group-access.ts

@@ -0,0 +1,279 @@
+import type {
+  Bitrix24AccountConfig,
+  Bitrix24AgentWatchConfig,
+  Bitrix24GroupConfig,
+  Bitrix24GroupPolicy,
+  Bitrix24GroupWatchConfig,
+} from './types.js';
+import type { PluginRuntime, ChannelPairingAdapter } from './runtime.js';
+import type { AccessResult } from './access-control.js';
+import {
+  getWebhookUserId,
+  isIdentityAllowed,
+  normalizeAllowEntry,
+  normalizeAllowList,
+} from './access-control.js';
+
+export interface ResolvedBitrix24GroupAccess {
+  groupPolicy: Bitrix24GroupPolicy;
+  requireMention: boolean;
+  senderAllowFrom: string[];
+  watch: Bitrix24GroupWatchConfig[];
+  matchedGroupKey?: string;
+  matchedGroupConfig?: Bitrix24GroupConfig;
+  groupAllowed: boolean;
+}
+
+function normalizeWatchRules<T extends { userId: string; topics?: string[]; mode?: string }>(
+  rules: T[] | undefined,
+): T[] {
+  return (rules ?? []).map((rule) => ({
+    ...rule,
+    userId: normalizeAllowEntry(String(rule.userId)),
+    topics: Array.isArray(rule.topics)
+      ? rule.topics.map((topic) => String(topic).trim()).filter(Boolean)
+      : undefined,
+  }));
+}
+
+export function normalizeGroupEntry(entry: string): string {
+  const normalized = String(entry).trim().toLowerCase();
+  if (/^\d+$/.test(normalized)) {
+    return normalized;
+  }
+  if (/^chat\d+$/.test(normalized)) {
+    return normalized;
+  }
+  return normalized;
+}
+
+export function normalizeGroupAllowList(entries: string[] | undefined): string[] {
+  if (!Array.isArray(entries)) {
+    return [];
+  }
+
+  return [...new Set(
+    entries
+      .map((entry) => normalizeGroupEntry(String(entry)))
+      .filter(Boolean),
+  )];
+}
+
+export function buildGroupMatchKeys(params: {
+  dialogId?: string;
+  chatId?: string;
+}): string[] {
+  const keys: string[] = [];
+  const normalizedDialogId = params.dialogId ? normalizeGroupEntry(params.dialogId) : '';
+  const normalizedChatId = params.chatId ? normalizeGroupEntry(params.chatId) : '';
+
+  if (normalizedDialogId) {
+    keys.push(normalizedDialogId);
+    const dialogMatch = normalizedDialogId.match(/^chat(\d+)$/);
+    if (dialogMatch) {
+      keys.push(dialogMatch[1]);
+    }
+  }
+
+  if (normalizedChatId) {
+    keys.push(normalizedChatId);
+    if (/^\d+$/.test(normalizedChatId)) {
+      keys.push(`chat${normalizedChatId}`);
+    }
+  }
+
+  return [...new Set(keys)];
+}
+
+export function resolveGroupAccess(params: {
+  config: Bitrix24AccountConfig;
+  dialogId?: string;
+  chatId?: string;
+}): ResolvedBitrix24GroupAccess {
+  const matchKeys = buildGroupMatchKeys(params);
+  const groups = params.config.groups ?? {};
+  const wildcardGroupConfig = groups['*'];
+  let matchedGroupKey: string | undefined;
+  let matchedGroupConfig: Bitrix24GroupConfig | undefined;
+
+  for (const key of matchKeys) {
+    if (groups[key]) {
+      matchedGroupKey = key;
+      matchedGroupConfig = groups[key];
+      break;
+    }
+  }
+
+  if (!matchedGroupConfig && wildcardGroupConfig) {
+    matchedGroupKey = '*';
+    matchedGroupConfig = wildcardGroupConfig;
+  }
+
+  const explicitGroupMatched = Boolean(
+    matchedGroupKey
+      && matchedGroupKey !== '*'
+      && matchedGroupConfig,
+  );
+  const groupAllowFrom = normalizeGroupAllowList(params.config.groupAllowFrom);
+  const groupAllowed = groupAllowFrom.length === 0
+    || explicitGroupMatched
+    || matchKeys.some((key) => groupAllowFrom.includes(key));
+
+  const watchRules = [
+    ...(matchedGroupKey && matchedGroupKey !== '*' ? (matchedGroupConfig?.watch ?? []) : []),
+    ...(wildcardGroupConfig?.watch ?? []),
+  ];
+
+  return {
+    groupPolicy: matchedGroupConfig?.groupPolicy ?? params.config.groupPolicy ?? 'webhookUser',
+    requireMention: matchedGroupConfig?.requireMention ?? params.config.requireMention ?? true,
+    senderAllowFrom: normalizeAllowList([
+      ...(params.config.allowFrom ?? []),
+      ...(matchedGroupConfig?.allowFrom ?? []),
+    ]),
+    watch: normalizeWatchRules(watchRules).map((rule) => ({
+      ...rule,
+      mode: rule.mode === 'notifyOwnerDm' ? 'notifyOwnerDm' : 'reply',
+    })),
+    matchedGroupKey,
+    matchedGroupConfig,
+    groupAllowed,
+  };
+}
+
+export function resolveAgentWatchRules(params: {
+  config: Bitrix24AccountConfig;
+  dialogId?: string;
+  chatId?: string;
+}): Bitrix24AgentWatchConfig[] {
+  const matchKeys = buildGroupMatchKeys(params);
+  const scopes = params.config.agentWatch ?? {};
+  const resolvedRules: Bitrix24AgentWatchConfig[] = [];
+
+  for (const key of matchKeys) {
+    if (scopes[key]) {
+      resolvedRules.push(...normalizeWatchRules(scopes[key]).map((rule) => ({
+        ...rule,
+        mode: 'notifyOwnerDm' as const,
+      })));
+      break;
+    }
+  }
+
+  if (scopes['*']) {
+    resolvedRules.push(...normalizeWatchRules(scopes['*']).map((rule) => ({
+      ...rule,
+      mode: 'notifyOwnerDm' as const,
+    })));
+  }
+
+  return resolvedRules;
+}
+
+export async function checkGroupAccessPassive(params: {
+  senderId: string;
+  dialogId?: string;
+  chatId?: string;
+  config: Bitrix24AccountConfig;
+  runtime: PluginRuntime;
+  accountId: string;
+  logger?: { debug: (...args: unknown[]) => void };
+}): Promise<AccessResult> {
+  const {
+    senderId,
+    dialogId,
+    chatId,
+    config,
+    runtime,
+    accountId,
+    logger,
+  } = params;
+  const identity = normalizeAllowEntry(String(senderId));
+  const group = resolveGroupAccess({ config, dialogId, chatId });
+
+  if (!group.groupAllowed || group.groupPolicy === 'disabled') {
+    logger?.debug('Group passive access denied (group disabled or not allowed)', {
+      senderId,
+      dialogId,
+      chatId,
+      groupAllowed: group.groupAllowed,
+      groupPolicy: group.groupPolicy,
+    });
+    return 'deny';
+  }
+
+  if (group.groupPolicy === 'open') {
+    return 'allow';
+  }
+
+  if (group.groupPolicy === 'webhookUser') {
+    const webhookUserId = getWebhookUserId(config.webhookUrl);
+    return webhookUserId && webhookUserId === identity ? 'allow' : 'deny';
+  }
+
+  if (group.groupPolicy === 'allowlist') {
+    return isIdentityAllowed(identity, group.senderAllowFrom) ? 'allow' : 'deny';
+  }
+
+  const storeAllowFrom = await runtime.channel.pairing.readAllowFromStore('bitrix24', '', accountId);
+  const approved = [...new Set([
+    ...group.senderAllowFrom,
+    ...normalizeAllowList(storeAllowFrom),
+  ])];
+
+  return approved.includes(identity) ? 'allow' : 'pairing';
+}
+
+export async function checkGroupAccessWithPairing(params: {
+  senderId: string;
+  dialogId?: string;
+  chatId?: string;
+  config: Bitrix24AccountConfig;
+  runtime: PluginRuntime;
+  accountId: string;
+  pairingAdapter: ChannelPairingAdapter;
+  logger?: { debug: (...args: unknown[]) => void };
+}): Promise<AccessResult> {
+  const passiveResult = await checkGroupAccessPassive({
+    senderId: params.senderId,
+    dialogId: params.dialogId,
+    chatId: params.chatId,
+    config: params.config,
+    runtime: params.runtime,
+    accountId: params.accountId,
+    logger: params.logger,
+  });
+  if (passiveResult !== 'pairing') {
+    return passiveResult;
+  }
+
+  const identity = normalizeAllowEntry(String(params.senderId));
+  const group = resolveGroupAccess({
+    config: params.config,
+    dialogId: params.dialogId,
+    chatId: params.chatId,
+  });
+
+  try {
+    await params.runtime.channel.pairing.upsertPairingRequest({
+      channel: 'bitrix24',
+      id: identity,
+      accountId: params.accountId,
+      meta: {
+        dialogId: params.dialogId,
+        chatId: params.chatId,
+        scope: 'group',
+      },
+      pairingAdapter: params.pairingAdapter,
+    });
+    return 'pairing';
+  } catch (err) {
+    params.logger?.debug('Group pairing request failed, falling back to deny', {
+      senderId: params.senderId,
+      dialogId: params.dialogId,
+      chatId: params.chatId,
+      error: err,
+    });
+    return 'deny';
+  }
+}

package/src/history-cache.ts

@@ -0,0 +1,122 @@
+export interface HistoryEntry {
+  messageId: string;
+  sender: string;
+  senderId?: string;
+  body: string;
+  timestamp?: number;
+  wasMentioned?: boolean;
+  eventScope?: 'bot' | 'user';
+}
+
+export interface ConversationMeta {
+  key: string;
+  dialogId: string;
+  chatId?: string;
+  chatName?: string;
+  chatType?: string;
+  isGroup?: boolean;
+  lastActivityAt?: number;
+}
+
+export class HistoryCache {
+  private readonly entries = new Map<string, HistoryEntry[]>();
+  private readonly conversations = new Map<string, ConversationMeta>();
+  private readonly maxKeys: number;
+
+  constructor(params?: { maxKeys?: number }) {
+    this.maxKeys = Math.max(1, params?.maxKeys ?? 1000);
+  }
+
+  append(params: {
+    key: string;
+    entry: HistoryEntry;
+    limit: number;
+    meta?: Omit<ConversationMeta, 'key'>;
+  }): HistoryEntry[] {
+    const key = params.key;
+    const limit = Math.max(0, params.limit);
+    const currentEntries = this.entries.get(key) ?? [];
+    const nextEntries = currentEntries.some((entry) => entry.messageId === params.entry.messageId)
+      ? currentEntries
+      : [...currentEntries, params.entry];
+    const trimmedEntries = limit > 0
+      ? nextEntries.slice(-limit)
+      : [];
+
+    if (params.meta) {
+      this.conversations.set(key, {
+        ...this.conversations.get(key),
+        ...params.meta,
+        key,
+      });
+    }
+
+    this.touch(key, trimmedEntries);
+    this.evictIfNeeded();
+    return trimmedEntries;
+  }
+
+  get(key: string, limit?: number): HistoryEntry[] {
+    const entries = this.entries.get(key) ?? [];
+    if (entries.length === 0) {
+      return [];
+    }
+
+    this.touch(key, entries);
+    if (typeof limit !== 'number' || limit < 0) {
+      return [...entries];
+    }
+
+    return entries.slice(-limit);
+  }
+
+  findByMessageId(key: string, messageId: string | undefined): HistoryEntry | undefined {
+    if (!messageId) {
+      return undefined;
+    }
+
+    const entries = this.entries.get(key);
+    if (!entries || entries.length === 0) {
+      return undefined;
+    }
+
+    this.touch(key, entries);
+    return entries.find((entry) => entry.messageId === messageId);
+  }
+
+  clear(key: string): void {
+    this.entries.delete(key);
+    this.conversations.delete(key);
+  }
+
+  clearAll(): void {
+    this.entries.clear();
+    this.conversations.clear();
+  }
+
+  size(): number {
+    return this.entries.size;
+  }
+
+  listConversations(): ConversationMeta[] {
+    return [...this.entries.keys()]
+      .map((key) => this.conversations.get(key))
+      .filter((conversation): conversation is ConversationMeta => Boolean(conversation));
+  }
+
+  private touch(key: string, value: HistoryEntry[]): void {
+    this.entries.delete(key);
+    this.entries.set(key, value);
+  }
+
+  private evictIfNeeded(): void {
+    while (this.entries.size > this.maxKeys) {
+      const oldestKey = this.entries.keys().next().value;
+      if (typeof oldestKey !== 'string') {
+        break;
+      }
+      this.entries.delete(oldestKey);
+      this.conversations.delete(oldestKey);
+    }
+  }
+}