Jump to content

Connect SuperML | Leeroopedia MCP: Equip your AI agents with best practices, code verification, and debugging knowledge. Powered by Leeroo — building Organizational Superintelligence. Contact us at founders@leeroo.com.

Implementation:Openclaw Openclaw DmPolicySchema

From Leeroopedia
Revision as of 16:16, 16 February 2026 by Admin (talk | contribs) (Auto-imported from implementations/Openclaw_Openclaw_DmPolicySchema.md)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


Knowledge Sources
Domains Messaging, Security, Configuration
Last Updated 2026-02-06 12:00 GMT

Overview

Concrete Zod validation schemas that define and enforce the access control policy values for DM gating and group-level restrictions across all OpenClaw messaging channels.

Description

The DmPolicySchema and GroupPolicySchema in src/config/zod-schema.core.ts are Zod enum schemas that constrain the valid policy values at the configuration validation layer. They are imported and used by every channel-specific account schema (Telegram, Discord, Slack, Signal, iMessage, and extension channels) to ensure uniform policy enforcement across the codebase.

The DmPolicySchema accepts four string literals: "pairing", "allowlist", "open", and "disabled". The GroupPolicySchema accepts three: "open", "disabled", and "allowlist". Each channel account schema applies these with .optional().default(...) to establish safe defaults -- typically "pairing" for DM policy and "allowlist" for group policy.

The TelegramAccountSchemaBase in src/config/zod-schema.providers-core.ts (lines 90-156) demonstrates how these policy schemas are composed into a full channel account configuration. It includes dmPolicy, groupPolicy, allowFrom, and groupAllowFrom fields, along with per-group config via the groups record. The requireOpenAllowFrom refinement (from zod-schema.core.ts) enforces the safety rule that "open" policies require an explicit "*" wildcard in the allowlist.

Usage

These schemas are used at config load time to validate the YAML/JSON configuration file. They are also referenced during channel registration to ensure that newly added accounts have valid policy values.

Code Reference

Source Location

  • Repository: openclaw
  • File (core schemas): src/config/zod-schema.core.ts
  • Lines (DmPolicySchema): 129
  • Lines (GroupPolicySchema): 127
  • File (Telegram account): src/config/zod-schema.providers-core.ts
  • Lines (TelegramAccountSchemaBase): 90-156

Signature

// DM policy: controls direct message access
export const DmPolicySchema = z.enum(["pairing", "allowlist", "open", "disabled"]);

// Group policy: controls group conversation access
export const GroupPolicySchema = z.enum(["open", "disabled", "allowlist"]);

Safety Refinement

export const requireOpenAllowFrom = (params: {
  policy?: string;
  allowFrom?: Array<string | number>;
  ctx: z.RefinementCtx;
  path: Array<string | number>;
  message: string;
}) => {
  if (params.policy !== "open") {
    return;
  }
  const allow = normalizeAllowFrom(params.allowFrom);
  if (allow.includes("*")) {
    return;
  }
  params.ctx.addIssue({
    code: z.ZodIssueCode.custom,
    path: params.path,
    message: params.message,
  });
};

Telegram Account Schema (composition example)

export const TelegramAccountSchemaBase = z
  .object({
    // ...
    dmPolicy: DmPolicySchema.optional().default("pairing"),
    groupPolicy: GroupPolicySchema.optional().default("allowlist"),
    allowFrom: z.array(z.union([z.string(), z.number()])).optional(),
    groupAllowFrom: z.array(z.union([z.string(), z.number()])).optional(),
    groups: z.record(z.string(), TelegramGroupSchema.optional()).optional(),
    // ...
  })
  .strict();

Import

import { DmPolicySchema, GroupPolicySchema, requireOpenAllowFrom } from "./zod-schema.core.js";

I/O Contract

Inputs

Name Type Required Description
(value) string Yes The policy string to validate; must match one of the enum literals

Outputs

Name Type Description
DmPolicySchema.parse() "allowlist" | "open" | "disabled" Validated DM policy value
GroupPolicySchema.parse() "disabled" | "allowlist" Validated group policy value

Usage Examples

Validating a DM Policy

import { DmPolicySchema } from "./config/zod-schema.core.js";

const policy = DmPolicySchema.parse("pairing"); // OK
DmPolicySchema.parse("invalid"); // throws ZodError

Using in a Channel Account Schema

const accountConfig = TelegramAccountSchemaBase.parse({
  dmPolicy: "allowlist",
  groupPolicy: "allowlist",
  allowFrom: ["123456789"],
  botToken: "123456:ABC-DEF",
});
// accountConfig.dmPolicy === "allowlist"
// accountConfig.groupPolicy === "allowlist"

Open Policy with Wildcard Requirement

// This will fail validation because allowFrom does not include "*"
TelegramAccountSchema.parse({
  dmPolicy: "open",
  allowFrom: ["123456789"],
});
// ZodError: channels.telegram.dmPolicy="open" requires
//   channels.telegram.allowFrom to include "*"

// This succeeds
TelegramAccountSchema.parse({
  dmPolicy: "open",
  allowFrom: ["*"],
});

Related Pages

Implements Principle

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment
Retrieved from "https://leeroopedia.com/index.php?title=Implementation:Openclaw_Openclaw_DmPolicySchema&oldid=16868"