,jWldZddlmZddlZddlmZddlmZddlm Z ddl m Z m ZGdd ZdS) aUser-authorization methods for ``GatewayRunner``. Extracted from ``gateway/run.py`` as part of the god-file decomposition campaign (``~/.hermes/plans/god-file-decomposition.md``, Phase 3 mechanical mixin lifts). This mixin holds the inbound-message authorization cluster: whether a user/chat is allowed to talk to the agent, the per-adapter DM policy, and the unauthorized-DM behavior. Behavior-neutral: every method is lifted verbatim from ``GatewayRunner``. ``self.*`` calls resolve unchanged via the MRO. Neutral dependencies import at module top; the module-level ``logger`` is imported lazily inside the one method that uses it (``from gateway.run import logger`` resolves at call time, when ``gateway.run`` is fully loaded) so this module never imports ``gateway.run`` at import time -> no import cycle. The lazy import preserves the exact logger name (``"gateway.run"``) so log records are unchanged. ) annotationsN)Optional)Platform) SessionSource)expand_whatsapp_aliasesnormalize_whatsapp_identifierc2eZdZdZddZddZdd Zdd Zd S)GatewayAuthorizationMixinz6User/chat authorization methods for ``GatewayRunner``.platformOptional[Platform]returnboolc|sdSt|dd}|sdS||}|dStt|ddS)a*Whether the adapter for *platform* gates access at intake itself. Mirrors ``BasePlatformAdapter.enforces_own_access_policy``. Adapters such as WeCom, Weixin, Yuanbao, QQBot, and WhatsApp evaluate their documented ``dm_policy`` / ``group_policy`` / ``allow_from`` config before a message is dispatched to the gateway, so a message that reaches ``_is_user_authorized`` has already been authorized by the adapter. Defaults to ``False`` when the adapter is unknown or doesn't expose the flag. FadaptersNenforces_own_access_policy)getattrgetr)selfr radapters 8/home/ubuntu/.hermes/hermes-agent/gateway/authz_mixin.py#_adapter_enforces_own_access_policyz=GatewayAuthorizationMixin._adapter_enforces_own_access_policy"sg 54T22 5,,x(( ?5GG%A5IIJJJstrc|sdSt|ddpi}||}|t|ddnd}|~t|dd}|*t|dr|j|nd}|rt|ddnd}t |t r|d}t |pdS) uBBest-effort read of an own-policy adapter's effective DM policy. Returns the lowercased ``dm_policy`` (``"open"`` / ``"allowlist"`` / ``"disabled"`` / ``"pairing"``) for *platform*, or ``""`` when unknown. Prefers the live adapter's resolved ``_dm_policy`` — which already folds in both ``config.extra`` and the ``_DM_POLICY`` env var (the env var is not always bridged back into ``config.extra``) — and falls back to ``config.extra`` for bare runners built without a live adapter. Used by ``_is_user_authorized`` to carve ``dm_policy: pairing`` out of the adapter-trust shortcut: in pairing mode the adapter forwards the DM so the gateway can run its pairing handshake, so "reached the gateway" must not be read as "authorized". rN _dm_policyconfig platformsextra dm_policy) rrhasattrr isinstancedictrstriplower)rr rrpolicyr platform_cfgrs r_adapter_dm_policyz,GatewayAuthorizationMixin._adapter_dm_policy:s  24T228b,,x((9@9L,555RV >T8T22F%'&+*F*F% $$X...  =IRGL'4888dE%&& 0;//6|jd9vr5|jr.d>|d D}d |vs |j|vrdS|jtj kr|r|jd9vr|jrzd?|d D}|rYtO|d@d s=|,dAd -t]|d|_/|j|vrdSta}|r2|1dB|d D|r2|1dC|d D|r2|1dD|d Dd |vrdS|h}dE|vr.|2|dEd|jtjkrta}|D]$}|1tg|%|r|}|1tg|ti|}|r|2||j1|jj"dGkr!|j5r|2|j5tm||zS)Hao Check if a user is authorized to use the bot. Checks in order: 1. Per-platform allow-all flag (e.g., DISCORD_ALLOW_ALL_USERS=true) 2. Environment variable allowlists (TELEGRAM_ALLOWED_USERS, etc.) 3. DM pairing approved list 4. Global allow-all (GATEWAY_ALLOW_ALL_USERS=true) 5. Default: deny r)loggerT>forumgroupchannelTELEGRAM_GROUP_ALLOWED_CHATSQQ_GROUP_ALLOWED_USERSrc^h|]*}||+Sr$).0cids r z@GatewayAuthorizationMixin._is_user_authorized..s>)))99;;) )))r,*FTELEGRAM_ALLOWED_USERSDISCORD_ALLOWED_USERSWHATSAPP_ALLOWED_USERSWHATSAPP_CLOUD_ALLOWED_USERSSLACK_ALLOWED_USERSSIGNAL_ALLOWED_USERSEMAIL_ALLOWED_USERSSMS_ALLOWED_USERSMATTERMOST_ALLOWED_USERSMATRIX_ALLOWED_USERSDINGTALK_ALLOWED_USERSFEISHU_ALLOWED_USERSWECOM_ALLOWED_USERSWECOM_CALLBACK_ALLOWED_USERSWEIXIN_ALLOWED_USERSBLUEBUBBLES_ALLOWED_USERSQQ_ALLOWED_USERSYUANBAO_ALLOWED_USERSTELEGRAM_GROUP_ALLOWED_USERSTELEGRAM_ALLOW_ALL_USERSDISCORD_ALLOW_ALL_USERSWHATSAPP_ALLOW_ALL_USERSWHATSAPP_CLOUD_ALLOW_ALL_USERSSLACK_ALLOW_ALL_USERSSIGNAL_ALLOW_ALL_USERSEMAIL_ALLOW_ALL_USERSSMS_ALLOW_ALL_USERSMATTERMOST_ALLOW_ALL_USERSMATRIX_ALLOW_ALL_USERSDINGTALK_ALLOW_ALL_USERSFEISHU_ALLOW_ALL_USERSWECOM_ALLOW_ALL_USERSWECOM_CALLBACK_ALLOW_ALL_USERSWEIXIN_ALLOW_ALL_USERSBLUEBUBBLES_ALLOW_ALL_USERSQQ_ALLOW_ALL_USERSYUANBAO_ALLOW_ALL_USERSDISCORD_ALLOW_BOTSFEISHU_ALLOW_BOTS)platform_registry>1yestruerole_authorizedis_botnone>allmentions>r,r-GATEWAY_ALLOWED_USERSdmpairingGATEWAY_ALLOW_ALL_USERSc^h|]*}||+Sr2r3)r4chat_ids rr6z@GatewayAuthorizationMixin._is_user_authorized.. sB!!!$+RYR_R_RaRa! !!!rch|]=}|d)|>S)-)r$ startswith)r4vs rr6z@GatewayAuthorizationMixin._is_user_authorized..sL7799'',, r#_warned_telegram_group_users_legacyuTELEGRAM_GROUP_ALLOWED_USERS contains chat-ID-shaped values (%s). Treating them as chat IDs for backward compatibility. Move chat IDs to TELEGRAM_GROUP_ALLOWED_CHATS — the _USERS var is now for sender user IDs.c3fK|],}||V-dSNr3r4uids r z@GatewayAuthorizationMixin._is_user_authorized..7s<ccsWZW`W`WbWbcsyy{{ccccccrc3fK|],}||V-dSrur3rvs rrxz@GatewayAuthorizationMixin._is_user_authorized..9s<eesY\YbYbYdYdesyy{{eeeeeerc3fK|],}||V-dSrur3rvs rrxz@GatewayAuthorizationMixin._is_user_authorized..;s<aasUXU^U^U`U`asyy{{aaaaaar@Nsimplex)7 gateway.runr+r r HOMEASSISTANTWEBHOOKuser_id chat_typernTELEGRAMQQBOTrosgetenvr$splitDISCORDWHATSAPPWHATSAPP_CLOUDSLACKSIGNALEMAILSMS MATTERMOSTMATRIXDINGTALKFEISHUWECOMWECOM_CALLBACKWEIXIN BLUEBUBBLESYUANBAOgateway.platform_registryr`valueallowed_users_env allow_all_env Exceptionr%r pairing_store is_approvedrr(warningjoinsortedrssetupdateadd_expand_whatsapp_auth_aliases_normalize_whatsapp_identifier user_namer)rr)r+rchat_allowlist_envraw_chat_allowlistallowed_group_idsplatform_env_mapplatform_group_user_env_mapplatform_group_chat_env_mapplatform_allow_all_mapplatform_allow_bots_mapr`entryplatform_allow_all_varallow_bots_var platform_nameplatform_allowlistgroup_user_allowlistgroup_chat_allowlistglobal_allowlistlegacy_chat_ids allowed_ids check_idsnormalized_allowed_ids allowed_idnormalized_user_ids r_is_user_authorizedz-GatewayAuthorizationMixin._is_user_authorizedZs  '&&&&& ?x5x7GH H H4.  < < < <!#A 8"c&/2&& " $%'Y/A2%F%F%L%L%N%N"%$))#5#;#;C#@#@)))% ///6>EV3V3V#t 5  7  5   7   #%C  N1  O3   N1  L-   !;  O3   7  O3  N1   #%C  O3  "=! " N.# $  5%  *  =' #  = N4' #"  9"  7"   9"   #%E " N3 " O5 "  N3"  L/"   !="  O5"   9"  O5"  N3"   #%E"  O5"  "?!" " N0#" $  7%" " ,  2 O0#  ?"2 2 2 GGGGGG)--fo.CDDV.T \G[ \dt \77HH $,,//@@IMM496;;AACCG[[ [  F$48J$J$Jv~$J!!/C/I/I#/N/N!!! '''6>=N+N+Nt Ox0 0 0$ 1 $6667-33C88O  t%JERRDNN6!8!899 @DD<>_444 ee  d   cc6H6N6Ns6S6Sccc c c c  f   ee6J6P6PQT6U6Ueee e e e  b   aa6F6L6LS6Q6Qaaa a a a +  4I '>> MM'--,,Q/ 0 0 0 ?h/ / /%(UU ") Y Y &--.KJ.W.WXXXX% 54   :7CC D D D!?!H!H ! 2 0111 O '%22 3 MM&* + + +I +,,,s5AM MMct|dd}|rht|drX|rVt|dr|j|nd}|r(dt|divr||S|r"t|dr|jdkr|jS|r|rt|dr|j|}|rt|ddnd}t |trVt|dpd  }|d krdS|d vrd S|ryitj d tj dtjdtjdtjdtjdtjdtjdtjdtjdtjdtjdtjdtjdtjdtjdtjd}tj dtjdi}t;j||d d  rd S||d D],}t;j|d  rd S-t;jd!d  rd SdS)"uReturn how unauthorized DMs should be handled for a platform. Resolution order: 1. Explicit per-platform ``unauthorized_dm_behavior`` in config — always wins. 2. Explicit global ``unauthorized_dm_behavior`` in config — wins when no per-platform. 3. When an allowlist (``PLATFORM_ALLOWED_USERS``, ``PLATFORM_GROUP_ALLOWED_USERS`` / ``PLATFORM_GROUP_ALLOWED_CHATS``, or ``GATEWAY_ALLOWED_USERS``) is configured, default to ``"ignore"`` — the allowlist signals that the owner has deliberately restricted access; spamming unknown contacts with pairing codes is both noisy and a potential info-leak. (#9337) 4. No allowlist and no explicit config → ``"pair"`` (open-gateway default). rNget_unauthorized_dm_behaviorrunauthorized_dm_behaviorrpairr rrk>disabled allowlistignorer9r:r;r<r=r>r?r@rArBrCrDrErFrGrHrI)rKr/)r0r2ri)rr!rrrrr"r#rr$r%rrrrrrrrrrrrrrrrrrrr) rr rr'rr rplatform_group_env_mapenv_keys r_get_unauthorized_dm_behaviorz7GatewayAuthorizationMixin._get_unauthorized_dm_behaviordsox..  Egf&DEE E( E=DV[=Y=Yc6+//999_cL E :glT[]_>`>` ` `::8DDD  7gf&@AA 7.&8866  $ $76;#?#? $!+//99Lrs"#""""" ######)))))) VVVVVVVVVVr