Bj UdZddlmZddlmZddlmZmZmZm Z m Z e ddhZ de d<ed Gd d Ze hd ZddZddZddZddZddZddZddZgdZy)u'Per-platform slash command access control. This module sits beside the existing per-platform allowlist (``allow_from``) and adds a second axis: of the users who are *allowed to talk to the gateway*, which ones can run *which slash commands*. Two lists per platform scope (DM vs group, mirroring ``allow_from`` vs ``group_allow_from``): - ``allow_admin_from`` — user IDs that get every registered slash command (built-in + plugin-registered). - ``user_allowed_commands`` — slash command names non-admin users may run. Empty / unset → non-admins get no slash commands. Backward compatibility: If ``allow_admin_from`` is not set for a scope, slash command gating is disabled entirely for that scope. Every allowed user can run every slash command, exactly like before. This means existing installs are unaffected until an operator opts in by listing at least one admin. The gate is applied at the slash command dispatch site in ``gateway/run.py`` so it covers BOTH built-in and plugin-registered commands via the live registry. Gating slash commands does not affect plain chat — non-admin users can still talk to the agent normally, they just can't trigger commands outside ``user_allowed_commands``. Authored as a slimmed-down salvage of PR #4443's permission tiers (co-authored by @ReqX). The full tier system, audit log, usage tracking, rate limiting, and tool filtering from that PR are not included here — only the slash-command access split. ) annotations) dataclass)Any FrozenSetIterableOptionalTuplehelpwhoamiFrozenSet[str]_ALWAYS_ALLOWED_FOR_USERST)frozenc@eZdZUdZded<ded<ded<d dZd dZy ) SlashAccessPolicyuResolved access policy for a single (platform, scope) pair. ``scope`` is ``"dm"`` for direct messages and ``"group"`` for groups, channels, threads, and any other multi-user context. The mapping from SessionSource.chat_type → scope happens in ``policy_for_source``. boolenabledr admin_user_idsuser_allowed_commandscP|jsy|syt||jvSNTF)rstrr)selfuser_ids 9/home/ubuntu/.hermes/hermes-agent/gateway/slash_access.pyis_adminzSlashAccessPolicy.is_adminEs)||7|t2222ct|jsy|j|ry|sy|tvry||jvSr)rrr r)rr canonical_cmds rcan_runzSlashAccessPolicy.can_runOs>|| == ! 5 5 : :::rN)r Optional[str]returnr)rr rrr!r)__name__ __module__ __qualname____doc____annotations__rrrrrr8s$M""))3 ;rr>dmdirectprivatec:| tSt|ttttfr|}n,t|t rd|j dD}n|f}g}|D]/}t |j}|s|j|1t|S)zNormalize a YAML-loaded admin/user list into a frozenset of strings. Accepts ``None``, list, tuple, or comma-separated string. Stringifies each entry and strips whitespace; empty entries are dropped. c3BK|]}|js|ywNstrip.0ss r z"_coerce_id_list..i8qaggi8,) frozenset isinstancelisttuplesetrsplitr0appendrawitemsoutitr3s r_coerce_id_listrD^s  {{#eS)45" C 8CIIcN8C GMMO JJqM S>rct| tSt|ttttfr|}n,t|t rd|j dD}n|f}g}|D]L}t |jjdj}|s<|j|Nt|S)zNormalize a slash command allowlist. Strips leading slashes so YAML can read either ``["help", "status"]`` or ``["/help", "/status"]``. Lowercase canonicalization matches how ``resolve_command()`` stores names. c3BK|]}|js|ywr.r/r1s rr4z'_coerce_command_list..r5r6r7/) r8r9r:r;r<rr=r0lstriplowerr>r?s r_coerce_command_listrJus {{#eS)45" C 8CIIcN8C GMMO " "3 ' - - / JJqM S>rc6|r|jtvryy)Nr)group)rI_DM_CHAT_TYPES) chat_types r_scope_for_chat_typerOsY__&.8 rcp|iSt|dd}t|tr|St|tr|SiS)zReturn the ``extra`` dict from a PlatformConfig-like object. Defensively handles None and non-PlatformConfig shapes so calling code can stay simple. Nextra)getattrr9dict)platform_configrQs r_platform_extrarUsA  OWd 3E% /4( Irc|dk(ryy)z3Return (admin_key, user_cmd_key) names for a scope.rL)group_allow_admin_fromgroup_user_allowed_commands)allow_admin_fromrr')scopes r_keys_for_scoper[s H 8rct|\}}t|j|}t|j|}|dk(r|st|jd}t |}t |||S)aBuild a policy from a platform's ``extra`` dict for one scope. DM scope falls back to group scope keys ONLY for ``user_allowed_commands`` when the DM scope didn't specify its own. This keeps the common case (operator wants the same command set DM and group) ergonomic without forcing duplication. Admin lists are NOT cross-scope: an admin in DMs is not implicitly an admin in a group. r)rXrrr)r[rDgetrJrr)rQrZ admin_keycmd_key admin_idscmdsrs rpolicy_from_extrarcsw)/Iw ) 45I  ' 2 3D }T$EII.K$LM9oG  " rc||tdttSt|dd}d}| |j|j}t |}tt|dd}t||S#t $rd}Y:wxYw)aResolve the access policy for a SessionSource. Returns a "disabled" policy (gating off, allow everything) when: - gateway_config is None - the platform has no PlatformConfig - the platform's PlatformConfig has no admin list set for the scope Callers should treat the returned policy as authoritative for slash command gating only. It does not gate plain chat messages. NFr] platformsrN) rr8rRr^platform ExceptionrUrOrc)gateway_configsourcererTrQrZs rpolicy_for_sourcerjs $;"++   T:IO #'mmFOOros D#!<<-6  7->  $;;;D:;.. "94+: r