Skip to content

Commit 097010b

Browse files
pgondhi987pgondhi987
committed
addressing codex review
1 parent 31d0997 commit 097010b

1 file changed

Lines changed: 7 additions & 5 deletions

File tree

docs/channels/zalouser.md

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,9 @@ openclaw directory groups list --channel zalouser --query "work"
8181

8282
`channels.zalouser.dmPolicy` supports: `pairing | allowlist | open | disabled` (default: `pairing`).
8383

84-
`channels.zalouser.allowFrom` accepts user IDs or names. During setup, names are resolved to IDs using the plugin's in-process contact lookup.
84+
`channels.zalouser.allowFrom` should use stable Zalo user IDs. During interactive setup, entered names can be resolved to IDs using the plugin's in-process contact lookup.
85+
86+
If a raw name remains in config, startup resolves it only when `channels.zalouser.dangerouslyAllowNameMatching: true` is enabled. Without that opt-in, runtime sender checks are ID-only and raw names are ignored for authorization.
8587

8688
Approve via:
8789

@@ -93,13 +95,13 @@ Approve via:
9395
- Default: `channels.zalouser.groupPolicy = "open"` (groups allowed). Use `channels.defaults.groupPolicy` to override the default when unset.
9496
- Restrict to an allowlist with:
9597
- `channels.zalouser.groupPolicy = "allowlist"`
96-
- `channels.zalouser.groups` (keys should be stable group IDs; names are resolved to IDs on startup when possible)
98+
- `channels.zalouser.groups` (keys should be stable group IDs; names are resolved to IDs on startup only when `channels.zalouser.dangerouslyAllowNameMatching: true` is enabled)
9799
- `channels.zalouser.groupAllowFrom` (controls which senders in allowed groups can trigger the bot)
98100
- Block all groups: `channels.zalouser.groupPolicy = "disabled"`.
99101
- The configure wizard can prompt for group allowlists.
100-
- On startup, OpenClaw resolves group/user names in allowlists to IDs and logs the mapping.
102+
- On startup, OpenClaw resolves group/user names in allowlists to IDs and logs the mapping only when `channels.zalouser.dangerouslyAllowNameMatching: true` is enabled.
101103
- Group allowlist matching is ID-only by default. Unresolved names are ignored for auth unless `channels.zalouser.dangerouslyAllowNameMatching: true` is enabled.
102-
- `channels.zalouser.dangerouslyAllowNameMatching: true` is a break-glass compatibility mode that re-enables mutable group-name matching.
104+
- `channels.zalouser.dangerouslyAllowNameMatching: true` is a break-glass compatibility mode that re-enables mutable startup name resolution and runtime group-name matching.
103105
- If `groupAllowFrom` is unset, runtime falls back to `allowFrom` for group sender checks.
104106
- Sender checks apply to both normal group messages and control commands (for example `/new`, `/reset`).
105107

@@ -181,7 +183,7 @@ Accounts map to `zalouser` profiles in OpenClaw state. Example:
181183

182184
**Allowlist/group name didn't resolve:**
183185

184-
- Use numeric IDs in `allowFrom`/`groupAllowFrom`/`groups`, or exact friend/group names.
186+
- Use numeric IDs in `allowFrom`/`groupAllowFrom` and stable group IDs in `groups`. If you intentionally need exact friend/group names, enable `channels.zalouser.dangerouslyAllowNameMatching: true`.
185187

186188
**Upgraded from old CLI-based setup:**
187189

0 commit comments

Comments
 (0)