Skip to content

feat(controller): add HICLAW_DM_POLICY env var for configurable Matri…#943

Open
hoshn wants to merge 2 commits into
agentscope-ai:mainfrom
hoshn:fix-dm-policy
Open

feat(controller): add HICLAW_DM_POLICY env var for configurable Matri…#943
hoshn wants to merge 2 commits into
agentscope-ai:mainfrom
hoshn:fix-dm-policy

Conversation

@hoshn

@hoshn hoshn commented Jun 17, 2026

Copy link
Copy Markdown

feat(controller): add HICLAW_DM_POLICY env var for configurable Matrix DM policy

Introduce runtime control over dm.policy in generated openclaw.json.
Default "allowlist" preserves existing behavior; "open" allows any user
to DM workers with per-room session isolation. Includes Helm support
via controller.dmPolicy value.

feat(controller): 支持通过 HICLAW_DM_POLICY 环境变量配置 Matrix DM 策略

此前 dm.policy 硬编码为 "allowlist",仅允许 Manager/Admin(或团队领导)
发起 DM。本次新增运行时环境变量 HICLAW_DM_POLICY,运维人员可在不改源码
的情况下将策略切换为 "open"。

改动内容:

  • agentconfig.Config 和 config.Config 新增 DMPolicy 字段
  • LoadConfig() 读取 HICLAW_DM_POLICY,默认值 "allowlist"
  • 抽取 buildDMConfig() 辅助方法,按策略条件生成 dm 配置块
  • DMPolicy="open" 时:policy=open, allowFrom=["*"], sessionScope=per-room
  • DMPolicy="allowlist"(默认)时:保持原有限制行为,完全向后兼容
  • Helm 新增 controller.dmPolicy 配置项及 deployment.yaml 条件注入
  • 补充 generator_test 和 config_test 的 DM 策略单元测试

向后兼容:不设置 HICLAW_DM_POLICY 时,生成的 openclaw.json 与改动前完全一致。

Helm 使用方式:
controller:
dmPolicy: "open"


feat(controller): add HICLAW_DM_POLICY env var for configurable Matrix DM policy

Introduce runtime control over dm.policy in generated openclaw.json.
Default "allowlist" preserves existing behavior; "open" allows any user
to DM workers with per-room session isolation. Includes Helm support
via controller.dmPolicy value.

feat(controller): supports configuring Matrix DM policy through HICLAW_DM_POLICY environment variable

Previously dm.policy was hardcoded to "allowlist", allowing only Manager/Admin (or team leaders)
Start a DM. This time, the runtime environment variable HICLAW_DM_POLICY is added, so operation and maintenance personnel can use it without changing the source code.
Switch the policy to "open".

Changes:

  • Added DMPolicy field to agentconfig.Config and config.Config
  • LoadConfig() reads HICLAW_DM_POLICY, default value "allowlist"
  • Extract the buildDMConfig() auxiliary method to generate dm configuration blocks according to policy conditions
  • When DMPolicy="open": policy=open, allowFrom=["*"], sessionScope=per-room
  • When DMPolicy="allowlist" (default): maintain the original restrictive behavior and be fully backward compatible
  • Helm adds controller.dmPolicy configuration item and deployment.yaml conditional injection
  • Added DM strategy unit tests for generator_test and config_test

Backward compatibility: When HICLAW_DM_POLICY is not set, the generated openclaw.json is exactly the same as before the change.

How to use Helm:
controller:
dmPolicy: "open"

…x DM policy

Introduce runtime control over dm.policy in generated openclaw.json.
Default "allowlist" preserves existing behavior; "open" allows any user
to DM workers with per-room session isolation. Includes Helm support
via controller.dmPolicy value.
@github-actions

github-actions Bot commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

📊 CI Metrics Report

Summary

Metric Current Baseline Change
LLM Calls 104 81 +23 ↑ +28.4%
Input Tokens 3218030 2803871 +414159 ↑ +14.8%
Output Tokens 18114 16791 +1323 ↑ +7.9%
Total Tokens 3236144 2820662 +415482 ↑ +14.7%

By Role

Role Metric Current Baseline Change
🧠 Manager LLM Calls 88 68 +20 ↑ +29.4%
Input Tokens 2847584 2502214 +345370 ↑ +13.8%
Output Tokens 14630 13725 +905 ↑ +6.6%
Total Tokens 2862214 2515939 +346275 ↑ +13.8%
🔧 Workers LLM Calls 16 13 +3 ↑ +23.1%
Input Tokens 370446 301657 +68789 ↑ +22.8%
Output Tokens 3484 3066 +418 ↑ +13.6%
Total Tokens 373930 304723 +69207 ↑ +22.7%

Per-Test Breakdown

Test Mgr Calls Wkr Calls Δ Calls Mgr In Wkr In Mgr Out Wkr Out Δ Tokens Trend
02-create-worker 9 0 -3 ↓ -25.0% 252330 0 1367 0 -104925 ↓ -29.3% ✅ improved
03-assign-task 13 6 +4 ↑ +26.7% 389834 132185 2133 1246 +51742 ↑ +10.9% ⚠️ regressed
04-human-intervene 17 0 +4 ↑ +30.8% 499451 0 2479 0 +68932 ↑ +15.9% ⚠️ regressed
05-heartbeat 10 0 +3 ↑ +42.9% 347520 0 1656 0 +73924 ↑ +26.9% ⚠️ regressed
06-multi-worker 39 10 +15 ↑ +44.1% 1358449 238261 6995 2238 +325809 ↑ +25.5% ⚠️ regressed

Trends

1 test(s) improved (fewer LLM calls)
⚠️ 4 test(s) regressed (more LLM calls)


Generated by HiClaw CI on 2026-06-30 08:22:44 UTC


📦 Download debug logs & test artifacts

@hoshn

hoshn commented Jun 18, 2026

Copy link
Copy Markdown
Author

你好,

我们在实际部署中发现,hiclaw-controller 为 Worker/Manager 生成 openclaw.json 时,channels.matrix.dm.policy 被硬编码为 "allowlist",allowFrom 仅限 Manager/Admin(或团队领导):

 // generator.go
 "dm": map[string]interface{}{
       "policy":    "allowlist",
       "allowFrom": dmAllowFrom,  // 仅 [manager, admin] 或 [leader, admin]
 },

这导致外部 Matrix 用户(如业务系统接入方、终端客户)无法直接私聊 Worker,限制了 DM 通道在开放场景下的使用。运维人员无法通过环境变量或 Helm values 在部署时调整此策略,只能 fork 源码修改后重新构建。

本 PR 的解决方案:

  • 新增环境变量 HICLAW_DM_POLICY,支持 "allowlist"(默认)和 "open" 两种策略
  • 抽取 buildDMConfig() 辅助方法,按策略条件生成 dm 配置块
  • Helm chart 新增 controller.dmPolicy 配置项
  • 补充对应的单元测试

向后兼容: 不设置 HICLAW_DM_POLICY 时,生成的 openclaw.json 与原代码完全一致,默认行为无任何变化。

请审核,谢谢!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant