fix(signal): enforce mention gating for group messages#13124
Merged
Takhoffman merged 2 commits intoopenclaw:mainfrom Feb 10, 2026
Merged
fix(signal): enforce mention gating for group messages#13124Takhoffman merged 2 commits intoopenclaw:mainfrom
Takhoffman merged 2 commits intoopenclaw:mainfrom
Conversation
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Comment on lines
+508
to
+511
| const route = resolveAgentRoute({ | ||
| cfg: deps.cfg, | ||
| channel: "signal", | ||
| accountId: deps.accountId, |
Contributor
There was a problem hiding this comment.
Duplicate route resolution
resolveAgentRoute(...) is called here to build mention regexes, but handleSignalInboundMessage also calls resolveAgentRoute(...) again for the same message. This duplicates work on every inbound message and can lead to subtle inconsistencies if routing logic depends on mutable state. Consider computing the route once and reusing it for mention gating + context building.
Prompt To Fix With AI
This is a comment left during a code review.
Path: src/signal/monitor/event-handler.ts
Line: 508:511
Comment:
**Duplicate route resolution**
`resolveAgentRoute(...)` is called here to build mention regexes, but `handleSignalInboundMessage` also calls `resolveAgentRoute(...)` again for the same message. This duplicates work on every inbound message and can lead to subtle inconsistencies if routing logic depends on mutable state. Consider computing the route once and reusing it for mention gating + context building.
How can I resolve this? If you propose a fix, please make it concise.
Comment on lines
+6
to
+17
| vi.mock("../../auto-reply/dispatch.js", async (importOriginal) => { | ||
| const actual = await importOriginal<typeof import("../../auto-reply/dispatch.js")>(); | ||
| const dispatchInboundMessage = vi.fn(async (params: { ctx: MsgContext }) => { | ||
| capturedCtx = params.ctx; | ||
| return { queuedFinal: false, counts: { tool: 0, block: 0, final: 0 } }; | ||
| }); | ||
| return { | ||
| ...actual, | ||
| dispatchInboundMessage, | ||
| dispatchInboundMessageWithDispatcher: dispatchInboundMessage, | ||
| dispatchInboundMessageWithBufferedDispatcher: dispatchInboundMessage, | ||
| }; |
Contributor
There was a problem hiding this comment.
Mock can leak state
This test file uses a module-level capturedCtx plus a vi.mock that mutates it. Because Vitest runs tests in a shared module context for this file, a failure or missing reset can leak state between tests. At minimum, add a beforeEach(() => { capturedCtx = undefined }) (and consider vi.clearAllMocks()) so test order can’t affect outcomes.
Prompt To Fix With AI
This is a comment left during a code review.
Path: src/signal/monitor/event-handler.mention-gating.test.ts
Line: 6:17
Comment:
**Mock can leak state**
This test file uses a module-level `capturedCtx` plus a `vi.mock` that mutates it. Because Vitest runs tests in a shared module context for this file, a failure or missing reset can leak state between tests. At minimum, add a `beforeEach(() => { capturedCtx = undefined })` (and consider `vi.clearAllMocks()`) so test order can’t affect outcomes.
How can I resolve this? If you propose a fix, please make it concise.
Contributor
Additional Comments (1)
Also appears at Prompt To Fix With AIThis is a comment left during a code review.
Path: src/signal/monitor/event-handler.ts
Line: 499:502
Comment:
**Mention gating uses wrong text**
`wasMentioned` and the history entry are computed from `messageText`, but the inbound body you later enqueue is `bodyText = messageText || placeholder || quoteText`. This means group messages that only contain a quoted message (or only attachments/placeholder) will always be treated as “no mention” and may be dropped even if the quote/body actually contains a mention pattern. It also records pending history with `messageText` (empty) rather than the effective `bodyText`.
Also appears at `src/signal/monitor/event-handler.ts:554-555` (history entry body).
How can I resolve this? If you propose a fix, please make it concise. |
Takhoffman
added a commit
to zerone0x/clawdbot
that referenced
this pull request
Feb 10, 2026
Takhoffman
force-pushed
the
fix/signal-group-mention-gating
branch
from
752c20f to
f034068
Compare
Signal group messages bypassed mention gating, causing the bot to reply even when requireMention was enabled and the message did not mention the bot. This aligns Signal with Slack, Discord, Telegram, and iMessage which all enforce mention gating correctly. Fixes openclaw#13106 Co-Authored-By: Claude <[email protected]>
Takhoffman
force-pushed
the
fix/signal-group-mention-gating
branch
from
f034068 to
af6c36d
Compare
Contributor
|
Thank you for your contribution! |
ProgramCaiCai
pushed a commit
to ProgramCaiCai/openclaw
that referenced
this pull request
Feb 10, 2026
* fix(signal): enforce mention gating for group messages Signal group messages bypassed mention gating, causing the bot to reply even when requireMention was enabled and the message did not mention the bot. This aligns Signal with Slack, Discord, Telegram, and iMessage which all enforce mention gating correctly. Fixes openclaw#13106 Co-Authored-By: Claude <[email protected]> * fix(signal): keep pending history context for mention-gated skips (openclaw#13124) (thanks @zerone0x) --------- Co-authored-by: Yansu <[email protected]> Co-authored-by: Claude <[email protected]> Co-authored-by: Tak Hoffman <[email protected]>
YanHaidao
added a commit
to YanHaidao/clawdbot
that referenced
this pull request
Feb 10, 2026
* 'main' of github.com:YanHaidao/clawdbot: (94 commits) fix(auto-reply): prevent sender spoofing in group prompts Discord: add exec approval cleanup option (openclaw#13205) CI: extend stale timelines to be contributor-friendly (openclaw#13209) fix: enforce Discord agent component DM auth (openclaw#11254) (thanks @thedudeabidesai) refactor(security,config): split oversized files (openclaw#13182) Commands: add commands.allowFrom config CI: configure stale automation fix(signal): enforce mention gating for group messages (openclaw#13124) fix(ui): prioritize displayName over label in webchat session picker (openclaw#13108) Chore: add testflight auto-response Docker: include A2UI sources for bundle (openclaw#13114) fix: unify session maintenance and cron run pruning (openclaw#13083) docs: expand vulnerability reporting guidelines in SECURITY.md docs: add vulnerability reporting guidelines to CONTRIBUTING.md refactor: consolidate fetchWithTimeout into shared utility fix(memory): default batch embeddings to off Improve code analyzer for independent packages, CI: only run release-check on push to main fix(tools): correct Grok response parsing for xAI Responses API (openclaw#13049) chore(deps): update dependencies, remove hono pinning Update contributing, deduplicate more functions ...
Hansen1018
pushed a commit
to Hansen1018/openclaw
that referenced
this pull request
Feb 10, 2026
* fix(signal): enforce mention gating for group messages Signal group messages bypassed mention gating, causing the bot to reply even when requireMention was enabled and the message did not mention the bot. This aligns Signal with Slack, Discord, Telegram, and iMessage which all enforce mention gating correctly. Fixes openclaw#13106 Co-Authored-By: Claude <[email protected]> * fix(signal): keep pending history context for mention-gated skips (openclaw#13124) (thanks @zerone0x) --------- Co-authored-by: Yansu <[email protected]> Co-authored-by: Claude <[email protected]> Co-authored-by: Tak Hoffman <[email protected]>
michaelleone
pushed a commit
to michaelleone/openclaw
that referenced
this pull request
Feb 11, 2026
* fix(signal): enforce mention gating for group messages Signal group messages bypassed mention gating, causing the bot to reply even when requireMention was enabled and the message did not mention the bot. This aligns Signal with Slack, Discord, Telegram, and iMessage which all enforce mention gating correctly. Fixes openclaw#13106 Co-Authored-By: Claude <[email protected]> * fix(signal): keep pending history context for mention-gated skips (openclaw#13124) (thanks @zerone0x) --------- Co-authored-by: Yansu <[email protected]> Co-authored-by: Claude <[email protected]> Co-authored-by: Tak Hoffman <[email protected]>
skyhawk14
pushed a commit
to skyhawk14/openclaw
that referenced
this pull request
Feb 13, 2026
* fix(signal): enforce mention gating for group messages Signal group messages bypassed mention gating, causing the bot to reply even when requireMention was enabled and the message did not mention the bot. This aligns Signal with Slack, Discord, Telegram, and iMessage which all enforce mention gating correctly. Fixes openclaw#13106 Co-Authored-By: Claude <[email protected]> * fix(signal): keep pending history context for mention-gated skips (openclaw#13124) (thanks @zerone0x) --------- Co-authored-by: Yansu <[email protected]> Co-authored-by: Claude <[email protected]> Co-authored-by: Tak Hoffman <[email protected]>
zooqueen
pushed a commit
to hanzoai/bot
that referenced
this pull request
Mar 6, 2026
* fix(signal): enforce mention gating for group messages Signal group messages bypassed mention gating, causing the bot to reply even when requireMention was enabled and the message did not mention the bot. This aligns Signal with Slack, Discord, Telegram, and iMessage which all enforce mention gating correctly. Fixes openclaw#13106 * fix(signal): keep pending history context for mention-gated skips (openclaw#13124) (thanks @zerone0x) --------- Co-authored-by: Yansu <[email protected]> Co-authored-by: Tak Hoffman <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #13106
Signal group messages bypassed mention gating (
requireMention+mentionPatterns), causing the bot to reply to every group message even when mention gating was configured. This aligns Signal with Slack, Discord, Telegram, and iMessage which all enforce mention gating correctly.Changes
resolveMentionGatingWithBypass,buildMentionRegexes,matchesMentionPatterns,resolveChannelGroupRequireMention)requireMentionis enabled, with pending history recording for contextWasMentionedonctxPayloadso downstream directive gating (elevated/exec) works correctlyTest plan
requireMentionis enabledWasMentionedis set correctly whenrequireMentionis off🤖 Generated with Claude Code
Greptile Overview
Greptile Summary
This PR adds mention-gating enforcement to Signal group message handling so
requireMention+mentionPatternsbehave consistently with other channels. The Signal event handler now resolves the agent route, builds mention regexes, computeswasMentioned, appliesresolveMentionGatingWithBypass(allowing authorized control commands through), records pending history for skipped group messages, and plumbsWasMentionedinto the inbound context. New Vitest coverage exercises the drop/allow paths, pending history, and bypass behavior.Confidence Score: 3/5
buildMentionRegexes,resolveMentionGatingWithBypass) and tests cover main flows. However, gating/history currently key offmessageTextrather than the effective inboundbodyText(which can be quote/attachment placeholder), so behavior will be wrong for quote-only/attachment-only messages and pending history recording. Addressing that would raise confidence.