Refactor XMTP Extension And Fix Bugs by neekolas · Pull Request #27 · xmtplabs/openclaw

neekolas · 2026-02-16T20:30:39Z

Summary

Problem: The XMTP extension had code duplication and inconsistent access control enforcement across different message types
Why it matters: Duplicated logic increases maintenance burden and risk of inconsistencies
What changed: Refactored code to centralize access control, improve ENS resolution, and consolidate handler logic with shared patterns
Fixed a number of bugs with media uploads and reactions

Change Type (select all)

Scope (select all touched areas)

Linked Issue/PR

Related #

User-visible / Behavior Changes

None

Security Impact (required)

New permissions/capabilities? No
Secrets/tokens handling changed? No
New/changed network calls? No
Command/tool execution surface changed? No
Data access scope changed? No

Repro + Verification

Environment

OS: Linux
Runtime/container: Node.js
Integration/channel: XMTP

Steps

Configure XMTP extension with various access control policies
Send messages, reactions, and attachments to test access control
Verify all handlers enforce the same policies consistently

Expected

All message types (text, reactions, attachments) enforce the same access control rules
Code is more maintainable with less duplication

Actual

Access control is consistently applied across all message types
Code is more maintainable with shared patterns

Evidence

Passing tests

Human Verification (required)

What you personally verified (not just CI), and how:

Verified scenarios: All tests pass with refactored code
Edge cases checked: Various access control combinations
What you did not verify: End-to-end testing with real XMTP network

Compatibility / Migration

Backward compatible? Yes
Config/env changes? No
Migration needed? No

Failure Recovery (if this breaks)

How to disable/revert this change quickly: Revert the PR
Files/config to restore: N/A
Known bad symptoms reviewers should watch for: Access control not being applied correctly

Risks and Mitigations

Risk: Refactoring could introduce subtle bugs in access control logic
- Mitigation: Comprehensive test coverage maintained and expanded

neekolas · 2026-02-16T20:30:50Z

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

This stack of pull requests is managed by Graphite. Learn more about stacking.

macroscopeapp · 2026-02-16T20:32:01Z

Refactor XMTP plugin to validate config with `XMTPConfigSchema`, centralize inbound access control via `lib/access-control.enforceInboundAccessControl`, and unify identity and ENS owner resolution using `lib/identity.generateXmtpIdentity` and `lib/ens-resolver.resolveOwnerAddress`

Add schema-backed config to the XMTP plugin, route all inbound gating through a single utility, and consolidate identity and ENS resolution helpers. Update outbound and actions to use a shared getOrCreateConversation. Expand tests with parameterized cases and shared mocks. Introduce a barrel export for public lib APIs.

📍Where to Start

Start with enforceInboundAccessControl in access-control.ts, then review handler integration in gateway-lifecycle.ts and channel handlers in channel.ts.

Macroscope summarized 3413507. (Automatic summaries will resume when PR exits draft mode or review begins).

github-actions · 2026-02-16T20:34:00Z

⚠️ Formal models conformance drift detected

The formal models extracted constants (generated/*) do not match this openclaw PR.