openclaw/googlechat.md at main

mirror of https://github.com/openclaw/openclaw.git synced 2026-06-06 05:51:15 +08:00

Files

Kevin Lin d7759c6a35 feat(googlechat): add native approval cards

## Summary

- Adds native Google Chat approval cards for exec and plugin approval requests that originate from Google Chat spaces or threads.
- Uses opaque server-side action tokens for Google Chat `cardsV2` button callbacks and updates delivered approval messages after resolution or expiry.
- Preserves the shipped Google Chat typing-message default while keeping approval cards on the channel-local native path.
- Suppresses duplicate manual `/approve ...` follow-up delivery inside `extensions/googlechat/` when the native card path owns the approval prompt.
- Documents Google Chat native approval behavior and the `typingIndicator: "message"` default.

## Linked context

Which issue does this close?

Closes #

Which issues, PRs, or discussions are related?

Related Spec 24.8: Google Chat native approval cards.

Was this requested by a maintainer or owner?

Requested by maintainer in the Codex task thread.

## Real behavior proof (required for external PRs)

- Behavior addressed: Google Chat exec and plugin approvals render as native cards and resolve through Google Chat button clicks. The latest change verifies an exec approval card is not accompanied by a duplicate manual `/approve` instruction bubble.
- Real environment tested: OpenClaw dev profile with a real Google Chat DM to the OpenClaw app, local gateway behind a temporary Cloudflare quick tunnel, and Arc/Computer Use against the signed-in Google Chat session.
- Exact steps or command run after this patch: Rebuilt the gateway runtime, started the dev-profile gateway with the Google Chat webhook routed through the tunnel, sent a fresh exec request from Google Chat, verified only the native approval card appeared, clicked `Allow Once` in Google Chat, and checked the command output reply plus marker file.
- Evidence after fix (screenshot, recording, terminal capture, console output, redacted runtime log, linked artifact, or copied live output): Latest proof used nonce `GCHAT_NODOUBLE_LIVE_20260604070730`, approval id `949bc08c-9e57-47c0-b045-137603782292`, and proof directory `.mem/main/proofs/demo-89502-dev-gchat-exec-approval-no-double-send-channel-race/`. `raw/google-chat-gchat-nodouble-request-card-only-clean.png` shows the fresh user message followed by a single native `Exec Approval Required` card with `Allow Once`/`Deny` and no manual `/approve` follow-up bubble. `raw/google-chat-gchat-nodouble-resolved-clean.png` shows the card edited to `Exec Approval: Allowed once` and the final successful command reply. `raw/gchat-nodouble-live-filtered-log.txt` contains `googlechat approval resolved id=949bc08c-9e57-47c0-b045-137603782292 decision=allow-once`. `raw/marker-file-check.txt` records `/tmp/openclaw-gchat-no-double-GCHAT_NODOUBLE_LIVE_20260604070730` as created.
- Observed result after fix: The approval prompt posted as a native Google Chat card only. No duplicate manual approval-instruction bubble was sent. Clicking `Allow Once` resolved the approval through the gateway and OpenClaw replied with the successful exec output in the same Google Chat DM.
- What was not tested: A persistent production Google Chat app URL; live proof used a temporary Cloudflare tunnel for the local dev callback.
- Proof limitations or environment constraints: Video was not captured for the final resumed manual UI run; still screenshots, gateway/proxy logs, a marker-file artifact, and Showboat verification were captured.
- Before evidence (optional but encouraged): Before the final channel-local suppression path, Google Chat could show both the native approval card and a separate manual `/approve` instruction bubble.

## Tests and validation

Which commands did you run?

- `node scripts/build-all.mjs gatewayWatch`
- `node scripts/run-vitest.mjs extensions/googlechat/src/monitor-webhook.test.ts extensions/googlechat/src/monitor.test.ts extensions/googlechat/src/monitor.reply-delivery.test.ts extensions/googlechat/src/monitor-durable.test.ts extensions/googlechat/src/approval-card-actions.test.ts extensions/googlechat/src/approval-handler.runtime.test.ts extensions/googlechat/src/approval-native.test.ts extensions/googlechat/src/approval-card-click.test.ts extensions/googlechat/src/channel-config.test.ts extensions/googlechat/src/targets.test.ts`
- `git diff --check`
- `pnpm docs:list`
- `uvx showboat --workdir .mem/main/proofs/demo-89502-dev-gchat-exec-approval-no-double-send-channel-race verify .mem/main/proofs/demo-89502-dev-gchat-exec-approval-no-double-send-channel-race/raw/showboat-summary.md`
- Live dev-profile Google Chat proof described above.

What regression coverage was added or updated?

- Added Google Chat native approval capability, runtime delivery, card token, and card-click resolver tests.
- Added in-flight native card send suppression coverage so manual follow-up text is suppressed while native card delivery is pending.
- Added cleanup coverage so manual follow-ups are restored if native card send fails.
- Updated webhook ACK coverage for card-click events and default typing-indicator behavior coverage.

What failed before this fix, if known?

Google Chat could deliver the native approval card and still allow a model/message-tool manual `/approve` follow-up to appear as a second visible bubble.

If no test was added, why not?

Tests were added for the changed runtime and webhook behavior.

## Risk checklist

Did user-visible behavior change? (`Yes/No`)

Yes.

Did config, environment, or migration behavior change? (`Yes/No`)

No migration. The shipped Google Chat `typingIndicator: "message"` default is preserved.

Did security, auth, secrets, network, or tool execution behavior change? (`Yes/No`)

Yes.

What is the highest-risk area?

Approval authorization and callback token handling for native Google Chat card actions.

How is that risk mitigated?

Callbacks carry opaque action tokens only, token bindings check account, space, message, expiry, allowed decision, and in-flight state, and actor authorization reuses the existing Google Chat approver allowlist adapter based on stable `users/<id>` principals.

## Current review state

What is the next action?

Merge after current-head CI for `5923f2af46`.

What is still waiting on author, maintainer, CI, or external proof?

Current-head CI is green for `5923f2af46`; live dev-profile proof is complete.

Which bot or reviewer comments were addressed?

Addressed duplicate approval delivery by keeping the final suppression path inside `extensions/googlechat/`, preserving default typing-message behavior, and proving the current Google Chat surface sends only the native approval card.

2026-06-04 23:05:06 -07:00

12 KiB

Raw Permalink Blame History

summary, read_when, title

summary

read_when

title

Google Chat app support status, capabilities, and configuration

Working on Google Chat channel features

Google Chat

Status: downloadable plugin for DMs + spaces via Google Chat API webhooks (HTTP only).

Install

Install Google Chat before configuring the channel:

openclaw plugins install @openclaw/googlechat

Local checkout (when running from a git repo):

openclaw plugins install ./path/to/local/googlechat-plugin

Quick setup (beginner)

Create a Google Cloud project and enable the Google Chat API.
- Go to: Google Chat API Credentials
- Enable the API if it is not already enabled.
Create a Service Account:
- Press Create Credentials > Service Account.
- Name it whatever you want (e.g., openclaw-chat).
- Leave permissions blank (press Continue).
- Leave principals with access blank (press Done).
Create and download the JSON Key:
- In the list of service accounts, click on the one you just created.
- Go to the Keys tab.
- Click Add Key > Create new key.
- Select JSON and press Create.
Store the downloaded JSON file on your gateway host (e.g., ~/.openclaw/googlechat-service-account.json).
Create a Google Chat app in the Google Cloud Console Chat Configuration:
- Fill in the Application info:
  - App name: (e.g. OpenClaw)
  - Avatar URL: (e.g. https://openclaw.ai/logo.png)
  - Description: (e.g. Personal AI Assistant)
- Enable Interactive features.
- Under Functionality, check Join spaces and group conversations.
- Under Connection settings, select HTTP endpoint URL.
- Under Triggers, select Use a common HTTP endpoint URL for all triggers and set it to your gateway's public URL followed by /googlechat.
  - Tip: Run openclaw status to find your gateway's public URL.
- Under Visibility, check Make this Chat app available to specific people and groups in <Your Domain>.
- Enter your email address (e.g. user@example.com) in the text box.
- Click Save at the bottom.
Enable the app status:
- After saving, refresh the page.
- Look for the App status section (usually near the top or bottom after saving).
- Change the status to Live - available to users.
- Click Save again.
Configure OpenClaw with the service account path + webhook audience:
- Env: GOOGLE_CHAT_SERVICE_ACCOUNT_FILE=/path/to/service-account.json
- Or config: channels.googlechat.serviceAccountFile: "/path/to/service-account.json".
Set the webhook audience type + value (matches your Chat app config).
Start the gateway. Google Chat will POST to your webhook path.

Add to Google Chat

Once the gateway is running and your email is added to the visibility list:

Go to Google Chat.
Click the + (plus) icon next to Direct Messages.
In the search bar (where you usually add people), type the App name you configured in the Google Cloud Console.
- Note: The bot will not appear in the "Marketplace" browse list because it is a private app. You must search for it by name.
Select your bot from the results.
Click Add or Chat to start a 1:1 conversation.
Send "Hello" to trigger the assistant!

Public URL (Webhook-only)

Google Chat webhooks require a public HTTPS endpoint. For security, only expose the /googlechat path to the internet. Keep the OpenClaw dashboard and other sensitive endpoints on your private network.

Option A: Tailscale Funnel (Recommended)

Use Tailscale Serve for the private dashboard and Funnel for the public webhook path. This keeps / private while exposing only /googlechat.

Check what address your gateway is bound to:
```
ss -tlnp | grep 18789
```
Note the IP address (e.g., 127.0.0.1, 0.0.0.0, or your Tailscale IP like 100.x.x.x).

Expose the dashboard to the tailnet only (port 8443):

# If bound to localhost (127.0.0.1 or 0.0.0.0):
tailscale serve --bg --https 8443 http://127.0.0.1:18789

# If bound to Tailscale IP only (e.g., 100.106.161.80):
tailscale serve --bg --https 8443 http://100.106.161.80:18789

Expose only the webhook path publicly:

# If bound to localhost (127.0.0.1 or 0.0.0.0):
tailscale funnel --bg --set-path /googlechat http://127.0.0.1:18789/googlechat

# If bound to Tailscale IP only (e.g., 100.106.161.80):
tailscale funnel --bg --set-path /googlechat http://100.106.161.80:18789/googlechat

Authorize the node for Funnel access: If prompted, visit the authorization URL shown in the output to enable Funnel for this node in your tailnet policy.

Verify the configuration:

tailscale serve status
tailscale funnel status

Your public webhook URL will be: https://<node-name>.<tailnet>.ts.net/googlechat

Your private dashboard stays tailnet-only: https://<node-name>.<tailnet>.ts.net:8443/

Use the public URL (without :8443) in the Google Chat app config.

Note: This configuration persists across reboots. To remove it later, run tailscale funnel reset and tailscale serve reset.

Option B: Reverse Proxy (Caddy)

If you use a reverse proxy like Caddy, only proxy the specific path:

your-domain.com {
    reverse_proxy /googlechat* localhost:18789
}

With this config, any request to your-domain.com/ will be ignored or returned as 404, while your-domain.com/googlechat is safely routed to OpenClaw.

Option C: Cloudflare Tunnel

Configure your tunnel's ingress rules to only route the webhook path:

Path: /googlechat -> http://localhost:18789/googlechat
Default Rule: HTTP 404 (Not Found)

How it works

Google Chat sends webhook POSTs to the gateway. Each request includes an Authorization: Bearer <token> header.
- OpenClaw verifies bearer auth before reading/parsing full webhook bodies when the header is present.
- Google Workspace Add-on requests that carry authorizationEventObject.systemIdToken in the body are supported via a stricter pre-auth body budget.
OpenClaw verifies the token against the configured audienceType + audience:
- audienceType: "app-url" → audience is your HTTPS webhook URL.
- audienceType: "project-number" → audience is the Cloud project number.
Messages are routed by space:
- DMs use session key agent:<agentId>:googlechat:direct:<spaceId>.
- Spaces use session key agent:<agentId>:googlechat:group:<spaceId>.
DM access is pairing by default. Unknown senders receive a pairing code; approve with:
- openclaw pairing approve googlechat <code>
Group spaces require @-mention by default. Use botUser if mention detection needs the app's user name.
When an exec or plugin approval request starts from Google Chat and a stable users/<id> approver is configured, OpenClaw posts a native Google Chat approval card in the originating space or thread. The card buttons use opaque callback tokens, and the manual /approve <id> <decision> prompt is only shown when native approval delivery is unavailable.

Targets

Use these identifiers for delivery and allowlists:

Direct messages: users/<userId> (recommended).
Raw email name@example.com is mutable and only used for direct allowlist matching when channels.googlechat.dangerouslyAllowNameMatching: true.
Deprecated: users/<email> is treated as a user id, not an email allowlist.
Spaces: spaces/<spaceId>.

Config highlights

{
  channels: {
    googlechat: {
      enabled: true,
      serviceAccountFile: "/path/to/service-account.json",
      // or serviceAccountRef: { source: "file", provider: "filemain", id: "/channels/googlechat/serviceAccount" }
      audienceType: "app-url",
      audience: "https://gateway.example.com/googlechat",
      webhookPath: "/googlechat",
      botUser: "users/1234567890", // optional; helps mention detection
      allowBots: false,
      dm: {
        policy: "pairing",
        allowFrom: ["users/1234567890"],
      },
      groupPolicy: "allowlist",
      groups: {
        "spaces/AAAA": {
          enabled: true,
          requireMention: true,
          users: ["users/1234567890"],
          systemPrompt: "Short answers only.",
        },
      },
      actions: { reactions: true },
      typingIndicator: "message",
      mediaMaxMb: 20,
    },
  },
}

Notes:

Service account credentials can also be passed inline with serviceAccount (JSON string).
serviceAccountRef is also supported (env/file SecretRef), including per-account refs under channels.googlechat.accounts.<id>.serviceAccountRef.
Default webhook path is /googlechat if webhookPath isn't set.
dangerouslyAllowNameMatching re-enables mutable email principal matching for allowlists (break-glass compatibility mode).
Reactions are available via the reactions tool and channels action when actions.reactions is enabled.
Native approval cards use Google Chat cardsV2 button clicks, not reaction events. Approvers come from dm.allowFrom or defaultTo and must be stable numeric users/<id> values.
Message actions expose send for text and upload-file for explicit attachment sends. upload-file accepts media / filePath / path plus optional message, filename, and thread targeting.
typingIndicator supports message (default), none, and reaction (reaction requires user OAuth).
Attachments are downloaded through the Chat API and stored in the media pipeline (size capped by mediaMaxMb).
Bot-authored Google Chat messages are ignored by default. If you intentionally set allowBots: true, accepted bot-authored messages use shared bot loop protection. Configure channels.defaults.botLoopProtection, then override with channels.googlechat.botLoopProtection or channels.googlechat.groups.<space>.botLoopProtection when one space needs a different budget.

Secrets reference details: Secrets Management.

Troubleshooting

405 Method Not Allowed

If Google Cloud Logs Explorer shows errors like:

status code: 405, reason phrase: HTTP error response: HTTP/1.1 405 Method Not Allowed

This means the webhook handler isn't registered. Common causes:

Channel not configured: The channels.googlechat section is missing from your config. Verify with:
```
openclaw config get channels.googlechat
```
If it returns "Config path not found", add the configuration (see Config highlights).
Plugin not enabled: Check plugin status:
```
openclaw plugins list | grep googlechat
```
If it shows "disabled", add plugins.entries.googlechat.enabled: true to your config.
Gateway not restarted: After adding config, restart the gateway:
```
openclaw gateway restart
```

Verify the channel is running:

openclaw channels status
# Should show: Google Chat default: enabled, configured, ...

Other issues

Check openclaw channels status --probe for auth errors or missing audience config.
If no messages arrive, confirm the Chat app's webhook URL + event subscriptions.
If mention gating blocks replies, set botUser to the app's user resource name and verify requireMention.
Use openclaw logs --follow while sending a test message to see if requests reach the gateway.

Related docs:

Channels Overview — all supported channels
Pairing — DM authentication and pairing flow
Groups — group chat behavior and mention gating
Channel Routing — session routing for messages
Security — access model and hardening

12 KiB Raw Permalink Blame History