openclaw/extensions/whatsapp
Diogo Ortega fc379a1332 security: WhatsApp incident remediation fixes
FIX-1.1: Enforce outbound allowlist for explicit WhatsApp sends
- Added allowlist validation in explicit mode in resolveTarget
- Added --allow-unlisted CLI flag for emergency overrides
- Groups always allowed (no allowlist check needed)

FIX-1.4: Heartbeat delivery hard-gating
- Added requireExplicitTarget config option for heartbeat
- When enabled, heartbeat delivery requires explicit to parameter
- Returns channel: 'none' with reason: 'require-explicit' otherwise

FIX-3.2: Delivery context trust boundary
- Added isSenderTrustedForDeliveryContext() helper
- Only update delivery context from allowlisted senders
- Prevents untrusted inbound from setting routing targets

Tests: All new tests passing (targets: 25/25, delivery-context: 10/10)
2026-01-27 12:23:31 +00:00
..
src security: WhatsApp incident remediation fixes 2026-01-27 12:23:31 +00:00
clawdbot.plugin.json fix: enforce plugin config schemas (#1272) (thanks @thewilloftheshadow) 2026-01-20 11:03:17 +00:00
index.ts refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
package.json refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00