fix: enforce strict allowlist across pairing stores (#23017)

src/web/inbound/access-control.test.ts

@@ -1,5 +1,6 @@
 import { describe, expect, it } from "vitest";
 import {
+  readAllowFromStoreMock,
   sendMessageMock,
   setAccessControlTestConfig,
   setupAccessControlTestHarness,
@@ -108,4 +109,25 @@ describe("WhatsApp dmPolicy precedence", () => {
     const result = await checkUnauthorizedWorkDmSender();
     expectSilentlyBlocked(result);
   });
+
+  it("does not merge persisted pairing approvals in allowlist mode", async () => {
+    setAccessControlTestConfig({
+      channels: {
+        whatsapp: {
+          dmPolicy: "allowlist",
+          accounts: {
+            work: {
+              allowFrom: ["+15559999999"],
+            },
+          },
+        },
+      },
+    });
+    readAllowFromStoreMock.mockResolvedValue(["+15550001111"]);
+
+    const result = await checkUnauthorizedWorkDmSender();
+
+    expectSilentlyBlocked(result);
+    expect(readAllowFromStoreMock).not.toHaveBeenCalled();
+  });
 });

src/web/inbound/access-control.ts

@@ -40,11 +40,10 @@ export async function checkInboundAccessControl(params: {
   });
   const dmPolicy = account.dmPolicy ?? "pairing";
   const configuredAllowFrom = account.allowFrom;
-  const storeAllowFrom = await readChannelAllowFromStore(
-    "whatsapp",
-    process.env,
-    account.accountId,
-  ).catch(() => []);
+  const storeAllowFrom =
+    dmPolicy === "allowlist"
+      ? []
+      : await readChannelAllowFromStore("whatsapp", process.env, account.accountId).catch(() => []);
   // Without user config, default to self-only DM access so the owner can talk to themselves.
   const combinedAllowFrom = Array.from(
     new Set([...(configuredAllowFrom ?? []), ...storeAllowFrom]),