refactor(security): remove unused empty allowlist mode

src/plugin-sdk/allow-from.test.ts

@@ -37,18 +37,6 @@ describe("isAllowedParsedChatSender", () => {
     expect(allowed).toBe(false);
   });
 
-  it("can explicitly allow when allowFrom is empty", () => {
-    const allowed = isAllowedParsedChatSender({
-      allowFrom: [],
-      sender: "+15551234567",
-      emptyAllowFrom: "allow",
-      normalizeSender: (sender) => sender,
-      parseAllowTarget,
-    });
-
-    expect(allowed).toBe(true);
-  });
-
   it("allows wildcard entries", () => {
     const allowed = isAllowedParsedChatSender({
       allowFrom: ["*"],

src/plugin-sdk/allow-from.ts

@@ -21,15 +21,12 @@ export function isAllowedParsedChatSender<TParsed extends ParsedChatAllowTarget>
   chatId?: number | null;
   chatGuid?: string | null;
   chatIdentifier?: string | null;
-  emptyAllowFrom?: "deny" | "allow";
   normalizeSender: (sender: string) => string;
   parseAllowTarget: (entry: string) => TParsed;
 }): boolean {
   const allowFrom = params.allowFrom.map((entry) => String(entry).trim());
   if (allowFrom.length === 0) {
-    // Fail closed by default. Callers can opt into legacy "empty = allow all"
+    return false;
-    // behavior explicitly when a surface intentionally treats an empty list as open.
-    return params.emptyAllowFrom === "allow";
   }
   if (allowFrom.includes("*")) {
     return true;