fix(cron/whatsapp): route implicit delivery to allowlisted recipients (openclaw#21533) thanks @Takhoffman

Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-05-08 12:31:23 +00:00 · 2026-02-19 20:33:37 -06:00
parent a87b5fb009
commit d9e46028f5
6 changed files with 194 additions and 2 deletions
--- a/src/cron/isolated-agent/delivery-target.test.ts
+++ b/src/cron/isolated-agent/delivery-target.test.ts
@@ -12,8 +12,18 @@ vi.mock("../../infra/outbound/channel-selection.js", () => ({
  resolveMessageChannelSelection: vi.fn().mockResolvedValue({ channel: "telegram" }),
 }));

+vi.mock("../../pairing/pairing-store.js", () => ({
+  readChannelAllowFromStoreSync: vi.fn(() => []),
+}));
+
+vi.mock("../../web/accounts.js", () => ({
+  resolveWhatsAppAccount: vi.fn(() => ({ allowFrom: [] })),
+}));
+
 import { loadSessionStore } from "../../config/sessions.js";
 import { resolveMessageChannelSelection } from "../../infra/outbound/channel-selection.js";
+import { readChannelAllowFromStoreSync } from "../../pairing/pairing-store.js";
+import { resolveWhatsAppAccount } from "../../web/accounts.js";
 import { resolveDeliveryTarget } from "./delivery-target.js";

 function makeCfg(overrides?: Partial<OpenClawConfig>): OpenClawConfig {
@@ -50,6 +60,46 @@ async function resolveForAgent(params: {
 }

 describe("resolveDeliveryTarget", () => {
+  it("reroutes implicit whatsapp delivery to authorized allowFrom recipient", async () => {
+    setMainSessionEntry({
+      sessionId: "sess-w1",
+      updatedAt: 1000,
+      lastChannel: "whatsapp",
+      lastTo: "+15550000099",
+    });
+    vi.mocked(resolveWhatsAppAccount).mockReturnValue({
+      allowFrom: [],
+    } as unknown as ReturnType<typeof resolveWhatsAppAccount>);
+    vi.mocked(readChannelAllowFromStoreSync).mockReturnValue(["+15550000001"]);
+
+    const cfg = makeCfg({ bindings: [] });
+    const result = await resolveDeliveryTarget(cfg, AGENT_ID, { channel: "last", to: undefined });
+
+    expect(result.channel).toBe("whatsapp");
+    expect(result.to).toBe("+15550000001");
+  });
+
+  it("keeps explicit whatsapp target unchanged", async () => {
+    setMainSessionEntry({
+      sessionId: "sess-w2",
+      updatedAt: 1000,
+      lastChannel: "whatsapp",
+      lastTo: "+15550000099",
+    });
+    vi.mocked(resolveWhatsAppAccount).mockReturnValue({
+      allowFrom: [],
+    } as unknown as ReturnType<typeof resolveWhatsAppAccount>);
+    vi.mocked(readChannelAllowFromStoreSync).mockReturnValue(["+15550000001"]);
+
+    const cfg = makeCfg({ bindings: [] });
+    const result = await resolveDeliveryTarget(cfg, AGENT_ID, {
+      channel: "whatsapp",
+      to: "+15550000099",
+    });
+
+    expect(result.to).toBe("+15550000099");
+  });
+
  it("falls back to bound accountId when session has no lastAccountId", async () => {
    setMainSessionEntry(undefined);

--- a/src/cron/isolated-agent/delivery-target.ts
+++ b/src/cron/isolated-agent/delivery-target.ts
@@ -12,8 +12,11 @@ import {
  resolveOutboundTarget,
  resolveSessionDeliveryTarget,
 } from "../../infra/outbound/targets.js";
+import { readChannelAllowFromStoreSync } from "../../pairing/pairing-store.js";
 import { buildChannelAccountBindings } from "../../routing/bindings.js";
 import { normalizeAgentId } from "../../routing/session-key.js";
+import { resolveWhatsAppAccount } from "../../web/accounts.js";
+import { normalizeWhatsAppTarget } from "../../whatsapp/normalize.js";

 export async function resolveDeliveryTarget(
  cfg: OpenClawConfig,
@@ -76,7 +79,7 @@ export async function resolveDeliveryTarget(

  const channel = resolved.channel ?? fallbackChannel ?? DEFAULT_CHAT_CHANNEL;
  const mode = resolved.mode as "explicit" | "implicit";
-  const toCandidate = resolved.to;
+  let toCandidate = resolved.to;

  // When the session has no lastAccountId (e.g. first-run isolated cron
  // session), fall back to the agent's bound account from bindings config.
@@ -112,12 +115,34 @@ export async function resolveDeliveryTarget(
    };
  }

+  let allowFromOverride: string[] | undefined;
+  if (channel === "whatsapp") {
+    const configuredAllowFromRaw = resolveWhatsAppAccount({ cfg, accountId }).allowFrom ?? [];
+    const configuredAllowFrom = configuredAllowFromRaw
+      .map((entry) => String(entry).trim())
+      .filter((entry) => entry && entry !== "*")
+      .map((entry) => normalizeWhatsAppTarget(entry))
+      .filter((entry): entry is string => Boolean(entry));
+    const storeAllowFrom = readChannelAllowFromStoreSync("whatsapp", process.env, accountId)
+      .map((entry) => normalizeWhatsAppTarget(entry))
+      .filter((entry): entry is string => Boolean(entry));
+    allowFromOverride = [...new Set([...configuredAllowFrom, ...storeAllowFrom])];
+
+    if (mode === "implicit" && allowFromOverride.length > 0) {
+      const normalizedCurrentTarget = normalizeWhatsAppTarget(toCandidate);
+      if (!normalizedCurrentTarget || !allowFromOverride.includes(normalizedCurrentTarget)) {
+        toCandidate = allowFromOverride[0];
+      }
+    }
+  }
+
  const docked = resolveOutboundTarget({
    channel,
    to: toCandidate,
    cfg,
    accountId,
    mode,
+    allowFrom: allowFromOverride,
  });
  return {
    channel,