refactor(security): make empty allowlist behavior explicit

2026-05-03 17:10:23 +00:00 · 2026-02-21 19:54:52 +01:00
parent ed960ba4eb
commit 2ba6de7eaa
3 changed files with 35 additions and 1 deletions
--- a/src/plugin-sdk/allow-from.test.ts
+++ b/src/plugin-sdk/allow-from.test.ts
@@ -37,6 +37,18 @@ describe("isAllowedParsedChatSender", () => {
    expect(allowed).toBe(false);
  });

+  it("can explicitly allow when allowFrom is empty", () => {
+    const allowed = isAllowedParsedChatSender({
+      allowFrom: [],
+      sender: "+15551234567",
+      emptyAllowFrom: "allow",
+      normalizeSender: (sender) => sender,
+      parseAllowTarget,
+    });
+
+    expect(allowed).toBe(true);
+  });
+
  it("allows wildcard entries", () => {
    const allowed = isAllowedParsedChatSender({
      allowFrom: ["*"],