From 9c2640a8106c0ef749c08df38ab77382cb96f5d6 Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Thu, 19 Feb 2026 09:19:27 +0100 Subject: [PATCH] docs: clarify WhatsApp group allowlist and reply mention behavior --- docs/channels/whatsapp.md | 7 +++++++ docs/gateway/security/index.md | 2 ++ 2 files changed, 9 insertions(+) diff --git a/docs/channels/whatsapp.md b/docs/channels/whatsapp.md index 88251bd8454..a6fb427bdc2 100644 --- a/docs/channels/whatsapp.md +++ b/docs/channels/whatsapp.md @@ -169,6 +169,7 @@ OpenClaw recommends running WhatsApp on a separate number when possible. (The ch Sender allowlist fallback: - if `groupAllowFrom` is unset, runtime falls back to `allowFrom` when available + - sender allowlists are evaluated before mention/reply activation Note: if no `channels.whatsapp` block exists at all, runtime group-policy fallback is effectively `open`. @@ -183,6 +184,11 @@ OpenClaw recommends running WhatsApp on a separate number when possible. (The ch - configured mention regex patterns (`agents.list[].groupChat.mentionPatterns`, fallback `messages.groupChat.mentionPatterns`) - implicit reply-to-bot detection (reply sender matches bot identity) + Security note: + + - quote/reply only satisfies mention gating; it does **not** grant sender authorization + - with `groupPolicy: "allowlist"`, non-allowlisted senders are still blocked even if they reply to an allowlisted user's message + Session-level activation command: - `/activation mention` @@ -407,6 +413,7 @@ Behavior notes: - `groupAllowFrom` / `allowFrom` - `groups` allowlist entries - mention gating (`requireMention` + mention patterns) + - duplicate keys in `openclaw.json` (JSON5): later entries override earlier ones, so keep a single `groupPolicy` per scope diff --git a/docs/gateway/security/index.md b/docs/gateway/security/index.md index 9b21b80ba4f..6a0ba212aba 100644 --- a/docs/gateway/security/index.md +++ b/docs/gateway/security/index.md @@ -301,6 +301,8 @@ OpenClaw has two separate “who can trigger me?” layers: - `channels.whatsapp.groups`, `channels.telegram.groups`, `channels.imessage.groups`: per-group defaults like `requireMention`; when set, it also acts as a group allowlist (include `"*"` to keep allow-all behavior). - `groupPolicy="allowlist"` + `groupAllowFrom`: restrict who can trigger the bot _inside_ a group session (WhatsApp/Telegram/Signal/iMessage/Microsoft Teams). - `channels.discord.guilds` / `channels.slack.channels`: per-surface allowlists + mention defaults. + - Group checks run in this order: `groupPolicy`/group allowlists first, mention/reply activation second. + - Replying to a bot message (implicit mention) does **not** bypass sender allowlists like `groupAllowFrom`. - **Security note:** treat `dmPolicy="open"` and `groupPolicy="open"` as last-resort settings. They should be barely used; prefer pairing + allowlists unless you fully trust every member of the room. Details: [Configuration](/gateway/configuration) and [Groups](/channels/groups)