`checkInboundAccessControl` is currently called for every `messages.upsert`
notify entry, including receipts, typing indicators, presence updates, and
protocol messages that arrive on the same Baileys stream as real inbound
messages. With `dmPolicy: pairing`, this lets the gateway send a pairing
verification reply to a peer who never actually typed anything — e.g. when
Master sends an outbound message to a new JID and the receipt round-trip
arrives before the recipient ever replies.
Add a fast O(1) `hasInboundUserContent(message)` helper in
`extensions/whatsapp/src/inbound/extract.ts` that returns true iff any of
the existing extractors would surface user-visible content
(`extractText`, `extractMediaPlaceholder`, `extractContactContext`,
`extractLocationData`). Call it at the top of `normalizeInboundMessage`
right after the existing `fromMe` recent-outbound-echo guard, before
`checkInboundAccessControl`. Non-content events bail out cleanly with no
pairing side effects, no read-receipt, no enqueue.
Existing safeguards (recent-outbound echo skip, status/broadcast filter)
stay intact. All four content extractors are pure object-tree walks with
no I/O, so the gate adds only microseconds per upsert event.
Sign-Off: hclsys
53bd5d6bd2