diff --git a/src/web/monitor-inbox.test.ts b/src/web/monitor-inbox.test.ts
index 231282fcb..e1a89d54d 100644
--- a/src/web/monitor-inbox.test.ts
+++ b/src/web/monitor-inbox.test.ts
@@ -270,6 +270,58 @@ describe("web monitor inbox", () => {
     await listener.close();
   });
 
+  it("still forwards group messages (with sender info) even when allowFrom is restrictive", async () => {
+    mockLoadConfig.mockReturnValue({
+      inbound: {
+        allowFrom: ["+111"], // does not include +777
+        messagePrefix: undefined,
+        responsePrefix: undefined,
+        timestampPrefix: false,
+      },
+    });
+
+    const onMessage = vi.fn();
+    const listener = await monitorWebInbox({ verbose: false, onMessage });
+    const sock = await createWaSocket();
+    const upsert = {
+      type: "notify",
+      messages: [
+        {
+          key: {
+            id: "grp-allow",
+            fromMe: false,
+            remoteJid: "55555@g.us",
+            participant: "777@s.whatsapp.net",
+          },
+          message: {
+            extendedTextMessage: {
+              text: "@bot hi",
+              contextInfo: { mentionedJid: ["123@s.whatsapp.net"] },
+            },
+          },
+        },
+      ],
+    };
+
+    sock.ev.emit("messages.upsert", upsert);
+    await new Promise((resolve) => setImmediate(resolve));
+
+    expect(onMessage).toHaveBeenCalledTimes(1);
+    expect(onMessage).toHaveBeenCalledWith(
+      expect.objectContaining({
+        chatType: "group",
+        from: "55555@g.us",
+        senderE164: "+777",
+        senderJid: "777@s.whatsapp.net",
+        mentionedJids: ["123@s.whatsapp.net"],
+        selfE164: "+123",
+        selfJid: "123@s.whatsapp.net",
+      }),
+    );
+
+    await listener.close();
+  });
+
   it("blocks messages from unauthorized senders not in allowFrom", async () => {
     // Test for auto-recovery fix: early allowFrom filtering prevents Bad MAC errors
     // from unauthorized senders corrupting sessions