fix: default groupPolicy to allowlist

docs/concepts/group-messages.md

@@ -11,7 +11,7 @@ Note: `agents.list[].groupChat.mentionPatterns` is now used by Telegram/Discord/
 
 ## What’s implemented (2025-12-03)
 - Activation modes: `mention` (default) or `always`. `mention` requires a ping (real WhatsApp @-mentions via `mentionedJids`, regex patterns, or the bot’s E.164 anywhere in the text). `always` wakes the agent on every message but it should reply only when it can add meaningful value; otherwise it returns the silent token `NO_REPLY`. Defaults can be set in config (`whatsapp.groups`) and overridden per group via `/activation`. When `whatsapp.groups` is set, it also acts as a group allowlist (include `"*"` to allow all).
-- Group policy: `whatsapp.groupPolicy` controls whether group messages are accepted (`open|disabled|allowlist`). `allowlist` uses `whatsapp.groupAllowFrom` (fallback: explicit `whatsapp.allowFrom`).
+- Group policy: `whatsapp.groupPolicy` controls whether group messages are accepted (`open|disabled|allowlist`). `allowlist` uses `whatsapp.groupAllowFrom` (fallback: explicit `whatsapp.allowFrom`). Default is `allowlist` (blocked until you add senders).
 - Per-group sessions: session keys look like `agent:<agentId>:whatsapp:group:<jid>` so commands such as `/verbose on` or `/think high` (sent as standalone messages) are scoped to that group; personal DM state is untouched. Heartbeats are skipped for group threads.
 - Context injection: last N (default 50) group messages are prefixed under `[Chat messages since your last reply - for context]`, with the triggering line under `[Current message - respond to this]`.
 - Sender surfacing: every group batch now ends with `[from: Sender Name (+E164)]` so Pi knows who is speaking.
@@ -61,7 +61,7 @@ Only the owner number (from `whatsapp.allowFrom`, or the bot’s own E.164 when
 
 ## How to use
 1) Add Clawd UK (`+447700900123`) to the group.
-2) Say `@clawd …` (or `@clawd uk`, `@clawdbot`, or include the number). Anyone in the group can trigger it.
+2) Say `@clawd …` (or `@clawd uk`, `@clawdbot`, or include the number). Only allowlisted senders can trigger it unless you set `groupPolicy: "open"`.
 3) The agent prompt will include recent group context plus the trailing `[from: …]` marker so it can address the right person.
 4) Session-level directives (`/verbose on`, `/think high`, `/new` or `/reset`, `/compact`) apply only to that group’s session; send them as standalone messages so they register. Your personal DM session remains independent.
 

docs/concepts/groups.md

@@ -12,7 +12,7 @@ Clawdbot “lives” on your own messaging accounts. There is no separate WhatsA
 If **you** are in a group, Clawdbot can see that group and respond there.
 
 Default behavior:
-- Groups are allowed (`groupPolicy: "open"`).
+- Groups are restricted (`groupPolicy: "allowlist"`).
 - Replies require a mention unless you explicitly disable mention gating.
 
 Translation: anyone in the group can trigger Clawdbot by mentioning it.
@@ -86,7 +86,7 @@ Control how group/room messages are handled per provider:
 
 | Policy | Behavior |
 |--------|----------|
-| `"open"` | Default. Groups bypass allowlists; mention-gating still applies. |
+| `"open"` | Groups bypass allowlists; mention-gating still applies. |
 | `"disabled"` | Block all group messages entirely. |
 | `"allowlist"` | Only allow groups/rooms that match the configured allowlist. |
 
@@ -97,6 +97,7 @@ Notes:
 - Slack: allowlist uses `slack.channels`.
 - Group DMs are controlled separately (`discord.dm.*`, `slack.dm.*`).
 - Telegram allowlist can match user IDs (`"123456789"`, `"telegram:123456789"`, `"tg:123456789"`) or usernames (`"@alice"` or `"alice"`); prefixes are case-insensitive.
+- Default is `groupPolicy: "allowlist"`; if your group allowlist is empty, group messages are blocked.
 
 Quick mental model (evaluation order for group messages):
 1) `groupPolicy` (open/disabled/allowlist)

docs/gateway/configuration-examples.md

@@ -150,7 +150,8 @@ Save to `~/.clawdbot/clawdbot.json` and you can DM the bot from that number.
   whatsapp: {
     dmPolicy: "pairing",
     allowFrom: ["+15555550123"],
-    groupPolicy: "open",
+    groupPolicy: "allowlist",
+    groupAllowFrom: ["+15555550123"],
     groups: { "*": { requireMention: true } }
   },
 
@@ -158,7 +159,8 @@ Save to `~/.clawdbot/clawdbot.json` and you can DM the bot from that number.
     enabled: true,
     botToken: "YOUR_TELEGRAM_BOT_TOKEN",
     allowFrom: ["123456789"],
-    groupPolicy: "open",
+    groupPolicy: "allowlist",
+    groupAllowFrom: ["123456789"],
     groups: { "*": { requireMention: true } }
   },
 

docs/gateway/configuration.md

@@ -545,12 +545,13 @@ Use `*.groupPolicy` to control whether group/room messages are accepted at all:
 ```
 
 Notes:
-- `"open"` (default): groups bypass allowlists; mention-gating still applies.
+- `"open"`: groups bypass allowlists; mention-gating still applies.
 - `"disabled"`: block all group/room messages.
 - `"allowlist"`: only allow groups/rooms that match the configured allowlist.
 - WhatsApp/Telegram/Signal/iMessage use `groupAllowFrom` (fallback: explicit `allowFrom`).
 - Discord/Slack use channel allowlists (`discord.guilds.*.channels`, `slack.channels`).
 - Group DMs (Discord/Slack) are still controlled by `dm.groupEnabled` + `dm.groupChannels`.
+- Default is `groupPolicy: "allowlist"`; if no allowlist is configured, group messages are blocked.
 
 ### Multi-agent routing (`agents.list` + `bindings`)
 

docs/providers/discord.md

@@ -193,7 +193,14 @@ Outbound Discord API calls retry on rate limits (429) using Discord `retry_after
   discord: {
     enabled: true,
     token: "abc.123",
-    groupPolicy: "open",
+    groupPolicy: "allowlist",
+    guilds: {
+      "*": {
+        channels: {
+          general: { allow: true }
+        }
+      }
+    },
     mediaMaxMb: 8,
     actions: {
       reactions: true,

docs/providers/imessage.md

@@ -170,7 +170,7 @@ Provider options:
 - `imessage.region`: SMS region.
 - `imessage.dmPolicy`: `pairing | allowlist | open | disabled` (default: pairing).
 - `imessage.allowFrom`: DM allowlist (handles or `chat_id:*`). `open` requires `"*"`.
-- `imessage.groupPolicy`: `open | allowlist | disabled` (default: open).
+- `imessage.groupPolicy`: `open | allowlist | disabled` (default: allowlist).
 - `imessage.groupAllowFrom`: group sender allowlist.
 - `imessage.historyLimit` / `imessage.accounts.*.historyLimit`: max group messages to include as context (0 disables).
 - `imessage.groups`: per-group defaults + allowlist (use `"*"` for global defaults).

docs/providers/signal.md

@@ -107,7 +107,7 @@ Provider options:
 - `signal.sendReadReceipts`: forward read receipts.
 - `signal.dmPolicy`: `pairing | allowlist | open | disabled` (default: pairing).
 - `signal.allowFrom`: DM allowlist (E.164 or `uuid:<id>`). `open` requires `"*"`.
-- `signal.groupPolicy`: `open | allowlist | disabled` (default: open).
+- `signal.groupPolicy`: `open | allowlist | disabled` (default: allowlist).
 - `signal.groupAllowFrom`: group sender allowlist.
 - `signal.historyLimit`: max group messages to include as context (0 disables).
 - `signal.textChunkLimit`: outbound chunk size (chars).

docs/providers/slack.md

@@ -185,7 +185,7 @@ Slack uses Socket Mode only (no HTTP webhook server). Provide both tokens:
     "enabled": true,
     "botToken": "xoxb-...",
     "appToken": "xapp-...",
-    "groupPolicy": "open",
+    "groupPolicy": "allowlist",
     "dm": {
       "enabled": true,
       "policy": "pairing",

docs/providers/telegram.md

@@ -186,11 +186,12 @@ Two independent controls:
 - Example: `"groups": { "-1001234567890": {}, "*": {} }` allows all groups
 
 **2. Which senders are allowed** (sender filtering via `telegram.groupPolicy`):
-- `"open"` (default) = all senders in allowed groups can message
+- `"open"` = all senders in allowed groups can message
 - `"allowlist"` = only senders in `telegram.groupAllowFrom` can message
 - `"disabled"` = no group messages accepted at all
+Default is `groupPolicy: "allowlist"` (blocked unless you add `groupAllowFrom`).
 
-Most users want: `groupPolicy: "open"` + specific groups listed in `telegram.groups`
+Most users want: `groupPolicy: "allowlist"` + `groupAllowFrom` + specific groups listed in `telegram.groups`
 
 ## Long-polling vs webhook
 - Default: long-polling (no public URL required).
@@ -289,7 +290,7 @@ Provider options:
 - `telegram.tokenFile`: read token from file path.
 - `telegram.dmPolicy`: `pairing | allowlist | open | disabled` (default: pairing).
 - `telegram.allowFrom`: DM allowlist (ids/usernames). `open` requires `"*"`.
-- `telegram.groupPolicy`: `open | allowlist | disabled` (default: open).
+- `telegram.groupPolicy`: `open | allowlist | disabled` (default: allowlist).
 - `telegram.groupAllowFrom`: group sender allowlist (ids/usernames).
 - `telegram.groups`: per-group defaults + allowlist (use `"*"` for global defaults).
   - `telegram.groups.<id>.requireMention`: mention gating default.

docs/providers/whatsapp.md

@@ -158,7 +158,7 @@ The wizard uses it to set your **allowlist/owner** so your own DMs are permitted
 
 ## Groups
 - Groups map to `agent:<agentId>:whatsapp:group:<jid>` sessions.
-- Group policy: `whatsapp.groupPolicy = open|disabled|allowlist` (default `open`).
+- Group policy: `whatsapp.groupPolicy = open|disabled|allowlist` (default `allowlist`).
 - Activation modes:
   - `mention` (default): requires @mention or regex match.
   - `always`: always triggers.

docs/start/faq.md

@@ -448,7 +448,7 @@ Notes:
 ### Do I need to add a “bot account” to a WhatsApp group?
 
 No. Clawdbot runs on **your own account**, so if you’re in the group, Clawdbot can see it.
-By default, anyone in that group can **mention** the bot to trigger a reply.
+By default, group replies are blocked until you allow senders (`groupPolicy: "allowlist"`).
 
 If you want only **you** to be able to trigger group replies: