let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: cap pairing requests and suppress outbound pairing replies

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-09 22:58:11 +00:00
parent 98d0318d4e
commit 88cbe2d275
13 changed files with 106 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/start/faq.md
View File

@@ -632,6 +632,7 @@ Treat inbound DMs as untrusted input. Defaults are designed to reduce risk:
- Default behavior on DMcapable providers is **pairing**:
- Unknown senders receive a pairing code; the bot does not process their message.
- Approve with: `clawdbot pairing approve --provider <provider> <code>`
- Pending requests are capped at **3 per provider**; check `clawdbot pairing list --provider <provider>` if a code didnt arrive.
- Opening DMs publicly requires explicit optin (`dmPolicy: "open"` and allowlist `"*"`).
Run `clawdbot doctor` to surface risky DM policies.

1
docs/start/pairing.md
View File

@@ -25,6 +25,7 @@ Default DM policies are documented in: [Security](/gateway/security)
Pairing codes:
- 8 characters, uppercase, no ambiguous chars (`0O1I`).
- **Expire after 1 hour**. The bot only sends the pairing message when a new request is created (roughly once per hour per sender).
- Pending DM pairing requests are capped at **3 per provider** by default; additional requests are ignored until one expires or is approved.
### Approve a sender