fix(security): lock down inbound DMs by default

2026-01-06 17:51:38 +01:00
parent 327ad3c9c7
commit 967cef80bc
36 changed files with 2093 additions and 203 deletions
--- a/src/commands/doctor.test.ts
+++ b/src/commands/doctor.test.ts
@@ -93,6 +93,18 @@ vi.mock("../daemon/service.js", () => ({
  }),
 }));

+vi.mock("../telegram/pairing-store.js", () => ({
+  readTelegramAllowFromStore: vi.fn().mockResolvedValue([]),
+}));
+
+vi.mock("../pairing/pairing-store.js", () => ({
+  readProviderAllowFromStore: vi.fn().mockResolvedValue([]),
+}));
+
+vi.mock("../telegram/token.js", () => ({
+  resolveTelegramToken: vi.fn(() => ({ token: "", source: "none" })),
+}));
+
 vi.mock("../runtime.js", () => ({
  defaultRuntime: {
    log: () => {},