let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test: align group policy defaults

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-12 08:45:47 +00:00
parent 7db1cbe178
commit 98e75fce17
7 changed files with 83 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/gateway/security.md
View File

@@ -72,6 +72,7 @@ Clawdbot has two separate “who can trigger me?” layers:
- `whatsapp.groups`, `telegram.groups`, `imessage.groups`: per-group defaults like `requireMention`; when set, it also acts as a group allowlist (include `"*"` to keep allow-all behavior).
- `groupPolicy="allowlist"` + `groupAllowFrom`: restrict who can trigger the bot *inside* a group session (WhatsApp/Telegram/Signal/iMessage/Microsoft Teams).
- `discord.guilds` / `slack.channels`: per-surface allowlists + mention defaults.
- **Security note:** treat `dmPolicy="open"` and `groupPolicy="open"` as last-resort settings. They should be barely used; prefer pairing + allowlists unless you fully trust every member of the room.
Details: [Configuration](/gateway/configuration) and [Groups](/concepts/groups)