diff --git a/docs/providers/whatsapp.md b/docs/providers/whatsapp.md index 5adce09b8..735005b87 100644 --- a/docs/providers/whatsapp.md +++ b/docs/providers/whatsapp.md @@ -124,6 +124,20 @@ Behavior: - Self-chat mode (allowFrom includes your number) avoids auto read receipts and ignores mention JIDs. - Read receipts sent for non-self-chat DMs. +## WhatsApp FAQ: sending messages + pairing + +**Will Clawdbot message random contacts when I link WhatsApp?** +No. Default DM policy is **pairing**, so unknown senders only get a pairing code and their message is **not processed**. Clawdbot only replies to chats it receives, or to sends you explicitly trigger (agent/CLI). + +**How does pairing work on WhatsApp?** +Pairing is a DM gate for unknown senders: +- First DM from a new sender returns a short code (message is not processed). +- Approve with: `clawdbot pairing approve whatsapp ` (list with `clawdbot pairing list whatsapp`). +- Codes expire after 1 hour; pending requests are capped at 3 per provider. + +**Why do you ask for my phone number in the wizard?** +The wizard uses it to set your **allowlist/owner** so your own DMs are permitted. It’s not used for auto-sending. If you run on your personal WhatsApp number, use that same number and enable `whatsapp.selfChatMode`. + ## Message normalization (what the model sees) - `Body` is the current message body with envelope. - Quoted reply context is **always appended**: diff --git a/docs/start/faq.md b/docs/start/faq.md index be942b2b3..d6acf45b2 100644 --- a/docs/start/faq.md +++ b/docs/start/faq.md @@ -734,6 +734,24 @@ Treat inbound DMs as untrusted input. Defaults are designed to reduce risk: Run `clawdbot doctor` to surface risky DM policies. +### WhatsApp: will it message my contacts? How does pairing work? + +No. Default WhatsApp DM policy is **pairing**. Unknown senders only get a pairing code and their message is **not processed**. Clawdbot only replies to chats it receives or to explicit sends you trigger. + +Approve pairing with: + +```bash +clawdbot pairing approve whatsapp +``` + +List pending requests: + +```bash +clawdbot pairing list whatsapp +``` + +Wizard phone number prompt: it’s used to set your **allowlist/owner** so your own DMs are permitted. It’s not used for auto-sending. If you run on your personal WhatsApp number, use that number and enable `whatsapp.selfChatMode`. + ## Chat commands, aborting tasks, and “it won’t stop” ### How do I stop/cancel a running task?