Skip to content

fix: resolve #10616 #10614 #10613 #10610 #10607 (WhatsApp sendTo, run…#10620

Closed
d1maash wants to merge 1 commit intoopenclaw:mainfrom
d1maash:feat/dimash
Closed

fix: resolve #10616 #10614 #10613 #10610 #10607 (WhatsApp sendTo, run…#10620
d1maash wants to merge 1 commit intoopenclaw:mainfrom
d1maash:feat/dimash

Conversation

@d1maash
Copy link

@d1maash d1maash commented Feb 6, 2026
edited by greptile-apps bot
Loading

…time guardrails, compaction retry, cron restart scheduling, Feishu WS appType)

Greptile Overview

Greptile Summary

  • Adds runtime tool-call guardrails (session caps, per-minute limits, per-tool limits, blocklist) and enforces them via the before_tool_call hook wrapper.
  • Extends cron job payloads to support per-job tool guardrails, and preserves persisted nextRunAtMs across service restarts so missed runs remain due.
  • Introduces WhatsApp outbound sendTo allowlist (global + per-account) enforced for DM sends, and sets Feishu WS client appType explicitly.
  • Updates config types and zod schemas to include the new guardrails and WhatsApp sendTo settings, with tests covering the guardrails/hook integration.

Confidence Score: 3/5

  • This PR is mostly safe to merge, but has a config-driven logic gap that can silently disable the intended WhatsApp outbound restriction.
  • Core changes (guardrails enforcement, cron nextRun persistence, Feishu WS appType) are localized and covered by tests. The WhatsApp sendTo restriction logic can be bypassed when sendTo is configured but normalizes to an empty allowlist, which is a realistic misconfiguration and undermines the feature’s security intent.
  • src/channels/plugins/outbound/whatsapp.ts

(2/5) Greptile learns from your feedback when you react with thumbs up/down!

@d1maash
fix: resolve openclaw#10616 openclaw#10614 openclaw#10613 openclaw#10610
f7a7ec4 
 openclaw#10607 (WhatsApp sendTo, runtime guardrails, compaction retry, cron restart scheduling, Feishu WS appType)
@openclaw-barnacle openclaw-barnacle bot added channel: whatsapp-web Channel integration: whatsapp-web agents Agent runtime and tooling channel: feishu Channel integration: feishu labels Feb 6, 2026
@d1maash
Copy link
Author

d1maash commented Feb 6, 2026

Summary

This PR addresses the 5 latest open issues in openclaw/openclaw:

  1. WhatsApp outbound DM allowlist (sendTo)

    • Added channels.whatsapp.sendTo (including per-account override).
    • Enforced outbound DM restriction in WhatsApp target resolution.
    • Group targets remain unaffected.
    • Added coverage for fallback/block/allow behavior.

  2. Runtime guardrails for agent sessions

    • Added agents.defaults.guardrails config:
      • maxToolCallsPerSession
      • maxToolCallsPerMinute
      • toolBlocklist
      • toolRateLimits
    • Enforced guardrails at tool execution boundary.
    • Added cron agentTurn.payload.guardrails override support and merge behavior.

  3. Compaction retry cascade overflow

    • Added auto-compaction retry hook that:
      • evaluates retry budget,
      • downgrades to a slim retry system prompt when needed,
      • cancels retry with explicit message when still impossible.
    • Propagated retry-cancel message to lifecycle/block reply path.

  4. Cron scheduler skipping missed runs after restart

    • Preserved persisted nextRunAtMs during recompute/reload.
    • Ensures missed runs remain due after restart instead of being skipped.
    • Added regression test for restart behavior.

  5. Feishu WebSocket 400 fix

    • Set appType: SelfBuild for Feishu WS client creation (aligned with REST client).
    • Added focused unit test for WS client config.

Testing

  • Not run in this pass (per request).

Linked issues

greptile-apps[bot]
greptile-apps bot reviewed Feb 6, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 file reviewed, 1 comment

Edit Code Review Agent Settings | Greptile

src/channels/plugins/outbound/whatsapp.ts
Comment on lines +69 to +71
if (hasSendToRestriction && !sendTo.entries.includes(normalizedTo)) {
return { ok: false, error: notAllowedSendToError() };
}
Copy link
Contributor

@greptile-apps greptile-apps bot Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Empty sendTo bypass
If channels.whatsapp.sendTo (or per-account sendTo) is configured but normalizes down to an empty list (e.g., only invalid numbers, whitespace, or only group JIDs), hasSendToRestriction becomes false and outbound DMs fall back to allowFrom/to behavior. That effectively disables the intended outbound restriction without an explicit opt-out. This is reachable whenever the config contains any non-empty-but-invalid entries.

Consider treating a configured-but-empty-after-normalization sendTo as "block all DMs" (or surface a config error) so operators don’t get a silent bypass.

Prompt To Fix With AI 
This is a comment left during a code review.
Path: src/channels/plugins/outbound/whatsapp.ts
Line: 69:71

Comment:
**Empty `sendTo` bypass**
If `channels.whatsapp.sendTo` (or per-account `sendTo`) is configured but normalizes down to an empty list (e.g., only invalid numbers, whitespace, or only group JIDs), `hasSendToRestriction` becomes false and outbound DMs fall back to `allowFrom`/`to` behavior. That effectively disables the intended outbound restriction without an explicit opt-out. This is reachable whenever the config contains any non-empty-but-invalid entries.

Consider treating a *configured-but-empty-after-normalization* `sendTo` as "block all DMs" (or surface a config error) so operators don’t get a silent bypass.

How can I resolve this? If you propose a fix, please make it concise.

@Takhoffman Takhoffman self-assigned this Feb 10, 2026
Takhoffman added a commit that referenced this pull request Feb 10, 2026
@Takhoffman
Agents: scope sanitizeUserFacingText rewrites to errorContext (refs #…
8a9e17f 
…12889 #12309 #3594 #7483 #10094 #10368 #11317 #11359 #11649 #12022 #12432 #12676 #12711; PRs #7567 #10220 #10601 #10620 #10760 #11680 #11685 #12052 #12226 #12433 #12702 #12720 #12726 #12777)
@Takhoffman Takhoffman mentioned this pull request Feb 10, 2026
Merged
@Takhoffman
Copy link
Contributor

Takhoffman commented Feb 10, 2026

Fixed in #12988.

This will go out in the next OpenClaw release.

If you still see this after updating to the first release that includes #12988, please open a new issue with:

  • your OpenClaw version
  • channel (Telegram/Slack/etc)
  • the exact prompt/response that got rewritten
  • whether Web UI showed the full text vs the channel being rewritten
  • relevant logs around send/normalize (if available)

Link back here for context.

@Takhoffman Takhoffman closed this Feb 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@Takhoffman Takhoffman

Labels

agents Agent runtime and tooling channel: feishu Channel integration: feishu channel: whatsapp-web Channel integration: whatsapp-web

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@d1maash @Takhoffman

Comments