Summary

• Add channels.signal.groups.<groupId> config to allow specific Signal groups by ID
• Groups listed in this config bypass the sender-level groupAllowFrom check
• Incorporate group-level allow into command authorization (addresses Greptile review from fix(signal): add group-level allowlist support via groups config #4337)
• Matches the pattern used by Telegram, iMessage, WhatsApp, IRC, and BlueBubbles

Fixes #25540
Supersedes #4337

Changes

• src/config/types.signal.ts: Add SignalGroupConfig type and groups property to SignalAccountConfig
• src/config/zod-schema.providers-core.ts: Add SignalGroupSchema and groups field to SignalAccountSchemaBase
• src/signal/monitor/event-handler.ts: Wire resolveChannelGroupPolicy into Signal event handler, with group-level bypass for both message delivery and command authorization
• docs/channels/signal.md: Document groups config with usage examples

Improvements over #4337

This version addresses the Greptile review feedback from the original PR:

• groupExplicitlyAllowed is now incorporated into the commandGate authorizers, so explicitly allowed groups can also run control commands (not just receive messages)
• Uses hasGroupAllowFrom param so resolveChannelGroupPolicy correctly handles the case where groupAllowFrom is configured but no explicit groups map exists

Usage

{
  channels: {
    signal: {
      groupPolicy: "allowlist",
      groups: {
        "your-signal-group-id": {}  // Allow this specific group
      }
    }
  }
}

Testing

• Zero TypeScript errors (tsc --noEmit passes)
• Manually tested on live Signal instance (original PR fix(signal): add group-level allowlist support via groups config #4337)

Greptile Summary

Added group-level allowlist support for Signal via channels.signal.groups.<groupId> config, matching the pattern used by other messaging channels (Telegram, iMessage, WhatsApp, IRC). Groups explicitly listed in this config bypass sender-level groupAllowFrom checks and can run control commands.

Key changes:

• Added SignalGroupConfig type with requireMention, tools, and toolsBySender fields
• Wired resolveChannelGroupPolicy into Signal event handler to check group-level allowlist before sender-level checks
• Groups explicitly allowed via this config bypass sender-level groupAllowFrom check and are authorized for control commands
• Updated documentation with configuration examples and usage instructions

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The implementation follows established patterns from other channels (iMessage, Telegram), maintains backwards compatibility via the hasGroupAllowFrom parameter, and properly integrates group-level authorization into both message delivery and command gating. The TypeScript compilation passes, types are properly defined, and the Zod schema validation is correctly configured. The documentation is comprehensive with clear examples.
• No files require special attention

_{Last reviewed commit: 798c290}

_{(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!}

Context used:

• Context from dashboard - CLAUDE.md (source)
• Context from dashboard - AGENTS.md (source)