feat(whatsapp): add dm_policy and group_policy parity with WeCom/Weixin/QQ adapters#11597
Closed
MassiveMassimo wants to merge 2 commits into
Closed
feat(whatsapp): add dm_policy and group_policy parity with WeCom/Weixin/QQ adapters#11597MassiveMassimo wants to merge 2 commits into
MassiveMassimo wants to merge 2 commits into
Conversation
…in/QQ adapters WhatsApp adapter was missing dm_policy and group_policy configuration options that already exist in WeCom, Weixin, and QQ adapters. This forces users to rely on fragile local patches or the global WHATSAPP_ALLOWED_USERS env var, which cannot distinguish between DM and group access. Changes: - whatsapp.py: add _dm_policy, _allow_from, _group_policy, _group_allow_from with _is_dm_allowed() and _is_group_allowed() - whatsapp.py: update _should_process_message() to enforce both policies before mention/free-response checks - config.py: bridge dm_policy, allow_from, group_policy, group_allow_from from YAML to env vars (WHATSAPP_DM_POLICY, WHATSAPP_ALLOWED_USERS, WHATSAPP_GROUP_POLICY, WHATSAPP_GROUP_ALLOWED_USERS) - config.py: bridge the same keys in load_from_yaml() platform config passthrough - tests: 12 new test cases covering all policy modes + 2 config bridging tests Supported modes: dm_policy: "open" | "allowlist" | "disabled" (default: "open") group_policy: "open" | "allowlist" | "disabled" (default: "open") This matches the interface of WeCom/Weixin/QQ adapters exactly.
Group messages already passed the adapter's group_policy gate (_should_process_message), so the sender is implicitly authorized by virtue of being in an allowed group. Without this bypass, _is_user_authorized() would reject group participants who aren't in an explicit user allowlist, making group_policy: allowlist only half-functional.
teknium1
pushed a commit
that referenced
this pull request
Apr 20, 2026
…in/QQ adapters Add dm_policy and group_policy to the WhatsApp adapter, bringing parity with WeCom/Weixin/QQ. Allows independent control of DM and group access: disable DMs entirely, allowlist specific senders/groups, or keep open. - dm_policy: open (default) | allowlist | disabled - group_policy: open (default) | allowlist | disabled - Config bridging for YAML → env vars - 22 tests covering all policy combinations Backward compatible — defaults preserve existing behavior. Cherry-picked from PR #11597 by @MassiveMassimo. Dropped the run.py group auth bypass (would have skipped user auth for ALL platforms, not just WhatsApp).
Contributor
|
Merged via PR #13151 (#13151). Your adapter-level dm_policy/group_policy implementation was cherry-picked onto current main with your authorship preserved via rebase-merge. Dropped the run.py group auth bypass — it would have skipped user authorization for all platforms, not just WhatsApp. Thanks for the contribution! |
ulasbilgen
pushed a commit
to ulasbilgen/hermes-adhd-agent
that referenced
this pull request
May 1, 2026
…in/QQ adapters Add dm_policy and group_policy to the WhatsApp adapter, bringing parity with WeCom/Weixin/QQ. Allows independent control of DM and group access: disable DMs entirely, allowlist specific senders/groups, or keep open. - dm_policy: open (default) | allowlist | disabled - group_policy: open (default) | allowlist | disabled - Config bridging for YAML → env vars - 22 tests covering all policy combinations Backward compatible — defaults preserve existing behavior. Cherry-picked from PR NousResearch#11597 by @MassiveMassimo. Dropped the run.py group auth bypass (would have skipped user auth for ALL platforms, not just WhatsApp).
aj-nt
pushed a commit
to aj-nt/hermes-agent
that referenced
this pull request
May 1, 2026
…in/QQ adapters Add dm_policy and group_policy to the WhatsApp adapter, bringing parity with WeCom/Weixin/QQ. Allows independent control of DM and group access: disable DMs entirely, allowlist specific senders/groups, or keep open. - dm_policy: open (default) | allowlist | disabled - group_policy: open (default) | allowlist | disabled - Config bridging for YAML → env vars - 22 tests covering all policy combinations Backward compatible — defaults preserve existing behavior. Cherry-picked from PR NousResearch#11597 by @MassiveMassimo. Dropped the run.py group auth bypass (would have skipped user auth for ALL platforms, not just WhatsApp).
Luminet2023
pushed a commit
to Luminet2023/hermes-agent
that referenced
this pull request
May 1, 2026
…in/QQ adapters Add dm_policy and group_policy to the WhatsApp adapter, bringing parity with WeCom/Weixin/QQ. Allows independent control of DM and group access: disable DMs entirely, allowlist specific senders/groups, or keep open. - dm_policy: open (default) | allowlist | disabled - group_policy: open (default) | allowlist | disabled - Config bridging for YAML → env vars - 22 tests covering all policy combinations Backward compatible — defaults preserve existing behavior. Cherry-picked from PR NousResearch#11597 by @MassiveMassimo. Dropped the run.py group auth bypass (would have skipped user auth for ALL platforms, not just WhatsApp).
02356abc
pushed a commit
to 02356abc/hermes-agent
that referenced
this pull request
May 14, 2026
…in/QQ adapters Add dm_policy and group_policy to the WhatsApp adapter, bringing parity with WeCom/Weixin/QQ. Allows independent control of DM and group access: disable DMs entirely, allowlist specific senders/groups, or keep open. - dm_policy: open (default) | allowlist | disabled - group_policy: open (default) | allowlist | disabled - Config bridging for YAML → env vars - 22 tests covering all policy combinations Backward compatible — defaults preserve existing behavior. Cherry-picked from PR NousResearch#11597 by @MassiveMassimo. Dropped the run.py group auth bypass (would have skipped user auth for ALL platforms, not just WhatsApp).
gweeteve
pushed a commit
to gweeteve/hermes-agent
that referenced
this pull request
Jun 2, 2026
…in/QQ adapters Add dm_policy and group_policy to the WhatsApp adapter, bringing parity with WeCom/Weixin/QQ. Allows independent control of DM and group access: disable DMs entirely, allowlist specific senders/groups, or keep open. - dm_policy: open (default) | allowlist | disabled - group_policy: open (default) | allowlist | disabled - Config bridging for YAML → env vars - 22 tests covering all policy combinations Backward compatible — defaults preserve existing behavior. Cherry-picked from PR NousResearch#11597 by @MassiveMassimo. Dropped the run.py group auth bypass (would have skipped user auth for ALL platforms, not just WhatsApp).
Egavasyug
pushed a commit
to Egavasyug/hermes-agent
that referenced
this pull request
Jun 10, 2026
…in/QQ adapters Add dm_policy and group_policy to the WhatsApp adapter, bringing parity with WeCom/Weixin/QQ. Allows independent control of DM and group access: disable DMs entirely, allowlist specific senders/groups, or keep open. - dm_policy: open (default) | allowlist | disabled - group_policy: open (default) | allowlist | disabled - Config bridging for YAML → env vars - 22 tests covering all policy combinations Backward compatible — defaults preserve existing behavior. Cherry-picked from PR NousResearch#11597 by @MassiveMassimo. Dropped the run.py group auth bypass (would have skipped user auth for ALL platforms, not just WhatsApp).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add `dm_policy` and `group_policy` to the WhatsApp adapter, bringing parity with the existing WeCom/Weixin/QQ adapters.
The WhatsApp adapter currently has no first-class DM/group gating — `allowed_users` conflates both, and there is no way to:
Other platform adapters (WeCom, Weixin, QQ) already implement this pattern with `_dm_policy`, `_group_policy`, `allow_from`, and `group_allow_from`.
Changes
`gateway/platforms/whatsapp.py`
`gateway/config.py`
Backward Compatibility
Config Example
```yaml
whatsapp:
dm_policy: disabled # drop all DMs at adapter level
group_policy: allowlist # only respond in specified groups
group_allow_from:
- "123456789@g.us"
- "987654321@g.us"
require_mention: true
mention_patterns: ["botname"]
```
Tests
22 tests in `tests/gateway/test_whatsapp_group_gating.py` covering:
Full gateway suite: 3046 passed, 6 failed (3 pre-existing whatsapp_connect session-lock, 3 unrelated telegram approval — same on main branch).
Related Issues
Closes #7992
Addresses #7269
Related #8389 (bridge-level allowlist default)
Related #2991 (LID resolution — separate but overlapping scope)