WhatsApp resolveTarget() silently redirects messages to allowList[0] instead of failing #13345
Description
Bug Description
The resolveTarget() function in extensions/whatsapp/src/channel.ts has multiple code paths where it silently redirects outbound messages to allowList[0] instead of returning an error. This causes messages to be delivered to unintended WhatsApp conversations.
Steps to Reproduce
- Configure WhatsApp with
dmPolicy: "allowlist"and multiple conversations accessible - When the agent responds in implicit/heartbeat mode without an explicit target, messages may be delivered to the wrong conversation
Root Cause
There are 3-4 points in resolveTarget() where the function returns { ok: true, to: allowList[0] } as a fallback instead of { ok: false, error: ... }:
- When the recipient cannot be normalized (implicit/heartbeat mode) — silently redirects to
allowList[0] - When the normalized recipient is NOT in the allowList (implicit mode) — silently redirects to
allowList[0] - When no recipient is specified — silently redirects to
allowList[0]
Expected Behavior
In all three cases, the function should return { ok: false, error: "..." } instead of silently redirecting to a different recipient.
Affected Channels
The same pattern also exists in:
extensions/twitch/src/channel.tsextensions/googlechat/src/channel.ts
Impact
Messages intended for one conversation are silently delivered to another, which is a privacy/security concern.
Workaround
Manually patching resolveTarget() to return { ok: false } in the fallback paths.