[Feature]: safer default for heartbeat.target routing

[metacrafttech]

Summary

Change the default heartbeat.target from "last" to a safer option that prevents heartbeat replies reaching unintended recipients.

Problem to solve

The default heartbeat.target is "last", which routes heartbeat replies to whichever user last messaged the agent. When an agent serves both the owner and external contacts on WhatsApp, the heartbeat response can land in an external user's DM. We had a full system status dump (disk, RAM, service health, Stripe info) delivered to an external contact's WhatsApp because they happened to be the last person who messaged. This is a privacy and trust incident. ⁠

Proposed solution

Change the default heartbeat.target to "none" (discard) or "owner" (only deliver to configured owner numbers). Users who want the current behaviour can explicitly set heartbeat.target: "last".

Alternatively, add a heartbeat.target: "owner" option that routes only to numbers in the allowFrom owner list.

Alternatives considered

• Setting heartbeat.target: "none" manually — works but only after you discover the problem (usually via an incident)
  •⁠ ⁠Instructing the agent to only reply HEARTBEAT_OK — prompt-level, fails under cognitive load
  •⁠ ⁠Routing heartbeat to Slack instead — requires extra config and doesn't fix the underlying unsafe default

Impact

Affected: Anyone running Clawdbot with external contacts on WhatsApp/Telegram/SMS
Severity: Privacy incident — internal system data sent to wrong person
Frequency: Every heartbeat cycle (default every 30 min) when an external user was the last to message
Consequence: Sensitive operational data leaked to external contacts. Damages trust and professionalism.

Evidence/examples

Incident: Full system health dump (disk usage, RAM, running services, API status) sent to an external WhatsApp contact at 4am because they were the last person who messaged. We fixed it with heartbeat.target: "none" but only after the incident.

Additional information

Backward-compatible if the default changes to "none" — existing users who rely on "last" just add one config line. Much safer than the current default where every new Clawdbot install is one external message away from a heartbeat leak. Environment: Clawdbot v2026.1.24-3.

[steipete]

Implemented in #25916.

What landed in this fix set:

• Default heartbeat target switches from implicit last to none when unset (prevents accidental delivery to the last external DM).
• Docs/config reference updated for new default + explicit migration guidance.
• Regression coverage updated for new default behavior.

Verification added in PR:

• src/infra/heartbeat-runner.returns-default-unset.test.ts (default target assertions updated + explicit target: "last" coverage preserved).
• Focused vitest suite passed for heartbeat routing/prompt behavior.

This issue is now superseded by #25916.