[2026.2.25] groupPolicy: "allowlist" without allowFrom silently drops all group messages with no INFO-level log

[dongzhenye]

Summary

After upgrading to 2026.2.25 (via openclaw doctor), all group messages are silently dropped
when groupPolicy: "allowlist" is configured without an explicit allowFrom field.
No INFO-level log is emitted — the only indication is a verbose-level log that most users
won't see.

Environment

• OpenClaw: 2026.2.25
• Trigger: openclaw doctor switched LaunchAgent from entry.js to index.js

Steps to Reproduce

1. Configure groupPolicy: "allowlist" without allowFrom (valid config in pre-2026.2.25)
2. Run openclaw doctor
3. Send a group message to the bot

Expected Behavior

Either:

• (a) The message is processed (backwards-compatible behavior), OR
• (b) An INFO-level log is emitted explaining why the message was dropped

Actual Behavior

Message is silently dropped. pending_update_count decreases (update consumed),
watermark advances, but no log appears at INFO level.

Root Cause

evaluateTelegramGroupPolicyAccess returns group-policy-allowlist-empty when
allowEmptyAllowlistEntries: false (hardcoded) and effectiveGroupAllow.hasEntries: false
(result of normalizeAllowFrom(undefined)).

shouldSkipGroupMessage handles this reason with logVerbose only.

Fix Applied

Added "allowFrom": ["*"] to group config. Works correctly after this change.

Suggested Improvements

1. Migration warning: On startup, if groupPolicy: "allowlist" is detected without
   allowFrom, emit a WARN-level log explaining the new requirement
2. Better logging: Upgrade group-policy-allowlist-empty rejection from logVerbose
   to logInfo or logWarn
3. CHANGELOG clarity: The security(telegram): fail closed group allowlist against DM pairing store #25988 entry is accurate but doesn't mention that existing
   configs without allowFrom will silently break

[byungsker]

I'd like to work on this! 🙋

[tonydehnke]

Hit this exact issue on a bare-metal install after upgrading to .26. Mattermost groupPolicy: "allowlist" with no groupAllowFrom silently dropped all group messages — no INFO-level log, zero indication unless you check verbose logs.

Workaround: Added groupAllowFrom: ["*"] to the Mattermost channel config.

PR: #28477 extends openclaw doctor to detect groupPolicy="allowlist" with empty groupAllowFrom (and allowFrom fallback), matching the existing dmPolicy detection from #27892. CI is green.

Note: each channel has a different config schema for group allowlists (groupAllowFrom for Mattermost, channels: {"*": {}} for Slack, allowFrom for Telegram), so a single fix doesn't cover all channels.