Feature: Auto-leave WhatsApp groups not in allowlist + group-join webhook

[motochan]

Feature Request

Problem

When using WhatsApp with groupPolicy: allowlist and groupAllowFrom, unauthorized groups are blocked from triggering agent sessions — but the bot remains a member of those groups. This creates a security/privacy concern: the bot is still technically present and visible to group members.

Proposed Solutions

1. Auto-leave on unauthorized group add

When the bot is added to a group not in groupAllowFrom, automatically leave the group.

{
  "channels": {
    "whatsapp": {
      "groupPolicy": "allowlist",
      "groupAllowFrom": ["123@g.us"],
      "autoLeaveUnauthorized": true  // new option
    }
  }
}

2. Group-join webhook/event

Expose a hook when the bot is added to a new group, allowing custom logic:

{
  "hooks": {
    "whatsapp.groupJoin": {
      "enabled": true,
      "action": "leave" | "notify" | "custom"
    }
  }
}

Or fire a system event to the main session:

[System] You were added to WhatsApp group "Spam Group" (456@g.us) by +1234567890

This would allow the agent to decide whether to stay, leave, or alert the owner.

3. Manual leave action

Add action: leave to the message tool:

message action=leave channel=whatsapp groupId=456@g.us

Use Case

• Security-conscious deployments where the bot should only exist in pre-approved groups
• Preventing reconnaissance (bad actors adding the bot to groups to probe its behavior)
• Clean group membership hygiene

Current Workaround

groupAllowFrom blocks messages but doesn't remove the bot from unauthorized groups. Manual cleanup required via WhatsApp app.

Environment

• OpenClaw 2026.2.1
• WhatsApp channel enabled

[steipete]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Current main still only blocks or skips unauthorized WhatsApp group traffic. It does not implement an opt-in auto-leave setting, a WhatsApp group-join hook/event, or a WhatsApp leave-group message action. Related #11489 is broader and remains open, so it does not supersede this WhatsApp-specific request.

Best possible solution:

Keep this open for a deliberate bundled WhatsApp plugin feature. Add opt-in config/schema/docs for unauthorized-group auto-leave, implement a verified WhatsApp Web/Baileys group leave operation with account and target authorization, add join/participant update detection or an equivalent group-add event path, consider a WhatsApp leaveGroup message action, cover denied-group and allowlist behavior with tests, and coordinate owner notification/event shape with #11489.

What I checked:

• Current main checked: Read-only review was against current main ef58307 with a clean checkout before and after inspection. (ef58307f843e)
• Issue context is still active: Provided GitHub context shows a non-maintainer enhancement with no protected labels. The only existing comment is a prior Codex maintainer-side review that kept this open, and the linked broader group-pairing issue [Feature Request] Group pairing flow: notify owner + read-only mode for unconfigured groups #11489 is still open rather than merged or shipped.
• WhatsApp config lacks requested knobs: WhatsAppActionConfig exposes only reactions, sendMessage, and polls; the shared WhatsApp config includes groupAllowFrom, groupPolicy, and groups, but no autoLeaveUnauthorized or group-join setting. (src/config/types.whatsapp.ts:17, ef58307f843e)
• Strict schema would reject proposed fields: The WhatsApp schema builds a strict common shape around the existing policy fields and a strict actions object containing reactions, sendMessage, and polls only. (src/config/zod-schema.providers-whatsapp.ts:51, ef58307f843e)
• Unauthorized group senders are blocked, not removed: For group access failures, checkInboundAccessControl logs the groupPolicy block and returns allowed:false/shouldMarkRead:false; it does not call any group leave operation. (extensions/whatsapp/src/inbound/access-control.ts:89, ef58307f843e)
• Group allowlist misses are skipped, not left: When the chat-level groups allowlist rejects a group, applyGroupGating logs 'not in allowlist' and returns shouldProcess:false, with no leave action. (extensions/whatsapp/src/auto-reply/monitor/group-gating.ts:117, ef58307f843e)

Likely related people:

• Chris Zhang chris@ChrisdeMac-mini.local: Available local blame routes the central WhatsApp config schema, inbound policy, group gating, inbound monitor, and action-description files through commit 081e4be. (role: current WhatsApp runtime/config history owner; confidence: medium; commits: 081e4be11e63; files: src/config/zod-schema.providers-whatsapp.ts, extensions/whatsapp/src/inbound-policy.ts, extensions/whatsapp/src/inbound/access-control.ts)
• steipete: Local shortlog for the relevant WhatsApp docs/runtime/config area includes Peter Steinberger, and commit be8c246 touched the WhatsApp docs and inbound-policy snapshot for the latest shipped release baseline. The provided issue context also shows steipete posting the prior maintainer-side Codex review. (role: recent maintainer and adjacent WhatsApp docs/runtime owner; confidence: medium; commits: be8c24633aaa, ef58307f843e; files: docs/channels/whatsapp.md, extensions/whatsapp/src/inbound-policy.ts, CHANGELOG.md)

Remaining risk / open question:

• No live WhatsApp group-add event was exercised in this read-only review; the decision is based on current source, docs, tests, targeted search, and provided GitHub context.
• The product design still needs to define whether auto-leave is driven by chat-level group admission via channels.whatsapp.groups, sender-level groupAllowFrom, or both, and how it should align with broader group-pairing work in [Feature Request] Group pairing flow: notify owner + read-only mode for unconfigured groups #11489.

Codex review notes: model gpt-5.5, reasoning high; reviewed against ef58307f843e.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Summary
Keep open: current main still only blocks or skips unauthorized WhatsApp group traffic and does not provide the requested opt-in auto-leave setting, group-join webhook/event, or WhatsApp leave-group action.

Reproducibility: not applicable. as a feature request. Source inspection on current main gives high confidence the requested capability is absent: existing WhatsApp allowlist paths block or skip traffic without auto-leave, group-join events, or a leave-group action.

Next step
Needs maintainer product/security direction for auto-leave triggers, group-join event shape, owner notification, and leave-action authorization before implementation is safe.

Security
Needs attention: No patch was reviewed, but the requested behavior is privacy-hardening work around unauthorized WhatsApp group membership.

Review details

Best possible solution:

Define an opt-in WhatsApp plugin-owned feature with config/schema/docs, verified group leave and join detection, explicit target authorization and owner notification, regression coverage, and coordination with #11489.

Do we have a high-confidence way to reproduce the issue?

Not applicable as a feature request. Source inspection on current main gives high confidence the requested capability is absent: existing WhatsApp allowlist paths block or skip traffic without auto-leave, group-join events, or a leave-group action.

Is this the best way to solve the issue?

Unclear until maintainers choose the product/security shape. The narrow maintainable direction is WhatsApp plugin-owned opt-in behavior with explicit authorization and owner notification, not hidden core default behavior.

Security concerns:

• [low] Bot can remain visible in unauthorized WhatsApp groups — extensions/whatsapp/src/inbound/access-control.ts:126
  Current group-policy denial returns a blocked decision without leaving the WhatsApp group, so membership visibility remains until manual cleanup.
  Confidence: 0.86
• [medium] Leave actions need explicit authorization semantics — extensions/whatsapp/src/action-runtime.ts:75
  A future auto-leave or manual leave-group action would be a destructive channel-side operation, so account selection, target authorization, and owner notification need maintainer design before implementation.
  Confidence: 0.82

Acceptance criteria:

• After design approval: pnpm test extensions/whatsapp/src/inbound/access-control.test.ts extensions/whatsapp/src/monitor-inbox.blocks-messages-from-unauthorized-senders-not-allowfrom.test-support.ts extensions/whatsapp/src/action-runtime.test.ts extensions/whatsapp/src/channel-actions.test.ts
• After code/config/docs changes: pnpm exec oxfmt --check --threads=1
• Before handoff for code/config changes: pnpm check:changed in Testbox per repository policy

What I checked:

• Issue remains active: Live issue data shows this issue is open with only the enhancement label and no closing pull request; related group-pairing work at [Feature Request] Group pairing flow: notify owner + read-only mode for unconfigured groups #11489 is also open rather than a merged superseding fix. (f2458d8828de)
• WhatsApp config lacks requested knobs: WhatsAppActionConfig exposes reactions, sendMessage, and polls, while the shared WhatsApp config exposes groupAllowFrom, groupPolicy, and groups but no autoLeaveUnauthorized or group-join setting. (src/config/types.whatsapp.ts:17, f2458d8828de)
• Strict schema rejects proposed settings: The WhatsApp schema is strict and its actions object only accepts reactions, sendMessage, and polls, so proposed fields such as autoLeaveUnauthorized or hooks.whatsapp.groupJoin are not accepted today. (src/config/zod-schema.providers-whatsapp.ts:167, f2458d8828de)
• Unauthorized group sender path blocks only: For denied group access, checkInboundAccessControl logs the group-policy block and returns allowed:false and shouldMarkRead:false; it does not invoke any group leave operation. (extensions/whatsapp/src/inbound/access-control.ts:126, f2458d8828de)
• Group allowlist miss skips only: The chat-level groups allowlist path logs a not-in-allowlist skip and returns shouldProcess:false without removing the bot from the group. (extensions/whatsapp/src/auto-reply/monitor/group-gating.ts:117, f2458d8828de)
• Manual WhatsApp leave action is absent: WhatsApp message actions currently handle react and throw Unsupported WhatsApp action for any other action; action descriptions expose react and poll only. (extensions/whatsapp/src/action-runtime.ts:75, f2458d8828de)

Likely related people:

• steipete: Recent path history shows repeated work on WhatsApp access control, config-runtime boundaries, group docs, and related maintainer-side reviews for this issue. (role: recent maintainer and adjacent WhatsApp group-policy owner; confidence: high; commits: 20945b84b44a, 4336a7f3a9c6, 88ea0751a9bb; files: extensions/whatsapp/src/inbound/access-control.ts, extensions/whatsapp/src/auto-reply/monitor/group-gating.ts, docs/channels/whatsapp.md)
• mcaxtr: Recent merged WhatsApp multi-account, schema, inbound-policy, and action-runtime work is directly adjacent to adding an auto-leave option and group policy behavior. (role: recent WhatsApp config/runtime contributor; confidence: medium; commits: 458a52610a4d, f5f0235bb18a, ac6db066d341; files: src/config/types.whatsapp.ts, src/config/zod-schema.providers-whatsapp.ts, extensions/whatsapp/src/inbound/access-control.ts)
• vincentkoc: Recent history shows WhatsApp message-tool, runtime import, reconnect, and group-doc work adjacent to a future leave-group action and authorization shape. (role: recent WhatsApp action/docs maintainer; confidence: medium; commits: 0fad53a19281, 7d691a3ce33f, 21a92ea0f636; files: extensions/whatsapp/src/channel-actions.ts, extensions/whatsapp/src/action-runtime.ts, docs/channels/whatsapp.md)
• scoootscooob: The WhatsApp plugin layout traces through the core-to-extensions migration, which matters for keeping this work inside the bundled WhatsApp plugin boundary. (role: adjacent extension migration owner; confidence: low; commits: 16505718e827, 85e4ec1fb1ac; files: extensions/whatsapp/src, docs/channels/groups.md)

Remaining risk / open question:

• No live WhatsApp group-add event was exercised in this read-only review; the conclusion is based on current source, docs, tests/search, and issue discussion.
• Maintainers still need to choose whether auto-leave is triggered by chat-level groups allowlist misses, sender-level groupAllowFrom failures, explicit group-add events, or a combination with owner notification.

Codex review notes: model gpt-5.5, reasoning high; reviewed against f2458d8828de.