feat(whatsapp,telegram): add groupPolicy config option

[mneves75]

Summary

Adds groupPolicy config option to WhatsApp and Telegram for controlling group message handling.

The Problem

Users expect allowFrom to restrict all communication, but groups bypass this check entirely (by design - they use mention-gating instead). This leaves no way to block group messages completely.

Solution

New groupPolicy option with 3 modes:

Policy	Behavior
open	Default. Groups bypass allowFrom, only mention-gating applies.
disabled	Block all group messages entirely.
allowlist	Only respond if sender is in allowFrom.

{
  whatsapp: {
    allowFrom: ["+15551234567"],
    groupPolicy: "disabled"
  },
  telegram: {
    allowFrom: ["123456789", "@username", "telegram:123456789"],
    groupPolicy: "disabled"
  }
}

Implementation Details

• Shared schema: Extracted GroupPolicySchema constant for DRY validation
• Consistent field ordering: groupPolicy follows allowFrom in both schemas
• WhatsApp: Matches sender's E.164 against normalized allowFrom
• Telegram: Matches sender by user ID or username (case-insensitive, with/without @ prefix)
• Telegram prefix support: telegram:123456789 format works in group allowlist
• Pre-computed allowlist values for efficiency (no redundant .map() calls per message)

Changes

File	Change
src/config/zod-schema.ts	Shared GroupPolicySchema constant with explanatory comment
src/config/types.ts	Add groupPolicy to WhatsAppConfig and TelegramConfig
src/web/inbound.ts	WhatsApp group policy filtering
src/telegram/bot.ts	Telegram group policy filtering with prefix stripping
src/web/monitor-inbox.test.ts	4 tests for WhatsApp (incl. wildcard)
src/telegram/bot.test.ts	10 tests for Telegram (incl. prefixed ID)
docs/groups.md	Accurate documentation for both surfaces
docs/plans/group-policy-hardening.md	Engineering execution spec

Self-Critique Fixes (Hardening)

Finding	Severity	Fix
Telegram group allowlist ignores telegram: prefix	MED	Strip prefix during normalization
Docs say allowFrom only filters DMs	LOW	Clarified that allowlist mode uses it for groups
Zod .default().optional() pattern undocumented	LOW	Added explanatory comment
Missing WhatsApp wildcard test	TEST	Added test for allowFrom: ["*"]
Missing Telegram prefixed ID test	TEST	Added test for telegram:123456789 format

Backwards Compatibility

Default is open - existing users see no behavior change.

Test Plan

• All 888 tests pass (2 new tests added)
• groupPolicy: "disabled" blocks all group messages
• groupPolicy: "allowlist" filters by sender (ID or username)
• groupPolicy: "open" (default) preserves existing behavior
• Case-insensitive username matching for Telegram
• Wildcard ["*"] allows all senders in allowlist mode
• telegram:123456789 prefix works in group allowlist

[steipete]

🦞 Automated Code Review (Codex)

Findings:

• [MED] Telegram group allowlist ignores telegram:-prefixed allowFrom entries; only raw id/username match. src/telegram/bot.ts:105-122. If users reuse the same list with groupPolicy: "allowlist", groups get blocked. Suggest: accept prefixed ids/usernames in group allowlist or document it as unsupported.
• [LOW] Docs contradiction: docs/groups.md:41-43 says allowFrom only filters DMs, but allowlist mode uses allowFrom for groups. Clarify note.
• [LOW] Zod default + optional likely drops default. src/config/zod-schema.ts:546-581 uses GroupPolicySchema.default("open").optional(). Consider dropping .optional() or rely on runtime default consistently.

Test gaps / suggestions:

• Add WhatsApp wildcard allowlist test (groupPolicy: "allowlist", allowFrom: ["*"]) to mirror Telegram coverage.
• Add Telegram test for telegram:<id> allowFrom if you decide to support it.

Question: Should Telegram group allowlist accept telegram:<id> for consistency with DM allowlist docs, or is that intentionally DM-only?

---

Reviewed by Clawd 🦞 via Codex (53k tokens)

[mneves75]

Thanks! Addressed the findings:

• Telegram allowlist now trims entries and strips telegram:/tg: prefixes case-insensitively; the same normalized list is used for DM + group checks.
• Added tests for DM allowlist with TG: + whitespace and group allowlist with TG: prefix.
• Docs updated in docs/groups.md + docs/telegram.md to reflect allowlist usage and prefix support.

On the Zod .default().optional() note: left as-is; it’s intentional so input can omit the field while runtime resolves to "open". Happy to add a comment if you want it explicit.

I didn’t add the WhatsApp wildcard allowlist test yet; can add if you’d like.

[mneves75]

Follow-up for the review asks:

• Added DM allowlist test for telegram:<id> in src/telegram/bot.test.ts (commit 50f6556).
• WhatsApp wildcard allowlist test already exists in src/web/monitor-inbox.test.ts (allows all group senders with wildcard in groupPolicy allowlist), so no extra change needed there.

[mneves75]

Re-ran tests after adding the DM telegram: allowlist case. Note: pnpm test -- src/telegram/bot.test.ts still runs the full suite here.

Result: PASS — 160 files passed, 2 skipped (live tests).