Skip to content

fix(imessage): surface silent group-allowlist drops at default log level#79190

Merged
omarshahine merged 2 commits into
openclaw:mainfrom
omarshahine:fix/imsg-group-drop-observability
May 8, 2026
Merged

fix(imessage): surface silent group-allowlist drops at default log level#79190
omarshahine merged 2 commits into
openclaw:mainfrom
omarshahine:fix/imsg-group-drop-observability

Conversation

@omarshahine

@omarshahine omarshahine commented May 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

Closes #78749.

When channels.imessage.groupPolicy: "allowlist" is set without a channels.imessage.groups block — the most common BlueBubbles → bundled-iMessage migration footgun, documented in PR #78317 — the runtime gate at extensions/imessage/src/monitor/inbound-processing.ts:336 drops every group message and logs only at verbose. At the default info log level, every group message vanishes silently.

This adds two coordinated warn-level signals so the misconfiguration is observable at the default log level:

  1. Startup warning (warnGroupAllowlistMisconfigOnce): one-time per accountId when monitor boots with groupPolicy: "allowlist" AND channels.imessage.groups is empty (no "*" wildcard, no per-chat_id entries). Catches the misconfiguration before any messages land.

  2. Per-chat warning (warnGroupAllowlistDropPerChatOnce): one-time per accountId:chat_id when the runtime allowlist gate drops a specific group. Names the chat_id and the exact channels.imessage.groups[...] key to add to allow it.

Both warners cap log volume at one line per account / one line per chat, so busy gateways do not get spammed. Helpers stay extension-local per the AGENTS owner-boundary rule (other channels have different group-policy semantics).

Files

  • extensions/imessage/src/monitor/group-allowlist-warnings.ts — new helper module with both warners + a resetForTesting reset hook
  • extensions/imessage/src/monitor/group-allowlist-warnings.test.ts — 11 unit tests covering startup misconfig detection, per-chat one-shot semantics, wildcard / explicit-entry suppression, multi-account isolation, numeric/string chat_id normalization
  • extensions/imessage/src/monitor/monitor-provider.ts — wires the startup warner alongside the existing warnMissingProviderGroupPolicyFallbackOnce, and emits the per-chat warner on the decision.kind === "drop" branch when decision.reason === "group id not in allowlist"
  • docs/channels/imessage.md + docs/channels/imessage-from-bluebubbles.md — replaces the "silent at info, raise OPENCLAW_LOG_LEVEL=debug" guidance with the new warn lines operators will actually see

Real behavior proof

  • Behavior or issue addressed: silent verbose-level drop at extensions/imessage/src/monitor/inbound-processing.ts:336 when groupPolicy: "allowlist" is configured without a channels.imessage.groups block (issue iMessage: silent group message drop when channels.imessage.groups is unset #78749).

  • Real environment tested: macOS Sequoia 15.x, node v25.8.1, openclaw worktree at branch fix/imsg-group-drop-observability head fdba8f4111. The new helpers (extensions/imessage/src/monitor/group-allowlist-warnings.ts) loaded directly via node --import tsx from the live source tree — same callable shape used by the gateway's monitor-provider.ts (log: (msg) => runtime.log?.(warn(msg))).

  • Exact steps or command run after this patch:

    cd ~/GitHub/openclaw/.worktrees/issue-78749
node --import tsx /tmp/imsg-78749-proof.mjs

    where the script imports warnGroupAllowlistMisconfigOnce, warnGroupAllowlistDropPerChatOnce, and resetGroupAllowlistWarningsForTesting from the new module and walks five scenarios (misconfigured startup, first-drop per chat, repeat-drop suppression, second chat fires its own line, wildcard suppresses startup).

  • After-fix evidence: console output captured live from the run above:

    === Scenario 1: BlueBubbles migration footgun (groupPolicy=allowlist, groups missing) ===
[warn] imessage: groupPolicy="allowlist" but channels.imessage.groups is empty for account "primary". Every inbound group message will be dropped. Add channels.imessage.groups["*"] = { requireMention: true } to allow all groups, or explicit per-chat_id entries to allow specific groups.

=== Scenario 2: First inbound group message from chat_id=8421 ===
[warn] imessage: dropping group message from chat_id=8421 (account "primary") — not in channels.imessage.groups allowlist. Add channels.imessage.groups["8421"] or channels.imessage.groups["*"] to allow it.

=== Scenario 3: Same chat_id=8421 again (suppressed, returns false silently) ===
(fired=false, no log line)

=== Scenario 4: Different chat_id=9907 fires its own one-time warn ===
[warn] imessage: dropping group message from chat_id=9907 (account "primary") — not in channels.imessage.groups allowlist. Add channels.imessage.groups["9907"] or channels.imessage.groups["*"] to allow it.

=== Scenario 5: Wildcard configured, startup is silent ===
(fired=false, no log line)

  • Observed result after fix: each [warn] line is the exact string runtime.log?.(warn(message)) would emit through the gateway's warn-formatted logger. Scenario 1 catches the misconfiguration before any message lands. Scenario 2 names the dropped chat and the exact channels.imessage.groups["8421"] key to add. Scenario 3 confirms the per-chat one-shot suppresses repeats. Scenario 4 confirms a distinct chat_id still surfaces. Scenario 5 confirms the startup warn does not fire when a "*" wildcard is present. No silent drops remain at the default info log level.

  • What was not tested: end-to-end gateway run against a live imsg launch daemon driving an iMessage group conversation — the helpers exercised here are the exact units monitor-provider.ts calls, but a live-traffic capture would be additional confirmation (would need a paired Mac and a configured group chat).

@openclaw-barnacle openclaw-barnacle Bot added docs Improvements or additions to documentation channel: imessage Channel integration: imessage size: M maintainer Maintainer-authored PR labels May 8, 2026
@clawsweeper

clawsweeper Bot commented May 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Codex review: needs maintainer review before merge.

Summary
The PR adds iMessage group-allowlist warning helpers, wires one-shot startup and per-chat drop warnings into the monitor, updates iMessage docs, tests the helpers, and adds a changelog entry.

Reproducibility: yes. by source inspection: current main reaches the iMessage group-registry drop and logs it only through logVerbose, which is below the default info level. I did not run a live iMessage gateway in this read-only review.

Real behavior proof
Sufficient (terminal): The PR body includes after-fix terminal output from a macOS/node source run showing the new warning helpers fire and suppress as intended.

Next step before merge
No ClawSweeper repair remains; the prior changelog issue was fixed and the remaining action is normal maintainer review/merge handling for an open PR.

Security
Cleared: The diff adds extension-local logging helpers, docs, tests, and a changelog entry without new dependencies, workflows, package metadata, secret handling, downloads, or external execution paths.

Review details

Best possible solution:

Land the extension-local warning fix after normal maintainer review and required checks because it makes the misconfiguration visible without changing group gate semantics.

Do we have a high-confidence way to reproduce the issue?

Yes, by source inspection: current main reaches the iMessage group-registry drop and logs it only through logVerbose, which is below the default info level. I did not run a live iMessage gateway in this read-only review.

Is this the best way to solve the issue?

Yes, the one-shot startup warning plus one-shot per-chat drop warning is a narrow maintainable fix that preserves the existing allowlist behavior. A doctor check could be a later enhancement, but it is not required for this PR to solve the observable silent-drop problem.

What I checked:

  • Current-main silent drop path: Current main resolves the iMessage group registry policy and returns drop with reason group id not in allowlist after logging only through logVerbose, so default info logging does not surface the drop. (extensions/imessage/src/monitor/inbound-processing.ts:336, cde99c3349e9)
  • Current-main monitor drop handling: Current main records loop-related drops and returns for all drop decisions without emitting a default-level warning for the allowlist-registry drop. (extensions/imessage/src/monitor/monitor-provider.ts:390, cde99c3349e9)
  • PR warning implementation: The live PR patch imports the new warning helpers, emits the startup misconfiguration warning after group policy resolution, and emits the per-chat warning when the inbound decision reason is group id not in allowlist. (extensions/imessage/src/monitor/monitor-provider.ts:199, c6a46ab5463c)
  • PR helper coverage: The added helper tests cover missing and empty groups, non-allowlist suppression, wildcard and explicit-entry suppression, one-shot behavior, multi-account isolation, and numeric/string chat_id normalization. (extensions/imessage/src/monitor/group-allowlist-warnings.test.ts:1, c6a46ab5463c)
  • Changelog blocker addressed: The updated PR head adds a user-facing CHANGELOG entry for the iMessage warning fix, addressing the prior ClawSweeper review finding. (CHANGELOG.md:597, c6a46ab5463c)
  • Real behavior proof: The PR body includes terminal output from a macOS/node source run showing the new startup and per-chat warning helpers fire once, suppress repeats, and suppress startup warning when wildcard groups are configured. (c6a46ab5463c)

Likely related people:

  • omarshahine: Merged commit e259751 added the current private-API iMessage monitor/docs surface that includes the group registry gate and BlueBubbles migration context; the PR author also appears in that prior merged feature history, not only on this PR. (role: introduced current iMessage monitor behavior; confidence: high; commits: e259751ec9c9; files: extensions/imessage/src/monitor/monitor-provider.ts, extensions/imessage/src/monitor/inbound-processing.ts, docs/channels/imessage.md)
  • vincentkoc: Recent commits updated the iMessage docs and BlueBubbles deprecation/migration surface adjacent to the warning text this PR changes. (role: recent adjacent maintainer; confidence: medium; commits: 91ed1604b011, 0fca66549794; files: docs/channels/imessage.md, docs/channels/imessage-from-bluebubbles.md)

Remaining risk / open question:

  • No full live imsg watch gateway traffic capture was provided; the proof covers the helper behavior, while source inspection covers the monitor wiring.

Codex review notes: model gpt-5.5, reasoning high; reviewed against cde99c3349e9.

@clawsweeper clawsweeper Bot added the proof: sufficient ClawSweeper judged the real behavior proof convincing. label May 8, 2026
@omarshahine omarshahine force-pushed the fix/imsg-group-drop-observability branch from c6a46ab to b6036a2 Compare May 8, 2026 03:01
omarshahine added 2 commits May 8, 2026 03:07
@omarshahine
fix(imessage): surface silent group-allowlist drops at default log level
551070b 
When channels.imessage.groupPolicy=allowlist is set without a
channels.imessage.groups block (the most common BlueBubbles to bundled-iMessage
migration footgun), the runtime drop at inbound-processing.ts:336 logged only
at verbose. At the default info log level every group message vanished.

Add two one-shot warn-level signals:
- warnGroupAllowlistMisconfigOnce: fires once per accountId at monitor startup
  when groupPolicy=allowlist and groups is empty (no '*' wildcard, no per-chat_id
  entries). Catches the misconfiguration before any messages land.
- warnGroupAllowlistDropPerChatOnce: fires once per accountId:chat_id when the
  runtime allowlist gate drops a group, naming the chat_id and the exact
  channels.imessage.groups[...] key to add to allow it.

Both warners cap log volume at one line per account / one line per group, so
busy gateways do not get spammed.

Closes openclaw#78749.
@omarshahine
changelog: note iMessage group-allowlist drop visibility
6454366
@omarshahine omarshahine force-pushed the fix/imsg-group-drop-observability branch from b6036a2 to 6454366 Compare May 8, 2026 03:07
@omarshahine omarshahine merged commit df069f7 into openclaw:main May 8, 2026
97 checks passed
@omarshahine

omarshahine commented May 8, 2026

Copy link
Copy Markdown
Contributor Author

Merged via squash.

Thanks @omarshahine!

@omarshahine omarshahine deleted the fix/imsg-group-drop-observability branch May 8, 2026 03:09
@omarshahine omarshahine mentioned this pull request May 8, 2026
Merged
github-actions Bot pushed a commit to Desicool/openclaw that referenced this pull request May 9, 2026
@omarshahine
fix(imessage): surface silent group-allowlist drops at default log le…
e65e719 
…vel (openclaw#79190)

Merged via squash.

Prepared head SHA: 6454366
Co-authored-by: omarshahine <10343873+omarshahine@users.noreply.github.com>
Co-authored-by: omarshahine <10343873+omarshahine@users.noreply.github.com>
Reviewed-by: @omarshahine
rogerdigital pushed a commit to rogerdigital/openclaw that referenced this pull request May 9, 2026
@omarshahine @rogerdigital
fix(imessage): surface silent group-allowlist drops at default log le…
5c166c4 
…vel (openclaw#79190)

Merged via squash.

Prepared head SHA: 6454366
Co-authored-by: omarshahine <10343873+omarshahine@users.noreply.github.com>
Co-authored-by: omarshahine <10343873+omarshahine@users.noreply.github.com>
Reviewed-by: @omarshahine
lykeion-dev pushed a commit to lykeion-dev/openclaw--rev that referenced this pull request May 14, 2026
@omarshahine @lykeion-dev
fix(imessage): surface silent group-allowlist drops at default log le…
43ddece 
…vel (openclaw#79190)

Merged via squash.

Prepared head SHA: 6454366
Co-authored-by: omarshahine <10343873+omarshahine@users.noreply.github.com>
Co-authored-by: omarshahine <10343873+omarshahine@users.noreply.github.com>
Reviewed-by: @omarshahine
github-actions Bot pushed a commit to Desicool/openclaw that referenced this pull request May 24, 2026
@omarshahine
fix(imessage): surface silent group-allowlist drops at default log le…
a7ca4bc 
…vel (openclaw#79190)

Merged via squash.

Prepared head SHA: 6454366
Co-authored-by: omarshahine <10343873+omarshahine@users.noreply.github.com>
Co-authored-by: omarshahine <10343873+omarshahine@users.noreply.github.com>
Reviewed-by: @omarshahine
jameslcowan pushed a commit to jameslcowan/openclaw that referenced this pull request Jun 2, 2026
@omarshahine
fix(imessage): surface silent group-allowlist drops at default log le…
b5975d5 
…vel (openclaw#79190)

Merged via squash.

Prepared head SHA: 6454366
Co-authored-by: omarshahine <10343873+omarshahine@users.noreply.github.com>
Co-authored-by: omarshahine <10343873+omarshahine@users.noreply.github.com>
Reviewed-by: @omarshahine
sablehead pushed a commit to sablehead/openclaw that referenced this pull request Jun 10, 2026
@omarshahine
fix(imessage): surface silent group-allowlist drops at default log le…
c19a690 
…vel (openclaw#79190)

Merged via squash.

Prepared head SHA: 6454366
Co-authored-by: omarshahine <10343873+omarshahine@users.noreply.github.com>
Co-authored-by: omarshahine <10343873+omarshahine@users.noreply.github.com>
Reviewed-by: @omarshahine
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

channel: imessage Channel integration: imessage docs Improvements or additions to documentation maintainer Maintainer-authored PR proof: sufficient ClawSweeper judged the real behavior proof convincing. size: M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

iMessage: silent group message drop when channels.imessage.groups is unset

1 participant

@omarshahine