PR #63466: fix(whatsapp): inherit channel dmPolicy when account omits dmPolicy (#63366)

• Repository: openclaw/openclaw
• Author: neeravmakwana
• State: open | merged: False
• Link: https://github.com/openclaw/openclaw/pull/63466

Description (problem / solution / changelog)

Summary

• Problem: With channels.whatsapp.dmPolicy="allowlist" and a multi-account setup, an accounts.* entry that only set allowFrom (and omitted dmPolicy) still received Zod’s channel default dmPolicy: "pairing" on parse. resolveMergedAccountConfig shallow-merges account over channel, so that injected value overrode the channel allowlist and unknown senders could get pairing challenges.
• Why it matters: Operators expect allowlist mode to block or silently ignore unknown senders, not send pairing codes (regression described in #63366).
• What changed: WhatsAppAccountSchema overrides dmPolicy with DmPolicySchema.optional() (no default), so omitted account-level dmPolicy stays unset and merge preserves the channel policy.
• What did NOT change: Channel-level defaults, explicit per-account dmPolicy, or WhatsApp inbound access logic (only config parse/merge behavior).

Change Type

• Bug fix

Scope

• Integrations

Linked Issue/PR

• Closes #63366
• Related #63366
• This PR fixes a bug or regression

Root Cause

• Root cause: Zod .default("pairing") on the shared WhatsApp shape was applied to nested accounts.* objects. Parsed account objects then overwrote channel dmPolicy during merge.
• Missing detection / guardrail: Unit tests for access control used raw mocked config and did not exercise parsed config defaults.
• Contributing context (if known): N/A

Regression Test Plan

• Coverage level that should have caught this:
  • Unit test
• Target test or file: src/config/zod-schema.providers-whatsapp.test.ts
• Scenario the test should lock in: Validated config must not set accounts.*.dmPolicy to pairing when the account block omits dmPolicy and the channel sets allowlist.
• Why this is the smallest reliable guardrail: Asserts the exact parse output that previously corrupted merge.
• Existing test that already covers this (if any): Inbound tests mock loadConfig without Zod.
• If no new test is added, why not: N/A (tests added).

User-visible / Behavior Changes

• Multi-account WhatsApp configs with channel dmPolicy=allowlist and account entries that omit dmPolicy now inherit the channel policy after merge; pairing challenges are no longer sent to unknown senders in that configuration.

Diagram

N/A

Security Impact

• New permissions/capabilities? (No)
• Secrets/tokens handling changed? (No)
• New/changed network calls? (No)
• Command/tool execution surface changed? (No)
• Data access scope changed? (No)

Repro + Verification

Environment

• OS: macOS (dev)
• Validation: pnpm check, pnpm test src/config/zod-schema.providers-whatsapp.test.ts, pnpm config:docs:check

Steps

1. Configure channels.whatsapp.dmPolicy: "allowlist" with allowFrom and an accounts.work entry that only lists allowFrom (no dmPolicy).
2. Load merged account config / run gateway with that config.

Expected

• Effective dmPolicy for the account remains allowlist; unknown senders do not get pairing replies.

Actual (before fix)

• Parsed account carried dmPolicy: "pairing", overriding channel allowlist.

Evidence

• Failing test/log before + passing after (new unit test documents expected parse shape)

Human Verification

• Verified scenarios: pnpm check, targeted Vitest for new file, pnpm config:docs:check.
• Edge cases checked: Explicit accounts.*.dmPolicy: "pairing" still parses.
• What I did not verify: End-to-end WhatsApp gateway against a live account (config-level fix only).

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

Compatibility / Migration

• Backward compatible? (Yes)
• Config/env changes? (No)
• Migration needed? (No)

Risks and Mitigations

• None: Omitted account dmPolicy now follows channel merge semantics; explicit account dmPolicy is unchanged.

Made with Cursor

Changed files

• CHANGELOG.md (modified, +1/-0)
• src/channels/plugins/account-helpers.test.ts (modified, +43/-0)
• src/channels/plugins/account-helpers.ts (modified, +16/-2)
• src/config/zod-schema.providers-whatsapp.test.ts (added, +63/-0)
• src/config/zod-schema.providers-whatsapp.ts (modified, +6/-0)