Security Documentation

📱

DM Access Model

pairing (default), allowlist, open, or disabled.

👥

Group Security

Group allowlists, mention gating.

🐳

Sandboxing

Docker containers for tool isolation.

🌐

Network Security

Gateway bind, reverse proxy.

🔐

Authentication

Gateway auth modes.

📝

Logging

logging.redactSensitive.

DM Access Model

pairing (default)

Unknown senders receive pairing code. Ignores until approved.

{ "channels": { "whatsapp": { "dmPolicy": "pairing" } } }

allowlist

Unknown senders blocked.

{ "channels": { "whatsapp": { "dmPolicy": "allowlist", "allowFrom": ["+1234567890"] } } }

open

Allow anyone. Requires allowFrom: ["*"].

{ "channels": { "whatsapp": { "dmPolicy": "open", "allowFrom": ["*"] } } }

Secure Baseline

{ "gateway": { "mode": "local", "bind": "loopback", "port": 18789, "auth": { "mode": "token", "token": "your-long-random-token" } }, "channels": { "whatsapp": { "dmPolicy": "pairing", "groups": { "*": { "requireMention": true } } } } } }