fix(whatsapp): resolve LID↔phone aliases in allowlist matching#3830
Merged
fix(whatsapp): resolve LID↔phone aliases in allowlist matching#3830
Conversation
WhatsApp DMs can arrive with LID sender IDs even when WHATSAPP_ALLOWED_USERS is configured with phone numbers. The allowlist check now reads bridge session mapping files (lid-mapping-*.json) to resolve phone↔LID aliases, matching users regardless of which identifier format the message uses. Both the Python gateway (_is_user_authorized) and the Node bridge (allowlist.js) now share the same mapping-file-based resolution logic. Co-authored-by: Frederico Ribeiro <fr@tecompanytea.com>
itsXactlY
pushed a commit
to itsXactlY/hermes-agent
that referenced
this pull request
Mar 30, 2026
…esearch#3830) WhatsApp DMs can arrive with LID sender IDs even when WHATSAPP_ALLOWED_USERS is configured with phone numbers. The allowlist check now reads bridge session mapping files (lid-mapping-*.json) to resolve phone↔LID aliases, matching users regardless of which identifier format the message uses. Both the Python gateway (_is_user_authorized) and the Node bridge (allowlist.js) now share the same mapping-file-based resolution logic. Co-authored-by: Frederico Ribeiro <fr@tecompanytea.com>
ozkikr
added a commit
to ozkikr/hermes-agent
that referenced
this pull request
Apr 1, 2026
Local patch until upstream PR NousResearch#3830 lands. Resolves LID format issues that caused message sender identification failures.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Salvage of the LID mapping fix from PR #1863. The rest of that PR (unauthorized_dm_behavior, WHATSAPP_REPLY_PREFIX, config version bumps, planning doc) was either already on main or unrelated.
Problem
WhatsApp DMs can arrive with LID sender IDs (e.g.
900000000000001@lid) even whenWHATSAPP_ALLOWED_USERSis configured with phone numbers (e.g.15550000001). The existing allowlist check only stripped the@suffix but didn't resolve the phone↔LID mapping, so valid users were denied.Fix
Both the Python gateway and Node bridge now read the bridge session mapping files (
lid-mapping-*.json) to resolve phone↔LID aliases:_normalize_whatsapp_identifier()strips JID/LID syntax,_expand_whatsapp_auth_aliases()walks mapping files to build a full alias set._is_user_authorized()expands both the allowlist entries and the sender ID before matching.bridge.jsnow usesmatchesAllowedUser()instead of a simple array.includes().Tests
Closes #1863
EOF; __hermes_rc=$?; printf 'HERMES_FENCE_a9f7b3'; exit $__hermes_rc