From 195c7c51c446ce8d956ee3f6f3ee1acc574ee822 Mon Sep 17 00:00:00 2001
From: dave <futurechimp@users.noreply.github.com>
Date: Tue, 24 Mar 2026 22:25:59 +0000
Subject: [PATCH] storkit: create
 389_story_whatsapp_phone_number_allowlist_authorization

---
 ...pp_phone_number_allowlist_authorization.md | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 .storkit/work/1_backlog/389_story_whatsapp_phone_number_allowlist_authorization.md

diff --git a/.storkit/work/1_backlog/389_story_whatsapp_phone_number_allowlist_authorization.md b/.storkit/work/1_backlog/389_story_whatsapp_phone_number_allowlist_authorization.md
new file mode 100644
index 0000000..3379a2a
--- /dev/null
+++ b/.storkit/work/1_backlog/389_story_whatsapp_phone_number_allowlist_authorization.md
@@ -0,0 +1,21 @@
+---
+name: "WhatsApp phone number allowlist authorization"
+---
+
+# Story 389: WhatsApp phone number allowlist authorization
+
+## User Story
+
+As a bot operator, I want to restrict which phone numbers can interact with the bot, so that only authorized users can send commands.
+
+## Acceptance Criteria
+
+- [ ] New optional allowed_phones list in bot.toml for WhatsApp (similar to Matrix allowed_users)
+- [ ] When configured, only messages from listed phone numbers are processed; all others are silently ignored
+- [ ] When not configured (empty or absent), all phone numbers are allowed (backwards compatible)
+- [ ] Unauthorized senders are logged but receive no response
+- [ ] The allowlist applies to all message types: commands, LLM conversations, and async commands (htop, delete)
+
+## Out of Scope
+
+- TBD