[Phase 1.3.2] Fix allow_from to default-deny on empty list #21
Description
Phase
Phase 1 — Critical Security | Track 1.3 — Authentication & Access | Priority: P1 HIGH
Vulnerability Details
Files: Gateway channel implementations (telegram.py, discord.py, slack.py)
CWE: CWE-284 — Improper Access Control
The `allow_from` config has ambiguous semantics. SECURITY.md says empty = deny all, but code may treat it as allow all depending on implementation.
Fix
- Explicit default-deny: empty `allow_from` = no one allowed
- Log WARNING when allow_from is empty (likely misconfiguration)
- Add `"allow_from": ["*"]` syntax for explicit allow-all
- Consistent behavior across all channel implementations
Acceptance Criteria
- Empty allow_from blocks all users with WARNING log
- Explicit `["*"]` required for allow-all
- Behavior consistent across Telegram, Discord, Slack, Twitch, MQTT
- Security tests for each channel type
- Documentation updated
References
- CWE-284
- Design Doc:
docs/plans/2026-03-29-security-ai-guardrails-performance-design.md