// src/security/audit.ts(简化)
if (dmPolicy === "open") {
findings.push({
checkId: `channels.${provider}.dm.open`,
severity: "critical", // 最高严重级别
title: `${label} DMs are open`,
detail: `dmPolicy="open" allows anyone to DM the bot.`,
remediation: "Use pairing/allowlist...",
});
}
channels.whatsapp.dm.open_invalid: "open" requires allowFrom to include "*".
if (dmScope === "main" && isMultiUserDm) {
findings.push({
severity: "warn",
title: `${label} DMs share the main session`,
detail: "Multiple DM senders share the main session, which can leak context across users.",
remediation: 'Set session.dmScope="per-channel-peer" to isolate DM sessions per sender.',
});
}