The config loader now searches multiple paths for sms-sites.json
(REPO_ROOT-based, /app/, and CWD-relative) so it works regardless
of deployment environment. When config can't be loaded, the auth
check fails open (allows messages through) rather than blocking
everything. The isOwnNumber check still returns false when config
is unavailable since we can't identify our own numbers without it.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Two bugs fixed:
1. SMS echo loop: Telnyx delivers our own outbound messages back to the
webhook, causing the system to process its own replies as new requests.
Added isOwnNumber() check to skip messages from system phone numbers.
2. Sender authorization: Added findAuthorizedSite() to verify that the
sender is in the allowedSenders list for the receiving phone number,
preventing unauthorized messages from being processed.
3. Empty manifest: The server Dockerfile runs from /app/server/ but
REPO_ROOT defaulted to '.', causing content/sections/ to resolve to
/app/server/content/sections/ (doesn't exist) instead of
/app/content/sections/. Added ENV REPO_ROOT=/app to the Dockerfile.
Added new sms/config.ts module that loads config/sms-sites.json at
runtime (with 60-second cache) and provides isOwnNumber() and
findAuthorizedSite() checks.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Log the message text for regular SMS: "Received text" with text content
- Log "Received image" for MMS messages without the content
- Includes masked phone number and message ID in both cases
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
