- Validate that WhatsApp preview webhook test sessions belong to the
authorized typebot before resuming them.
- Require the preview session to still be waiting on the requested
webhook block.
- Share WhatsApp preview phone normalization between preview creation
and test webhook execution.
- Scope `result` lookup in `handleExecuteWebhook` to the authorized
`typebotId`, closing a cross-tenant IDOR where a caller with read access
to one typebot could resume another typebot's waiting webhook session by
supplying a foreign `resultId`.
