diff --git a/gateway/platforms/wecom.py b/gateway/platforms/wecom.py
index c11756430..5bec5baca 100644
--- a/gateway/platforms/wecom.py
+++ b/gateway/platforms/wecom.py
@@ -161,7 +161,15 @@ class WeComAdapter(BasePlatformAdapter):
         ).strip() or DEFAULT_WS_URL
 
         self._dm_policy = str(extra.get("dm_policy") or os.getenv("WECOM_DM_POLICY", "open")).strip().lower()
-        self._allow_from = _coerce_list(extra.get("allow_from") or extra.get("allowFrom"))
+        # dm_policy already honors WECOM_DM_POLICY, so the allowlist must honor
+        # WECOM_ALLOWED_USERS too. Without the env fallback an env-only setup
+        # (dm_policy=allowlist via env, no config extra) runs with an empty
+        # allowlist and drops every authorized DM at intake.
+        self._allow_from = _coerce_list(
+            extra.get("allow_from")
+            or extra.get("allowFrom")
+            or os.getenv("WECOM_ALLOWED_USERS", "")
+        )
 
         self._group_policy = str(extra.get("group_policy") or os.getenv("WECOM_GROUP_POLICY", "open")).strip().lower()
         self._group_allow_from = _coerce_list(extra.get("group_allow_from") or extra.get("groupAllowFrom"))
diff --git a/tests/gateway/test_wecom.py b/tests/gateway/test_wecom.py
index ad46a0bfb..c0999a980 100644
--- a/tests/gateway/test_wecom.py
+++ b/tests/gateway/test_wecom.py
@@ -285,6 +285,39 @@ class TestPolicyHelpers:
         assert adapter._is_dm_allowed("user-1") is True
         assert adapter._is_dm_allowed("user-2") is False
 
+    def test_dm_allowlist_honors_env_only_allowed_users(self, monkeypatch):
+        """Env-only setup (WECOM_DM_POLICY + WECOM_ALLOWED_USERS, no config
+        ``extra``) must populate the DM allowlist. Otherwise ``dm_policy:
+        allowlist`` runs with an empty allowlist and drops every listed user
+        at intake — the documented env vars become no-ops."""
+        from gateway.platforms.wecom import WeComAdapter
+
+        monkeypatch.setenv("WECOM_DM_POLICY", "allowlist")
+        monkeypatch.setenv("WECOM_ALLOWED_USERS", "user-1, user-2")
+
+        adapter = WeComAdapter(PlatformConfig(enabled=True))
+
+        assert adapter._dm_policy == "allowlist"
+        assert adapter._allow_from == ["user-1", "user-2"]
+        assert adapter._is_dm_allowed("user-1") is True
+        assert adapter._is_dm_allowed("user-2") is True
+        assert adapter._is_dm_allowed("stranger") is False
+
+    def test_dm_allowlist_extra_takes_precedence_over_env(self, monkeypatch):
+        """Config ``extra`` wins over the env fallback, so an explicit
+        allowlist is never silently widened by a stray WECOM_ALLOWED_USERS."""
+        from gateway.platforms.wecom import WeComAdapter
+
+        monkeypatch.setenv("WECOM_ALLOWED_USERS", "env-user")
+
+        adapter = WeComAdapter(
+            PlatformConfig(enabled=True, extra={"dm_policy": "allowlist", "allow_from": ["cfg-user"]})
+        )
+
+        assert adapter._allow_from == ["cfg-user"]
+        assert adapter._is_dm_allowed("cfg-user") is True
+        assert adapter._is_dm_allowed("env-user") is False
+
     def test_group_allowlist_and_per_group_sender_allowlist(self):
         from gateway.platforms.wecom import WeComAdapter