Bug Description

Isolated cron sessions (sessionTarget: "isolated" with agentTurn kind) can pick up an incorrect delivery target from session context, causing messages to be routed to the wrong channel/chat.

What Happened

1. Calendar reminder cron job configured with:

   • channel: "telegram"
   • sessionTarget: "isolated"
   • deliver: true

2. The isolated session picked up a WhatsApp phone number from recent main session context

3. Cron tried to deliver the calendar reminder to that WhatsApp number via Telegram

4. Telegram rejected it (invalid chat_id format), so no data leaked

Error

Error: Telegram send failed: chat not found (chat_id=+XXXXXXXXXXX).
Likely: bot not started in DM, bot removed from group/channel, group migrated, or wrong bot token.

Expected Behavior

Cron jobs should deliver to a stable, predictable target — either:

1. The channel's owner/default chat (from config, e.g. allowFrom)
2. An explicit target field in the cron payload

Proposed Fix

Add an optional target field to cron payload:

{
  "kind": "agentTurn",
  "deliver": true,
  "channel": "telegram",
  "target": "CHAT_ID"
}

If not specified, fall back to the channel's configured owner or first allowlisted user.

Impact

• Privacy risk: Sensitive calendar/meeting info (titles, participants, join links) could be routed to wrong recipients
• Current mitigation: Telegram rejects invalid chat_ids, so cross-channel routing fails safely
• Potential issue: If the wrong target is a valid Telegram chat, data would leak

Environment

• Clawdbot version: 2026.1.24-3
• Multiple channels enabled: Telegram, WhatsApp, Slack
• Cron job: calendar-reminder (every 60s, agentTurn, isolated, deliver to telegram)