Greptile Summary

This PR fixes a bug where native Telegram slash commands in group chats were incorrectly using the DM allowlist (normalizeDmAllowFromWithStore) for sender authorization, causing users listed only in groupAllowFrom to be rejected. The fix branches the allowlist selection on isGroup — using effectiveGroupAllow (already resolved from groupAllowFrom and per-group/topic overrides) for groups, and normalizeDmAllowFromWithStore only for DMs.

• The change is minimal and surgical — only the final allow resolution is affected.
• The DM code path preserves identical behavior to before (storeAllowFrom is passed unchanged in the non-group branch).
• The effectiveGroupAllow variable was already being correctly computed higher up in the function via resolveTelegramGroupAllowFromContext, so no new logic is introduced.
• No issues found with edge cases (e.g. unconfigured allowlists still result in hasEntries: false, maintaining open access parity with the old behavior).

Confidence Score: 5/5

• This PR is safe to merge — the fix is minimal, well-scoped, and correctly addresses the root cause.
• The change is a single, focused branch on isGroup to select the correct allowlist. The effectiveGroupAllow value was already computed correctly earlier in the same function, so the fix reuses existing logic without introducing new complexity. DM behavior is unchanged. No regressions were identified.
• No files require special attention.

_{Last reviewed commit: 63e5644}

Thanks for the PR! This duplicates #29175, which was submitted first with the same group allowlist fix for native command auth. Closing in favor of the earlier submission. This is an AI-assisted triage review. If we got this wrong, feel free to reopen or start a new PR — happy to revisit.