Skip to content

fix: harden sessions_spawn delivery params and telegram multi-account fallback isolation#31188

Merged
steipete merged 1 commit intomainfrom
fix/session-isolation-31000-31110
Mar 2, 2026
Merged

fix: harden sessions_spawn delivery params and telegram multi-account fallback isolation#31188
steipete merged 1 commit intomainfrom
fix/session-isolation-31000-31110

Conversation

@steipete
Copy link
Copy Markdown
Contributor

@steipete steipete commented Mar 2, 2026

Summary

  • reject unsupported delivery/routing params in sessions_spawn (target, channel, to, threadId, replyTo, transport) with explicit tool-input errors
  • fail closed for non-default Telegram accounts when routing falls back to matchedBy=default
  • add targeted regression coverage and document unsupported sessions_spawn delivery params

Testing

  • pnpm exec vitest run src/agents/tools/sessions-spawn-tool.test.ts src/telegram/bot.create-telegram-bot.test.ts

Fixes #31000
Fixes #31110

@cursor
Copy link
Copy Markdown

cursor bot commented Mar 2, 2026
edited
Loading

PR Summary

Medium Risk
Changes message/tool routing behavior: some sessions_spawn calls will now hard-fail on previously ignored params, and Telegram DMs for non-default accounts may be dropped unless explicitly bound.

Overview
Prevents sessions_spawn from being used as an implicit channel-delivery mechanism by rejecting routing/delivery-like params (e.g. target, channel, to, threadId, replyTo, transport) with a ToolInputError, and adds regression tests + docs guidance to use message/sessions_send instead.

Hardens Telegram multi-account isolation by dropping inbound messages when a non-default account’s route resolution falls back to matchedBy="default", avoiding cross-account DM/session contamination; includes targeted test coverage and changelog entries.

Written by Cursor Bugbot for commit 14f324c. This will update automatically on new commits. Configure here.

@steipete steipete merged commit b0c7f1e into main Mar 2, 2026
10 checks passed
@steipete steipete deleted the fix/session-isolation-31000-31110 branch March 2, 2026 02:35
@openclaw-barnacle openclaw-barnacle bot added docs Improvements or additions to documentation channel: telegram Channel integration: telegram agents Agent runtime and tooling size: S maintainer Maintainer-authored PR labels Mar 2, 2026
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Mar 2, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 14f324cbb7

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

src/telegram/bot-message-context.ts
});
// Fail closed for named Telegram accounts when route resolution falls back to
// default-agent routing. This prevents cross-account DM/session contamination.
if (route.accountId !== DEFAULT_ACCOUNT_ID && route.matchedBy === "default") {
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot Mar 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Scope non-default fallback drops to multi-account configurations

The new matchedBy === "default" guard drops all inbound traffic for any non-default Telegram account, including valid single-account deployments that only define a named account (for example accounts.opie) and rely on default routing. Because those installs commonly have no bindings, resolveAgentRoute returns matchedBy: "default" and this branch returns null, so every message is silently discarded until users add bindings. Please gate this fail-closed behavior to true multi-account risk cases (or another explicit opt-in), otherwise this change is a hard regression for named single-account setups.

Useful? React with 👍 / 👎.

@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps bot commented Mar 2, 2026

Greptile Summary

This PR hardens two security and correctness issues:

  • sessions_spawn parameter validation: Added explicit rejection of unsupported delivery/routing parameters (target, channel, to, threadId, replyTo, transport) with clear error messages directing users to use message or sessions_send tools instead. This prevents silent failures where delivery intent could leak to parent conversations.

  • Telegram multi-account isolation: Implemented fail-closed behavior for non-default Telegram accounts when route resolution falls back to matchedBy=default. This prevents cross-account DM/session contamination by requiring explicit account bindings for named accounts.

Both changes include comprehensive test coverage and documentation updates. The implementation correctly validates parameters before processing and applies the account isolation check early in the message handling pipeline.

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • Score reflects well-tested security hardening with clear architectural improvements. Both changes include targeted regression tests, proper error handling, and documentation. The changes are breaking but necessary for correctness - preventing silent failures in sessions_spawn and cross-account contamination in Telegram routing.
  • No files require special attention

Last reviewed commit: 14f324c

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

agents Agent runtime and tooling channel: telegram Channel integration: telegram docs Improvements or additions to documentation maintainer Maintainer-authored PR size: S

Projects

None yet

Milestone

No milestone

1 participant

@steipete