Summary

Describe the problem and fix in 2–5 bullets:

• Problem: Main-session turns that originate from webchat (TUI/gateway client) can reuse a previously persisted external delivery route (for example WhatsApp), which causes replies to fan out to the wrong surface.
• Why it matters: Control-surface messages should stay on the control surface; leaking those replies to external channels is user-visible and can send unintended content.
• What changed: Adjusted resolveLastChannelRaw and resolveLastToRaw to prefer webchat origin routing when the session key is the main session (agent:<id>:main), then added a regression test that reproduces the leak and validates webchat pinning.
• What did NOT change (scope boundary): Internal non-webchat handoff channels (for example sessions_send) still preserve persisted external fallback behavior; non-main session behavior is unchanged.

Change Type (select all)

• Bug fix
• Feature
• Refactor
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes [Bug]: Main session replies fan out to all connected surfaces instead of pinning to originating channel #33201
• Related fix(heartbeat): route exec and cron events back to originating channel #32297

User-visible / Behavior Changes

Main-session replies triggered from webchat/TUI now stay on webchat instead of reusing a stale external route (for example WhatsApp).

Security Impact (required)

• New permissions/capabilities? (No)
• Secrets/tokens handling changed? (No)
• New/changed network calls? (No)
• Command/tool execution surface changed? (No)
• Data access scope changed? (No)
• If any Yes, explain risk + mitigation:

Repro + Verification

Environment

• OS: macOS (dev)
• Runtime/container: Node 22 + pnpm
• Model/provider: N/A (routing/session behavior)
• Integration/channel (if any): webchat main session + persisted external route
• Relevant config (redacted): session store with main entry persisted as external channel route

Steps

1. Seed session store so agent:main:main has persisted lastChannel=whatsapp, lastTo=<phone>.
2. Initialize a turn on that same session with OriginatingChannel=webchat and OriginatingTo=session:webchat-main.
3. Inspect resolved session delivery context.

Expected

• Main-session reply route remains on webchat for that turn (lastChannel=webchat, lastTo=session:webchat-main).

Actual

• Before fix, routing reused persisted external route (lastChannel=whatsapp) and could deliver to the wrong channel.

Evidence

Attach at least one:

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Human Verification (required)

What you personally verified (not just CI), and how:

• Verified scenarios:
  • Added regression test: prefers webchat route over persisted external route for main session turns.
  • Ran full src/auto-reply/reply/session.test.ts to ensure routing behavior remains coherent.
• Edge cases checked:
  • Non-webchat internal channels still preserve persisted external fallback behavior.
  • Non-main session behavior remains unchanged.
• What you did not verify:
  • Live multi-channel delivery against real WhatsApp/TUI runtime.

Compatibility / Migration

• Backward compatible? (Yes)
• Config/env changes? (No)
• Migration needed? (No)
• If yes, exact upgrade steps:

Failure Recovery (if this breaks)

• How to disable/revert this change quickly: Revert this PR commit.
• Files/config to restore: src/auto-reply/reply/session-delivery.ts, src/auto-reply/reply/session.test.ts.
• Known bad symptoms reviewers should watch for: webchat main-session turns unexpectedly delivering to stale external channels.

Risks and Mitigations

List only real risks for this PR. Add/remove entries as needed. If none, write None.

• Risk: Main-session webchat messages no longer inherit a previous external route in cases where users intentionally relied on that implicit fallback.
  • Mitigation: Scope is intentionally narrow to main-session + webchat origin only; tests preserve existing behavior for non-webchat internal channels.