Summary

• Problem: session-delivery.ts treated any session key containing :direct: or :dm: as eligible for WebChat route override, even when the key shape was malformed.
• Why it matters: malformed or non-chat session keys could poison persisted lastChannel / lastTo routing state during internal WebChat turns.
• What changed: the routing override now accepts only strict supported direct-session shapes, including legacy :dm: keys and direct thread/topic descendants.
• What did NOT change (scope boundary): deriveSessionChatType() remains best-effort for broader classification; this PR only hardens the routing-affecting override path.

Change Type (select all)

• Bug fix
• Feature
• Refactor
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes #
• Related fix(session): keep direct WebChat replies on WebChat #37135

User-visible / Behavior Changes

WebChat route overrides now apply only to canonical direct-session keys instead of any key that happens to contain a direct / dm token.

Security Impact (required)

• New permissions/capabilities? (Yes/No) No
• Secrets/tokens handling changed? (Yes/No) No
• New/changed network calls? (Yes/No) No
• Command/tool execution surface changed? (Yes/No) No
• Data access scope changed? (Yes/No) No
• If any Yes, explain risk + mitigation:

Repro + Verification

Environment

• OS: macOS
• Runtime/container: Node 22 + pnpm workspace
• Model/provider: N/A
• Integration/channel (if any): WebChat / session routing
• Relevant config (redacted): default session store, dmScope coverage via tests

Steps

1. Persist an external lastChannel / lastTo for a session.
2. Send a WebChat-originated turn with a malformed session key like agent:main:cron:job-1:dm or agent:main:main:direct.
3. Confirm the persisted external route is preserved.
4. Repeat with valid direct-session keys such as agent:main:telegram:direct:123456 and confirm WebChat still overrides routing.

Expected

• Valid direct-session keys continue to let WebChat own direct-session UI routing.
• Malformed direct-like keys do not override persisted external routing.

Actual

• Verified by targeted unit coverage and existing session routing tests.

Evidence

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Human Verification (required)

What you personally verified (not just CI), and how:

• Verified scenarios: strict direct keys, legacy :dm: keys, per-account direct keys, direct thread/topic keys, and malformed direct-like keys.
• Edge cases checked: main, cron, subagent, missing peer ids, and unsupported suffixes no longer qualify for WebChat override.
• What you did not verify: live Gateway/WebSocket repro against a running external deployment.

Compatibility / Migration

• Backward compatible? (Yes/No) Yes
• Config/env changes? (Yes/No) No
• Migration needed? (Yes/No) No
• If yes, exact upgrade steps:

Failure Recovery (if this breaks)

• How to disable/revert this change quickly: revert this PR.
• Files/config to restore: src/auto-reply/reply/session-delivery.ts
• Known bad symptoms reviewers should watch for: valid direct-session WebChat turns unexpectedly preserving stale external routes.

Risks and Mitigations

• Risk: strict matching could reject a valid direct-session variant that was previously accepted implicitly.
  • Mitigation: test coverage includes supported canonical, legacy, per-account, and thread/topic direct shapes.