From 29425e27e5f238bdacbc83c72a95b42f7951f459 Mon Sep 17 00:00:00 2001
From: Mark Liu <liuxiaopai-ai@users.noreply.github.com>
Date: Sun, 8 Feb 2026 01:43:19 +0800
Subject: [PATCH] fix(telegram): match DM allowFrom against sender user id

Telegram DM access-control incorrectly used chatId as the allowFrom match key.

For DMs, allowFrom entries are typically Telegram user ids (msg.from.id) and/or @usernames. Using chatId causes legitimate DMs to be rejected or silently dropped even when dmPolicy is open/allowlist.

This change matches allowFrom against the sender's user id when available, falling back to chatId only if msg.from.id is missing.

Tests: existing telegram DM/thread routing tests pass.

Closes #4515
---
 src/telegram/bot-message-context.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/telegram/bot-message-context.ts b/src/telegram/bot-message-context.ts
index dfca10a74d..a1145f3d25 100644
--- a/src/telegram/bot-message-context.ts
+++ b/src/telegram/bot-message-context.ts
@@ -229,8 +229,9 @@ export const buildTelegramMessageContext = async ({
     }
 
     if (dmPolicy !== "open") {
-      const candidate = String(chatId);
       const senderUsername = msg.from?.username ?? "";
+      const senderUserId = msg.from?.id != null ? String(msg.from.id) : null;
+      const candidate = senderUserId ?? String(chatId);
       const allowMatch = resolveSenderAllowMatch({
         allow: effectiveDmAllow,
         senderId: candidate,