Suppress protected Telegram group runtime replies#30
Merged
Vardominator merged 1 commit intoMar 13, 2026
Conversation
Vardominator
deleted the
fix/telegram-protected-group-runtime-suppression
branch
There was a problem hiding this comment.
Pull request overview
This PR adds a runtime-layer safeguard to prevent OpenClaw from dispatching any outbound replies (including synthetic runtime error payloads) in protected Telegram group sessions, while keeping the existing telegram-group-allowlist-guard plugin as a secondary, fail-closed enforcement layer.
Changes:
- Introduces a build-time patcher that injects protected Telegram group suppression logic into the OpenClaw runtime dispatcher (
dispatch-from-config.ts). - Updates the
telegram-group-allowlist-guardplugin to better resolve protected account identity (includingagentIdfallbacks) and adds tests for fail-closed behavior when outbound metadata is missing. - Updates the custom
core-humanDockerfile to apply the patch and rebuild the runtime, plus docs clarifying why runtime-layer enforcement is required.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
tests/telegram-group-allowlist-guard.test.ts |
Adds coverage for fail-closed protected group sends/tool blocking when accountId is missing and agentId fallback is used. |
tests/apply-protected-group-reply-suppression.test.ts |
Adds a unit test validating the runtime patch injection is applied and idempotent. |
instances/core-human/config/openclaw-runtime-patches/apply-protected-group-reply-suppression.mjs |
Implements the build-time patcher that injects suppression logic into the runtime dispatcher. |
instances/core-human/config/extensions/telegram-group-allowlist-guard/index.ts |
Adjusts account resolution logic and adds a fail-closed path for protected group sends when metadata is missing. |
instances/core-human/config/Dockerfile.custom |
Applies the patch during image build and rebuilds the runtime output. |
docs/BOT_ACCESS_SETUP.md |
Documents read-only group mode and clarifies that plugin-only enforcement isn’t a strict no-send guarantee. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Comment on lines
+88
to
+91
| const enabledAccounts = new Set(asLowerStringList(pluginConfig.enabledAccounts)); | ||
| if (enabledAccounts.size === 0) { | ||
| return undefined; | ||
| } |
Comment on lines
+78
to
+81
| const pluginEntry = cfg.plugins?.entries?.[TELEGRAM_GROUP_ALLOWLIST_GUARD_PLUGIN_ID]; | ||
| if (!pluginEntry || pluginEntry.enabled === false) { | ||
| return undefined; | ||
| } |
Comment on lines
865
to
+871
| if (!accountId || !isAccountEnabled(accountId, enabledAccounts)) { | ||
| if (parsedTo.kind === "group" && blockAllGroupReplies && enabledAccounts.size > 0) { | ||
| api.logger.info?.( | ||
| `telegram-group-allowlist-guard: cancelled group send -> ${toTarget} (missing protected account context; failing closed)`, | ||
| ); | ||
| return { cancel: true }; | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Problem
Davis and Marvin were still able to emit synthetic runtime error replies in Telegram groups, including provider billing failures. The earlier plugin change blocked normal assistant and tool replies, but it did not stop OpenClaw from generating and dispatching its own runtime error payloads.
Changes
Verification
Notes