## Summary Enhance the existing `[telegram]` config section (from PR #1297) with group-level trust policy, aligning with the full Phase 1 architecture. ## Current State - `[telegram]` section exists with `allow_all_users` / `allowed_users` (PR #1297) - Default: `allow_all_users = false` (deny-all) - No group-level policy ## Target State ```toml [telegram] allowed_users = ["123456789", "987654321"] # allow_all_users = true # explicit opt-in # Optional: group-level trust (similar to LINE) # Consider whether Telegram groups need open/members policy ``` ## Tasks - [x] ~~Wire Telegram trust through `PlatformTrustConfigs` registry~~ — already done on main: `src/main.rs` inserts `telegram` from the resolved `[telegram]` section (or `TELEGRAM_*` env), overriding the uniform `GATEWAY_*` seed - [ ] Consider group policy for Telegram groups (@mention pattern similar to LINE) - [ ] Ensure `is_bot` derivation uses `message.from.is_bot` (native field) - [ ] Deny-echo via reply in-chat - [ ] Deprecate `GATEWAY_ALLOW_ALL_USERS` / `GATEWAY_ALLOWED_USERS` for Telegram - [ ] Verify cron platform support (PR #1315 added Telegram cron jobs) ## Notes - Sender ID: stringified integer (e.g., `"123456789"`) — do NOT use `@username` - `[telegram]` section already partially implemented and wired into the trust registry — this is enhancement, not greenfield - Telegram cron support (#1315) means Telegram events come from both gateway AND cron paths ## Refs - Umbrella: #1356 - ADR: #1291 - Existing: #1297 (Telegram allow_all_users) - Cron support: #1315
Summary
Enhance the existing
[telegram]config section (from PR #1297) with group-level trust policy, aligning with the full Phase 1 architecture.Current State
[telegram]section exists withallow_all_users/allowed_users(PR feat(telegram): add allow_all_users/allowed_users to [telegram] config #1297)allow_all_users = false(deny-all)Target State
Tasks
Wire Telegram trust through— already done on main:PlatformTrustConfigsregistrysrc/main.rsinsertstelegramfrom the resolved[telegram]section (orTELEGRAM_*env), overriding the uniformGATEWAY_*seedis_botderivation usesmessage.from.is_bot(native field)GATEWAY_ALLOW_ALL_USERS/GATEWAY_ALLOWED_USERSfor TelegramNotes
"123456789") — do NOT use@username[telegram]section already partially implemented and wired into the trust registry — this is enhancement, not greenfieldRefs