Telegram channel: silent-drop all messages from unapproved senders when dmPolicy is "allowlist"
Summary
When dmPolicy is set to allowlist, the bot currently responds to /start, /help, and /status commands from any sender — including unapproved ones. This reveals that the bot is active and connected to a Claude Code session, which is an unnecessary information leak.
Expected behavior
In allowlist mode, the bot should silently drop all messages and commands from senders not in allowFrom. No reply, no acknowledgement. The bot should be effectively invisible to unapproved senders.
Current behavior
/start→ responds with pairing instructions (confirms bot is live)/help→ responds with usage info (confirms bot is live)/status→ responds with "Not paired. Send me a message to get a pairing code." (confirms bot is live)
Why this matters
Users in allowlist mode have explicitly locked down access. Any response to an unapproved sender leaks that the bot exists and is connected to a Claude Code session. This is relevant for users doing security testing or running the bot on a shared/known token.
Suggested fix
In each command handler, check if the sender is in allowFrom before replying. If not, return without calling ctx.reply. Same pattern the existing gate() function already uses for regular messages.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗