Telegram channel: silent-drop all messages from unapproved senders when dmPolicy is "allowlist"

Resolved 💬 3 comments Opened Apr 8, 2026 by chirag1712 Closed May 21, 2026

Summary

When dmPolicy is set to allowlist, the bot currently responds to /start, /help, and /status commands from any sender — including unapproved ones. This reveals that the bot is active and connected to a Claude Code session, which is an unnecessary information leak.

Expected behavior

In allowlist mode, the bot should silently drop all messages and commands from senders not in allowFrom. No reply, no acknowledgement. The bot should be effectively invisible to unapproved senders.

Current behavior

  • /start → responds with pairing instructions (confirms bot is live)
  • /help → responds with usage info (confirms bot is live)
  • /status → responds with "Not paired. Send me a message to get a pairing code." (confirms bot is live)

Why this matters

Users in allowlist mode have explicitly locked down access. Any response to an unapproved sender leaks that the bot exists and is connected to a Claude Code session. This is relevant for users doing security testing or running the bot on a shared/known token.

Suggested fix

In each command handler, check if the sender is in allowFrom before replying. If not, return without calling ctx.reply. Same pattern the existing gate() function already uses for regular messages.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗