fix: ensure ALLOWED_CHAT_IDS is correctly passed to prevent telegram chat restriction bypass

[dmibaranov]

Telegram chat restriction bypass.

Summary

The current implementation fails to propagate the ALLOWED_CHAT_IDS environment variable to the Telegram bridge child process. This results in a security bypass where any user can interact with the bot regardless of the whitelist settings.

Steps to reproduce:

$ env | grep ALLOWED
ALLOWED_CHAT_IDS=<redacted>
$ nemoclaw start
[services] telegram-bridge started (PID 42541)
...
$ ps -wwp 42541 -E | grep ALLOWED | echo "missed"
missed

Related Issue

Bug: ALLOWED_CHAT_IDS doesn't work

Changes

• ALLOWED_CHAT_IDS env var propagation

Type of Change

• Code change for a new feature, bug fix, or refactor.
• Code change with doc updates.
• Doc only. Prose changes without code sample modifications.
• Doc only. Includes code sample changes.

Testing

• npx prek run --all-files passes (or equivalently make check).
• npm test passes.
• make docs builds without warnings. (for doc-only changes)

Checklist

General

• I have read and followed the contributing guide.

Code Changes

• Formatters applied — npx prek run --all-files auto-fixes formatting (or make format for targeted runs).
• Tests added or updated for new or changed behavior.
• No secrets, API keys, or credentials committed.
• Doc pages updated for any user-facing behavior changes (new commands, changed defaults, new features, bug fixes that contradict existing docs).

Summary by CodeRabbit

• New Features

  • Added support for configuring allowed Telegram chat IDs in deployment credentials. This credential is automatically included in the deployment environment only when a Telegram bot token is configured.

• Tests

  • Added test coverage for Telegram credential handling logic.

[coderabbitai]

📝 Walkthrough

Walkthrough

Added optional ALLOWED_CHAT_IDS credential field to DeployCredentials interface and implemented conditional environment variable logic that includes ALLOWED_CHAT_IDS only when TELEGRAM_BOT_TOKEN is present. Comprehensive test cases verify both inclusion and omission scenarios.

Changes

Cohort / File(s)	Summary
Telegram Credential Handling src/lib/deploy.ts, src/lib/deploy.test.ts	Added optional ALLOWED_CHAT_IDS field to DeployCredentials interface. Implemented conditional logic in buildDeployEnvLines to emit ALLOWED_CHAT_IDS only when TELEGRAM_BOT_TOKEN is set and ALLOWED_CHAT_IDS is non-empty. Added test cases validating both inclusion and omission scenarios.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 With whiskers twitching, I've designed,
A Telegram guard of the thoughtful kind,
Chat IDs appear when tokens are true,
Vanish away when they're missing too! 🌳
Logic so neat, conditions so fine,
Testing it twice—chef's kiss, divine!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly describes the main change: adding ALLOWED_CHAT_IDS credential handling to prevent telegram chat restriction bypass, which aligns with the core objective of propagating the environment variable to enforce security.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[wscurran]

✨ Thanks for submitting this PR with a detailed summary to address a potential security issues with Telegram integration.

[coderabbitai]

🧹 Nitpick comments (1)

src/lib/deploy.test.ts (1)

76-78: Optionally assert ALLOWED_CHAT_IDS is emitted exactly once.

This would guard against future regressions where the key might reappear via both the generic and conditional paths.

Proposed test hardening

   expect(envLines).toContain("TELEGRAM_BOT_TOKEN='123456:telegram-token'");
   expect(envLines).toContain("ALLOWED_CHAT_IDS='111,222'");
+  expect(envLines.filter((line) => line.startsWith("ALLOWED_CHAT_IDS="))).toHaveLength(1);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/deploy.test.ts` around lines 76 - 78, The test in deploy.test.ts
currently checks that envLines contains "ALLOWED_CHAT_IDS='111,222'" but doesn't
ensure it appears only once; update the test around the existing
expect(envLines).toContain(...) assertions to also assert the key is emitted
exactly once by counting occurrences (e.g., filter envLines for entries starting
with or matching "ALLOWED_CHAT_IDS=" and expect the count to equal 1) so
duplicates from generic and conditional paths are detected.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@src/lib/deploy.test.ts`:
- Around line 76-78: The test in deploy.test.ts currently checks that envLines
contains "ALLOWED_CHAT_IDS='111,222'" but doesn't ensure it appears only once;
update the test around the existing expect(envLines).toContain(...) assertions
to also assert the key is emitted exactly once by counting occurrences (e.g.,
filter envLines for entries starting with or matching "ALLOWED_CHAT_IDS=" and
expect the count to equal 1) so duplicates from generic and conditional paths
are detected.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 563177da-3350-4adb-a018-face5c7cdcb7

📥 Commits

Reviewing files that changed from the base of the PR and between 90c28ae and 90a09ec.

📒 Files selected for processing (2)

• src/lib/deploy.test.ts
• src/lib/deploy.ts