fix(gateway): enforce auth check in busy-session path to prevent unauthorized injection (#17775)

[Bartok9]

Summary

Adds the missing _is_user_authorized() gate at the top of _handle_active_session_busy_message(), closing an authorization bypass in shared-thread contexts.

Problem

When thread_sessions_per_user=False (the default), all participants in a Slack thread / Telegram forum topic / Discord thread share one session_key. The cold path (_handle_message) correctly calls _is_user_authorized() before creating a session, but the busy path — reached when an active session already exists — skipped this check entirely.

This allowed unauthorized users to:

• Inject text into _pending_messages (queued as the next user turn)
• Trigger agent.interrupt() with their content
• Receive public acknowledgment ("⚡ Interrupting current task...")
• Be directly addressed by the bot in subsequent responses

Confirmed in production (Slack, v2026.4.23).

Fix

A single authorization check at the entry point of _handle_active_session_busy_message(), before any queueing, steering, or interrupt logic:

if not self._is_user_authorized(event.source):
    logger.warning(...)
    return True  # silently dropped

This mirrors the cold-path gate and uses the same source of truth (per-platform allowlists, group allowlists, pairing store, allow-all flags).

Tests

Added tests/gateway/test_busy_session_auth_bypass.py with 4 focused test cases:

• Unauthorized user dropped silently (no queue, no interrupt, no ack)
• Authorized user still processed normally
• Unauthorized user blocked even during drain mode
• Unauthorized user cannot steer an active agent

All existing test_busy_session_ack.py tests (15) continue to pass.

Severity

P0 security — cross-user session contamination with confirmed real-world exploitation.

Closes #17775

[teknium1]

Merged via #17920 — your commit was cherry-picked onto current main with authorship preserved via rebase-merge (commit fbb3775). Clean P0 security fix and solid test coverage — thanks @Bartok9!