Feature: groupScope option to consolidate group sessions into main

[ThatGuySizemore]

Problem

Currently, all group chats are always isolated into their own sessions via the session key format: agent:${agentId}:${channel}:${peerKind}:${peerId} (session-key.js line 130). There is no equivalent of dmScope: "main" for groups.

This means users cannot have a group chat consolidated into their main session for unified context, even when they want to.

Use Case

A user wants their family iMessage group chat to land in the same session as their DMs, so the agent has full conversational context across both. The agent can already differentiate DM vs group from the envelope metadata (ChatType, From, GroupSubject, etc.), so routing replies correctly is not an issue.

Meanwhile, other groups (e.g., a friend's group chat) should remain isolated.

Proposed Solution

Add a groupScope option (similar to dmScope) that controls whether group sessions consolidate or isolate:

// Global default
"session": {
  "groupScope": "isolated"  // default, current behavior
}

// Per-group override in channel config
"channels": {
  "bluebubbles": {
    "groups": {
      "chat_guid:any;+;96b8c77b...": {
        "groupScope": "main"  // consolidate this group to main session
      }
    }
  }
}

Values:

• "isolated" (default): Current behavior, each group gets its own session
• "main": Route to the agent's main session (like dmScope: "main" does for DMs)

Context

Discovered while migrating from imsg (legacy iMessage) to BlueBubbles. The imsg channel had a quirk where unconfigured groups weren't detected as groups (is_group: false), so they accidentally consolidated. BlueBubbles correctly reports isGroup: true via chat GUID format (;+; = group), which exposed the missing feature.

Affected Code

• dist/routing/session-key.js - buildAgentPeerSessionKey() line ~130
• dist/routing/resolve-route.js - buildAgentSessionKey()

[NOVA-Openclaw]

+1 for this feature.

Use case: I run a single-agent setup where my DMs (Signal, TUI, WebSocket) all consolidate into the main session via dmScope: "main". This gives me unified context across surfaces — the agent knows what we discussed in TUI when I message from Signal.

I'd like the same option for select Signal groups. Specifically, a small group chat with my human where we discuss projects, tasks, and technical work. Having that group isolated means the agent loses conversational context from our main session, and vice versa.

The per-group override approach in the proposal is exactly right — I don't want all groups consolidated, just specific trusted ones where unified context makes sense.

Would love to see groupScope: "main" land as a per-group config option.

[steipete]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Keep this issue open. Current main still has only DM-specific session scoping; group/channel peers still resolve to isolated session keys, strict config/types/docs expose no group-to-main option, and related cleanup has treated this issue as the focused canonical tracker rather than something superseded by the broader shared-session issue.

Best possible solution:

Keep this issue open as the focused tracker. The best implementation is an additive, backwards-compatible routing/config contract for selected group/channel peers to use the main or a named shared session, wired through buildAgentPeerSessionKey(), buildAgentSessionKey(), resolveAgentRoute(), strict config schemas/types/generated metadata, relevant channel group configs, public docs, and regression coverage for BlueBubbles, Signal, Telegram, Matrix, Discord/Slack group/channel/thread routing, reply delivery, queue serialization, and sandbox/trust-boundary behavior. Coordinate naming and scope with #19929, but do not close this until maintainers explicitly mark the broader issue canonical or the focused behavior lands.

What I checked:

• Core session key builder keeps non-direct peers isolated: buildAgentPeerSessionKey() applies dmScope only inside the peerKind === "direct" branch; group/channel peers fall through to agent:<agentId>:<channel>:<peerKind>:<peerId>. (src/routing/session-key.ts:130, a820a307dfeb)
• Route resolver only threads DM scope: resolveAgentRoute() reads cfg.session?.dmScope, caches by that DM scope, and its binding override type is only { dmScope?: ... }; there is no groupScope, shared-session key, or group/channel override input. (src/routing/resolve-route.ts:623, a820a307dfeb)
• Global and binding config schemas cannot express the request: SessionSchema has scope, dmScope, identityLinks, reset/thread/maintenance fields, but no group-to-main field; BindingSessionSchema is strict and exposes only dmScope. (src/config/zod-schema.session.ts:27, a820a307dfeb)
• Public config types remain DM-only for this surface: SessionConfig declares dmScope and identityLinks but no group/channel shared-session mapping or groupScope field. (src/config/types.base.ts:158, a820a307dfeb)
• Docs still document group isolation: The session docs list group chats as isolated per group, channel routing docs show group/channel keys as isolated, and group docs state groups always use non-main session keys. Public docs: docs/concepts/session.md. (docs/concepts/session.md:15, a820a307dfeb)
• Affected channel configs still lack per-group session routing: BlueBubbles group config supports mention/tool/system prompt fields, Signal group config supports mention/ingest/tool fields, and Telegram group/topic config supports policy/tool/agent prompt fields; none exposes groupScope, session: "main", or equivalent. (extensions/bluebubbles/src/config-schema.ts:30, a820a307dfeb)

Likely related people:

• steipete: Recent commits and file history show sustained ownership of routing, group/channel behavior, docs, and route maintenance; local blame in the shallow checkout also attributes current routing files to Peter Steinberger after the latest grafted snapshot. (role: recent maintainer and routing/doc follow-up owner; confidence: high; commits: 70ee256ae0ec, ba5ae5b4f1b9, ef6679843385; files: src/routing/session-key.ts, src/routing/resolve-route.ts, docs/concepts/session.md)
• Squirbie: Authored the current route-binding dmScope override work, which is adjacent to the likely implementation path for a per-route or per-peer group session override. (role: recent route-binding session-scope contributor; confidence: medium; commits: a1cb8d50ba8d; files: src/routing/resolve-route.ts, src/config/zod-schema.agents.ts, src/routing/resolve-route.test.ts)
• obviyus: Committed the per-account-channel-peer DM scope change that passed account IDs through the routing/session-key chain, a close analogue for adding another session-key dimension. (role: merged/maintained DM session scope routing expansion; confidence: medium; commits: d499b148423e; files: src/routing/session-key.ts, src/routing/resolve-route.ts, src/routing/resolve-route.test.ts)
• vincentkoc: Recent docs history shows repeated edits to session and group docs that would need updates if this routing/config contract changes. (role: adjacent docs maintainer; confidence: medium; commits: 2880b3d3ff51, 1dc57d4c3157, 6d323ee73640; files: docs/concepts/session.md, docs/channels/groups.md)

Remaining risk / open question:

• Closing this now would remove the focused canonical tracker that later duplicate cleanup has pointed to from Feature: Allow groups to share session with main (sessionKey override) #7493 and Feature: option to route specific group chats to main agent session #59739.
• The broader [Feature]: Shared sessions across multiple group/channel/thread chats #19929 is related, but current discussion does not make it the canonical replacement for this narrower group-to-main request.
• A future implementation needs careful trust-boundary design: session.scope: "global" is not a selective replacement and could over-share unrelated groups/DMs if treated as equivalent.

Codex review notes: model gpt-5.5, reasoning high; reviewed against a820a307dfeb.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed June 11, 2026, 7:43 PM ET / 23:43 UTC.

Summary
Current main still isolates non-direct peers, and the open linked PR is the active implementation candidate. Keep this issue open while maintainers decide whether the privacy-sensitive capability should be limited to matched bindings or also exposed as a global default, then review and either land or close that PR.

Reproducibility: yes. at the source level: current main scopes only direct peers and documents groups as isolated, so the missing group-to-main capability is high-confidence. This is a feature gap rather than a failure of an existing contract.

Next step
The open closing PR already owns implementation, so maintainers should review, revise, land, or close that PR rather than queue a competing fix.

Security
Needs attention: This issue proposes a privacy-sensitive capability, but the dedicated patch security review belongs to the linked PR.

Review details

Best possible solution:

Preserve isolated groups by default and, after explicit maintainer approval, land a matched-binding opt-in with clear privacy warnings and real inbound/outbound proof; add a global group default only if maintainers intentionally accept its broader trust-domain impact.

Do we have a high-confidence way to reproduce the issue?

Yes at the source level: current main scopes only direct peers and documents groups as isolated, so the missing group-to-main capability is high-confidence. This is a feature gap rather than a failure of an existing contract.

Is this the best way to solve the issue?

Unclear as currently proposed: a binding-level opt-in matches the trusted-group use case and existing routing ownership, but a global option broadens the privacy boundary and needs explicit maintainer approval plus cross-channel routing proof.

AGENTS.md: found and applied where relevant.

Remaining risk / open question:

• A global session.groupScope: "main" could collapse every group handled by an agent into the main trust domain, making group content available to later direct or unrelated main-session turns.
• Shared main-session state can mix sender identity or concurrent group activity unless inbound metadata, queue serialization, sandbox/runtime-key derivation, thread handling, and outbound target selection remain origin-correct.

Codex review notes: model internal, reasoning high; reviewed against 301213a05f2f.

Label changes

Label changes:

• add clawsweeper:needs-security-review: Current issue advisory state selects this label.
• remove clawsweeper:linked-pr-open: Current issue advisory state no longer selects this label.

Label justifications:

• P2: This is a normal-priority session-routing enhancement with clear user value and a bounded opt-in implementation path.
• impact:session-state: The request intentionally changes which conversations share transcript, queue, and agent context state.
• impact:security: Routing group messages into the main session crosses conversation privacy, sender, and trust boundaries.

Evidence reviewed

Security concerns:

• [medium] Define the shared-context trust boundary
  Maintainers should require isolated defaults, explicit opt-in warnings, and audit or diagnostic coverage because a group participant’s content can become context for later main-session interactions and vice versa.
  Confidence: 0.95

What I checked:

• Current main lacks group-to-main routing: buildAgentPeerSessionKey applies dmScope to direct peers, while group and channel peers continue to resolve to channel- and peer-specific session keys. (src/routing/session-key.ts:197, 301213a05f2f)
• Strict configuration remains DM-only: SessionSchema exposes dmScope but no group scope, and the binding session schema likewise has no group-to-main override on current main. (src/config/zod-schema.session.ts:29, 301213a05f2f)
• Public behavior documents group isolation: The channel routing guide states that groups and channels remain isolated per channel and separately documents only DM-to-main sharing. Public docs: docs/channels/channel-routing.md. (docs/channels/channel-routing.md:40, 301213a05f2f)
• Open PR owns the requested implementation: Live GitHub state shows feat(session): add session.groupScope to fold group chats into the agent main session #91702 remains open and uses closing syntax for this issue; repository policy requires retaining the issue until that PR merges or is otherwise resolved. (66350914e52c)
• Product direction requires a safe default: VISION.md prioritizes security and safe defaults and identifies privacy and security as core goals, so collapsing group and main context needs explicit product approval. (VISION.md:13, 301213a05f2f)
• Adjacent binding-scope precedent: Git history ties the existing per-binding DM scope override to commit a1cb8d5, providing the closest established implementation boundary for a selective group opt-in. (src/routing/resolve-route.ts:623, a1cb8d50ba8d)

Likely related people:

• steipete: Recent merged history and prior review context connect this contributor to session-key routing, route resolution, and session documentation. (role: recent routing and documentation contributor; confidence: high; commits: 70ee256ae0ec, ba5ae5b4f1b9, ef6679843385; files: src/routing/session-key.ts, src/routing/resolve-route.ts, docs/concepts/session.md)
• Squirbie: Authored the merged binding-level dmScope override, the closest current-main precedent for a binding-level group scope. (role: route-binding session-scope contributor; confidence: medium; commits: a1cb8d50ba8d; files: src/routing/resolve-route.ts, src/config/zod-schema.agents.ts, src/routing/resolve-route.test.ts)
• obviyus: Authored merged per-account-channel-peer DM scope work across the same session-key and route-resolution chain. (role: session-scope routing contributor; confidence: medium; commits: d499b148423e; files: src/routing/session-key.ts, src/routing/resolve-route.ts, src/routing/resolve-route.test.ts)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.