Skip to content

feat(inbound-meta): expose sender_id in trusted system metadata#18303

Merged
steipete merged 1 commit intoopenclaw:mainfrom
crimeacs:feat/sender-id-in-inbound-meta
Feb 16, 2026
Merged

feat(inbound-meta): expose sender_id in trusted system metadata#18303
steipete merged 1 commit intoopenclaw:mainfrom
crimeacs:feat/sender-id-in-inbound-meta

Conversation

@crimeacs
Copy link
Copy Markdown
Contributor

@crimeacs crimeacs commented Feb 16, 2026
edited by greptile-apps Bot
Loading

Summary

Adds sender_id (ctx.SenderId) to the openclaw.inbound_meta.v1 system prompt payload.

Motivation

message_id and chat_id are already exposed in the trusted inbound metadata, but sender_id is missing. This makes it impossible for agents to perform moderation actions (ban, kick, timeout) that require a numeric user ID.

Use case: A spam-detection agent monitoring Telegram group chats needs sender_id to populate inline button callbacks for delete/ban actions. Without it, the agent only has the sender's display name and username (untrusted, user-controlled text) — insufficient for API actions.

Changes

  • src/auto-reply/reply/inbound-meta.ts: Add sender_id: safeTrim(ctx.SenderId) to the trusted payload (1 line)
  • src/auto-reply/reply/inbound-meta.test.ts: Add 2 tests — presence when provided, omission when absent

Example output

{
  "schema": "openclaw.inbound_meta.v1",
  "message_id": "16698",
  "sender_id": "289522496",
  "chat_id": "telegram:-1001249586642",
  "channel": "telegram",
  "provider": "telegram",
  "surface": "telegram",
  "chat_type": "group"
}

Greptile Summary

Adds sender_id (from ctx.SenderId) to the openclaw.inbound_meta.v1 trusted system metadata payload, alongside the existing message_id and chat_id fields. This enables agents to perform moderation actions (ban, kick, timeout) that require a numeric user ID rather than untrusted display names.

  • sender_id is added via safeTrim(ctx.SenderId) in buildInboundMetaSystemPrompt, following the same pattern as other platform-assigned IDs in the trusted payload
  • Two tests cover presence and omission of the field
  • Correctly places sender_id in trusted metadata (platform-assigned numeric ID) rather than the untrusted user context block (which holds user-controlled strings like SenderName, SenderUsername)

Confidence Score: 5/5

  • This PR is safe to merge — minimal, well-tested addition of a single field to existing metadata payload.
  • The change is a single-line addition using the established safeTrim pattern already used by every other field in the payload. The SenderId type is correctly defined as string | undefined in TemplateContext. Tests cover both presence and absence. The trusted/untrusted boundary is respected (numeric platform ID in trusted metadata, display names in untrusted context). No logic changes, no new dependencies, no security concerns.
  • No files require special attention.

Last reviewed commit: a8c35a4

(2/5) Greptile learns from your feedback when you react with thumbs up/down!

@crimeacs
feat(inbound-meta): expose sender_id in trusted system metadata
a8c35a4 
Add sender_id (ctx.SenderId) to the openclaw.inbound_meta.v1 payload
so agents can reference it for moderation actions (delete, ban, etc.)
without relying on user-controlled text fields.

message_id and chat_id were already present; sender_id was the missing
piece needed for complete group moderation workflows.
@steipete steipete merged commit d4c057f into openclaw:main Feb 16, 2026
25 checks passed
@sebslight sebslight self-assigned this Feb 17, 2026
@0nepixel1 0nepixel1 mentioned this pull request Feb 18, 2026
Closed
@clawsweeper clawsweeper Bot mentioned this pull request May 4, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@sebslight sebslight

Labels

size: XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@crimeacs @steipete @sebslight