#10260: fix(outbound): enforce sendPolicy on system notifications (#6301)
stale
## Summary
- Abort reply notifications bypassed sendPolicy deny rules, causing system messages to leak to channels that should be blocked
- Add a sendPolicy check in the abort reply path of `dispatchReplyFromConfig()` before dispatching abort replies via `routeReply()` or `dispatcher.sendFinalReply()`
- When sendPolicy returns "deny", the abort reply is suppressed and the function returns early
Fixes #6301
## Test plan
- [x] All 12 existing dispatch-from-config tests pass
- [x] `pnpm check` passes (0 warnings, 0 errors)
- [x] Manual verification: abort replies are blocked when sendPolicy is set to deny
<!-- greptile_comment -->
<h2>Greptile Overview</h2>
<h3>Greptile Summary</h3>
- Adds a `resolveSendPolicy` check to the fast-abort/abort-reply path in `dispatchReplyFromConfig()` to prevent system abort notifications from bypassing deny rules.
- Loads the session store entry for the current session key to evaluate send policy using both config-wide rules and per-session overrides.
- When policy resolves to `deny`, suppresses the abort reply and returns early after marking the message processed/idle (diagnostics-aware).
<h3>Confidence Score: 4/5</h3>
- This PR is close to safe to merge, but has a correctness edge case in how it looks up the session entry for sendPolicy evaluation.
- Change is localized and matches existing sendPolicy enforcement patterns, but the new abort-path store lookup doesn’t apply the same sessionKey normalization used elsewhere in the file, which can cause policy to be evaluated without the intended session entry.
- src/auto-reply/reply/dispatch-from-config.ts
<!-- greptile_other_comments_section -->
<!-- /greptile_comment -->
Most Similar PRs
#21893: fix(web): enforce sendPolicy on WhatsApp auto-reply delivery path
by hydro13 · 2026-02-20
76.0%
#10509: fix(telegram): bare abort words bypass debounce + clear buffered me...
by romancircus · 2026-02-06
70.9%
#12953: fix: defer gateway restart until all replies are sent
by zoskebutler · 2026-02-10
70.6%
#17513: fix(discord): respect groupPolicy in channel config fallback (#4555)
by aronchick · 2026-02-15
70.3%
#14249: slack: add DM policy matrix regressions (open/allowlist/pairing/dis...
by davidahmann · 2026-02-11
69.9%
#23743: Auto-reply: enforce tools.allow/tools.deny on deterministic skill t...
by bmendonca3 · 2026-02-22
69.9%
#13881: fix: Address Greptile feedback - test isolation and channel resolution
by trevorgordon981 · 2026-02-11
69.9%
#14318: feat(discord): enforce outbound allowlist on send functions
by builtbyrobben · 2026-02-11
69.7%
#19284: fix(delivery): treat AbortErrors as failures for retry
by EdGuan · 2026-02-17
69.2%
#14789: fix: per-account dmPolicy ignored in checkInboundAccessControl
by croll83 · 2026-02-12
69.2%