#23627: fix(telegram,feishu): pass mediaLocalRoots through channel action and outbound paths

## Summary - **Telegram plugin action handler** (`handleAction("send")`) now threads `__agentId` from params to `handleTelegramAction`, resolves agent-scoped media local roots via `getAgentScopedMediaLocalRoots`, and passes them to `sendMessageTelegram` - **Feishu outbound adapter** (`sendMedia`) now destructures `mediaLocalRoots` from outbound context and forwards it to `sendMediaFeishu`, which passes it as `localRoots` to `loadWebMedia` ### Problem After the media path security hardening (CVE-2026-25475), agents sending local files via the Telegram plugin action path or Feishu outbound adapter get `LocalMediaAccessError: Local media path is not under an allowed directory`. This happens because: 1. The Telegram plugin's `handleAction("send")` calls `sendMessageTelegram` without `mediaLocalRoots`, so the security check falls back to default roots that don't include agent workspace directories 2. The Feishu outbound adapter's `sendMedia` doesn't destructure `mediaLocalRoots` from `ChannelOutboundContext`, so `sendMediaFeishu` calls `loadWebMedia` with `localRoots: undefined` The core delivery path (`deliverOutboundPayloadsCore`) already resolves `mediaLocalRoots` correctly — only these two bypass paths were missing it. ## Test plan - [x] Added unit test: Telegram `handleTelegramAction` resolves and passes `mediaLocalRoots` when `__agentId` is present - [x] Added unit test: Telegram `handleTelegramAction` does not resolve roots when `__agentId` is absent - [x] Added unit test: Feishu `sendMediaFeishu` forwards `mediaLocalRoots` as `localRoots` to `loadWebMedia` - [x] Added unit test: Feishu `sendMediaFeishu` passes `undefined` when `mediaLocalRoots` is omitted - [x] All existing tests pass (`pnpm vitest run` — 47/47 in changed files) - [x] `pnpm build` succeeds 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- greptile_comment --> <h3>Greptile Summary</h3> This PR correctly fixes a security vulnerability bypass where agents sending local files via Telegram plugin actions or Feishu outbound adapters would fail with `LocalMediaAccessError` due to missing `mediaLocalRoots` parameters. **Changes:** - Telegram plugin action handler now extracts `__agentId` from params, resolves agent-scoped media local roots, and passes them to `sendMessageTelegram` - Feishu outbound adapter now destructures and forwards `mediaLocalRoots` from the channel context to `sendMediaFeishu` → `loadWebMedia` - Added comprehensive unit tests for both paths (with and without `__agentId`/`mediaLocalRoots`) **Security:** The fix properly extends the media security hardening (CVE-2026-25475) to these bypass paths, ensuring agent workspace directories are included in allowed local roots. The implementation mirrors the existing pattern in `deliverOutboundPayloadsCore`. <h3>Confidence Score: 5/5</h3> - This PR is safe to merge with no identified risks - The changes are straightforward security fixes that properly thread `mediaLocalRoots` through two bypass paths. Tests verify both positive (with agentId) and negative (without agentId) cases. The implementation matches the existing pattern in `deliverOutboundPayloadsCore`. All type signatures are correct and the changes are minimal and focused. - No files require special attention _{Last reviewed commit: 4c1e181} <!-- greptile_other_comments_section --> _{(2/5) Greptile learns from your feedback when you react with thumbs up/down!} <!-- /greptile_comment -->