#23627: fix(telegram,feishu): pass mediaLocalRoots through channel action and outbound paths
agents
channel: feishu
size: S
Cluster:
Media Handling Improvements
## Summary
- **Telegram plugin action handler** (`handleAction("send")`) now threads `__agentId` from params to `handleTelegramAction`, resolves agent-scoped media local roots via `getAgentScopedMediaLocalRoots`, and passes them to `sendMessageTelegram`
- **Feishu outbound adapter** (`sendMedia`) now destructures `mediaLocalRoots` from outbound context and forwards it to `sendMediaFeishu`, which passes it as `localRoots` to `loadWebMedia`
### Problem
After the media path security hardening (CVE-2026-25475), agents sending local files via the Telegram plugin action path or Feishu outbound adapter get `LocalMediaAccessError: Local media path is not under an allowed directory`. This happens because:
1. The Telegram plugin's `handleAction("send")` calls `sendMessageTelegram` without `mediaLocalRoots`, so the security check falls back to default roots that don't include agent workspace directories
2. The Feishu outbound adapter's `sendMedia` doesn't destructure `mediaLocalRoots` from `ChannelOutboundContext`, so `sendMediaFeishu` calls `loadWebMedia` with `localRoots: undefined`
The core delivery path (`deliverOutboundPayloadsCore`) already resolves `mediaLocalRoots` correctly — only these two bypass paths were missing it.
## Test plan
- [x] Added unit test: Telegram `handleTelegramAction` resolves and passes `mediaLocalRoots` when `__agentId` is present
- [x] Added unit test: Telegram `handleTelegramAction` does not resolve roots when `__agentId` is absent
- [x] Added unit test: Feishu `sendMediaFeishu` forwards `mediaLocalRoots` as `localRoots` to `loadWebMedia`
- [x] Added unit test: Feishu `sendMediaFeishu` passes `undefined` when `mediaLocalRoots` is omitted
- [x] All existing tests pass (`pnpm vitest run` — 47/47 in changed files)
- [x] `pnpm build` succeeds
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- greptile_comment -->
<h3>Greptile Summary</h3>
This PR correctly fixes a security vulnerability bypass where agents sending local files via Telegram plugin actions or Feishu outbound adapters would fail with `LocalMediaAccessError` due to missing `mediaLocalRoots` parameters.
**Changes:**
- Telegram plugin action handler now extracts `__agentId` from params, resolves agent-scoped media local roots, and passes them to `sendMessageTelegram`
- Feishu outbound adapter now destructures and forwards `mediaLocalRoots` from the channel context to `sendMediaFeishu` → `loadWebMedia`
- Added comprehensive unit tests for both paths (with and without `__agentId`/`mediaLocalRoots`)
**Security:**
The fix properly extends the media security hardening (CVE-2026-25475) to these bypass paths, ensuring agent workspace directories are included in allowed local roots. The implementation mirrors the existing pattern in `deliverOutboundPayloadsCore`.
<h3>Confidence Score: 5/5</h3>
- This PR is safe to merge with no identified risks
- The changes are straightforward security fixes that properly thread `mediaLocalRoots` through two bypass paths. Tests verify both positive (with agentId) and negative (without agentId) cases. The implementation matches the existing pattern in `deliverOutboundPayloadsCore`. All type signatures are correct and the changes are minimal and focused.
- No files require special attention
<sub>Last reviewed commit: 4c1e181</sub>
<!-- greptile_other_comments_section -->
<sub>(2/5) Greptile learns from your feedback when you react with thumbs up/down!</sub>
<!-- /greptile_comment -->
Most Similar PRs
#20294: fix(message): thread mediaLocalRoots through channel plugin dispatch
by odrobnik · 2026-02-18
89.1%
#19171: fix(feishu): pass mediaLocalRoots to sendMediaFeishu for agent-scop...
by whiskyboy · 2026-02-17
85.6%
#20186: fix(discord): thread mediaLocalRoots through reply delivery path
by pvoo · 2026-02-18
83.9%
#23148: fix: forward mediaLocalRoots in whatsapp plugin sendMedia
by MunemHashmi · 2026-02-22
82.7%
#20488: fix(discord): pass mediaLocalRoots to sendMessageDiscord
by olyashok · 2026-02-19
81.6%
#19399: telegram: fix MEDIA false positives and partial final drop
by HOYALIM · 2026-02-17
80.6%
#14794: fix: parse inline MEDIA: tokens in agent replies
by explainanalyze · 2026-02-12
80.1%
#22178: test(web): allow fixture roots in media local file tests
by Kansodata · 2026-02-20
79.3%
#19325: feat: support messages.mediaLocalRoots for custom media directories
by deggertsen · 2026-02-17
78.0%
#21276: fix(telegram): stabilize partial finalization and MEDIA dedupe (AI-...
by HOYALIM · 2026-02-19
77.9%