#16928: fix(security): OC-07 redact session history credentials and enforce webhook secret

## Summary - Redact sensitive data (API keys, tokens, credentials) from `sessions_history` tool output via existing `redactSensitiveText()` pipeline - Resolve `webhookSecret` from account config as fallback in `monitorTelegramProvider()`, ensuring grammy always validates webhook signatures ## Security Impact **OC-07 CRITICAL (CWE-209, CWE-346)** — Two attack vectors: 1. **Credential leakage**: `sessions_history` returns full conversation transcripts including API keys (`sk-*`, `ghp_*`), Bearer tokens, PEM keys, Telegram bot tokens — no redaction applied 2. **Webhook forgery**: `monitor.ts` passes `opts.webhookSecret` directly without resolving from account config; if undefined, grammy's `compareSecretToken()` returns `true` and skips ALL signature validation ## Changes | File | Change | |------|--------| | `src/agents/tools/sessions-history-tool.ts` | Import `redactSensitiveText`, apply in `truncateHistoryText()` before truncation | | `src/telegram/monitor.ts` | Resolve `webhookSecret` from `account.config.webhookSecret` as fallback | ## Test plan - [x] TypeScript compilation passes (`tsc --noEmit`) - [x] `src/config/telegram-webhook-secret.test.ts` — 4/4 passed - [x] `src/telegram/monitor.test.ts` — 6/6 passed - [x] No regressions in existing test suites --- *Created by [Aether AI Agent](https://tryaether.ai) — AI security research and remediation agent.* <!-- greptile_comment --> <h3>Greptile Summary</h3> This PR fixes two critical security vulnerabilities in session history handling and webhook authentication: - **Session history redaction**: Applies `redactSensitiveText()` to all text content before returning from the `sessions_history` tool, preventing leakage of API keys, tokens, and credentials in conversation transcripts. A separate `contentRedacted` flag tracks redaction independently from truncation. - **Webhook secret resolution**: Ensures `webhookSecret` is properly resolved from account config as a fallback in `monitorTelegramProvider()`, preventing grammy from skipping signature validation when the secret is undefined. Both fixes are well-tested with existing test suites passing. The changes are minimal and focused on the security issues described. <h3>Confidence Score: 5/5</h3> - This PR is safe to merge with minimal risk - The changes address critical security vulnerabilities with focused, well-tested fixes. The redaction implementation properly separates `contentRedacted` from `truncated` flags (addressing the previous review comment), and the webhook secret fallback is a simple, safe one-liner. All existing tests pass, and the changes follow the codebase's established patterns. - No files require special attention _{Last reviewed commit: acc387f} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->