Issue Station
Sign In
Tools hereToolbox

openclaw - 💡(How to fix) Fix Slash commands bypass topic-level groupPolicy: disabled in forum groups [1 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#56777Fetched 2026-04-08 01:47:54
View on GitHub
Comments
0
Participants
1
Timeline
0
Reactions
0
Author
Git-on-my-levelGit-on-my-level
Participants
Git-on-my-levelGit-on-my-level

In a Telegram forum group, slash commands (e.g. /new, /status) are not subject to per-topic groupPolicy overrides. When a group is configured with groupPolicy: "disabled" and only specific topics are whitelisted via per-topic groupPolicy: "allowlist", the bot still responds to slash commands in non-whitelisted topics.

Root Cause

In a Telegram forum group, slash commands (e.g. /new, /status) are not subject to per-topic groupPolicy overrides. When a group is configured with groupPolicy: "disabled" and only specific topics are whitelisted via per-topic groupPolicy: "allowlist", the bot still responds to slash commands in non-whitelisted topics.

Fix Action

Workaround

Disabling native commands globally (commands.native: false) prevents this, but is overly broad.

Code Example

{
  "channels": {
    "telegram": {
      "groupPolicy": "allowlist",
      "groups": {
        "-1003502111905": {
          "groupPolicy": "disabled",
          "requireMention": true,
          "allowFrom": ["693180290"],
          "topics": {
            "9": {
              "groupPolicy": "allowlist",
              "requireMention": false,
              "allowFrom": ["693180290"]
            }
          }
        }
      }
    }
  }
}
RAW_BUFFERClick to expand / collapse

Summary

In a Telegram forum group, slash commands (e.g. /new, /status) are not subject to per-topic groupPolicy overrides. When a group is configured with groupPolicy: "disabled" and only specific topics are whitelisted via per-topic groupPolicy: "allowlist", the bot still responds to slash commands in non-whitelisted topics.

Config

{
  "channels": {
    "telegram": {
      "groupPolicy": "allowlist",
      "groups": {
        "-1003502111905": {
          "groupPolicy": "disabled",
          "requireMention": true,
          "allowFrom": ["693180290"],
          "topics": {
            "9": {
              "groupPolicy": "allowlist",
              "requireMention": false,
              "allowFrom": ["693180290"]
            }
          }
        }
      }
    }
  }
}

Expected Behavior

With groupPolicy: "disabled" at the group level, all message types — including slash commands — should be blocked in topics not explicitly configured.

Actual Behavior

Slash commands sent in non-whitelisted topics receive a response from the bot, despite the group-level disabled policy.

Notes

The docs state: "command authorization still applies even when group policy is open" — but this implies commands have their own separate auth path that does not respect groupPolicy: "disabled" at topic level.

Workaround

Disabling native commands globally (commands.native: false) prevents this, but is overly broad.

Suggested Fix

Slash command handling should respect the topic's effective groupPolicy (after inheritance from group defaults). If the resolved policy is disabled, commands should be dropped the same as regular messages.

extent analysis

Fix Plan

To fix the issue, we need to modify the slash command handling to respect the topic's effective groupPolicy. Here are the steps:

  • Update the command handler to check the topic's groupPolicy before processing the command.
  • If the groupPolicy is disabled, drop the command and do not send a response.

Example code snippet:

// Assuming a function `getTopicPolicy` that returns the effective groupPolicy for a topic
function handleSlashCommand(topicId, command) {
  const topicPolicy = getTopicPolicy(topicId);
  if (topicPolicy === 'disabled') {
    // Drop the command and do not send a response
    return;
  }
  // Process the command as usual
  processCommand(command);
}
  • Update the getTopicPolicy function to inherit the groupPolicy from the group defaults if not explicitly set for the topic.
function getTopicPolicy(topicId) {
  const topicConfig = getTopicConfig(topicId);
  if (topicConfig.groupPolicy) {
    return topicConfig.groupPolicy;
  }
  const groupConfig = getGroupConfig(topicId);
  return groupConfig.groupPolicy;
}

Verification

To verify that the fix worked, test the following scenarios:

  • Send a slash command in a non-whitelisted topic and verify that the bot does not respond.
  • Send a slash command in a whitelisted topic and verify that the bot responds as expected.
  • Test with different groupPolicy settings (e.g. allowlist, disabled) and verify that the command handling behaves accordingly.

Extra Tips

  • Make sure to update the documentation to reflect the changed behavior of slash command handling with respect to groupPolicy.
  • Consider adding additional logging or monitoring to detect and handle any potential issues with command handling and groupPolicy inheritance.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#dependency error#configuration error#environment variable#network issue#logging issue

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING