fix(security): address input validation gaps in message handling

[konard]

Summary

Fixes #161 — addresses four input validation gaps reported in the high-severity security issue.

Changes

1. analyzeMessage chatId allowlist bypass (handlers.ts)

parseInt("-100123abc") returns -100123, which could bypass group_allow_from checks by injecting trailing characters into a valid chatId. Fixed by using Number() + Number.isInteger() for strict validation — any non-integer chatId is denied.

2. sanitizeForContext missing length cap (sanitize.ts)

sanitizeForContext had no size limit, allowing large context payloads to be injected into system prompts. Added a 32 KB (32 768 character) cap, consistent with the spirit of the existing 128-char cap on sanitizeForPrompt.

3. peerCache eviction only removed one entry (bridge.ts)

When the cache hit 5 000 entries it only evicted the single oldest entry per insertion, allowing near-unbounded growth under high load. Replaced with a batch eviction strategy: when the limit is exceeded, the oldest half is deleted (down to 2 500 entries). Added a private evictPeerCacheIfNeeded() helper to deduplicate the two identical eviction blocks.

Note: Issue point #2 (isOwner fallback logic in runtime.ts) was reviewed and the existing behavior is intentional and correctly documented in a code comment: owner_id takes strict precedence; admin_ids is the explicit fallback only when owner_id is absent. No change needed.

Test plan

• Added 2 tests in handlers.test.ts verifying that non-integer chatIds (e.g., "-100123abc", "notanumber") are rejected by the allowlist check even when a numeric prefix matches
• Updated sanitize.test.ts to verify the 32 KB cap is enforced and existing passing tests updated to match new behaviour
• All 196 tests in the affected test files pass (src/utils/__tests__/sanitize.test.ts, src/telegram/__tests__/handlers.test.ts)
• TypeScript compiles with 0 errors

🤖 Generated with Claude Code

[konard]

🤖 Solution Draft Log

This log file contains the complete execution trace of the AI solution draft process.

💰 Cost estimation:

• Public pricing estimate: $1.314564
• Calculated by Anthropic: $1.314564 USD
• Difference: $-0.000000 (-0.00%)

📊 Context and tokens usage:

• Context window: 75.8K / 1M input tokens (8%), 12.4K / 64K output tokens (19%)

Total: 69.3K + 2.9M cached input tokens, 12.4K output tokens, $1.314564 cost

🤖 Models used:

• Tool: Anthropic Claude Code
• Requested: sonnet
• Model: Claude Sonnet 4.6 (claude-sonnet-4-6)

📎 Log file uploaded as Gist (1119KB)

• View complete solution draft log

---

Now working session is ended, feel free to review and add any feedback on the solution draft.

[konard]

✅ Ready to merge

This pull request is now ready to be merged:

• CI workflows exist but were not triggered for this commit
• No merge conflicts
• No pending changes

---

Monitored by hive-mind with --auto-restart-until-mergeable flag