fix: handle inline status for allowlisted senders

src/auto-reply/reply.ts

@@ -435,6 +435,20 @@ export async function getReplyFromConfig(
     sessionCtx.BodyStripped ??
     sessionCtx.Body ??
     "";
+  const command = buildCommandContext({
+    ctx,
+    cfg,
+    agentId,
+    sessionKey,
+    isGroup,
+    triggerBodyNormalized,
+    commandAuthorized,
+  });
+  const allowTextCommands = shouldHandleTextCommands({
+    cfg,
+    surface: command.surface,
+    commandSource: ctx.CommandSource,
+  });
   const clearInlineDirectives = (cleaned: string): InlineDirectives => ({
     cleaned,
     hasThinkDirective: false,
@@ -475,6 +489,7 @@ export async function getReplyFromConfig(
     .filter((alias) => !reservedCommands.has(alias.toLowerCase()));
   let parsedDirectives = parseInlineDirectives(commandSource, {
     modelAliases: configuredAliases,
+    allowStatusDirective: command.isAuthorizedSender,
   });
   if (
     isGroup &&
@@ -506,9 +521,19 @@ export async function getReplyFromConfig(
     if (noMentions.trim().length > 0) {
       const directiveOnlyCheck = parseInlineDirectives(noMentions, {
         modelAliases: configuredAliases,
+        allowStatusDirective: command.isAuthorizedSender,
       });
       if (directiveOnlyCheck.cleaned.trim().length > 0) {
-        parsedDirectives = clearInlineDirectives(parsedDirectives.cleaned);
+        const allowInlineStatus =
+          parsedDirectives.hasStatusDirective &&
+          allowTextCommands &&
+          command.isAuthorizedSender;
+        parsedDirectives = allowInlineStatus
+          ? {
+              ...clearInlineDirectives(parsedDirectives.cleaned),
+              hasStatusDirective: true,
+            }
+          : clearInlineDirectives(parsedDirectives.cleaned);
       }
     }
   }
@@ -530,6 +555,7 @@ export async function getReplyFromConfig(
     if (!sessionCtx.CommandBody && !sessionCtx.RawBody) {
       return parseInlineDirectives(existingBody, {
         modelAliases: configuredAliases,
+        allowStatusDirective: command.isAuthorizedSender,
       }).cleaned;
     }
 
@@ -537,6 +563,7 @@ export async function getReplyFromConfig(
     if (markerIndex < 0) {
       return parseInlineDirectives(existingBody, {
         modelAliases: configuredAliases,
+        allowStatusDirective: command.isAuthorizedSender,
       }).cleaned;
     }
 
@@ -549,6 +576,7 @@ export async function getReplyFromConfig(
     );
     const cleanedTail = parseInlineDirectives(tail, {
       modelAliases: configuredAliases,
+      allowStatusDirective: command.isAuthorizedSender,
     }).cleaned;
     return `${head}${cleanedTail}`;
   })();
@@ -669,20 +697,6 @@ export async function getReplyFromConfig(
     ? undefined
     : directives.rawModelDirective;
 
-  const command = buildCommandContext({
-    ctx,
-    cfg,
-    agentId,
-    sessionKey,
-    isGroup,
-    triggerBodyNormalized,
-    commandAuthorized,
-  });
-  const allowTextCommands = shouldHandleTextCommands({
-    cfg,
-    surface: command.surface,
-    commandSource: ctx.CommandSource,
-  });
   if (!command.isAuthorizedSender) {
     directives = {
       ...directives,

src/auto-reply/reply/directive-handling.ts

@@ -464,7 +464,11 @@ export type InlineDirectives = {
 
 export function parseInlineDirectives(
   body: string,
-  options?: { modelAliases?: string[]; disableElevated?: boolean },
+  options?: {
+    modelAliases?: string[];
+    disableElevated?: boolean;
+    allowStatusDirective?: boolean;
+  },
 ): InlineDirectives {
   const {
     cleaned: thinkCleaned,
@@ -497,8 +501,11 @@ export function parseInlineDirectives(
         hasDirective: false,
       }
     : extractElevatedDirective(reasoningCleaned);
+  const allowStatusDirective = options?.allowStatusDirective !== false;
   const { cleaned: statusCleaned, hasDirective: hasStatusDirective } =
-    extractStatusDirective(elevatedCleaned);
+    allowStatusDirective
+      ? extractStatusDirective(elevatedCleaned)
+      : { cleaned: elevatedCleaned, hasDirective: false };
   const {
     cleaned: modelCleaned,
     rawModel,