refactor(security): harden CommandAuthorized plumbing

src/auto-reply/reply/abort.test.ts

@@ -6,6 +6,7 @@ import type { ClawdbotConfig } from "../../config/config.js";
 import { isAbortTrigger, tryFastAbortFromMessage } from "./abort.js";
 import { enqueueFollowupRun, getFollowupQueueDepth, type FollowupRun } from "./queue.js";
 import { initSessionState } from "./session.js";
+import { buildTestCtx } from "./test-ctx.js";
 
 vi.mock("../../agents/pi-embedded.js", () => ({
   abortEmbeddedPiRun: vi.fn().mockReturnValue(true),
@@ -67,7 +68,7 @@ describe("abort detection", () => {
     const cfg = { session: { store: storePath }, commands: { text: false } } as ClawdbotConfig;
 
     const result = await tryFastAbortFromMessage({
-      ctx: {
+      ctx: buildTestCtx({
         CommandBody: "/stop",
         RawBody: "/stop",
         CommandAuthorized: true,
@@ -76,7 +77,7 @@ describe("abort detection", () => {
         Surface: "telegram",
         From: "telegram:123",
         To: "telegram:123",
-      },
+      }),
       cfg,
     });
 
@@ -130,7 +131,7 @@ describe("abort detection", () => {
     expect(getFollowupQueueDepth(sessionKey)).toBe(1);
 
     const result = await tryFastAbortFromMessage({
-      ctx: {
+      ctx: buildTestCtx({
         CommandBody: "/stop",
         RawBody: "/stop",
         CommandAuthorized: true,
@@ -139,7 +140,7 @@ describe("abort detection", () => {
         Surface: "telegram",
         From: "telegram:123",
         To: "telegram:123",
-      },
+      }),
       cfg,
     });
 
@@ -187,7 +188,7 @@ describe("abort detection", () => {
     ]);
 
     const result = await tryFastAbortFromMessage({
-      ctx: {
+      ctx: buildTestCtx({
         CommandBody: "/stop",
         RawBody: "/stop",
         CommandAuthorized: true,
@@ -196,7 +197,7 @@ describe("abort detection", () => {
         Surface: "telegram",
         From: "telegram:parent",
         To: "telegram:parent",
-      },
+      }),
       cfg,
     });