fix: wire per-account dm scope guidance (#3095) (thanks @jarvis-sam)

src/commands/doctor-security.ts

@@ -124,7 +124,7 @@ export async function noteSecurityWarnings(cfg: MoltbotConfig) {
 
     if (dmScope === "main" && isMultiUserDm) {
       warnings.push(
-        `- ${params.label} DMs: multiple senders share the main session; set session.dmScope="per-channel-peer" to isolate sessions.`,
+        `- ${params.label} DMs: multiple senders share the main session; set session.dmScope="per-channel-peer" (or "per-account-channel-peer" for multi-account channels) to isolate sessions.`,
       );
     }
   };

src/commands/onboard-channels.ts

@@ -190,7 +190,7 @@ async function noteChannelPrimer(
       "DM security: default is pairing; unknown DMs get a pairing code.",
       `Approve with: ${formatCliCommand("moltbot pairing approve <channel> <code>")}`,
       'Public DMs require dmPolicy="open" + allowFrom=["*"].',
-      'Multi-user DMs: set session.dmScope="per-channel-peer" to isolate sessions.',
+      'Multi-user DMs: set session.dmScope="per-channel-peer" (or "per-account-channel-peer" for multi-account channels) to isolate sessions.',
       `Docs: ${formatDocsLink("/start/pairing", "start/pairing")}`,
       "",
       ...channelLines,
@@ -238,7 +238,7 @@ async function maybeConfigureDmPolicies(params: {
         `Approve: ${formatCliCommand(`moltbot pairing approve ${policy.channel} <code>`)}`,
         `Allowlist DMs: ${policy.policyKey}="allowlist" + ${policy.allowFromKey} entries.`,
         `Public DMs: ${policy.policyKey}="open" + ${policy.allowFromKey} includes "*".`,
-        'Multi-user DMs: set session.dmScope="per-channel-peer" to isolate sessions.',
+        'Multi-user DMs: set session.dmScope="per-channel-peer" (or "per-account-channel-peer" for multi-account channels) to isolate sessions.',
         `Docs: ${formatDocsLink("/start/pairing", "start/pairing")}`,
       ].join("\n"),
       `${policy.label} DM access`,

src/config/schema.ts

@@ -591,7 +591,7 @@ const FIELD_HELP: Record<string, string> = {
   "commands.restart": "Allow /restart and gateway restart tool actions (default: false).",
   "commands.useAccessGroups": "Enforce access-group allowlists/policies for commands.",
   "session.dmScope":
-    'DM session scoping: "main" keeps continuity; "per-peer" or "per-channel-peer" isolates DM history (recommended for shared inboxes).',
+    'DM session scoping: "main" keeps continuity; "per-peer", "per-channel-peer", or "per-account-channel-peer" isolates DM history (recommended for shared inboxes/multi-account).',
   "session.identityLinks":
     "Map canonical identities to provider-prefixed peer IDs for DM session linking (example: telegram:123456).",
   "channels.telegram.configWrites":

src/security/audit.ts

@@ -519,7 +519,8 @@ async function collectChannelSecurityFindings(params: {
         title: `${input.label} DMs share the main session`,
         detail:
           "Multiple DM senders currently share the main session, which can leak context across users.",
-        remediation: 'Set session.dmScope="per-channel-peer" to isolate DM sessions per sender.',
+        remediation:
+          'Set session.dmScope="per-channel-peer" (or "per-account-channel-peer" for multi-account channels) to isolate DM sessions per sender.',
       });
     }
   };

src/web/auto-reply/monitor/broadcast.ts

@@ -54,11 +54,13 @@ export async function maybeBroadcastMessage(params: {
       sessionKey: buildAgentSessionKey({
         agentId: normalizedAgentId,
         channel: "whatsapp",
+        accountId: params.route.accountId,
         peer: {
           kind: params.msg.chatType === "group" ? "group" : "dm",
           id: params.peerId,
         },
         dmScope: params.cfg.session?.dmScope,
+        identityLinks: params.cfg.session?.identityLinks,
       }),
       mainSessionKey: buildAgentMainSessionKey({
         agentId: normalizedAgentId,