From 57783680ade2a8f668b5ad89b844efa23e771662 Mon Sep 17 00:00:00 2001
From: shenghui kevin <shenghuikevin@shenghuideMac-mini.local>
Date: Mon, 23 Feb 2026 17:56:51 -0800
Subject: [PATCH] fix(whatsapp): guard updateLastRoute when dmScope isolates DM
 sessions

When session.dmScope is set to 'per-channel-peer', WhatsApp DMs correctly
resolve isolated session keys, but updateLastRouteInBackground unconditionally
wrote lastTo to the main session key. This caused reply routing corruption
and privacy violations.

Only update main session's lastRoute when the DM session actually IS
the main session (sessionKey === mainSessionKey).

Fixes #24912
---
 src/web/auto-reply/monitor/process-message.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/web/auto-reply/monitor/process-message.ts b/src/web/auto-reply/monitor/process-message.ts
index 15607a4524e..3ef85b6eb2d 100644
--- a/src/web/auto-reply/monitor/process-message.ts
+++ b/src/web/auto-reply/monitor/process-message.ts
@@ -324,7 +324,10 @@ export async function processMessage(params: {
     OriginatingTo: params.msg.from,
   });
 
-  if (dmRouteTarget) {
+  // Only update main session's lastRoute when DM actually IS the main session.
+  // When dmScope="per-channel-peer", the DM uses an isolated sessionKey,
+  // and updating mainSessionKey would corrupt routing for the session owner.
+  if (dmRouteTarget && params.route.sessionKey === params.route.mainSessionKey) {
     updateLastRouteInBackground({
       cfg: params.cfg,
       backgroundTasks: params.backgroundTasks,