# 2026-03-06

## Telegram hardening
- Added Telegram group sender allowlist for commands:
  - `channels.telegram.groupAllowFrom = ["8367012007"]`
  - `channels.telegram.groups["*"].allowFrom = ["8367012007"]`
- Result: security audit critical finding for missing Telegram group allowlist cleared.

## Backups / MinIO
- Updated `scripts/backup-to-minio.sh` to back up full `~/.openclaw` (not just workspace memory files).
- Backup now uploads:
  - `openclaw-<timestamp>.tar.gz`
  - `openclaw-<timestamp>.tar.gz.sha256`
  - `manifest.txt`
- Verified successful full backup upload to `s3://zap/workspace-backups/`.
- Enabled bucket versioning on `zap`.
- Added lifecycle rule for `workspace-backups/`:
  - expire noncurrent versions after 90 days
  - keep 3 newer noncurrent versions
  - expire delete markers enabled