diff --git a/src/infra/state-migrations.ts b/src/infra/state-migrations.ts
index 533448b2010..155bc6289f6 100644
--- a/src/infra/state-migrations.ts
+++ b/src/infra/state-migrations.ts
@@ -14,6 +14,7 @@ import { saveSessionStore } from "../config/sessions.js";
 import { canonicalizeMainSessionAlias } from "../config/sessions/main-session.js";
 import type { SessionScope } from "../config/sessions/types.js";
 import { createSubsystemLogger } from "../logging/subsystem.js";
+import { resolveChannelAllowFromPath } from "../pairing/pairing-store.js";
 import {
   buildAgentMainSessionKey,
   DEFAULT_ACCOUNT_ID,
@@ -617,10 +618,11 @@ export async function detectLegacyStateMigrations(params: {
   const hasLegacyWhatsAppAuth =
     fileExists(path.join(oauthDir, "creds.json")) &&
     !fileExists(path.join(targetWhatsAppAuthDir, "creds.json"));
-  const legacyTelegramAllowFromPath = path.join(oauthDir, "telegram-allowFrom.json");
-  const targetTelegramAllowFromPath = path.join(
-    oauthDir,
-    `telegram-${DEFAULT_ACCOUNT_ID}-allowFrom.json`,
+  const legacyTelegramAllowFromPath = resolveChannelAllowFromPath("telegram", env);
+  const targetTelegramAllowFromPath = resolveChannelAllowFromPath(
+    "telegram",
+    env,
+    DEFAULT_ACCOUNT_ID,
   );
   const hasLegacyTelegramAllowFrom =
     fileExists(legacyTelegramAllowFromPath) && !fileExists(targetTelegramAllowFromPath);
diff --git a/src/pairing/pairing-store.ts b/src/pairing/pairing-store.ts
index 52c05ff1b92..89b65925ac9 100644
--- a/src/pairing/pairing-store.ts
+++ b/src/pairing/pairing-store.ts
@@ -104,6 +104,14 @@ function resolveAllowFromPath(
   );
 }
 
+export function resolveChannelAllowFromPath(
+  channel: PairingChannel,
+  env: NodeJS.ProcessEnv = process.env,
+  accountId?: string,
+): string {
+  return resolveAllowFromPath(channel, env, accountId);
+}
+
 async function readJsonFile<T>(
   filePath: string,
   fallback: T,