* fix(telegram): enable HTML formatting for model switch messages
The model switch confirmation message was displaying raw Markdown
(**text**) instead of bold formatting because parse_mode was not set.
Changes:
- Add optional extra parameter to editMessageWithButtons for parse_mode
- Change format from Markdown ** to HTML <b> tags
- Pass parse_mode: 'HTML' when editing model switch message
Fixes the issue where model names appeared as **provider/model**
instead of bold text in Telegram.
* fix(telegram): escape HTML entities in model switch confirmation
Add defensive `escapeHtml` helper to sanitize `selection.provider`
and `selection.model` before interpolating them into the HTML
callback message. This prevents potential API rejection (HTTP 400)
if future provider or model names contain `<`, `>`, or `&`.
Addresses review feedback on unescaped HTML interpolation.
* test(telegram): cover HTML model switch confirmation
---------
Co-authored-by: Frank Yang <frank.ekn@gmail.com>
* feat(gateway): add skills.search and skills.detail RPC methods
Expose ClawHub search and detail capabilities through the Gateway protocol,
enabling desktop/web clients to browse and inspect skills from the registry.
New RPCs:
- skills.search: search ClawHub skills by query with optional limit
- skills.detail: fetch full detail for a single skill by slug
Both methods delegate to existing agent-layer functions
(searchSkillsFromClawHub, fetchSkillDetailFromClawHub) which wrap
the ClawHub HTTP client. No new external dependencies.
Signed-off-by: samzong <samzong.lu@gmail.com>
* feat(skills): add ClawHub skill search and detail in Control UI
Add skills.search and skills.detail Gateway RPC methods with typed
protocol schemas, AJV validators, and handler implementations. Wire
the new RPCs into the Control UI Skills panel with a debounced search
input, results list, detail dialog, and one-click install from ClawHub.
Gateway:
- SkillsSearchParams/ResultSchema and SkillsDetailParams/ResultSchema
- Handler calls searchClawHubSkills and fetchClawHubSkillDetail directly
- Remove zero-logic fetchSkillDetailFromClawHub wrapper
- 9 handler tests including boundary validation
Control UI:
- searchClawHub, loadClawHubDetail, installFromClawHub controllers
- 300ms debounced search input to avoid 429 rate limits
- Dedicated install busy state (clawhubInstallSlug) with success/error feedback
- Install buttons disabled during install with progress text
- Detail dialog with owner, version, changelog, platform metadata
Part of #43301
Signed-off-by: samzong <samzong.lu@gmail.com>
* fix(skills): guard search and detail responses against stale writes
Signed-off-by: samzong <samzong.lu@gmail.com>
* fix(skills): reset loading flags on query clear and detail close
Signed-off-by: samzong <samzong.lu@gmail.com>
* fix(gateway): register skills.search/detail in read scope and method list
Add skills.search and skills.detail to the operator READ scope group
and the server methods list. Without this, unclassified methods default
to operator.admin, blocking read-only operator sessions.
Also guard the detail loading reset in the finally block by the active
slug to prevent a transient flash when rapidly switching skills.
Signed-off-by: samzong <samzong.lu@gmail.com>
* fix(skills): guard search loading reset by active query
Signed-off-by: samzong <samzong.lu@gmail.com>
* test: cover ClawHub skills UI flow
* fix: clear stale ClawHub search results
---------
Signed-off-by: samzong <samzong.lu@gmail.com>
Co-authored-by: Frank Yang <frank.ekn@gmail.com>
* "fix(telegram): surface media placeholder and file_id when download fails"
* fix: unify telegram media placeholder selection
* fix: preserve telegram media context on captioned download failures (#59948) (thanks @v1p0r)
---------
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
* test(telegram): add URL construction tests for custom apiRoot
Add comprehensive test cases to verify that file download URLs are correctly
constructed when using a custom apiRoot configuration for local Bot API servers.
Tests validate:
- Document downloads use the custom apiRoot in the constructed URL
- Sticker downloads use the custom apiRoot in the constructed URL
- SSRF policy correctly includes the custom hostname
This ensures issue #59512 (Telegram file downloads with local Bot API) is
properly covered by regression tests.
* refactor(telegram): improve media resolution code quality
Apply KISS and YAGNI principles to reduce code duplication and improve maintainability:
1. Extract media metadata resolution
- Consolidate resolveMediaFileRef(), resolveTelegramFileName(), and
resolveTelegramMimeType() into single resolveMediaMetadata() function
- Returns typed MediaMetadata object with fileRef, fileName, mimeType
- Reduces duplication and improves readability
2. Add logging for apiRoot parsing failures
- Log when custom apiRoot URL parsing fails in buildTelegramMediaSsrfPolicy()
- Helps debug configuration issues with local Bot API servers
3. Fix missing apiRoot in buffered messages
- Add telegramCfg.apiRoot parameter to resolveMedia() calls in
bot-handlers.buffers.ts (lines 150-159, 189)
- Ensures reply media in buffered contexts respects custom apiRoot config
- Fixes inconsistency where runtime handler passed apiRoot but buffers didn't
These changes improve code quality while maintaining backward compatibility and
ensuring issue #59512 (Telegram file downloads with local Bot API) works correctly
in all contexts.
* fix(telegram): resolve bot review issues
Address critical issues identified by Greptile code review:
1. Define telegramCfg in bot-handlers.buffers.ts
- Extract telegramCfg from cfg.channels?.telegram
- Fixes ReferenceError when accessing telegramCfg.apiRoot
- Ensures buffered message handlers can access apiRoot configuration
2. Restore type safety for MediaMetadata.fileRef
- Change from 'unknown' to proper union type
- Preserves type information for downstream file_id access
- Prevents TypeScript strict mode compilation errors
These fixes ensure the PR compiles correctly and handles buffered
media downloads with custom apiRoot configuration.
* fix(telegram): use optional chaining for telegramCfg.apiRoot
TypeScript strict mode requires optional chaining when accessing
properties on potentially undefined objects. Changed telegramCfg.apiRoot
to telegramCfg?.apiRoot to handle cases where telegramCfg is undefined.
Fixes TypeScript errors:
- TS18048: 'telegramCfg' is possibly 'undefined' (line 160)
- TS18048: 'telegramCfg' is possibly 'undefined' (line 191)
* fix(telegram): add missing optional chaining on line 191
Complete the fix for telegramCfg optional chaining.
Previous commit only fixed line 160, but line 191 also needs
the same fix to prevent TS18048 error.
* fix: cover buffered Telegram apiRoot downloads (#59544) (thanks @SARAMALI15792)
---------
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
