@a1hvdy/cc-openclaw 0.26.6 → 0.27.0

package/dist/src/channels/telegram-mirror/askuser.js

@@ -22,6 +22,7 @@
  */
 import { CallbackMap } from './callback-mapping.js';
 import { sendTg, editTg, telegramApi } from '../../lib/telegram-bot-api.js';
+import { escapeHtml } from '../../lib/html-render.js';
 /** Namespace prefix for callback_data so api.registerInteractiveHandler routes
  *  taps here. Matched at the first ':' by the gateway (must be [A-Za-z0-9._-]+). */
 export const ASKUSER_NS = 'ccmirror';
@@ -74,21 +75,34 @@ export function parseFirstQuestion(input) {
 function shortQid() {
     return Math.random().toString(36).slice(2, 8);
 }
+/**
+ * v0.27.0 M3 — render the question body as organized Telegram HTML (bold header,
+ * numbered options with italic descriptions). All dynamic text is HTML-escaped
+ * (the send path uses parse_mode HTML since M1, so a stray < in a question would
+ * otherwise break the message). Mirrors the CLI's clean option layout.
+ */
 function bodyText(s) {
-    const lines = [`❓ ${s.header}`, s.question];
-    // v0.26.4 polish — list options with their descriptions in the body (buttons
-    // only show the label, so descriptions would otherwise be lost).
+    const lines = [`❓ <b>${escapeHtml(s.header)}</b>`, escapeHtml(s.question)];
+    // List options with their descriptions in the body (buttons only show the
+    // label, so descriptions would otherwise be lost).
     const described = s.options.filter((o) => o.description);
     if (described.length > 0) {
         lines.push('');
         s.options.forEach((o, i) => {
-            lines.push(o.description ? `${i + 1}. ${o.label} — ${o.description}` : `${i + 1}. ${o.label}`);
+            const n = `<b>${i + 1}.</b>`;
+            lines.push(o.description
+                ? `${n} ${escapeHtml(o.label)} — <i>${escapeHtml(o.description)}</i>`
+                : `${n} ${escapeHtml(o.label)}`);
         });
     }
     if (s.multiSelect)
-        lines.push('', '(select one or more, then Submit)');
+        lines.push('', '<i>(select one or more, then Submit)</i>');
     return lines.join('\n');
 }
+/** v0.27.0 M3 — HTML-safe "you chose" confirmation shown after a tap. */
+function chosenText(s, chosen) {
+    return `❓ <b>${escapeHtml(s.header)}</b>\n${escapeHtml(s.question)}\n\n✓ You chose: <b>${escapeHtml(chosen)}</b>`;
+}
 /** Build the inline keyboard for a question. callback_data is
  *  `ccmirror:<CallbackMap id>` so the gateway routes taps to our handler. */
 function buildKeyboard(qid, s) {
@@ -216,7 +230,7 @@ export async function handleTap(ctx, api) {
     if (payload.kind === 'opt' && !s.multiSelect) {
         const label = s.options[payload.idx]?.label ?? '';
         await answerCb(ctx, `Selected: ${label}`);
-        await editQ(s, `❓ ${s.header}\n${s.question}\n\n✓ You chose: ${label}`);
+        await editQ(s, chosenText(s, label));
         injectAnswer(api, ctx, label);
         _questions.delete(payload.qid);
         return;
@@ -237,7 +251,7 @@ export async function handleTap(ctx, api) {
             return;
         }
         await answerCb(ctx, `Submitted ${labels.length}`);
-        await editQ(s, `❓ ${s.header}\n${s.question}\n\n✓ You chose: ${labels.join(', ')}`);
+        await editQ(s, chosenText(s, labels.join(', ')));
         injectAnswer(api, ctx, labels.join(', '));
         _questions.delete(payload.qid);
         return;

package/dist/src/channels/telegram-mirror/card-renderer.js

@@ -14,17 +14,11 @@
  * Tests live at tests/channels/telegram-mirror/m2-render-pipeline.test.ts.
  */
 import { renderStatusLine, renderMeters, renderTodos } from './status-line.js';
-import { escapeMarkdownV2 } from '../../lib/markdown-v2.js';
-import { markdownToMdv2 } from '../../lib/markdown-to-mdv2.js';
-/**
- * Wrap raw text in a Telegram MarkdownV2 inline code span. Inside a code span
- * only backtick and backslash need escaping (dots, hyphens, slashes render
- * literally) — which is exactly why monospace is ideal for file paths and shell
- * commands: no busy backslash-escaping, and they read like the CC terminal.
- */
-function code(s) {
-    return '`' + s.replace(/[`\\]/g, '\\$&') + '`';
-}
+import { escapeHtml, code, pre, markdownToHtml } from '../../lib/html-render.js';
+// v0.27.0 M1 — the card renders as Telegram HTML (parse_mode: 'HTML'), not
+// MarkdownV2. HTML only needs `& < >` escaped (no per-char backslash litter)
+// and supports <pre><code class="language-…"> + <blockquote> for true
+// CLI-fidelity. escapeHtml / code() / markdownToHtml come from lib/html-render.
 /** Last path segment (basename) — keeps tool lines short and CLI-like, e.g.
  *  "/home/a1/kris-kitchen/components/ShoppingList.tsx" → "ShoppingList.tsx". */
 function basename(p) {
@@ -73,6 +67,52 @@ function toolInputSummary(tc) {
     const collapsed = raw.replace(/\s+/g, ' ').trim();
     return collapsed.length > 48 ? collapsed.slice(0, 47) + '…' : collapsed;
 }
+/**
+ * v0.27.0 M2 — coerce a tool's RESULT payload to display text. Claude delivers
+ * tool_result content as a string OR an array of `{type:'text',text}` blocks
+ * (via the persistent-session user-message extraction). Returns trimmed text, or
+ * '' when there's nothing real to show (no-fake-data — never stringify objects).
+ */
+function toolResultText(tc) {
+    const r = tc.result;
+    if (r == null)
+        return '';
+    let s = '';
+    if (typeof r === 'string') {
+        s = r;
+    }
+    else if (Array.isArray(r)) {
+        s = r
+            .map((b) => {
+            if (typeof b === 'string')
+                return b;
+            if (b && typeof b === 'object' && typeof b.text === 'string') {
+                return b.text;
+            }
+            return '';
+        })
+            .join('');
+    }
+    return s.trim();
+}
+/**
+ * v0.27.0 M2 — truncate result text for the card: at most RESULT_MAX_LINES lines
+ * and RESULT_MAX_CHARS chars, with a trailing "…" when cut. Keeps the card
+ * readable (Telegram's 4096-char message cap) while still surfacing tool output
+ * the way the CLI shows it inline.
+ */
+const RESULT_MAX_LINES = 3;
+const RESULT_MAX_CHARS = 200;
+function truncateResult(s) {
+    const lines = s.split('\n');
+    let cut = lines.length > RESULT_MAX_LINES;
+    let out = lines.slice(0, RESULT_MAX_LINES).join('\n');
+    if (out.length > RESULT_MAX_CHARS) {
+        out = out.slice(0, RESULT_MAX_CHARS);
+        cut = true;
+    }
+    return cut ? out.replace(/\s+$/, '') + '\n…' : out;
+}
 /**
  * Format one tool-call line for inclusion in the rendered card body.
  *   "✓ Bash · ls -la"
@@ -112,9 +152,9 @@ export function toolIcon(name) {
 export function renderToolLine(tc) {
     const glyph = toolGlyph(tc);
     const icon = toolIcon(tc.name);
-    // Status glyph + emoji are MarkdownV2-safe; the tool name is escaped and the
-    // input detail rides in a monospace code span (v0.26.5 styling).
-    const name = escapeMarkdownV2(tc.name);
+    // Status glyph + emoji are HTML-safe; the tool name is HTML-escaped and the
+    // input detail rides in a <code> span (v0.27.0 M1 HTML styling).
+    const name = escapeHtml(tc.name);
     const summary = toolInputSummary(tc);
     return summary ? `${glyph} ${icon} ${name} · ${code(summary)}` : `${glyph} ${icon} ${name}`;
 }
@@ -128,11 +168,14 @@ export function renderThinkingBlock(thinkingText) {
     const trimmed = thinkingText.trim();
     if (trimmed.length === 0)
         return '';
-    // MarkdownV2 block quote: a leading ">" makes the line a quote; the line
-    // content is escaped so reasoning punctuation can't break the parse. The
-    // space after ">" is cosmetic (reads as an indented quote, terminal-style).
-    const lines = trimmed.split('\n').map((l) => `> ${escapeMarkdownV2(l)}`);
-    return ['💭 Thinking', ...lines].join('\n');
+    // v0.27.0 M1 — Telegram HTML <blockquote> renders the reasoning as a single
+    // indented quote (terminal-style), distinct from the assistant text. Content
+    // is HTML-escaped; newlines are preserved inside the blockquote.
+    const body = trimmed
+        .split('\n')
+        .map((l) => escapeHtml(l))
+        .join('\n');
+    return `💭 Thinking\n<blockquote>${body}</blockquote>`;
 }
 /**
  * Render the full turn into a Telegram-safe message body. The mirror keeps
@@ -164,29 +207,37 @@ export function renderTurn(turn, meta) {
     // handler calls setCardMeta(), the status line appears on the next repaint.
     if (meta) {
         const status = renderStatusLine(turn, meta);
-        // v0.26.5 — bold the status line (the card header). Escaped first so the
-        // model/version dots and brackets don't break the MarkdownV2 parse.
+        // v0.27.0 M1 — bold the status line (the card header) via HTML <b>. Content
+        // HTML-escaped first ( & < > only — model/version dots & brackets are safe).
         if (status)
-            lines.push('*' + escapeMarkdownV2(status) + '*');
+            lines.push(`<b>${escapeHtml(status)}</b>`);
         // v0.26.2 M2 — meter row (context % + quota % + reset). Same no-fake-data
-        // gating: omitted unless real values are present. Escaped (the bars/% are
-        // safe but the escape is harmless and keeps the line parse-proof).
+        // gating: omitted unless real values are present. HTML-escaped for safety.
         const meters = renderMeters(meta);
         if (meters)
-            lines.push(escapeMarkdownV2(meters));
+            lines.push(escapeHtml(meters));
         // v0.26.4 styling — divider between the status/telemetry block and the
         // activity block (only when a status block was actually rendered). The
-        // heavy-bar glyph is not a MarkdownV2 special, so it needs no escaping.
+        // heavy-bar glyph is not HTML-significant, so it needs no escaping.
         if (lines.length > 0)
             lines.push('━━━━━━━━━━━━');
     }
-    // Turn-status header. Kept plain (the glyph + word carry no MarkdownV2
-    // specials) so it reads cleanly above the tool stream, terminal-style.
-    const header = turn.state === 'done' ? '✓ Done' : '▶ Working';
+    // Turn-status header. v0.27.0 M4 — a failed turn shows "❌ <reason>" so it
+    // never dies as an eternal "…"; reason is HTML-escaped (it's an error message).
+    const header = turn.state === 'failed'
+        ? `❌ ${escapeHtml(turn.failReason ?? 'Turn failed')}`
+        : turn.state === 'done'
+            ? '✓ Done'
+            : '▶ Working';
     lines.push(header);
     if (turn.toolCalls.length > 0) {
         for (const tc of turn.toolCalls) {
             lines.push(renderToolLine(tc));
+            // v0.27.0 M2 — surface the tool's RESULT as a truncated <pre><code> block
+            // under its line (CLI-style inline output), when there's real text.
+            const resultText = toolResultText(tc);
+            if (resultText)
+                lines.push(pre(truncateResult(resultText)));
         }
     }
     // v0.26.2 M4 — todo checklist (real data from the agent's TodoWrite calls).
@@ -195,7 +246,7 @@ export function renderTurn(turn, meta) {
     const todoBlock = renderTodos(meta);
     if (todoBlock) {
         lines.push('');
-        lines.push(escapeMarkdownV2(todoBlock));
+        lines.push(escapeHtml(todoBlock));
     }
     // Defensive default — Turn.thinkingText is required by the interface, but
     // some test helpers and pre-M6 fixtures construct Turn-shaped objects
@@ -208,11 +259,10 @@ export function renderTurn(turn, meta) {
     const text = turn.assistantText.trim();
     if (text.length > 0) {
         lines.push('');
-        // v0.26.5 — render the model's markdown as Telegram MarkdownV2 with
-        // structure preserved (**bold**→*bold*, `code`, fences) instead of dumping
-        // raw text whose unescaped specials forced the whole card to the plain-text
-        // fallback. markdownToMdv2 escapes all remaining content per the MDV2 spec.
-        lines.push(markdownToMdv2(text));
+        // v0.27.0 M1 — render the model's markdown as Telegram HTML with structure
+        // preserved (**bold**→<b>, `code`→<code>, ```bash fences→<pre><code
+        // class="language-bash">). HTML-escapes all remaining content (& < >).
+        lines.push(markdownToHtml(text));
     }
     return lines.join('\n');
 }

package/dist/src/channels/telegram-mirror/state-machine.d.ts

@@ -38,7 +38,7 @@ export interface StreamEvent {
     error?: unknown;
     result?: string;
 }
-export type TurnState = 'working' | 'done';
+export type TurnState = 'working' | 'done' | 'failed';
 export interface ToolCallRecord {
     /** Tool name (e.g. "Bash", "Read", "Edit"). */
     name: string;
@@ -58,8 +58,11 @@ export interface Turn {
     state: TurnState;
     /** Monotonic timestamp (Date.now()) when the turn started. */
     startedAt: number;
-    /** Set when the turn transitions to 'done'. */
+    /** Set when the turn transitions to 'done' or 'failed'. */
     endedAt?: number;
+    /** Set when the turn transitions to 'failed' (M4) — a short failure reason
+     *  surfaced on the card so a turn never dies as an eternal "…". */
+    failReason?: string;
     /** Tool calls observed during the turn, in arrival order. */
     toolCalls: ToolCallRecord[];
     /** Accumulated assistant text (concatenation of text events). */
@@ -90,6 +93,13 @@ export declare class TurnStateMachine {
      * endedAt. Returns the finalized turn, or undefined if no turn was active.
      */
     end(chatId: string, now?: number): Turn | undefined;
+    /**
+     * Fail the active turn for chatId (M4). Transitions state to 'failed', stamps
+     * endedAt, and records a short reason so renderTurn can show "❌ <reason>"
+     * instead of leaving the card frozen at "…". Returns the failed turn, or
+     * undefined if no turn was active.
+     */
+    fail(chatId: string, reason: string, now?: number): Turn | undefined;
     /**
      * Returns the active or most-recently-ended turn for chatId.
      */

package/dist/src/channels/telegram-mirror/state-machine.js

@@ -120,6 +120,21 @@ export class TurnStateMachine {
         turn.endedAt = now;
         return turn;
     }
+    /**
+     * Fail the active turn for chatId (M4). Transitions state to 'failed', stamps
+     * endedAt, and records a short reason so renderTurn can show "❌ <reason>"
+     * instead of leaving the card frozen at "…". Returns the failed turn, or
+     * undefined if no turn was active.
+     */
+    fail(chatId, reason, now = Date.now()) {
+        const turn = this.turns.get(chatId);
+        if (!turn)
+            return undefined;
+        turn.state = 'failed';
+        turn.failReason = reason;
+        turn.endedAt = now;
+        return turn;
+    }
     /**
      * Returns the active or most-recently-ended turn for chatId.
      */

package/dist/src/channels/telegram-mirror/turn-bridge.d.ts

@@ -80,6 +80,23 @@ export declare function pushAssistantText(text: string): void;
  * finalizes ALL active cards (one at a time in practice).
  */
 export declare function finalizeActiveCards(): Promise<void>;
+/**
+ * Map a caught error to a short, user-readable card reason (v0.27.0 M4). Keeps
+ * the "❌ <reason>" header concise and classifies the common cc-openclaw-side
+ * failures (its own watchdog kill / dead subprocess / timeout) rather than
+ * dumping a raw stack.
+ */
+export declare function classifyFailure(err: unknown): string;
+/**
+ * Fail every active card (v0.27.0 M4). Called from the openai-compat handlers'
+ * catch path when cc-openclaw's OWN turn errors — its subprocess died, its
+ * stalled-session watchdog SIGTERMed it, or the model call threw/timed out. The
+ * card flips to "❌ <reason>" instead of being left as an eternal "…" (or worse,
+ * finalized to a misleading "✓ Done"). Scoped to cc-openclaw's own vantage; the
+ * gateway's recovery=none stalls that never throw here are out of M4's reach.
+ * Best-effort: a fail-render failure must not mask the original error.
+ */
+export declare function failActiveCards(reason: string): Promise<void>;
 /**
  * Test-only — reset module-level repaint state. Card state lives in
  * card-state.ts so import that and clear directly if your test needs it.

package/dist/src/channels/telegram-mirror/turn-bridge.js

@@ -274,6 +274,55 @@ export async function finalizeActiveCards() {
         cardState.delete(chatId);
     }
 }
+/**
+ * Map a caught error to a short, user-readable card reason (v0.27.0 M4). Keeps
+ * the "❌ <reason>" header concise and classifies the common cc-openclaw-side
+ * failures (its own watchdog kill / dead subprocess / timeout) rather than
+ * dumping a raw stack.
+ */
+export function classifyFailure(err) {
+    const msg = (err instanceof Error ? err.message : String(err ?? '')) || 'unknown error';
+    if (/timed out|timeout/i.test(msg))
+        return 'Turn timed out';
+    if (/not ready|closed|exited|spawn|ENOENT|killed|SIGTERM|stalled/i.test(msg))
+        return 'Subprocess died';
+    return `Turn failed: ${msg.slice(0, 60)}`;
+}
+/**
+ * Fail every active card (v0.27.0 M4). Called from the openai-compat handlers'
+ * catch path when cc-openclaw's OWN turn errors — its subprocess died, its
+ * stalled-session watchdog SIGTERMed it, or the model call threw/timed out. The
+ * card flips to "❌ <reason>" instead of being left as an eternal "…" (or worse,
+ * finalized to a misleading "✓ Done"). Scoped to cc-openclaw's own vantage; the
+ * gateway's recovery=none stalls that never throw here are out of M4's reach.
+ * Best-effort: a fail-render failure must not mask the original error.
+ */
+export async function failActiveCards(reason) {
+    const chats = activeChatIds();
+    if (chats.length === 0)
+        return;
+    logPush('failActiveCards', chats.length, ` reason=${reason}`);
+    for (const chatId of chats) {
+        const card = cardState.get(chatId);
+        if (!card)
+            continue;
+        card.sm.fail(chatId, reason);
+        const turn = card.sm.getTurn(chatId);
+        if (turn) {
+            turn.assistantText = '';
+            try {
+                await editTg(chatId, card.messageId, renderTurn(turn, card.meta));
+            }
+            catch (err) {
+                const m = err.message;
+                if (!/message is not modified/i.test(m)) {
+                    process.stderr.write(`[cc-openclaw/turn-bridge] fail edit failed chat=${chatId}: ${m}\n`);
+                }
+            }
+        }
+        cardState.delete(chatId);
+    }
+}
 /**
  * Test-only — reset module-level repaint state. Card state lives in
  * card-state.ts so import that and clear directly if your test needs it.

package/dist/src/lib/html-render.d.ts

@@ -0,0 +1,43 @@
+/**
+ * html-render — Telegram HTML parse_mode rendering (v0.27.0 M1).
+ *
+ * The CLI-fidelity rendering engine. Chosen over MarkdownV2 because Telegram's
+ * HTML mode only requires escaping `& < >` (no "every . - ! must be backslashed"
+ * fragility), and it supports `<pre><code class="language-bash">…</code></pre>` —
+ * labeled, monospaced code blocks that mirror the terminal — plus `<blockquote>`
+ * and `<tg-spoiler>`.
+ *
+ * Companion to markdown-v2.ts / markdown-to-mdv2.ts (the prior engine). This
+ * module is the HTML path the card-renderer + telegram-bot-api now use.
+ *
+ * Telegram-supported tags (Bot API): b/strong, i/em, u, s, a, code, pre,
+ * pre+code[class=language-X], blockquote, tg-spoiler. Everything else in text
+ * content must have &, <, > escaped.
+ */
+/** Escape the three HTML-significant chars for Telegram HTML text content. */
+export declare function escapeHtml(text: string | null | undefined): string;
+/** Inline monospace span: `<code>escaped</code>`. */
+export declare function code(s: string): string;
+/**
+ * Fenced code block: `<pre><code class="language-LANG">escaped</code></pre>`.
+ * Omits the class when no language is given. Body is HTML-escaped (the only
+ * escaping Telegram requires inside pre/code).
+ */
+export declare function pre(body: string, lang?: string): string;
+/**
+ * Convert a subset of CommonMark Markdown to Telegram HTML with structure
+ * preserved (`**bold**`→`<b>`, fenced blocks→`<pre><code>`, etc.). Returns ''
+ * for null/undefined.
+ *
+ * Algorithm (placeholder substitution, NUL-sentinel keyed — mirrors
+ * markdown-to-mdv2.ts so behaviour is auditable side-by-side):
+ *   1. code fences  → <pre><code [class]>…</code></pre>
+ *   2. inline code  → <code>…</code>
+ *   3. bold (**…**) → <b>…</b>
+ *   4. italic (*…* / _…_) → <i>…</i>
+ *   5. ATX headers (#…) at line start → <b>…</b>
+ *   6. links [label](url) → <a href="url">label</a>
+ *   7. escape remaining text (& < >)
+ *   8. restore placeholders verbatim
+ */
+export declare function markdownToHtml(input: string | null | undefined): string;

package/dist/src/lib/html-render.js

@@ -0,0 +1,110 @@
+/**
+ * html-render — Telegram HTML parse_mode rendering (v0.27.0 M1).
+ *
+ * The CLI-fidelity rendering engine. Chosen over MarkdownV2 because Telegram's
+ * HTML mode only requires escaping `& < >` (no "every . - ! must be backslashed"
+ * fragility), and it supports `<pre><code class="language-bash">…</code></pre>` —
+ * labeled, monospaced code blocks that mirror the terminal — plus `<blockquote>`
+ * and `<tg-spoiler>`.
+ *
+ * Companion to markdown-v2.ts / markdown-to-mdv2.ts (the prior engine). This
+ * module is the HTML path the card-renderer + telegram-bot-api now use.
+ *
+ * Telegram-supported tags (Bot API): b/strong, i/em, u, s, a, code, pre,
+ * pre+code[class=language-X], blockquote, tg-spoiler. Everything else in text
+ * content must have &, <, > escaped.
+ */
+/** Escape the three HTML-significant chars for Telegram HTML text content. */
+export function escapeHtml(text) {
+    if (text == null)
+        return '';
+    return String(text)
+        .replace(/&/g, '&amp;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;');
+}
+/** Inline monospace span: `<code>escaped</code>`. */
+export function code(s) {
+    return `<code>${escapeHtml(s)}</code>`;
+}
+/**
+ * Fenced code block: `<pre><code class="language-LANG">escaped</code></pre>`.
+ * Omits the class when no language is given. Body is HTML-escaped (the only
+ * escaping Telegram requires inside pre/code).
+ */
+export function pre(body, lang) {
+    const cls = lang ? ` class="language-${escapeHtml(lang)}"` : '';
+    return `<pre><code${cls}>${escapeHtml(body)}</code></pre>`;
+}
+/**
+ * Convert a subset of CommonMark Markdown to Telegram HTML with structure
+ * preserved (`**bold**`→`<b>`, fenced blocks→`<pre><code>`, etc.). Returns ''
+ * for null/undefined.
+ *
+ * Algorithm (placeholder substitution, NUL-sentinel keyed — mirrors
+ * markdown-to-mdv2.ts so behaviour is auditable side-by-side):
+ *   1. code fences  → <pre><code [class]>…</code></pre>
+ *   2. inline code  → <code>…</code>
+ *   3. bold (**…**) → <b>…</b>
+ *   4. italic (*…* / _…_) → <i>…</i>
+ *   5. ATX headers (#…) at line start → <b>…</b>
+ *   6. links [label](url) → <a href="url">label</a>
+ *   7. escape remaining text (& < >)
+ *   8. restore placeholders verbatim
+ */
+export function markdownToHtml(input) {
+    if (input == null)
+        return '';
+    let text = String(input);
+    const codeBlocks = [];
+    text = text.replace(/```([a-zA-Z0-9_+\-]*)\n?([\s\S]*?)```/g, (_m, lang, body) => {
+        const idx = codeBlocks.length;
+        codeBlocks.push(pre(body.replace(/\n$/, ''), lang || undefined));
+        return `\x00CODEBLOCK${idx}\x00`;
+    });
+    const inlineCodes = [];
+    text = text.replace(/`([^`\n]+)`/g, (_m, body) => {
+        const idx = inlineCodes.length;
+        inlineCodes.push(code(body));
+        return `\x00INLINECODE${idx}\x00`;
+    });
+    const bolds = [];
+    text = text.replace(/\*\*([^*\n]+)\*\*/g, (_m, body) => {
+        const idx = bolds.length;
+        bolds.push(`<b>${escapeHtml(body)}</b>`);
+        return `\x00BOLD${idx}\x00`;
+    });
+    const italics = [];
+    text = text.replace(/(?<![\w*])\*([^*\n]+)\*(?!\w)/g, (_m, body) => {
+        const idx = italics.length;
+        italics.push(`<i>${escapeHtml(body)}</i>`);
+        return `\x00ITALIC${idx}\x00`;
+    });
+    text = text.replace(/(?<![\w_])_([^_\n]+)_(?!\w)/g, (_m, body) => {
+        const idx = italics.length;
+        italics.push(`<i>${escapeHtml(body)}</i>`);
+        return `\x00ITALIC${idx}\x00`;
+    });
+    const headers = [];
+    text = text.replace(/^(#{1,6})\s+(.+?)\s*#*\s*$/gm, (_m, _hashes, body) => {
+        const idx = headers.length;
+        headers.push(`<b>${escapeHtml(body)}</b>`);
+        return `\x00HEADER${idx}\x00`;
+    });
+    const links = [];
+    text = text.replace(/\[([^\]\n]+)\]\(([^)\s]+)\)/g, (_m, label, url) => {
+        const idx = links.length;
+        // Attribute value: escape & < > and the double-quote that would close it.
+        const safeUrl = escapeHtml(url).replace(/"/g, '&quot;');
+        links.push(`<a href="${safeUrl}">${escapeHtml(label)}</a>`);
+        return `\x00LINK${idx}\x00`;
+    });
+    text = escapeHtml(text);
+    text = text.replace(/\x00CODEBLOCK(\d+)\x00/g, (_m, idx) => codeBlocks[Number(idx)]);
+    text = text.replace(/\x00INLINECODE(\d+)\x00/g, (_m, idx) => inlineCodes[Number(idx)]);
+    text = text.replace(/\x00BOLD(\d+)\x00/g, (_m, idx) => bolds[Number(idx)]);
+    text = text.replace(/\x00ITALIC(\d+)\x00/g, (_m, idx) => italics[Number(idx)]);
+    text = text.replace(/\x00HEADER(\d+)\x00/g, (_m, idx) => headers[Number(idx)]);
+    text = text.replace(/\x00LINK(\d+)\x00/g, (_m, idx) => links[Number(idx)]);
+    return text;
+}

package/dist/src/lib/telegram-bot-api.js

@@ -152,7 +152,7 @@ export async function sendTg(chatId, text, threadId, replyMarkup, replyToMessage
             base.reply_markup = replyMarkup;
         if (replyToMessageId)
             base.reply_to_message_id = Number(replyToMessageId);
-        const res = await telegramApi('sendMessage', { ...base, text, parse_mode: 'MarkdownV2' });
+        const res = await telegramApi('sendMessage', { ...base, text, parse_mode: 'HTML' });
         if (res.ok)
             return res;
         return telegramApi('sendMessage', { ...base, text: text || 'Session update' });
@@ -171,7 +171,7 @@ export async function editTg(chatId, messageId, text, replyMarkup) {
             chat_id: chatId,
             message_id: messageId,
             text,
-            parse_mode: 'MarkdownV2',
+            parse_mode: 'HTML',
             disable_web_page_preview: true,
         };
         if (replyMarkup)

package/dist/src/openai-compat/non-streaming-handler.js

@@ -27,7 +27,7 @@ import { getSurfaceThinkingEnabled, getTtsAutoMode } from '../lib/config.js';
 import { emit as emitTrajectory, emitTurnTrace } from '../lib/trajectory.js';
 import { formatError, ERROR_CODES } from '../lib/error-formatter.js';
 import { applyVoiceRecovery, _logVoiceDebug, detectVoiceIntent, hasTtsMarkers } from './voice-recovery.js';
-import { pushToolUse as mirrorPushToolUse, pushToolResult as mirrorPushToolResult, pushAssistantText as mirrorPushAssistantText, finalizeActiveCards as mirrorFinalizeActiveCards, setCardMeta as mirrorSetCardMeta, readQuotaMeta as mirrorReadQuotaMeta, } from '../channels/telegram-mirror/turn-bridge.js';
+import { pushToolUse as mirrorPushToolUse, pushToolResult as mirrorPushToolResult, pushAssistantText as mirrorPushAssistantText, finalizeActiveCards as mirrorFinalizeActiveCards, failActiveCards as mirrorFailActiveCards, classifyFailure, setCardMeta as mirrorSetCardMeta, readQuotaMeta as mirrorReadQuotaMeta, } from '../channels/telegram-mirror/turn-bridge.js';
 import { cardStateDebug as mirrorCardStateDebug } from '../channels/telegram-mirror/card-state.js';
 /** Coerce a userMessage (string | UserMessageBlock[]) to a flat string
  *  for voice-intent detection. Tool-result blocks aren't user prompts. */
@@ -201,6 +201,14 @@ slashCommand) {
     }
     catch (err) {
         reportStatus('idle', 'Request failed');
+        // v0.27.0 M4 — surface the failure on the Telegram card (❌ <reason>) so a
+        // cc-openclaw-side error never leaves the card frozen at "…". Best-effort.
+        try {
+            await mirrorFailActiveCards(classifyFailure(err));
+        }
+        catch {
+            /* card fail is cosmetic */
+        }
         // v0.4.3: route through formatError for errors_total + trajectory error.
         formatError(err, { code: ERROR_CODES.SESSION_ERROR, sessionId: sessionName, details: { phase: 'handleNonStreaming' } });
         res.writeHead(500, { 'Content-Type': 'application/json' });

package/dist/src/openai-compat/streaming-handler.js

@@ -43,7 +43,7 @@ import { emit as emitTrajectory, emitTurnTrace } from '../lib/trajectory.js';
 import { formatError, ERROR_CODES } from '../lib/error-formatter.js';
 import { getSurfaceThinkingEnabled, getTtsAutoMode } from '../lib/config.js';
 import { applyVoiceRecovery, detectVoiceIntent, hasTtsMarkers, _logVoiceDebug } from './voice-recovery.js';
-import { pushToolUse as mirrorPushToolUse, pushToolResult as mirrorPushToolResult, pushAssistantText as mirrorPushAssistantText, finalizeActiveCards as mirrorFinalizeActiveCards, setCardMeta as mirrorSetCardMeta, readQuotaMeta as mirrorReadQuotaMeta, } from '../channels/telegram-mirror/turn-bridge.js';
+import { pushToolUse as mirrorPushToolUse, pushToolResult as mirrorPushToolResult, pushAssistantText as mirrorPushAssistantText, finalizeActiveCards as mirrorFinalizeActiveCards, failActiveCards as mirrorFailActiveCards, classifyFailure, setCardMeta as mirrorSetCardMeta, readQuotaMeta as mirrorReadQuotaMeta, } from '../channels/telegram-mirror/turn-bridge.js';
 import { cardStateDebug as mirrorCardStateDebug } from '../channels/telegram-mirror/card-state.js';
 import { writePerfEvent } from '../observability/perf-telemetry.js';
 /** Coerce a userMessage (string | UserMessageBlock[]) to a flat string
@@ -532,6 +532,15 @@ slashCommand) {
     }
     catch (err) {
         reportStatus('idle', 'Request failed');
+        // v0.27.0 M4 — surface the failure on the Telegram card (❌ <reason>) so a
+        // cc-openclaw-side error never leaves the card frozen at "…" or finalized to
+        // a misleading "✓ Done". Best-effort; never mask the original error.
+        try {
+            await mirrorFailActiveCards(classifyFailure(err));
+        }
+        catch {
+            /* card fail is cosmetic */
+        }
         // v0.4.3: route through formatError for errors_total + trajectory error.
         formatError(err, { code: ERROR_CODES.SESSION_ERROR, sessionId: sessionName, details: { phase: 'handleStreaming' } });
         writeSSE(JSON.stringify({ error: { message: err.message, type: 'server_error' } }));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@a1hvdy/cc-openclaw",
-  "version": "0.26.6",
+  "version": "0.27.0",
   "description": "A1xAI's Anthropic CLI bridge plugin for OpenClaw",
   "author": "@a1cy",
   "license": "MIT",