@a1hvdy/cc-openclaw 0.27.1 → 0.27.4

package/dist/src/lib/telegram-bot-api.js

@@ -27,6 +27,10 @@ import { request as httpsRequest } from 'node:https';
 import { readFileSync } from 'node:fs';
 import { homedir } from 'node:os';
 import { join } from 'node:path';
+import { randomBytes } from 'node:crypto';
+import { stripHtml } from './html-render.js';
+/** Telegram's hard per-message character cap. */
+const TG_MAX_CHARS = 4096;
 export const OPENCLAW_CONFIG_PATH = join(homedir(), '.openclaw', 'openclaw.json');
 const PLUGIN_TAG = '[cc-openclaw/telegram-bot-api]';
 // ─── Bot token state ───────────────────────────────────────────────────────
@@ -138,32 +142,96 @@ export function telegramApi(method, params) {
     });
 }
 /**
- * sendMessage with MarkdownV2 first + plain-text fallback. The fallback
- * is the v0.20.1 fix: prior implementation stripped punctuation on
- * MarkdownV2 parse errors; current behaviour retries with parse_mode
- * omitted so all content survives.
+ * v0.27.4 M6 — CLI-parity gap #8: split a message that exceeds Telegram's 4096
+ * char cap into ≤max-char chunks so long cc-openclaw-originated content sends as
+ * sequential messages instead of being rejected outright. Splits on newline
+ * boundaries (never mid-line) so HTML constructs mostly stay intact; a single
+ * line longer than max is hard-split. Returns [text] unchanged when ≤max (the
+ * common path — no behavior change for normal messages).
+ *
+ * Scope note: this covers cc-openclaw's OWN sends (slash/error responses). The
+ * live card is one edited message (truncated by design) and the model's final
+ * answer is delivered by the OpenClaw gateway — neither flows through here.
+ */
+export function splitForTelegram(text, max = TG_MAX_CHARS) {
+    if (text.length <= max)
+        return [text];
+    const chunks = [];
+    let current = '';
+    for (const line of text.split('\n')) {
+        if (line.length > max) {
+            if (current) {
+                chunks.push(current);
+                current = '';
+            }
+            for (let i = 0; i < line.length; i += max)
+                chunks.push(line.slice(i, i + max));
+            continue;
+        }
+        const candidate = current ? `${current}\n${line}` : line;
+        if (candidate.length > max) {
+            if (current)
+                chunks.push(current);
+            current = line;
+        }
+        else {
+            current = candidate;
+        }
+    }
+    if (current)
+        chunks.push(current);
+    return chunks;
+}
+/**
+ * sendMessage with HTML parse_mode first + plain-text fallback. The fallback
+ * is the v0.20.1 fix: prior implementation stripped punctuation on parse
+ * errors; current behaviour retries with parse_mode omitted so all content
+ * survives. (v0.27.0 switched the live mirror MarkdownV2 → HTML; v0.27.3
+ * converted the last MarkdownV2 emitter, error-formatter, so the whole
+ * Telegram surface is now one HTML render path.) v0.27.4 M6 — auto-chunks
+ * over-cap text and the plain fallback now strips HTML (was: re-sent raw tags).
  */
 export async function sendTg(chatId, text, threadId, replyMarkup, replyToMessageId) {
     try {
         const base = { chat_id: chatId, disable_web_page_preview: true };
         if (threadId)
             base.message_thread_id = Number(threadId);
-        if (replyMarkup)
-            base.reply_markup = replyMarkup;
         if (replyToMessageId)
             base.reply_to_message_id = Number(replyToMessageId);
-        const res = await telegramApi('sendMessage', { ...base, text, parse_mode: 'HTML' });
-        if (res.ok)
-            return res;
-        return telegramApi('sendMessage', { ...base, text: text || 'Session update' });
+        // Send one body with HTML first, then a stripped plain-text fallback so a
+        // chunk that split an HTML tag still lands legibly (mirrors editTg v0.27.3).
+        const sendOne = async (body, markup) => {
+            const params = { ...base, text: body, parse_mode: 'HTML' };
+            if (markup)
+                params.reply_markup = markup;
+            const res = await telegramApi('sendMessage', params);
+            if (res.ok)
+                return res;
+            const fb = { ...base, text: stripHtml(body) || 'Session update' };
+            if (markup)
+                fb.reply_markup = markup;
+            return telegramApi('sendMessage', fb);
+        };
+        if (text.length > TG_MAX_CHARS) {
+            const chunks = splitForTelegram(text, TG_MAX_CHARS);
+            let first = { ok: false };
+            for (let i = 0; i < chunks.length; i++) {
+                // Keyboard rides only the LAST chunk (actions belong with the tail).
+                const res = await sendOne(chunks[i], i === chunks.length - 1 ? replyMarkup : undefined);
+                if (i === 0)
+                    first = res;
+            }
+            return first;
+        }
+        return await sendOne(text, replyMarkup);
     }
     catch {
         return { ok: false };
     }
 }
 /**
- * editMessageText with MarkdownV2-first + 429 retry-after handling +
- * plain-text fallback.
+ * editMessageText with HTML parse_mode + 429 retry-after handling +
+ * plain-text fallback (v0.27.3 stripHtml fallback on rejection).
  */
 export async function editTg(chatId, messageId, text, replyMarkup) {
     try {
@@ -187,16 +255,115 @@ export async function editTg(chatId, messageId, text, replyMarkup) {
         }
         if (res.ok)
             return res;
+        // v0.27.3 — the HTML edit was rejected (commonly "can't parse
+        // entities" or "message is too long"). Re-sending the SAME string without
+        // parse_mode would dump literal <b>/<pre> tags into the chat AND, if the
+        // reason was length, fail identically. Strip the markup back to plain text
+        // and hard-truncate to Telegram's cap so the fallback can actually land.
+        // Log the original failure so a broken live card is never silent again
+        // (the prior swallow is exactly why the 4096-overflow regression hid).
+        process.stderr.write(`[cc-openclaw/telegram-bot-api] editTg HTML edit rejected (len=${text.length}) ` +
+            `code=${res.error_code ?? '?'} desc=${JSON.stringify(res.description ?? '')} — plain-text fallback\n`);
+        let plain = stripHtml(text) || 'Session update';
+        if (plain.length > TG_MAX_CHARS)
+            plain = plain.slice(0, TG_MAX_CHARS - 1) + '…';
         const fallback = {
             chat_id: chatId,
             message_id: messageId,
-            text: text || 'Session update',
+            text: plain,
             disable_web_page_preview: true,
         };
         if (replyMarkup)
             fallback.reply_markup = replyMarkup;
         return telegramApi('editMessageText', fallback);
     }
+    catch (err) {
+        process.stderr.write(`[cc-openclaw/telegram-bot-api] editTg threw: ${err.message}\n`);
+        return { ok: false };
+    }
+}
+/**
+ * Build a multipart/form-data body for sendDocument. PURE — no I/O — so the
+ * encoding (the R-3 risk) is unit-testable without a network round-trip.
+ *
+ * The document is sent as an inline InputFile (Content-Type text/markdown). The
+ * boundary MUST NOT appear in any field value or the file content; callers use a
+ * random 16-byte boundary (sendDocumentTg) so collision is astronomically
+ * unlikely against Markdown plan bodies.
+ */
+export function buildDocumentMultipart(opts) {
+    const { boundary } = opts;
+    const parts = [];
+    const textField = (name, value) => {
+        parts.push(Buffer.from(`--${boundary}\r\nContent-Disposition: form-data; name="${name}"\r\n\r\n${value}\r\n`, 'utf8'));
+    };
+    textField('chat_id', String(opts.chatId));
+    if (opts.caption)
+        textField('caption', opts.caption);
+    if (opts.parseMode)
+        textField('parse_mode', opts.parseMode);
+    if (opts.threadId !== undefined)
+        textField('message_thread_id', String(opts.threadId));
+    if (opts.replyMarkup)
+        textField('reply_markup', JSON.stringify(opts.replyMarkup));
+    // The document file part — header, then raw content, then CRLF.
+    parts.push(Buffer.from(`--${boundary}\r\nContent-Disposition: form-data; name="document"; filename="${opts.filename}"\r\nContent-Type: text/markdown\r\n\r\n`, 'utf8'));
+    parts.push(Buffer.from(opts.content, 'utf8'));
+    parts.push(Buffer.from(`\r\n--${boundary}--\r\n`, 'utf8'));
+    return Buffer.concat(parts);
+}
+/** Low-level multipart POST. Mirrors `telegramApi` but sets a multipart
+ *  Content-Type + a Buffer body. */
+function telegramApiMultipart(method, boundary, body) {
+    return new Promise((resolve, reject) => {
+        const options = {
+            hostname: 'api.telegram.org',
+            path: `/bot${_botToken}/${method}`,
+            method: 'POST',
+            headers: {
+                'Content-Type': `multipart/form-data; boundary=${boundary}`,
+                'Content-Length': body.length,
+            },
+        };
+        const req = httpsRequest(options, (res) => {
+            let data = '';
+            res.on('data', (chunk) => (data += chunk));
+            res.on('end', () => {
+                try {
+                    resolve(JSON.parse(data));
+                }
+                catch {
+                    resolve({ ok: false, description: 'JSON parse error' });
+                }
+            });
+        });
+        req.on('error', (err) => reject(err));
+        req.setTimeout(15_000, () => {
+            req.destroy(new Error('Telegram API timeout'));
+        });
+        req.write(body);
+        req.end();
+    });
+}
+/**
+ * Upload a text document (e.g. a plan .md) to a chat via sendDocument. Returns
+ * the API response, or {ok:false} on network/encoding failure (never throws).
+ */
+export async function sendDocumentTg(chatId, filename, content, opts = {}) {
+    try {
+        const boundary = `----ccopenclaw${randomBytes(16).toString('hex')}`;
+        const body = buildDocumentMultipart({
+            boundary,
+            chatId,
+            filename,
+            content,
+            caption: opts.caption,
+            parseMode: opts.parseMode,
+            threadId: opts.threadId,
+            replyMarkup: opts.replyMarkup,
+        });
+        return await telegramApiMultipart('sendDocument', boundary, body);
+    }
     catch {
         return { ok: false };
     }

package/dist/src/openai-compat/message-extractor.js

@@ -32,6 +32,7 @@ import { serializeToolResults, serializeToolResultsAsBlocks, } from './tool-resu
 import { isToolStreamMode } from './mode-flags.js';
 import { detectSlashCommand, maybeInlineSkill } from './skill-resolver.js';
 import { isOpenaiCompatNewConvoHeuristic } from '../lib/config.js';
+import { probeMultimodalContent } from '../lib/probes.js';
 /**
  * Extract the relevant parts from an OpenAI messages array.
  *
@@ -59,6 +60,9 @@ export function extractUserMessage(messages, headers) {
     if (!messages || messages.length === 0) {
         throw new Error('messages array is empty');
     }
+    // P0-C openai-body probe (observe-only, gated): does an image block survive to
+    // the request body before textOf() below strips non-text parts? See lib/probes.ts.
+    probeMultimodalContent(messages);
     // Normalize content from any message: OpenAI API allows content as a string
     // OR an array of content parts (e.g. multimodal messages with text + images).
     // We need a string for the CLI, so arrays are joined.

package/dist/src/openai-compat/openai-compat.js

@@ -10,7 +10,7 @@ import * as path from 'node:path';
 import * as os from 'node:os';
 import { randomUUID } from 'node:crypto';
 import { resolveEngineAndModel } from '../models.js';
-import { OPENAI_COMPAT_DEFAULT_MODEL, OPENAI_COMPAT_AUTO_COMPACT_THRESHOLD, } from '../constants.js';
+import { OPENAI_COMPAT_DEFAULT_MODEL, OPENAI_COMPAT_AUTO_COMPACT_THRESHOLD, RESUME_FRESHNESS_MS, } from '../constants.js';
 import { isToolsPerMessageModeEnabled, isToolStreamMode } from './mode-flags.js';
 import { resolveSessionKey, sessionNameFromKey } from './session-key-resolver.js';
 import { buildSessionSystemPrompt, buildToolPromptBlock } from './prompts.js';
@@ -272,6 +272,17 @@ export async function handleChatCompletion(manager, body, headers, res) {
             // Note: noSessionPersistence (--no-session-persistence) is NOT set
             // because some CLI forks don't support this flag.
             skipPersistence: true,
+            // v0.27.4 (M4/M6): opt this session into freshness-windowed --resume so a
+            // gateway restart or stalled-session watchdog SIGTERM doesn't wipe the
+            // conversation. Persists the claudeSessionId (despite skipPersistence) and
+            // the next turn for this chat resumes it iff it was active within the
+            // window — older sessions still start fresh (anti-stale). Env override
+            // CC_OPENCLAW_RESUME_FRESHNESS_MS; default RESUME_FRESHNESS_MS (30 min).
+            resumeFreshnessMs: (() => {
+                const v = process.env.CC_OPENCLAW_RESUME_FRESHNESS_MS;
+                const n = v !== undefined ? parseInt(v, 10) : NaN;
+                return Number.isFinite(n) && n > 0 ? n : RESUME_FRESHNESS_MS;
+            })(),
             // v0.7.4 EMERGENCY RESTORE: re-enable --include-partial-messages for
             // openai-compat sessions. v0.6.0 made this opt-in (default OFF) for
             // a 10-100× JSON overhead drop, but the engine never grew the

package/dist/src/openai-compat/streaming-handler.js

@@ -43,7 +43,7 @@ import { emit as emitTrajectory, emitTurnTrace } from '../lib/trajectory.js';
 import { formatError, ERROR_CODES } from '../lib/error-formatter.js';
 import { getSurfaceThinkingEnabled, getTtsAutoMode } from '../lib/config.js';
 import { applyVoiceRecovery, detectVoiceIntent, hasTtsMarkers, _logVoiceDebug } from './voice-recovery.js';
-import { pushToolUse as mirrorPushToolUse, pushToolResult as mirrorPushToolResult, pushAssistantText as mirrorPushAssistantText, finalizeActiveCards as mirrorFinalizeActiveCards, failActiveCards as mirrorFailActiveCards, classifyFailure, setCardMeta as mirrorSetCardMeta, readQuotaMeta as mirrorReadQuotaMeta, } from '../channels/telegram-mirror/turn-bridge.js';
+import { pushToolUse as mirrorPushToolUse, pushToolResult as mirrorPushToolResult, pushAssistantText as mirrorPushAssistantText, pushThinking as mirrorPushThinking, finalizeActiveCards as mirrorFinalizeActiveCards, failActiveCards as mirrorFailActiveCards, classifyFailure, setCardMeta as mirrorSetCardMeta, readQuotaMeta as mirrorReadQuotaMeta, } from '../channels/telegram-mirror/turn-bridge.js';
 import { cardStateDebug as mirrorCardStateDebug } from '../channels/telegram-mirror/card-state.js';
 import { writePerfEvent } from '../observability/perf-telemetry.js';
 /** Coerce a userMessage (string | UserMessageBlock[]) to a flat string
@@ -327,6 +327,12 @@ slashCommand) {
                     if (!text)
                         return;
                     thinkingBuffer += text;
+                    // v0.27.4 M1 — surface thinking on the live Telegram card too (gap
+                    // #1). Pass the cumulative buffer; pushThinking overwrites
+                    // turn.thinkingText so the 💭 block grows in place. Same surfacing
+                    // gate as the SSE reasoning emit below (this callback only exists
+                    // when surfaceThinking is on).
+                    mirrorPushThinking(thinkingBuffer);
                     const chunk = {
                         id: completionId,
                         object: 'chat.completion.chunk',

package/dist/src/session/persisted-sessions.d.ts

@@ -21,6 +21,17 @@ export interface PersistedSession {
     lastResumed: string;
     lastActivity: number;
 }
+/**
+ * v0.27.4 (M4/M6) — resume-freshness gate. A persisted Claude session is
+ * eligible for --resume only if its last activity is within `freshnessMs`.
+ * This restores cross-restart / post-watchdog-kill conversation continuity for
+ * openai-compat sessions WITHOUT reintroducing the stale-resume hazard that
+ * motivated skipPersistence: a session idle longer than the window starts
+ * fresh. Returns false for a missing entry, a non-numeric lastActivity, or a
+ * non-positive/non-finite window (resume disabled). Pure + side-effect-free so
+ * the decision is unit-testable independent of the disk layer.
+ */
+export declare function isPersistedSessionFresh(persisted: Pick<PersistedSession, 'lastActivity'> | undefined, now: number, freshnessMs: number): boolean;
 export declare function loadPersistedSessions(): Map<string, PersistedSession>;
 export declare function savePersistedSessions(sessions: Map<string, PersistedSession>, logger?: Logger): void;
 export declare function savePersistedSessionsAsync(sessions: Map<string, PersistedSession>, logger?: Logger): void;

package/dist/src/session/persisted-sessions.js

@@ -14,6 +14,23 @@ import { createConsoleLogger } from '../logger.js';
 import { PERSIST_DISK_TTL_MS } from '../constants.js';
 export const PERSIST_DIR = path.join(os.homedir(), '.openclaw');
 export const PERSIST_FILE = path.join(PERSIST_DIR, 'claude-sessions.json');
+/**
+ * v0.27.4 (M4/M6) — resume-freshness gate. A persisted Claude session is
+ * eligible for --resume only if its last activity is within `freshnessMs`.
+ * This restores cross-restart / post-watchdog-kill conversation continuity for
+ * openai-compat sessions WITHOUT reintroducing the stale-resume hazard that
+ * motivated skipPersistence: a session idle longer than the window starts
+ * fresh. Returns false for a missing entry, a non-numeric lastActivity, or a
+ * non-positive/non-finite window (resume disabled). Pure + side-effect-free so
+ * the decision is unit-testable independent of the disk layer.
+ */
+export function isPersistedSessionFresh(persisted, now, freshnessMs) {
+    if (!persisted || typeof persisted.lastActivity !== 'number')
+        return false;
+    if (!Number.isFinite(freshnessMs) || freshnessMs <= 0)
+        return false;
+    return now - persisted.lastActivity <= freshnessMs;
+}
 export function loadPersistedSessions() {
     try {
         if (!fs.existsSync(PERSIST_FILE))

package/dist/src/session/session-manager.js

@@ -33,7 +33,7 @@ function getPluginVersion() {
 // ─── Persistence ─────────────────────────────────────────────────────────────
 // Extracted to `./persisted-sessions.ts` 2026-05-13 — coherent persistence
 // layer (load + sync atomic-write + async-write + types + constants).
-import { loadPersistedSessions, savePersistedSessions, savePersistedSessionsAsync, } from './persisted-sessions.js';
+import { loadPersistedSessions, savePersistedSessions, savePersistedSessionsAsync, isPersistedSessionFresh, } from './persisted-sessions.js';
 // Debounce helper — coalesces rapid writes into one
 // `makeDebounced` extracted to `../lib/debounce.ts` 2026-05-13 —
 // pure-function hot-path decomposition.
@@ -158,10 +158,21 @@ export class SessionManager {
         }
         this._recordSpawn();
         // Auto-resume: if we have a persisted claudeSessionId for this name, inject it.
-        // Skip when config.skipPersistence is set (e.g. openai-compat bridge sessions
-        // that must NOT resume stale CLI state from a previous server run).
+        // Normal (non-skipPersistence) sessions resume unconditionally as before.
+        // skipPersistence sessions normally must NOT resume stale CLI state from a
+        // previous server run — EXCEPT v0.27.4 (M4/M6): when they opt into
+        // freshness-windowed resume (config.resumeFreshnessMs, set by the
+        // openai-compat bridge), resume the prior session iff it's still fresh, so
+        // Savvy keeps context across a gateway restart / watchdog-kill while a
+        // long-idle session still starts fresh.
         const skipPersist = !!config.skipPersistence;
-        const persisted = skipPersist ? undefined : this.persistedSessions.get(name);
+        let persisted = skipPersist ? undefined : this.persistedSessions.get(name);
+        if (skipPersist && typeof config.resumeFreshnessMs === 'number') {
+            const candidate = this.persistedSessions.get(name);
+            if (isPersistedSessionFresh(candidate, Date.now(), config.resumeFreshnessMs)) {
+                persisted = candidate;
+            }
+        }
         // Unified: only use resumeSessionId (claudeResumeId is an internal alias, not exposed)
         const resumeId = config.resumeSessionId ?? persisted?.claudeSessionId;
         const fullConfig = {
@@ -349,10 +360,15 @@ export class SessionManager {
             }
             const result = await managed.session.send(message, sendOpts);
             // Update session ID if available (skip disk persist for ephemeral
-            // sessions that were started with skipPersistence)
+            // sessions that were started with skipPersistence) — EXCEPT v0.27.4
+            // (M4/M6): a session that opted into freshness-windowed resume must be
+            // persisted (even though skipPersistence is true) so its claudeSessionId
+            // is on disk for the next turn / a post-restart resume.
             if (managed.session.sessionId) {
                 managed.claudeSessionId = managed.session.sessionId;
-                if (this.persistedSessions.has(name)) {
+                const optedIntoFreshResume = typeof managed.config.resumeFreshnessMs === 'number' &&
+                    managed.config.resumeFreshnessMs > 0;
+                if (this.persistedSessions.has(name) || optedIntoFreshResume) {
                     this._persistSession(name, managed);
                 }
             }

package/dist/src/session-bootstrap/cwd-patch.js

@@ -84,8 +84,6 @@ const PATHS = {
 const DEPS_STUB_PATH = join(PATHS.openclawDist, 'commands-status-deps.runtime.js');
 const STATUS_STUB_PATH = join(PATHS.openclawRoot, 'status.runtime.js');
 const AUTO_REPLY_STATUS_PATH = join(PATHS.autoReplyDir, 'commands-status.runtime.js');
-const SAVVY_REGISTRY_PATH = join(HOME, '.openclaw/savvy-resume-registry.json');
-const CLAUDE_SESSIONS_PATH = join(HOME, '.openclaw/claude-sessions.json');
 const CACHE_PARITY_REGISTRY_PATH = join(HOME, '.openclaw/openclaw-cache-parity-registry.json');
 // Patch identity symbols (module-scoped, stable across re-imports within a process)
 const PATCH_MARKER = Symbol.for('claude-local-enhancer:patched');
@@ -166,6 +164,7 @@ function _setToolDumpCacheEntry(key, val) {
 let _lastToolDumpHash = null;
 // ── sessionId capture state ───────────────────────────────────────────────
 let _lastCapturedJson = '';
+// ── Resume registry helpers ───────────────────────────────────────────────
 // `restoreClaudeSessionsFromBackup` + `writeBackupRegistry` extracted to
 // `./resume-registry.ts` 2026-05-13. The wrapper preserves the caller-less
 // call signature locally by closing over the module `logger`.

package/dist/src/types.d.ts

@@ -137,6 +137,13 @@ export interface SessionConfig {
     sessionName?: string;
     claudeResumeId?: string;
     resumeSessionId?: string;
+    /** v0.27.4 (M4/M6) — opt a skipPersistence session into freshness-windowed
+     *  --resume across restart / watchdog-kill. When set (ms), the SessionManager
+     *  persists this session's claudeSessionId and, on the next start for the same
+     *  name, resumes it iff its last activity is within this window. Used by the
+     *  openai-compat bridge so Savvy keeps context across a gateway restart while
+     *  still starting fresh after a long idle gap. */
+    resumeFreshnessMs?: number;
     forkSession?: boolean;
     addDir?: string[];
     effort?: EffortLevel;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@a1hvdy/cc-openclaw",
-  "version": "0.27.1",
+  "version": "0.27.4",
   "description": "A1xAI's Anthropic CLI bridge plugin for OpenClaw",
   "author": "@a1cy",
   "license": "MIT",