@nordbyte/nordrelay 0.2.1

package/dist/config.js

@@ -0,0 +1,385 @@
+import { existsSync, readFileSync } from "node:fs";
+import path from "node:path";
+import { createBuiltinLaunchProfiles, createDefaultLaunchProfile, findLaunchProfile, isCodexApprovalPolicy, isCodexSandboxMode, parseLaunchProfilesJson, } from "./codex-launch.js";
+import { isAgentId, PI_THINKING_LEVELS } from "./agent.js";
+import { parseRolePoliciesJson, } from "./access-control.js";
+import { parseMirrorMode, parseNotifyMode, parseQuietHours, parseVoiceBackendPreference, } from "./bot-preferences.js";
+export function loadConfig() {
+    loadEnvFile(path.resolve(process.cwd(), ".env"));
+    const telegramBotToken = requireEnv("TELEGRAM_BOT_TOKEN");
+    const telegramAllowAnyChat = parseBooleanEnv(optionalString(process.env.TELEGRAM_ALLOW_ANY_CHAT), false);
+    const configuredAllowedUserIds = parseOptionalIdList(optionalString(process.env.TELEGRAM_ALLOWED_USER_IDS), "TELEGRAM_ALLOWED_USER_IDS", { positiveOnly: true });
+    const telegramAllowedChatIds = parseOptionalIdList(optionalString(process.env.TELEGRAM_ALLOWED_CHAT_IDS), "TELEGRAM_ALLOWED_CHAT_IDS", { positiveOnly: false });
+    const configuredAdminUserIds = parseOptionalIdList(optionalString(process.env.TELEGRAM_ADMIN_USER_IDS), "TELEGRAM_ADMIN_USER_IDS", { positiveOnly: true });
+    ensureTelegramAdminIds(configuredAdminUserIds);
+    const telegramAllowedUserIds = mergeUniqueIds(configuredAllowedUserIds, configuredAdminUserIds);
+    const telegramReadOnlyUserIds = parseOptionalIdList(optionalString(process.env.TELEGRAM_READONLY_USER_IDS), "TELEGRAM_READONLY_USER_IDS", { positiveOnly: true });
+    const telegramRolePolicies = parseRolePoliciesJson(optionalString(process.env.TELEGRAM_ROLE_POLICIES_JSON));
+    ensureTelegramAllowlist(telegramAllowedUserIds, telegramAllowedChatIds, telegramAllowAnyChat);
+    const telegramAdminUserIds = configuredAdminUserIds;
+    const telegramRateLimitMinIntervalMs = parseNonNegativeIntegerEnv(optionalString(process.env.TELEGRAM_RATE_LIMIT_MIN_INTERVAL_MS), 80, "TELEGRAM_RATE_LIMIT_MIN_INTERVAL_MS");
+    const telegramEditMinIntervalMs = parseNonNegativeIntegerEnv(optionalString(process.env.TELEGRAM_EDIT_MIN_INTERVAL_MS), 1_200, "TELEGRAM_EDIT_MIN_INTERVAL_MS");
+    const telegramMirrorMode = parseMirrorMode(optionalString(process.env.TELEGRAM_CLI_MIRROR_MODE), "status");
+    const telegramMirrorMinUpdateMs = parseNonNegativeIntegerEnv(optionalString(process.env.TELEGRAM_CLI_MIRROR_MIN_UPDATE_MS), 4_000, "TELEGRAM_CLI_MIRROR_MIN_UPDATE_MS");
+    const telegramNotifyMode = parseNotifyMode(optionalString(process.env.TELEGRAM_NOTIFY_MODE), "minimal");
+    const telegramQuietHours = parseQuietHours(optionalString(process.env.TELEGRAM_QUIET_HOURS));
+    const telegramRedactPatterns = parseOptionalStringList(optionalString(process.env.TELEGRAM_REDACT_PATTERNS));
+    const workspace = resolveWorkspace();
+    const workspaceAllowedRoots = parsePathList(optionalString(process.env.WORKSPACE_ALLOWED_ROOTS));
+    const workspaceWarnRoots = parsePathList(optionalString(process.env.WORKSPACE_WARN_ROOTS));
+    const maxFileSize = parseMaxFileSize(optionalString(process.env.MAX_FILE_SIZE));
+    const artifactRetentionDays = parsePositiveNumberEnv(optionalString(process.env.ARTIFACT_RETENTION_DAYS), 7, "ARTIFACT_RETENTION_DAYS");
+    const artifactMaxTurnDirs = parsePositiveIntegerEnv(optionalString(process.env.ARTIFACT_MAX_TURNS), 30, "ARTIFACT_MAX_TURNS");
+    const artifactMaxInboxDirs = parsePositiveIntegerEnv(optionalString(process.env.ARTIFACT_MAX_INBOX_DIRS), 30, "ARTIFACT_MAX_INBOX_DIRS");
+    const artifactIgnoreDirs = parseOptionalStringList(optionalString(process.env.ARTIFACT_IGNORE_DIRS));
+    const artifactIgnoreGlobs = parseOptionalStringList(optionalString(process.env.ARTIFACT_IGNORE_GLOBS));
+    const telegramAutoSendArtifacts = parseBooleanEnv(optionalString(process.env.TELEGRAM_AUTO_SEND_ARTIFACTS), false);
+    const codexEnabled = parseBooleanEnv(optionalString(process.env.NORDRELAY_CODEX_ENABLED), true);
+    const codexApiKey = optionalString(process.env.CODEX_API_KEY);
+    const codexModel = optionalString(process.env.CODEX_MODEL);
+    const codexSyncIntervalMs = parseNonNegativeIntegerEnv(optionalString(process.env.CODEX_SYNC_INTERVAL_MS), 10_000, "CODEX_SYNC_INTERVAL_MS");
+    const codexExternalBusyCheckMs = parsePositiveIntegerEnv(optionalString(process.env.CODEX_EXTERNAL_BUSY_CHECK_MS), 5_000, "CODEX_EXTERNAL_BUSY_CHECK_MS");
+    const codexExternalBusyStaleMs = parsePositiveIntegerEnv(optionalString(process.env.CODEX_EXTERNAL_BUSY_STALE_MS), 5 * 60 * 1000, "CODEX_EXTERNAL_BUSY_STALE_MS");
+    const codexSandboxMode = parseSandboxMode(optionalString(process.env.CODEX_SANDBOX_MODE));
+    const codexApprovalPolicy = parseApprovalPolicy(optionalString(process.env.CODEX_APPROVAL_POLICY));
+    const enableUnsafeLaunchProfiles = parseBooleanEnv(optionalString(process.env.ENABLE_UNSAFE_LAUNCH_PROFILES), false);
+    const launchProfiles = parseLaunchProfiles(optionalString(process.env.CODEX_LAUNCH_PROFILES_JSON), codexSandboxMode, codexApprovalPolicy, enableUnsafeLaunchProfiles);
+    const defaultLaunchProfileId = parseDefaultLaunchProfileId(optionalString(process.env.CODEX_DEFAULT_LAUNCH_PROFILE), launchProfiles);
+    const piEnabled = parseBooleanEnv(optionalString(process.env.NORDRELAY_PI_ENABLED), false);
+    ensureAtLeastOneAgentEnabled(codexEnabled, piEnabled);
+    const piCliPath = optionalString(process.env.PI_CLI_PATH);
+    const piSessionDir = optionalString(process.env.PI_SESSION_DIR);
+    const piDefaultModel = optionalString(process.env.PI_DEFAULT_MODEL);
+    const piDefaultThinking = parsePiThinkingLevel(optionalString(process.env.PI_DEFAULT_THINKING));
+    const defaultAgent = parseDefaultAgent(optionalString(process.env.NORDRELAY_DEFAULT_AGENT), codexEnabled, piEnabled);
+    const toolVerbosity = parseToolVerbosity(optionalString(process.env.TOOL_VERBOSITY));
+    const logFormat = parseLogFormat(optionalString(process.env.CONNECTOR_LOG_FORMAT));
+    const showTurnTokenUsage = parseBooleanEnv(optionalString(process.env.SHOW_TURN_TOKEN_USAGE), false);
+    const enableTelegramLogin = parseBooleanEnv(optionalString(process.env.ENABLE_TELEGRAM_LOGIN), true);
+    const enableTelegramReactions = parseBooleanEnv(optionalString(process.env.ENABLE_TELEGRAM_REACTIONS), false);
+    const voicePreferredBackend = parseVoiceBackendPreference(optionalString(process.env.VOICE_PREFERRED_BACKEND));
+    const voiceDefaultLanguage = optionalString(process.env.VOICE_DEFAULT_LANGUAGE);
+    const voiceTranscribeOnly = parseBooleanEnv(optionalString(process.env.VOICE_TRANSCRIBE_ONLY), false);
+    return {
+        telegramBotToken,
+        telegramAllowedUserIds,
+        telegramAllowedUserIdSet: new Set(telegramAllowedUserIds),
+        telegramAllowedChatIds,
+        telegramAllowedChatIdSet: new Set(telegramAllowedChatIds),
+        telegramAdminUserIds,
+        telegramAdminUserIdSet: new Set(telegramAdminUserIds),
+        telegramReadOnlyUserIds,
+        telegramReadOnlyUserIdSet: new Set(telegramReadOnlyUserIds),
+        telegramRolePolicies,
+        telegramAllowAnyChat,
+        telegramRateLimitMinIntervalMs,
+        telegramEditMinIntervalMs,
+        telegramMirrorMode,
+        telegramMirrorMinUpdateMs,
+        telegramNotifyMode,
+        telegramQuietHours,
+        telegramRedactPatterns,
+        workspace,
+        workspaceAllowedRoots,
+        workspaceWarnRoots,
+        maxFileSize,
+        artifactRetentionDays,
+        artifactMaxTurnDirs,
+        artifactMaxInboxDirs,
+        artifactIgnoreDirs,
+        artifactIgnoreGlobs,
+        telegramAutoSendArtifacts,
+        codexEnabled,
+        codexApiKey,
+        codexModel,
+        codexSyncIntervalMs,
+        codexExternalBusyCheckMs,
+        codexExternalBusyStaleMs,
+        codexSandboxMode,
+        codexApprovalPolicy,
+        launchProfiles,
+        defaultLaunchProfileId,
+        enableUnsafeLaunchProfiles,
+        piEnabled,
+        piCliPath,
+        piSessionDir,
+        piDefaultModel,
+        piDefaultThinking,
+        defaultAgent,
+        toolVerbosity,
+        logFormat,
+        showTurnTokenUsage,
+        enableTelegramLogin,
+        enableTelegramReactions,
+        voicePreferredBackend,
+        voiceDefaultLanguage,
+        voiceTranscribeOnly,
+    };
+}
+/**
+ * Workspace is derived automatically:
+ * - In Docker: /workspace (the mount point)
+ * - Outside Docker: process.cwd()
+ */
+function resolveWorkspace() {
+    if (isRunningInDocker()) {
+        return "/workspace";
+    }
+    return process.cwd();
+}
+function isRunningInDocker() {
+    return existsSync("/.dockerenv") || process.env.container === "docker";
+}
+function loadEnvFile(envPath) {
+    if (!existsSync(envPath)) {
+        return;
+    }
+    const contents = readFileSync(envPath, "utf8");
+    for (const rawLine of contents.split(/\r?\n/)) {
+        const line = rawLine.trim();
+        if (!line || line.startsWith("#")) {
+            continue;
+        }
+        const normalized = line.startsWith("export ") ? line.slice(7).trim() : line;
+        const separatorIndex = normalized.indexOf("=");
+        if (separatorIndex === -1) {
+            continue;
+        }
+        const key = normalized.slice(0, separatorIndex).trim();
+        let value = normalized.slice(separatorIndex + 1).trim();
+        if (!key || process.env[key] !== undefined) {
+            continue;
+        }
+        if ((value.startsWith('"') && value.endsWith('"')) ||
+            (value.startsWith("'") && value.endsWith("'"))) {
+            value = value.slice(1, -1);
+        }
+        process.env[key] = value.replace(/\\n/g, "\n");
+    }
+}
+function requireEnv(name) {
+    const value = optionalString(process.env[name]);
+    if (!value) {
+        throw new Error(`Missing required environment variable: ${name}`);
+    }
+    return value;
+}
+function optionalString(value) {
+    const trimmed = value?.trim();
+    return trimmed ? trimmed : undefined;
+}
+function parseOptionalIdList(raw, envName, options) {
+    if (!raw) {
+        return [];
+    }
+    const ids = raw
+        .split(",")
+        .map((value) => value.trim())
+        .filter(Boolean)
+        .map((value) => {
+        const parsed = Number(value);
+        if (!Number.isInteger(parsed) || (options.positiveOnly ? parsed <= 0 : parsed === 0)) {
+            throw new Error(`Invalid Telegram id in ${envName}: ${value}`);
+        }
+        return parsed;
+    });
+    if (raw.trim() && ids.length === 0) {
+        throw new Error(`${envName} must contain at least one id`);
+    }
+    return ids;
+}
+function parseOptionalStringList(raw) {
+    if (!raw) {
+        return [];
+    }
+    return raw
+        .split(",")
+        .map((value) => value.trim())
+        .filter(Boolean);
+}
+function parsePathList(raw) {
+    return parseOptionalStringList(raw).map((value) => path.resolve(value));
+}
+function ensureTelegramAllowlist(userIds, chatIds, allowAnyChat) {
+    if (allowAnyChat) {
+        return;
+    }
+    if (userIds.length > 0 || chatIds.length > 0) {
+        return;
+    }
+    throw new Error("TELEGRAM_ALLOWED_USER_IDS or TELEGRAM_ALLOWED_CHAT_IDS must contain at least one id");
+}
+function ensureTelegramAdminIds(userIds) {
+    if (userIds.length === 0) {
+        throw new Error("TELEGRAM_ADMIN_USER_IDS must contain at least one id");
+    }
+}
+function mergeUniqueIds(...groups) {
+    return Array.from(new Set(groups.flat()));
+}
+function parseBooleanEnv(raw, defaultValue) {
+    if (!raw) {
+        return defaultValue;
+    }
+    const lower = raw.toLowerCase();
+    if (lower === "true" || lower === "1" || lower === "yes") {
+        return true;
+    }
+    if (lower === "false" || lower === "0" || lower === "no") {
+        return false;
+    }
+    console.warn(`Invalid boolean env value: "${raw}". Falling back to ${defaultValue}.`);
+    return defaultValue;
+}
+function parseMaxFileSize(raw) {
+    if (!raw) {
+        return 20 * 1024 * 1024;
+    }
+    const parsed = Number(raw);
+    if (Number.isNaN(parsed) || parsed <= 0) {
+        console.warn(`Invalid MAX_FILE_SIZE value: "${raw}". Falling back to 20 MB.`);
+        return 20 * 1024 * 1024;
+    }
+    return parsed;
+}
+function parsePositiveNumberEnv(raw, defaultValue, envName) {
+    if (!raw) {
+        return defaultValue;
+    }
+    const parsed = Number(raw);
+    if (!Number.isFinite(parsed) || parsed <= 0) {
+        console.warn(`Invalid ${envName} value: "${raw}". Falling back to ${defaultValue}.`);
+        return defaultValue;
+    }
+    return parsed;
+}
+function parsePositiveIntegerEnv(raw, defaultValue, envName) {
+    const parsed = parsePositiveNumberEnv(raw, defaultValue, envName);
+    return Math.floor(parsed);
+}
+function parseNonNegativeIntegerEnv(raw, defaultValue, envName) {
+    if (!raw) {
+        return defaultValue;
+    }
+    const parsed = Number(raw);
+    if (!Number.isFinite(parsed) || parsed < 0) {
+        console.warn(`Invalid ${envName} value: "${raw}". Falling back to ${defaultValue}.`);
+        return defaultValue;
+    }
+    return Math.floor(parsed);
+}
+function parseSandboxMode(raw) {
+    if (!raw) {
+        return "workspace-write";
+    }
+    if (!isCodexSandboxMode(raw)) {
+        console.warn(`Invalid CODEX_SANDBOX_MODE value: "${raw}". Expected one of: read-only, workspace-write, danger-full-access. Falling back to "workspace-write".`);
+        return "workspace-write";
+    }
+    return raw;
+}
+function parseApprovalPolicy(raw) {
+    if (!raw) {
+        return "never";
+    }
+    if (!isCodexApprovalPolicy(raw)) {
+        console.warn(`Invalid CODEX_APPROVAL_POLICY value: "${raw}". Expected one of: never, on-request, on-failure, untrusted. Falling back to "never".`);
+        return "never";
+    }
+    return raw;
+}
+function parseToolVerbosity(raw) {
+    if (!raw) {
+        return "summary";
+    }
+    switch (raw) {
+        case "all":
+        case "summary":
+        case "errors-only":
+        case "none":
+            return raw;
+        default:
+            console.warn(`Invalid TOOL_VERBOSITY value: "${raw}". Expected one of: all, summary, errors-only, none. Falling back to "summary".`);
+            return "summary";
+    }
+}
+function parseLogFormat(raw) {
+    if (!raw) {
+        return "text";
+    }
+    if (raw === "text" || raw === "json") {
+        return raw;
+    }
+    console.warn(`Invalid CONNECTOR_LOG_FORMAT value: "${raw}". Expected text or json. Falling back to "text".`);
+    return "text";
+}
+function parseLaunchProfiles(raw, codexSandboxMode, codexApprovalPolicy, enableUnsafeLaunchProfiles) {
+    const defaultProfile = createDefaultLaunchProfile(codexSandboxMode, codexApprovalPolicy);
+    const profiles = createBuiltinLaunchProfiles(defaultProfile, {
+        includeFullAccess: enableUnsafeLaunchProfiles,
+    });
+    if (!raw) {
+        return profiles;
+    }
+    const parsedProfiles = parseLaunchProfilesJson(raw);
+    const profileIndexes = new Map(profiles.map((profile, index) => [profile.id, index]));
+    const explicitIds = new Set();
+    for (const profile of parsedProfiles) {
+        if (profile.id === defaultProfile.id || explicitIds.has(profile.id)) {
+            throw new Error(`Duplicate launch profile id: ${profile.id}`);
+        }
+        if (profile.unsafe && !enableUnsafeLaunchProfiles) {
+            throw new Error(`Unsafe launch profile "${profile.id}" requires ENABLE_UNSAFE_LAUNCH_PROFILES=true`);
+        }
+        const existingIndex = profileIndexes.get(profile.id);
+        if (existingIndex === undefined) {
+            profiles.push(profile);
+            profileIndexes.set(profile.id, profiles.length - 1);
+        }
+        else {
+            profiles[existingIndex] = profile;
+        }
+        explicitIds.add(profile.id);
+    }
+    return profiles;
+}
+function parseDefaultLaunchProfileId(raw, launchProfiles) {
+    if (!raw) {
+        return launchProfiles[0].id;
+    }
+    const profile = findLaunchProfile(launchProfiles, raw);
+    if (!profile) {
+        throw new Error(`Unknown CODEX_DEFAULT_LAUNCH_PROFILE: ${raw}`);
+    }
+    return profile.id;
+}
+function ensureAtLeastOneAgentEnabled(codexEnabled, piEnabled) {
+    if (!codexEnabled && !piEnabled) {
+        throw new Error("At least one agent must be enabled: set NORDRELAY_CODEX_ENABLED=true or NORDRELAY_PI_ENABLED=true");
+    }
+}
+function parseDefaultAgent(raw, codexEnabled, piEnabled) {
+    if (!raw) {
+        return codexEnabled ? "codex" : "pi";
+    }
+    if (!isAgentId(raw)) {
+        throw new Error(`Invalid NORDRELAY_DEFAULT_AGENT: ${raw}. Expected codex or pi`);
+    }
+    if (raw === "codex" && !codexEnabled) {
+        throw new Error("NORDRELAY_DEFAULT_AGENT=codex requires NORDRELAY_CODEX_ENABLED=true");
+    }
+    if (raw === "pi" && !piEnabled) {
+        throw new Error("NORDRELAY_DEFAULT_AGENT=pi requires NORDRELAY_PI_ENABLED=true");
+    }
+    return raw;
+}
+function parsePiThinkingLevel(raw) {
+    if (!raw) {
+        return "medium";
+    }
+    if (PI_THINKING_LEVELS.includes(raw)) {
+        return raw;
+    }
+    console.warn(`Invalid PI_DEFAULT_THINKING value: "${raw}". Expected one of: ${PI_THINKING_LEVELS.join(", ")}. Falling back to "medium".`);
+    return "medium";
+}

package/dist/context-key.js

@@ -0,0 +1,23 @@
+export function contextKeyFromMessage(chatId, messageThreadId) {
+    if (messageThreadId !== undefined) {
+        return `${chatId}:${messageThreadId}`;
+    }
+    return `${chatId}`;
+}
+export function contextKeyFromCtx(ctx) {
+    const chatId = ctx.chat?.id;
+    if (chatId === undefined) {
+        return null;
+    }
+    const threadId = ctx.message?.message_thread_id ?? ctx.callbackQuery?.message?.message_thread_id;
+    return contextKeyFromMessage(chatId, threadId);
+}
+export function parseContextKey(key) {
+    const parts = key.split(":");
+    const chatId = Number(parts[0]);
+    const messageThreadId = parts[1] ? Number(parts[1]) : undefined;
+    return { chatId, messageThreadId };
+}
+export function isTopicContextKey(key) {
+    return key.includes(":");
+}

package/dist/error-messages.js

@@ -0,0 +1,73 @@
+/**
+ * Translate raw errors into user-friendly Telegram messages.
+ * Raw details are preserved for console logging only.
+ */
+const ERROR_PATTERNS = [
+    {
+        pattern: /ECONNREFUSED|ENOTFOUND|ENETUNREACH|fetch failed/i,
+        message: "Cannot reach the Codex API. Check your network connection.",
+    },
+    {
+        pattern: /429|rate.?limit|too many requests/i,
+        message: "Rate limited by the API. Wait a moment and try again.",
+    },
+    {
+        pattern: /401|unauthorized|authentication|invalid.*api.?key/i,
+        message: "Authentication failed. Use /login to re-authenticate or check your API key.",
+    },
+    {
+        pattern: /403|forbidden|permission/i,
+        message: "Access denied. Check your API key permissions.",
+    },
+    {
+        pattern: /404.*model|model.*not.*found|invalid.*model|model.*does not exist/i,
+        message: "Model not available. Use /model to pick a different one.",
+    },
+    {
+        pattern: /timeout|ETIMEDOUT|ESOCKETTIMEDOUT/i,
+        message: "Request timed out. Try a shorter prompt or use /retry.",
+    },
+    {
+        pattern: /500|internal.?server.?error/i,
+        message: "The API returned a server error. Try again in a moment.",
+    },
+    {
+        pattern: /502|503|504|bad.?gateway|service.?unavailable/i,
+        message: "The API is temporarily unavailable. Try again shortly.",
+    },
+    {
+        pattern: /context.?length|token.?limit|too.?long/i,
+        message: "The conversation is too long for this model. Start a /new thread.",
+    },
+    {
+        pattern: /^(?:AbortError|The operation was aborted)/i,
+        message: "⏹ Aborted",
+    },
+];
+export function translateError(error) {
+    const raw = extractRawMessage(error);
+    const logMessage = raw;
+    for (const { pattern, message } of ERROR_PATTERNS) {
+        if (pattern.test(raw)) {
+            return { userMessage: message, logMessage };
+        }
+    }
+    const cleaned = stripStackTrace(raw);
+    return { userMessage: cleaned, logMessage };
+}
+export function friendlyErrorText(error) {
+    return translateError(error).userMessage;
+}
+function extractRawMessage(error) {
+    if (error instanceof Error) {
+        const cause = error.cause;
+        const base = error.message || String(error);
+        return cause?.message ? `${base}: ${cause.message}` : base;
+    }
+    return String(error);
+}
+function stripStackTrace(message) {
+    // Remove stack frame lines (lines starting with "at ")
+    const lines = message.split("\n").filter((line) => !line.trim().startsWith("at "));
+    return lines.join("\n").trim() || message.trim();
+}

package/dist/format.js

@@ -0,0 +1,121 @@
+const CODE_BLOCK_PREFIX = "\uE000CODE_";
+const CODE_BLOCK_SUFFIX = "_\uE000";
+const INLINE_CODE_PREFIX = "\uE001INLINE_";
+const INLINE_CODE_SUFFIX = "_\uE001";
+export function escapeHTML(text) {
+    return text.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+}
+export function formatTelegramHTML(markdown) {
+    if (!markdown) {
+        return "";
+    }
+    const escaped = escapeHTML(markdown);
+    const codeBlocks = [];
+    const inlineCode = [];
+    let text = extractCodeBlocks(escaped, codeBlocks);
+    text = extractInlineCode(text, inlineCode);
+    text = formatBold(text);
+    text = formatItalic(text);
+    text = formatLinks(text);
+    text = formatBlockquotes(text);
+    text = restorePlaceholders(text, INLINE_CODE_PREFIX, INLINE_CODE_SUFFIX, inlineCode);
+    text = restorePlaceholders(text, CODE_BLOCK_PREFIX, CODE_BLOCK_SUFFIX, codeBlocks);
+    return text;
+}
+function extractCodeBlocks(text, codeBlocks) {
+    return text.replace(/```([^\n`]*)\n?([\s\S]*?)```/g, (_match, rawLanguage, rawCode) => {
+        const language = sanitizeLanguage(rawLanguage);
+        const code = language
+            ? `<pre><code class="language-${language}">${rawCode}</code></pre>`
+            : `<pre><code>${rawCode}</code></pre>`;
+        const index = codeBlocks.push(code) - 1;
+        return `${CODE_BLOCK_PREFIX}${index}${CODE_BLOCK_SUFFIX}`;
+    });
+}
+function extractInlineCode(text, inlineCode) {
+    let result = "";
+    let index = 0;
+    while (index < text.length) {
+        if (text[index] !== "`") {
+            result += text[index];
+            index += 1;
+            continue;
+        }
+        let tickCount = 1;
+        while (text[index + tickCount] === "`") {
+            tickCount += 1;
+        }
+        const fence = "`".repeat(tickCount);
+        const start = index + tickCount;
+        const end = text.indexOf(fence, start);
+        if (end === -1) {
+            result += fence;
+            index += tickCount;
+            continue;
+        }
+        const content = text.slice(start, end);
+        if (content.includes("\n")) {
+            result += fence;
+            index += tickCount;
+            continue;
+        }
+        const placeholder = `${INLINE_CODE_PREFIX}${inlineCode.push(`<code>${content}</code>`) - 1}${INLINE_CODE_SUFFIX}`;
+        result += placeholder;
+        index = end + tickCount;
+    }
+    return result;
+}
+function formatBold(text) {
+    return text.replace(/(?<!\*)\*\*(?!\s)([^\n]*?\S)\*\*(?!\*)/g, "<b>$1</b>");
+}
+function formatItalic(text) {
+    const withUnderscores = text.replace(/(?<![\w_])_(?!\s)([^_\n]*?\S)_(?![\w_])/g, "<i>$1</i>");
+    return withUnderscores.replace(/(?<![\w*])\*(?!\s)([^*\n]*?\S)\*(?![\w*])/g, "<i>$1</i>");
+}
+function formatLinks(text) {
+    return text.replace(/\[([^\]]+)\]\(([^)\s]+)\)/g, (_match, label, url) => {
+        const safeUrl = sanitizeUrl(url);
+        return `<a href="${safeUrl}">${label}</a>`;
+    });
+}
+function formatBlockquotes(text) {
+    const lines = text.split("\n");
+    const output = [];
+    let quoteLines = [];
+    const flush = () => {
+        if (quoteLines.length === 0) {
+            return;
+        }
+        output.push(`<blockquote>${quoteLines.join("\n")}</blockquote>`);
+        quoteLines = [];
+    };
+    for (const line of lines) {
+        const match = line.match(/^&gt; (.*)$/);
+        if (match) {
+            quoteLines.push(match[1]);
+            continue;
+        }
+        flush();
+        output.push(line);
+    }
+    flush();
+    return output.join("\n");
+}
+function restorePlaceholders(text, prefix, suffix, values) {
+    const pattern = new RegExp(`${escapeRegExp(prefix)}(\\d+)${escapeRegExp(suffix)}`, "g");
+    return text.replace(pattern, (_match, rawIndex) => values[Number.parseInt(rawIndex, 10)] ?? "");
+}
+function sanitizeLanguage(language) {
+    return language.trim().replace(/[^a-zA-Z0-9_+-]/g, "");
+}
+const SAFE_URL_PROTOCOL = /^(https?|tg|mailto):/i;
+function sanitizeUrl(url) {
+    const trimmed = url.trim().replace(/"/g, "%22");
+    if (!SAFE_URL_PROTOCOL.test(trimmed)) {
+        return "#";
+    }
+    return trimmed;
+}
+function escapeRegExp(text) {
+    return text.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}