@nordbyte/nordrelay 0.4.0 → 0.5.0

package/dist/telegram-access-commands.js

@@ -0,0 +1,123 @@
+import { consumeRateLimit, resetRateLimit } from "./bot-rendering.js";
+import { friendlyErrorText } from "./error-messages.js";
+import { escapeHTML } from "./format.js";
+import { safeReply } from "./telegram-output.js";
+export function registerTelegramAccessCommands(deps) {
+    const { bot, userStore, contextUsers, linkAttempts, audit, getUserRole } = deps;
+    bot.command("link", async (ctx) => {
+        if (ctx.chat?.type !== "private") {
+            await safeReply(ctx, escapeHTML("Use /link in a private chat with the bot."), {
+                fallbackText: "Use /link in a private chat with the bot.",
+            });
+            return;
+        }
+        const code = (ctx.message?.text ?? "").replace(/^\/link(?:@\w+)?\s*/i, "").trim();
+        if (!code) {
+            await safeReply(ctx, escapeHTML("Send /link <code> after creating a Telegram link code in the WebUI or CLI."), {
+                fallbackText: "Send /link <code> after creating a Telegram link code in the WebUI or CLI.",
+            });
+            return;
+        }
+        if (!ctx.from?.id) {
+            return;
+        }
+        const limitKey = String(ctx.from.id);
+        const limited = consumeRateLimit(linkAttempts, limitKey, 5, 15 * 60 * 1000, 15 * 60 * 1000);
+        if (limited.limited) {
+            const seconds = Math.ceil((limited.retryAfterMs ?? 0) / 1000);
+            audit({
+                action: "auth_login_failed",
+                status: "denied",
+                contextKey: String(ctx.chat.id),
+                actorId: ctx.from.id,
+                description: "Telegram link rate limited",
+                detail: `${seconds}s retry-after`,
+            });
+            await safeReply(ctx, escapeHTML(`Too many link attempts. Try again in ${seconds}s.`), {
+                fallbackText: `Too many link attempts. Try again in ${seconds}s.`,
+            });
+            return;
+        }
+        try {
+            const linked = userStore.consumeTelegramLinkCode(code, {
+                telegramUserId: ctx.from.id,
+                username: ctx.from.username,
+                firstName: ctx.from.first_name,
+                lastName: ctx.from.last_name,
+            });
+            resetRateLimit(linkAttempts, limitKey);
+            contextUsers.set(ctx, linked);
+            audit({
+                action: "telegram_linked",
+                status: "ok",
+                contextKey: String(ctx.chat.id),
+                actorId: ctx.from.id,
+                actorRole: linked.groups.map((group) => group.name).join(", "),
+                description: `Linked ${linked.user.email}`,
+            });
+            await safeReply(ctx, escapeHTML(`Linked Telegram account to ${linked.user.email}.`), {
+                fallbackText: `Linked Telegram account to ${linked.user.email}.`,
+            });
+        }
+        catch (error) {
+            const message = friendlyErrorText(error);
+            audit({
+                action: "auth_login_failed",
+                status: "failed",
+                contextKey: String(ctx.chat.id),
+                actorId: ctx.from.id,
+                description: "Telegram link failed",
+                detail: message,
+            });
+            await safeReply(ctx, `<b>Link failed:</b> ${escapeHTML(message)}`, { fallbackText: `Link failed: ${message}` });
+        }
+    });
+    bot.command("whoami", async (ctx) => {
+        const authUser = contextUsers.get(ctx);
+        if (!authUser) {
+            await safeReply(ctx, escapeHTML("Not linked."), { fallbackText: "Not linked." });
+            return;
+        }
+        const text = [
+            `User: ${authUser.user.displayName} <${authUser.user.email}>`,
+            `Groups: ${authUser.groups.map((group) => group.name).join(", ") || "-"}`,
+            `Permissions: ${authUser.permissions.join(", ") || "-"}`,
+        ].join("\n");
+        await safeReply(ctx, `<b>User:</b> ${escapeHTML(authUser.user.displayName)}\n<b>Email:</b> <code>${escapeHTML(authUser.user.email)}</code>\n<b>Groups:</b> <code>${escapeHTML(authUser.groups.map((group) => group.name).join(", ") || "-")}</code>`, {
+            fallbackText: text,
+        });
+    });
+    bot.command("register_chat", async (ctx) => {
+        const authUser = contextUsers.get(ctx);
+        if (!authUser || !userStore.hasPermission(authUser, "users.write")) {
+            await safeReply(ctx, escapeHTML("Access denied: users.write permission required."), {
+                fallbackText: "Access denied: users.write permission required.",
+            });
+            return;
+        }
+        if (!ctx.chat?.id || ctx.chat.type === "private") {
+            await safeReply(ctx, escapeHTML("Run /register_chat inside a Telegram group or supergroup."), {
+                fallbackText: "Run /register_chat inside a Telegram group or supergroup.",
+            });
+            return;
+        }
+        const chat = userStore.registerTelegramChat({
+            chatId: ctx.chat.id,
+            title: "title" in ctx.chat ? ctx.chat.title : undefined,
+            type: ctx.chat.type,
+            enabled: true,
+            allowedGroupIds: [],
+        });
+        audit({
+            action: "telegram_chat_updated",
+            status: "ok",
+            contextKey: String(ctx.chat.id),
+            actorId: ctx.from?.id,
+            actorRole: getUserRole(ctx),
+            description: `Registered Telegram chat ${chat.chatId}`,
+        });
+        await safeReply(ctx, escapeHTML(`Telegram chat enabled for NordRelay.\nChat ID: ${chat.chatId}`), {
+            fallbackText: `Telegram chat enabled for NordRelay.\nChat ID: ${chat.chatId}`,
+        });
+    });
+}

package/dist/telegram-access-middleware.js

@@ -0,0 +1,129 @@
+import { permissionForCallbackData, permissionForCommand } from "./access-control.js";
+import { extractCommandName } from "./bot-rendering.js";
+import { escapeHTML } from "./format.js";
+import { safeReply } from "./telegram-output.js";
+import { UserStore } from "./user-management.js";
+export function createTelegramAccessMiddleware(options) {
+    const { userStore, contextUsers, audit } = options;
+    return async (ctx, next) => {
+        const fromId = ctx.from?.id;
+        const chatId = ctx.chat?.id;
+        const chatType = ctx.chat?.type;
+        const commandName = ctx.message?.text?.startsWith("/") ? extractCommandName(ctx.message.text) : undefined;
+        if (commandName === "link") {
+            await next();
+            return;
+        }
+        if (!userStore.hasAdminUser()) {
+            const message = "NordRelay has no admin user yet. Run `nordrelay user create-admin` on the host.";
+            if (ctx.callbackQuery) {
+                await ctx.answerCallbackQuery({ text: "No admin user configured" }).catch(() => { });
+            }
+            else if (ctx.chat) {
+                await safeReply(ctx, escapeHTML(message), { fallbackText: message });
+            }
+            return;
+        }
+        const authUser = userStore.resolveTelegramUser(fromId);
+        if (!authUser) {
+            const message = "Unauthorized. Link this Telegram account to a NordRelay user first.";
+            audit({
+                action: "permission_denied",
+                status: "denied",
+                contextKey: typeof chatId === "number" ? String(chatId) : "telegram",
+                actorId: fromId,
+                description: "Telegram account is not linked",
+            });
+            if (ctx.callbackQuery) {
+                await ctx.answerCallbackQuery({ text: "Unauthorized" }).catch(() => { });
+            }
+            else if (ctx.chat?.type === "private") {
+                await safeReply(ctx, escapeHTML(message), { fallbackText: message });
+            }
+            return;
+        }
+        contextUsers.set(ctx, authUser);
+        const chatAllowed = userStore.isTelegramChatAllowed(typeof chatId === "number" ? chatId : undefined, chatType, authUser);
+        if (!chatAllowed && commandName !== "register_chat") {
+            const message = "This Telegram chat is not enabled for NordRelay. An admin can run /register_chat in this chat.";
+            audit({
+                action: "permission_denied",
+                status: "denied",
+                contextKey: typeof chatId === "number" ? String(chatId) : "telegram",
+                actorId: fromId,
+                actorRole: getUserRole(contextUsers, ctx),
+                description: "Telegram chat is not enabled or outside user scope",
+            });
+            if (ctx.callbackQuery) {
+                await ctx.answerCallbackQuery({ text: "Chat not enabled" }).catch(() => { });
+            }
+            else if (ctx.chat?.type === "private") {
+                await safeReply(ctx, escapeHTML(message), { fallbackText: message });
+            }
+            return;
+        }
+        const permission = getRequiredPermission(ctx);
+        if (!permission) {
+            const message = "Unsupported command or action.";
+            audit({
+                action: "permission_denied",
+                status: "denied",
+                contextKey: typeof chatId === "number" ? String(chatId) : "telegram",
+                actorId: fromId,
+                actorRole: getUserRole(contextUsers, ctx),
+                description: commandName ? `Unsupported command /${commandName}` : "Unsupported callback",
+            });
+            if (ctx.callbackQuery) {
+                await ctx.answerCallbackQuery({ text: message }).catch(() => { });
+            }
+            else {
+                await safeReply(ctx, escapeHTML(message), { fallbackText: message });
+            }
+            return;
+        }
+        if (!userStore.hasPermission(authUser, permission)) {
+            const message = `Access denied: ${permission} permission required.`;
+            audit({
+                action: "permission_denied",
+                status: "denied",
+                contextKey: typeof chatId === "number" ? String(chatId) : "telegram",
+                actorId: fromId,
+                actorRole: getUserRole(contextUsers, ctx),
+                description: `${permission} required`,
+            });
+            if (ctx.callbackQuery) {
+                await ctx.answerCallbackQuery({ text: message }).catch(() => { });
+            }
+            else {
+                await safeReply(ctx, escapeHTML(message), { fallbackText: message });
+            }
+            return;
+        }
+        await next();
+    };
+}
+function getUserRole(contextUsers, ctx) {
+    const authUser = contextUsers.get(ctx);
+    return authUser?.groups.map((group) => group.name).join(", ") || "unauthenticated";
+}
+function getRequiredPermission(ctx) {
+    if (ctx.callbackQuery?.data) {
+        return permissionForCallbackData(ctx.callbackQuery.data);
+    }
+    if (ctx.message?.voice || ctx.message?.audio || ctx.message?.photo || ctx.message?.document) {
+        return "files.write";
+    }
+    const text = ctx.message?.text?.trim();
+    if (!text) {
+        return "inspect";
+    }
+    if (!text.startsWith("/")) {
+        return "prompt.send";
+    }
+    const command = extractCommandName(text);
+    if (command === "queue") {
+        const argument = text.replace(/^\/queue(?:@\w+)?\s*/i, "").trim();
+        return argument ? "queue.write" : "queue.read";
+    }
+    return permissionForCommand(command);
+}

package/dist/telegram-channel-runtime.js

@@ -0,0 +1,132 @@
+import { Bot, InlineKeyboard, InputFile } from "grammy";
+import { TelegramChannelAdapter, } from "./channel-adapter.js";
+import { redactText } from "./redaction.js";
+import { telegramRateLimiter } from "./telegram-rate-limit.js";
+import { chatBucket, safeEditMessage, sendChatActionSafe, sendTextMessage, } from "./telegram-output.js";
+const KEYBOARD_PAGE_SIZE = 6;
+export const NOOP_PAGE_CALLBACK_DATA = "noop_page";
+export function paginateKeyboard(items, page, prefix) {
+    const totalPages = Math.max(1, Math.ceil(items.length / KEYBOARD_PAGE_SIZE));
+    const currentPage = Math.min(Math.max(page, 0), totalPages - 1);
+    const start = currentPage * KEYBOARD_PAGE_SIZE;
+    const pageItems = items.slice(start, start + KEYBOARD_PAGE_SIZE);
+    const keyboard = new InlineKeyboard();
+    pageItems.forEach((item, index) => {
+        keyboard.text(item.label, item.callbackData);
+        if (index < pageItems.length - 1 || totalPages > 1) {
+            keyboard.row();
+        }
+    });
+    if (totalPages > 1) {
+        if (currentPage > 0) {
+            keyboard.text("◀️ Prev", `${prefix}_page_${currentPage - 1}`);
+        }
+        keyboard.text(`${currentPage + 1}/${totalPages}`, NOOP_PAGE_CALLBACK_DATA);
+        if (currentPage < totalPages - 1) {
+            keyboard.text("Next ▶️", `${prefix}_page_${currentPage + 1}`);
+        }
+    }
+    return keyboard;
+}
+export function actionKeyboard(rows) {
+    if (!rows || rows.length === 0) {
+        return undefined;
+    }
+    const keyboard = new InlineKeyboard();
+    for (const row of rows) {
+        for (const button of row) {
+            keyboard.text(button.label, telegramActionData(button.action));
+        }
+        keyboard.row();
+    }
+    return keyboard;
+}
+export function telegramActionData(action) {
+    if (action === "agent-update:jobs") {
+        return "upd_jobs";
+    }
+    const agentUpdateStart = action.match(/^agent-update:start:(.+)$/);
+    if (agentUpdateStart?.[1]) {
+        return `upd_agent:${agentUpdateStart[1]}`;
+    }
+    const agentUpdateLog = action.match(/^agent-update:log:(.+)$/);
+    if (agentUpdateLog?.[1]) {
+        return `upd_log:${agentUpdateLog[1]}`;
+    }
+    const agentUpdateCancel = action.match(/^agent-update:cancel:(.+)$/);
+    if (agentUpdateCancel?.[1]) {
+        return `upd_cancel:${agentUpdateCancel[1]}`;
+    }
+    return action;
+}
+export class TelegramBotChannelRuntime {
+    bot;
+    id = "telegram";
+    label = "Telegram";
+    capabilities = new TelegramChannelAdapter().capabilities;
+    constructor(bot) {
+        this.bot = bot;
+    }
+    describe() {
+        return new TelegramChannelAdapter().describe();
+    }
+    async sendMessage(context, message) {
+        const sent = await sendTextMessage(this.bot.api, telegramChatIdFromChannelContext(context), message.text, {
+            parseMode: telegramParseMode(message.parseMode),
+            fallbackText: message.fallbackText,
+            replyMarkup: actionKeyboard(message.buttons),
+            messageThreadId: telegramThreadIdFromChannelContext(context, message.threadId),
+        });
+        return { messageId: String(sent.message_id) };
+    }
+    async editMessage(context, messageId, message) {
+        const parsedMessageId = Number.parseInt(messageId, 10);
+        if (!Number.isFinite(parsedMessageId)) {
+            throw new Error(`Invalid Telegram message id: ${messageId}`);
+        }
+        await safeEditMessage(this.bot, telegramChatIdFromChannelContext(context), parsedMessageId, message.text, {
+            parseMode: telegramParseMode(message.parseMode),
+            fallbackText: message.fallbackText,
+            replyMarkup: actionKeyboard(message.buttons),
+        });
+    }
+    async sendTyping(context) {
+        await sendChatActionSafe(this.bot.api, telegramChatIdFromChannelContext(context), "typing", telegramThreadIdFromChannelContext(context));
+    }
+    async sendFile(context, file) {
+        const chatId = telegramChatIdFromChannelContext(context);
+        const sent = await telegramRateLimiter.run(chatBucket(chatId), "sendDocument", () => this.bot.api.sendDocument(chatId, new InputFile(file.localPath, file.name), {
+            caption: file.caption ? redactText(file.caption) : undefined,
+            message_thread_id: telegramThreadIdFromChannelContext(context, file.threadId),
+        }));
+        return { messageId: String(sent.message_id) };
+    }
+}
+export function telegramChannelContextFromCtx(ctx) {
+    if (!ctx.chat?.id) {
+        return null;
+    }
+    const topicId = ctx.message?.message_thread_id ?? ctx.callbackQuery?.message?.message_thread_id;
+    return {
+        channelId: "telegram",
+        chatId: String(ctx.chat.id),
+        ...(topicId ? { topicId: String(topicId) } : {}),
+        ...(ctx.from?.id ? { userId: String(ctx.from.id) } : {}),
+        ...(ctx.from?.username ? { username: ctx.from.username } : {}),
+    };
+}
+export function telegramChatIdFromChannelContext(context) {
+    const numeric = Number(context.chatId);
+    return Number.isSafeInteger(numeric) ? numeric : context.chatId;
+}
+export function telegramThreadIdFromChannelContext(context, override) {
+    const value = override ?? context.topicId;
+    if (!value) {
+        return undefined;
+    }
+    const numeric = Number(value);
+    return Number.isSafeInteger(numeric) ? numeric : undefined;
+}
+export function telegramParseMode(parseMode) {
+    return parseMode === "html" ? "HTML" : undefined;
+}

package/dist/telegram-command-menu.js

@@ -0,0 +1,54 @@
+export async function registerCommands(bot) {
+    await bot.api.setMyCommands([
+        { command: "start", description: "Welcome & status" },
+        { command: "help", description: "Command reference" },
+        { command: "link", description: "Link Telegram to NordRelay user" },
+        { command: "whoami", description: "Show your NordRelay user" },
+        { command: "register_chat", description: "Admin: enable this group chat" },
+        { command: "channels", description: "Messaging adapter status" },
+        { command: "agents", description: "Agent adapter status" },
+        { command: "agent", description: "Select agent" },
+        { command: "new", description: "Start a new thread" },
+        { command: "session", description: "Current thread details" },
+        { command: "sessions", description: "Browse & switch threads" },
+        { command: "sync", description: "Sync active session from CLI state" },
+        { command: "pinned", description: "Show pinned threads" },
+        { command: "pin", description: "Pin current or given thread" },
+        { command: "unpin", description: "Unpin current or given thread" },
+        { command: "retry", description: "Resend the last prompt" },
+        { command: "queue", description: "Show queued prompts" },
+        { command: "cancel", description: "Cancel a queued prompt" },
+        { command: "clearqueue", description: "Clear queued prompts" },
+        { command: "artifacts", description: "List or resend generated files" },
+        { command: "workspaces", description: "List allowed workspaces" },
+        { command: "abort", description: "Cancel current operation" },
+        { command: "stop", description: "Cancel current operation" },
+        { command: "launch_profiles", description: "Select launch profile" },
+        { command: "fast", description: "Toggle fast mode" },
+        { command: "model", description: "View & change model" },
+        { command: "reasoning", description: "Set reasoning effort" },
+        { command: "mirror", description: "Control CLI mirroring" },
+        { command: "notify", description: "Control notifications" },
+        { command: "auth", description: "Check auth status" },
+        { command: "login", description: "Start authentication" },
+        { command: "logout", description: "Sign out" },
+        { command: "voice", description: "Voice transcription status" },
+        { command: "tasks", description: "Current turn progress" },
+        { command: "progress", description: "Current turn progress" },
+        { command: "activity", description: "Thread activity timeline" },
+        { command: "audit", description: "Admin: recent audit events" },
+        { command: "status", description: "Connector runtime status" },
+        { command: "health", description: "Connector health report" },
+        { command: "version", description: "Connector version" },
+        { command: "logs", description: "Admin: show connector logs" },
+        { command: "diagnostics", description: "Admin: connector diagnostics" },
+        { command: "lock", description: "Lock session writes to you" },
+        { command: "unlock", description: "Release session write lock" },
+        { command: "locks", description: "List session write locks" },
+        { command: "restart", description: "Admin: restart connector" },
+        { command: "update", description: "Admin: update connector or agents" },
+        { command: "handback", description: "Hand session back to CLI" },
+        { command: "attach", description: "Bind a session to this topic" },
+        { command: "switch", description: "Switch to a thread by ID" },
+    ]);
+}

package/dist/telegram-output.js

@@ -0,0 +1,216 @@
+import { randomUUID } from "node:crypto";
+import { writeFile } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import path from "node:path";
+import { Bot, InlineKeyboard } from "grammy";
+import { formatTelegramHTML } from "./format.js";
+import { redactText } from "./redaction.js";
+import { telegramRateLimiter } from "./telegram-rate-limit.js";
+const TELEGRAM_MESSAGE_LIMIT = 4000;
+const FORMATTED_CHUNK_TARGET = 3000;
+const MAX_AUDIO_FILE_SIZE = 25 * 1024 * 1024;
+export async function safeReply(ctx, text, options = {}) {
+    const chatId = ctx.chat?.id;
+    if (!chatId) {
+        return;
+    }
+    const parseMode = options.parseMode !== undefined ? options.parseMode : "HTML";
+    const messageThreadId = options.messageThreadId ?? ctx.message?.message_thread_id ?? ctx.callbackQuery?.message?.message_thread_id;
+    const chunks = splitTelegramText(redactText(text));
+    const fallbackChunks = options.fallbackText ? splitTelegramText(redactText(options.fallbackText)) : [];
+    for (const [index, chunk] of chunks.entries()) {
+        await sendTextMessage(ctx.api, chatId, chunk, {
+            parseMode,
+            fallbackText: fallbackChunks[index] ?? chunk,
+            replyMarkup: index === 0 ? options.replyMarkup : undefined,
+            messageThreadId,
+        });
+    }
+}
+export async function sendTextMessage(api, chatId, text, options = {}) {
+    const parseMode = Object.prototype.hasOwnProperty.call(options, "parseMode") ? options.parseMode : "HTML";
+    const safeText = redactText(text);
+    const safeFallbackText = options.fallbackText === undefined ? undefined : redactText(options.fallbackText);
+    const bucket = chatBucket(chatId);
+    try {
+        return await telegramRateLimiter.run(bucket, "sendMessage", () => api.sendMessage(chatId, safeText, {
+            ...(parseMode ? { parse_mode: parseMode } : {}),
+            ...(options.messageThreadId ? { message_thread_id: options.messageThreadId } : {}),
+            reply_markup: options.replyMarkup,
+        }));
+    }
+    catch (error) {
+        if (parseMode && safeFallbackText !== undefined && isTelegramParseError(error)) {
+            return await telegramRateLimiter.run(bucket, "sendMessage", () => api.sendMessage(chatId, safeFallbackText, {
+                ...(options.messageThreadId ? { message_thread_id: options.messageThreadId } : {}),
+                reply_markup: options.replyMarkup,
+            }));
+        }
+        throw error;
+    }
+}
+export async function safeEditMessage(bot, chatId, messageId, text, options = {}) {
+    const parseMode = Object.prototype.hasOwnProperty.call(options, "parseMode") ? options.parseMode : "HTML";
+    const safeText = redactText(text);
+    const safeFallbackText = options.fallbackText === undefined ? undefined : redactText(options.fallbackText);
+    const bucket = `${chatBucket(chatId)}:${messageId}`;
+    try {
+        await telegramRateLimiter.run(bucket, "editMessageText", () => bot.api.editMessageText(chatId, messageId, safeText, {
+            ...(parseMode ? { parse_mode: parseMode } : {}),
+            reply_markup: options.replyMarkup,
+        }));
+    }
+    catch (error) {
+        if (isMessageNotModifiedError(error)) {
+            return;
+        }
+        if (parseMode && safeFallbackText !== undefined && isTelegramParseError(error)) {
+            await telegramRateLimiter.run(bucket, "editMessageText", () => bot.api.editMessageText(chatId, messageId, safeFallbackText, {
+                reply_markup: options.replyMarkup,
+            }));
+            return;
+        }
+        throw error;
+    }
+}
+export async function safeEditReplyMarkup(bot, chatId, messageId, replyMarkup) {
+    try {
+        await telegramRateLimiter.run(`${chatBucket(chatId)}:${messageId}`, "editMessageReplyMarkup", () => bot.api.editMessageReplyMarkup(chatId, messageId, {
+            reply_markup: replyMarkup ?? new InlineKeyboard(),
+        }));
+    }
+    catch (error) {
+        if (!isMessageNotModifiedError(error)) {
+            throw error;
+        }
+    }
+}
+export async function sendChatActionSafe(api, chatId, action, messageThreadId) {
+    await telegramRateLimiter.run(chatBucket(chatId), "sendChatAction", () => api.sendChatAction(chatId, action, {
+        ...(messageThreadId ? { message_thread_id: messageThreadId } : {}),
+    }));
+}
+export function chatBucket(chatId) {
+    return `chat:${String(chatId)}`;
+}
+export async function downloadTelegramFile(api, token, fileId, maxBytes = MAX_AUDIO_FILE_SIZE) {
+    const file = await api.getFile(fileId);
+    if (!file.file_path) {
+        throw new Error("Telegram did not return a file path");
+    }
+    if (file.file_size && file.file_size > maxBytes) {
+        throw new Error(`Telegram file too large (${Math.round(file.file_size / 1024 / 1024)} MB, max ${Math.round(maxBytes / 1024 / 1024)} MB)`);
+    }
+    const url = `https://api.telegram.org/file/bot${token}/${file.file_path}`;
+    const response = await fetch(url);
+    if (!response.ok) {
+        throw new Error(`Failed to download Telegram file: ${response.status}`);
+    }
+    const buffer = Buffer.from(await response.arrayBuffer());
+    const extension = path.extname(file.file_path) || ".bin";
+    const tempPath = path.join(tmpdir(), `nordrelay-file-${randomUUID()}${extension}`);
+    await writeFile(tempPath, buffer);
+    return tempPath;
+}
+export function splitMarkdownForTelegram(markdown) {
+    if (!markdown) {
+        return [];
+    }
+    const chunks = [];
+    let remaining = markdown;
+    while (remaining) {
+        const maxLength = Math.min(remaining.length, FORMATTED_CHUNK_TARGET);
+        const initialCut = findPreferredSplitIndex(remaining, maxLength);
+        const candidate = remaining.slice(0, initialCut) || remaining.slice(0, 1);
+        const rendered = renderMarkdownChunkWithinLimit(candidate);
+        chunks.push(rendered);
+        remaining = remaining.slice(rendered.sourceText.length).trimStart();
+    }
+    return chunks;
+}
+export function renderMarkdownChunkWithinLimit(markdown) {
+    if (!markdown) {
+        return {
+            text: "",
+            fallbackText: "",
+            parseMode: "HTML",
+            sourceText: "",
+        };
+    }
+    let sourceText = markdown;
+    let rendered = formatMarkdownMessage(sourceText);
+    while (rendered.text.length > TELEGRAM_MESSAGE_LIMIT && sourceText.length > 1) {
+        const nextLength = Math.max(1, sourceText.length - Math.max(100, Math.ceil(sourceText.length * 0.1)));
+        sourceText = sourceText.slice(0, nextLength).trimEnd() || sourceText.slice(0, nextLength);
+        rendered = formatMarkdownMessage(sourceText);
+    }
+    return {
+        ...rendered,
+        sourceText,
+    };
+}
+export function isMessageNotModifiedError(error) {
+    const message = error instanceof Error ? error.message : String(error);
+    return message.includes("message is not modified");
+}
+function splitTelegramText(text) {
+    if (text.length <= TELEGRAM_MESSAGE_LIMIT) {
+        return [text];
+    }
+    const chunks = [];
+    let remaining = text;
+    while (remaining.length > TELEGRAM_MESSAGE_LIMIT) {
+        let cut = remaining.lastIndexOf("\n", TELEGRAM_MESSAGE_LIMIT);
+        if (cut < TELEGRAM_MESSAGE_LIMIT * 0.5) {
+            cut = remaining.lastIndexOf(" ", TELEGRAM_MESSAGE_LIMIT);
+        }
+        if (cut < TELEGRAM_MESSAGE_LIMIT * 0.5) {
+            cut = TELEGRAM_MESSAGE_LIMIT;
+        }
+        chunks.push(remaining.slice(0, cut).trimEnd());
+        remaining = remaining.slice(cut).trimStart();
+    }
+    if (remaining) {
+        chunks.push(remaining);
+    }
+    return chunks.length > 0 ? chunks : [""];
+}
+function formatMarkdownMessage(markdown) {
+    try {
+        return {
+            text: formatTelegramHTML(markdown),
+            fallbackText: markdown,
+            parseMode: "HTML",
+        };
+    }
+    catch (error) {
+        console.error("Failed to format Telegram HTML, falling back to plain text", error);
+        return {
+            text: markdown,
+            fallbackText: markdown,
+            parseMode: undefined,
+        };
+    }
+}
+function findPreferredSplitIndex(text, maxLength) {
+    if (text.length <= maxLength) {
+        return Math.max(1, text.length);
+    }
+    const newlineIndex = text.lastIndexOf("\n", maxLength);
+    if (newlineIndex >= maxLength * 0.5) {
+        return Math.max(1, newlineIndex);
+    }
+    const spaceIndex = text.lastIndexOf(" ", maxLength);
+    if (spaceIndex >= maxLength * 0.5) {
+        return Math.max(1, spaceIndex);
+    }
+    return Math.max(1, maxLength);
+}
+function isTelegramParseError(error) {
+    const message = (error instanceof Error ? error.message : String(error)).toLowerCase();
+    return (message.includes("can't parse entities") ||
+        message.includes("unsupported start tag") ||
+        message.includes("unexpected end tag") ||
+        message.includes("entity name") ||
+        message.includes("parse entities"));
+}