polygram 0.10.0-rc.37 → 0.10.0-rc.39

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://anthropic.com/claude-code/plugin.schema.json",
   "name": "polygram",
-  "version": "0.10.0-rc.37",
+  "version": "0.10.0-rc.39",
   "description": "Telegram integration for Claude Code that preserves the OpenClaw per-chat session model. Migration target for OpenClaw users. Multi-bot, multi-chat, per-topic isolation; SQLite transcripts; inline-keyboard approvals. Bundles /polygram:status|logs|pair-code|approvals admin commands plus history (transcript queries) and polygram-send (out-of-turn IPC sends with file-upload validation) skills.",
   "keywords": [
     "telegram",

package/lib/sdk/callbacks.js

@@ -344,13 +344,27 @@ function createSdkCallbacks({
       }
     },
 
-    // 0.10.0 H1 (observer-only): tmux backend hook-based turn
-    // observability. TmuxProcess emits `hook-event` with normalized
-    // HookEvent records for every claude-CLI hook firing (PreToolUse,
+    // 0.10.0 H1 (observer-only) + H2 (reactor wiring): tmux backend
+    // hook-based turn observability + status.
+    //
+    // H1: TmuxProcess emits `hook-event` with normalized HookEvent
+    // records for every claude-CLI hook firing (PreToolUse,
     // PostToolUse, UserPromptSubmit, Stop, SubagentStop, Notification,
-    // plus `unknown` for any schema drift). Persisted compact so the
-    // soak can characterize the stream's reliability against real
-    // Music traffic before H2/H3/H4 consume it.
+    // plus `unknown` for any schema drift). Persisted compact for
+    // forensic soak analysis.
+    //
+    // H2: routes hook events to the head pending's reactor so the
+    // Telegram emoji reflects what claude is actually doing — incl.
+    // subagent-inner tool fires (PreToolUse with `agent_id`) that
+    // JSONL `tool-use` never surfaces. The win: long subagent turns
+    // stop tripping the 🥱→😨→🤯 escalation because each inner
+    // PostToolUse / SubagentStop / Notification heartbeats the
+    // reactor, proving the agent is alive.
+    //
+    // Augments — does NOT replace — the existing JSONL-driven
+    // `onToolUse` setState and stream-chunk heartbeats. Duplicate
+    // setState for the same state is a no-op in the reactor; the
+    // throttle/cascade timers are unchanged.
     //
     // Fields persisted are intentionally narrow: identity + tool/
     // subagent scoping + `duration_ms` (free per-tool latency from
@@ -359,8 +373,9 @@ function createSdkCallbacks({
     // (`tool_input`, full `tool_response`, `last_assistant_message`)
     // are NOT persisted to the events DB — they'd inflate row size
     // without informing the soak.
-    onHookEvent: (sessionKey, payload /* , entry */) => {
+    onHookEvent: (sessionKey, payload, entry) => {
       try {
+        // ── H1: DB persist ────────────────────────────────────────
         const detail = {
           chat_id: getChatIdFromKey(sessionKey),
           session_key: sessionKey,
@@ -387,6 +402,58 @@ function createSdkCallbacks({
           detail.parse_error = payload?.error ?? null;
         }
         logEvent('hook-event', detail);
+
+        // ── H2: route to reactor ──────────────────────────────────
+        //
+        // The reactor lives on the HEAD pending's per-turn context
+        // (same shape as `onToolUse` and `onStreamChunk`). Hook
+        // events from claude can land in three windows relative to
+        // a polygram turn:
+        //   1. Mid-turn (the normal case) — head exists, reactor
+        //      lives, route the event.
+        //   2. Between turns / before head is set — head is null,
+        //      skip silently. The next setState from polygram-side
+        //      turn lifecycle will recover.
+        //   3. UserPromptSubmit fires BEFORE polygram's
+        //      reactor.setState('THINKING') in some races; that's
+        //      fine because UserPromptSubmit is intentionally a
+        //      no-op here (the existing turn-start path owns it).
+        const head = entry?.pendingQueue?.[0];
+        const reactor = head?.context?.reactor;
+        if (!reactor) return;
+
+        switch (payload?.type) {
+          case 'PreToolUse':
+            // PreToolUse fires for main-agent AND subagent-inner
+            // tools (the latter scoped by `agent_id`). The reactor
+            // doesn't care WHO ran the tool, only WHAT — so
+            // classifyToolName drives the state regardless of
+            // agent context.
+            if (payload.toolName) {
+              reactor.setState(classifyToolName(payload.toolName));
+            }
+            break;
+
+          case 'PostToolUse':
+          case 'SubagentStop':
+          case 'Notification':
+            // Liveness signals — each one proves the agent is still
+            // making progress. Heartbeat resets the STALL (🥱) and
+            // TIMEOUT (😨) timers, killing the fear escalation on
+            // long healthy turns that was the motivating msg-884
+            // incident.
+            if (typeof reactor.heartbeat === 'function') {
+              reactor.heartbeat();
+            }
+            break;
+
+          // UserPromptSubmit, Stop, unknown, parse-error: no
+          // reactor routing. Turn lifecycle owns start/clear; the
+          // observer-only H1 DB persist above still records them
+          // for forensics.
+          default:
+            break;
+        }
       } catch (err) {
         logger.error?.(`[${botName}] hook-event handler: ${err.message}`);
       }

package/lib/telegram/sanitize-reply.js

@@ -0,0 +1,82 @@
+/**
+ * sanitize-reply — outbound assistant-text sanitizer for claude-CLI
+ * canned-string leakage.
+ *
+ * The model occasionally emits CLI-context boilerplate strings
+ * verbatim as Telegram replies — typically when its reasoning
+ * decides "no response needed." `POLYGRAM_DISPLAY_HINT` (rc.37
+ * hardening) explicitly forbids them, but the hint mitigation
+ * proved partial: the model still leaked `No response requested.`
+ * on a substantive user question (shumorobot Music, 2026-05-22
+ * 14:14). Likely CLI-internal, not prompt-driven.
+ *
+ * This sanitizer is the polygram-side safety net. Runs AFTER
+ * `parseResponse` — sees the parsed text the streamer/deliver
+ * path will send. On a verbatim match against a narrow allowlist
+ * of known canned strings, replaces with an honest brief message
+ * the user can act on (rephrase / retry).
+ *
+ * Narrow allowlist on purpose:
+ *   - Exact full-text match (not substring) — paranoia against
+ *     accidentally rewriting legitimate replies that mention these
+ *     phrases (e.g. an explanation of the issue itself).
+ *   - Does NOT include `No response generated. Please try again.`
+ *     because that's polygram's own R10 empty-turn fallback, which
+ *     is intentional output.
+ *   - Does NOT include `Stopped.` because that's polygram's `/stop`
+ *     confirmation.
+ *
+ * If new canned strings are observed in production, add them to
+ * CANNED_STRINGS with a comment naming the production trace.
+ */
+
+'use strict';
+
+// Exact-match (trimmed) canned strings to intercept. Keep this list
+// short and explicit — every entry is a known production leak.
+const CANNED_STRINGS = new Set([
+  // shumorobot 2026-05-22 (Music topic, 13:17 and 14:14, both on
+  // rc.36/37). Model emitted this verbatim on the first occurrence
+  // after an ambiguous ack ("okay"); on the second, after a real
+  // substantive question. Prompt-side mitigation (rc.37) didn't
+  // catch the second case — confirming this is CLI-internal.
+  'No response requested.',
+  // Listed in the rc.37 display hint as an adjacent variant. Treated
+  // the same way if it ever appears.
+  'No response needed.',
+]);
+
+// Replacement text — italic, brief, honest, actionable. Avoids
+// pretending the bot did useful work; tells the user explicitly that
+// the model didn't generate a real reply.
+const SANITIZED_REPLACEMENT =
+  '_(the model returned no actual reply — try rephrasing or asking again)_';
+
+/**
+ * Inspect an outbound assistant text. If the FULL TRIMMED text
+ * matches a known CLI-context canned string, return the honest
+ * replacement and a `replaced` flag so the caller can log the
+ * substitution. Otherwise return the original text unchanged.
+ *
+ * @param {string} text — the assistant text about to be sent.
+ * @returns {{ text: string, replaced: boolean, original?: string }}
+ */
+function sanitizeAssistantReply(text) {
+  if (typeof text !== 'string') return { text, replaced: false };
+  const trimmed = text.trim();
+  if (!trimmed) return { text, replaced: false };
+  if (CANNED_STRINGS.has(trimmed)) {
+    return {
+      text: SANITIZED_REPLACEMENT,
+      replaced: true,
+      original: trimmed,
+    };
+  }
+  return { text, replaced: false };
+}
+
+module.exports = {
+  CANNED_STRINGS,
+  SANITIZED_REPLACEMENT,
+  sanitizeAssistantReply,
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "polygram",
-  "version": "0.10.0-rc.37",
+  "version": "0.10.0-rc.39",
   "description": "Telegram daemon for Claude Code that preserves the OpenClaw per-chat session model. Migration path for OpenClaw users moving to Claude Code.",
   "main": "lib/ipc/client.js",
   "bin": {

package/polygram.js

@@ -80,6 +80,7 @@ const { transcribe: transcribeVoice, isVoiceAttachment } = require('./lib/telegr
 const { createStreamer } = require('./lib/telegram/streamer');
 const { chunkMarkdownText } = require('./lib/telegram/chunk');
 const { deliverReplies } = require('./lib/telegram/deliver');
+const { sanitizeAssistantReply } = require('./lib/telegram/sanitize-reply');
 const { announce, shouldAnnounce } = require('./lib/announces');
 const { isAbortRequest } = require('./lib/abort-detector');
 const { startTyping } = require('./lib/telegram/typing');
@@ -1308,6 +1309,25 @@ async function handleMessage(sessionKey, chatId, msg, bot) {
     }
 
     const parsed = parseResponse(result.text);
+    // rc.39: intercept CLI-context canned-string leaks (`No response
+    // requested.` etc.) before they reach the streamer/deliver path.
+    // Replaces with an honest brief message; logs the substitution
+    // for forensic post-hoc analysis of how often the leak fires.
+    // See lib/telegram/sanitize-reply.js for the (narrow) allowlist
+    // and rationale — the rc.37 prompt-side hint mitigation proved
+    // insufficient, so this is the polygram-layer safety net.
+    if (parsed.text) {
+      const sanitized = sanitizeAssistantReply(parsed.text);
+      if (sanitized.replaced) {
+        logEvent('canned-reply-suppressed', {
+          chat_id: chatId,
+          msg_id: msg.message_id,
+          original: sanitized.original,
+          backend: result?.backend || null,
+        });
+        parsed.text = sanitized.text;
+      }
+    }
     const outMeta = { ...outMetaBase, sessionId: result.sessionId, costUsd: result.cost };
 
     // 0.8.0-rc.39: send any inline stickers Claude embedded with