polygram 0.10.0-rc.38 → 0.10.0-rc.39

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://anthropic.com/claude-code/plugin.schema.json",
   "name": "polygram",
-  "version": "0.10.0-rc.38",
+  "version": "0.10.0-rc.39",
   "description": "Telegram integration for Claude Code that preserves the OpenClaw per-chat session model. Migration target for OpenClaw users. Multi-bot, multi-chat, per-topic isolation; SQLite transcripts; inline-keyboard approvals. Bundles /polygram:status|logs|pair-code|approvals admin commands plus history (transcript queries) and polygram-send (out-of-turn IPC sends with file-upload validation) skills.",
   "keywords": [
     "telegram",

package/lib/telegram/sanitize-reply.js

@@ -0,0 +1,82 @@
+/**
+ * sanitize-reply — outbound assistant-text sanitizer for claude-CLI
+ * canned-string leakage.
+ *
+ * The model occasionally emits CLI-context boilerplate strings
+ * verbatim as Telegram replies — typically when its reasoning
+ * decides "no response needed." `POLYGRAM_DISPLAY_HINT` (rc.37
+ * hardening) explicitly forbids them, but the hint mitigation
+ * proved partial: the model still leaked `No response requested.`
+ * on a substantive user question (shumorobot Music, 2026-05-22
+ * 14:14). Likely CLI-internal, not prompt-driven.
+ *
+ * This sanitizer is the polygram-side safety net. Runs AFTER
+ * `parseResponse` — sees the parsed text the streamer/deliver
+ * path will send. On a verbatim match against a narrow allowlist
+ * of known canned strings, replaces with an honest brief message
+ * the user can act on (rephrase / retry).
+ *
+ * Narrow allowlist on purpose:
+ *   - Exact full-text match (not substring) — paranoia against
+ *     accidentally rewriting legitimate replies that mention these
+ *     phrases (e.g. an explanation of the issue itself).
+ *   - Does NOT include `No response generated. Please try again.`
+ *     because that's polygram's own R10 empty-turn fallback, which
+ *     is intentional output.
+ *   - Does NOT include `Stopped.` because that's polygram's `/stop`
+ *     confirmation.
+ *
+ * If new canned strings are observed in production, add them to
+ * CANNED_STRINGS with a comment naming the production trace.
+ */
+
+'use strict';
+
+// Exact-match (trimmed) canned strings to intercept. Keep this list
+// short and explicit — every entry is a known production leak.
+const CANNED_STRINGS = new Set([
+  // shumorobot 2026-05-22 (Music topic, 13:17 and 14:14, both on
+  // rc.36/37). Model emitted this verbatim on the first occurrence
+  // after an ambiguous ack ("okay"); on the second, after a real
+  // substantive question. Prompt-side mitigation (rc.37) didn't
+  // catch the second case — confirming this is CLI-internal.
+  'No response requested.',
+  // Listed in the rc.37 display hint as an adjacent variant. Treated
+  // the same way if it ever appears.
+  'No response needed.',
+]);
+
+// Replacement text — italic, brief, honest, actionable. Avoids
+// pretending the bot did useful work; tells the user explicitly that
+// the model didn't generate a real reply.
+const SANITIZED_REPLACEMENT =
+  '_(the model returned no actual reply — try rephrasing or asking again)_';
+
+/**
+ * Inspect an outbound assistant text. If the FULL TRIMMED text
+ * matches a known CLI-context canned string, return the honest
+ * replacement and a `replaced` flag so the caller can log the
+ * substitution. Otherwise return the original text unchanged.
+ *
+ * @param {string} text — the assistant text about to be sent.
+ * @returns {{ text: string, replaced: boolean, original?: string }}
+ */
+function sanitizeAssistantReply(text) {
+  if (typeof text !== 'string') return { text, replaced: false };
+  const trimmed = text.trim();
+  if (!trimmed) return { text, replaced: false };
+  if (CANNED_STRINGS.has(trimmed)) {
+    return {
+      text: SANITIZED_REPLACEMENT,
+      replaced: true,
+      original: trimmed,
+    };
+  }
+  return { text, replaced: false };
+}
+
+module.exports = {
+  CANNED_STRINGS,
+  SANITIZED_REPLACEMENT,
+  sanitizeAssistantReply,
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "polygram",
-  "version": "0.10.0-rc.38",
+  "version": "0.10.0-rc.39",
   "description": "Telegram daemon for Claude Code that preserves the OpenClaw per-chat session model. Migration path for OpenClaw users moving to Claude Code.",
   "main": "lib/ipc/client.js",
   "bin": {

package/polygram.js

@@ -80,6 +80,7 @@ const { transcribe: transcribeVoice, isVoiceAttachment } = require('./lib/telegr
 const { createStreamer } = require('./lib/telegram/streamer');
 const { chunkMarkdownText } = require('./lib/telegram/chunk');
 const { deliverReplies } = require('./lib/telegram/deliver');
+const { sanitizeAssistantReply } = require('./lib/telegram/sanitize-reply');
 const { announce, shouldAnnounce } = require('./lib/announces');
 const { isAbortRequest } = require('./lib/abort-detector');
 const { startTyping } = require('./lib/telegram/typing');
@@ -1308,6 +1309,25 @@ async function handleMessage(sessionKey, chatId, msg, bot) {
     }
 
     const parsed = parseResponse(result.text);
+    // rc.39: intercept CLI-context canned-string leaks (`No response
+    // requested.` etc.) before they reach the streamer/deliver path.
+    // Replaces with an honest brief message; logs the substitution
+    // for forensic post-hoc analysis of how often the leak fires.
+    // See lib/telegram/sanitize-reply.js for the (narrow) allowlist
+    // and rationale — the rc.37 prompt-side hint mitigation proved
+    // insufficient, so this is the polygram-layer safety net.
+    if (parsed.text) {
+      const sanitized = sanitizeAssistantReply(parsed.text);
+      if (sanitized.replaced) {
+        logEvent('canned-reply-suppressed', {
+          chat_id: chatId,
+          msg_id: msg.message_id,
+          original: sanitized.original,
+          backend: result?.backend || null,
+        });
+        parsed.text = sanitized.text;
+      }
+    }
     const outMeta = { ...outMetaBase, sessionId: result.sessionId, costUsd: result.cost };
 
     // 0.8.0-rc.39: send any inline stickers Claude embedded with