polygram 0.6.14 → 0.6.16

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://anthropic.com/claude-code/plugin.schema.json",
   "name": "polygram",
-  "version": "0.6.14",
+  "version": "0.6.16",
   "description": "Telegram integration for Claude Code that preserves the OpenClaw per-chat session model. Migration target for OpenClaw users. Multi-bot, multi-chat, per-topic isolation; SQLite transcripts; inline-keyboard approvals. Bundles /polygram:status|logs|pair-code|approvals admin commands and a history skill.",
   "keywords": [
     "telegram",

package/README.md

@@ -1,5 +1,9 @@
 # polygram
 
+[![CI](https://github.com/shumkov/polygram/actions/workflows/ci.yml/badge.svg)](https://github.com/shumkov/polygram/actions/workflows/ci.yml)
+[![codecov](https://codecov.io/gh/shumkov/polygram/branch/main/graph/badge.svg)](https://codecov.io/gh/shumkov/polygram)
+[![npm](https://img.shields.io/npm/v/polygram.svg)](https://www.npmjs.com/package/polygram)
+
 A Telegram daemon and Claude Code plugin that preserves the per-chat
 session model from **OpenClaw**. Intended primarily as a **migration
 path** for users moving their Telegram-based ops from OpenClaw to Claude
@@ -360,7 +364,7 @@ foreign-chat clicks are rejected. Default-deny on IPC error.
 ## Development
 
 ```bash
-npm test           # 494 tests, 114 suites, node:test, no external services
+npm test           # 500 tests, 115 suites, node:test, no external services
 npm run coverage   # native test coverage (Node 22+, no devDeps)
 npm start -- --bot my-bot
 npm run split-db -- --config config.json --dry-run

package/lib/db.js

@@ -10,6 +10,14 @@ const Database = require('better-sqlite3');
 
 const SCHEMA_VERSION = 8;
 
+// Sentinel `error` value for outbound rows whose API call may or may not
+// have reached Telegram. markStalePending writes it; hasOutboundReplyTo
+// reads it to dedupe boot replay against possibly-delivered messages.
+// Constant rather than inline literal so a typo can't silently break the
+// invariant ("AND error = 'crashedmidsend'" → no rows match → duplicate
+// reply on boot).
+const CRASHED_MID_SEND = 'crashed-mid-send';
+
 function open(dbPath) {
   const db = new Database(dbPath);
   db.pragma('journal_mode = WAL');
@@ -31,10 +39,13 @@ function runMigrations(db, migrationsDir) {
     const n = parseInt(file.slice(0, 3), 10);
     if (Number.isNaN(n)) continue;
     const sql = fs.readFileSync(path.join(migrationsDir, file), 'utf8');
-    // BEGIN IMMEDIATE acquires the write lock up-front, preventing two
-    // processes from both reading user_version=N and both attempting to
-    // apply migration N+1. The second migrator hits SQLITE_BUSY beyond
-    // busy_timeout and errors cleanly instead of corrupting state.
+    // Concurrent-boot safety: BEGIN IMMEDIATE acquires the write lock
+    // up-front; the second migrator blocks on busy_timeout (5s) then
+    // re-reads user_version inside the txn for check-and-set semantics.
+    // The prepared-statement-against-old-schema hazard is mitigated by
+    // polygram's per-bot DB layout (one process per DB file, see
+    // scripts/split-db.js), so there is no other long-lived reader on
+    // the same DB during a migration in normal operation.
     db.exec('BEGIN IMMEDIATE');
     try {
       // Re-read inside the transaction so we skip anything another process
@@ -152,11 +163,11 @@ function wrap(db) {
   `);
 
   const markStalePendingStmt = db.prepare(`
-    UPDATE messages SET status = 'failed', error = 'crashed-mid-send'
+    UPDATE messages SET status = 'failed', error = '${CRASHED_MID_SEND}'
     WHERE status = 'pending' AND ts < ?
   `);
   const markStalePendingForBotStmt = db.prepare(`
-    UPDATE messages SET status = 'failed', error = 'crashed-mid-send'
+    UPDATE messages SET status = 'failed', error = '${CRASHED_MID_SEND}'
     WHERE status = 'pending' AND ts < ? AND bot_name = ?
   `);
 
@@ -359,7 +370,7 @@ function wrap(db) {
            AND (
              status = 'sent'
              OR status = 'pending'
-             OR (status = 'failed' AND error = 'crashed-mid-send')
+             OR (status = 'failed' AND error = '${CRASHED_MID_SEND}')
            )
          LIMIT 1
       `).get(chat_id, msg_id);
@@ -526,4 +537,4 @@ function wrap(db) {
   };
 }
 
-module.exports = { open };
+module.exports = { open, CRASHED_MID_SEND };

package/lib/pairings.js

@@ -49,6 +49,38 @@ function parseTtl(input) {
   return ms;
 }
 
+// Per-user attempt tracker (in-memory). Counts EVERY claim call, not just
+// successful ones — pre-0.6.15 the rate-limit query only counted rows where
+// used_ts was set, so an attacker could probe wrong codes indefinitely. A
+// brute-force at 30 req/s/bot (Telegram's per-bot limit) against 30^8 codes
+// takes 685 years even with no rate limit, so this is hardening against
+// targeted guessing of a known-issued code rather than closing an active
+// breach. In-memory state survives the typical polygram lifetime (days
+// between restarts) and rebuilds in the worst case after a restart — the
+// successful-claim DB check stays as belt-and-suspenders for the post-claim
+// path.
+function createAttemptTracker(now) {
+  const attemptsByUser = new Map(); // user_id → [ts, ts, ...]
+  return {
+    countRecent(userId, windowMs) {
+      const arr = attemptsByUser.get(userId);
+      if (!arr) return 0;
+      const cutoff = now() - windowMs;
+      // Garbage-collect the user's own bucket on every check; keeps memory
+      // bounded without a separate sweep timer.
+      const live = arr.filter((t) => t > cutoff);
+      if (live.length === 0) attemptsByUser.delete(userId);
+      else if (live.length !== arr.length) attemptsByUser.set(userId, live);
+      return live.length;
+    },
+    record(userId) {
+      const arr = attemptsByUser.get(userId) || [];
+      arr.push(now());
+      attemptsByUser.set(userId, arr);
+    },
+  };
+}
+
 function createStore(rawDb, now = () => Date.now()) {
   const issueStmt = rawDb.prepare(`
     INSERT INTO pair_codes
@@ -100,10 +132,7 @@ function createStore(rawDb, now = () => Date.now()) {
     SELECT COUNT(*) AS n FROM pair_codes
      WHERE bot_name = ? AND issued_by_user_id = ? AND issued_ts > ?
   `);
-  const recentClaimsByUserStmt = rawDb.prepare(`
-    SELECT COUNT(*) AS n FROM pair_codes
-     WHERE used_by_user_id = ? AND used_ts > ?
-  `);
+  const claimAttempts = createAttemptTracker(now);
 
   return {
     issueCode({
@@ -144,10 +173,13 @@ function createStore(rawDb, now = () => Date.now()) {
     claimCode({ code, claimer_user_id, chat_id, bot_name }) {
       const norm = normalizeCode(code);
 
-      const recent = recentClaimsByUserStmt.get(claimer_user_id, now() - 3_600_000).n;
+      // Rate-limit BEFORE the DB lookup so probing wrong codes also
+      // burns quota. Counts every attempt (success or failure).
+      const recent = claimAttempts.countRecent(claimer_user_id, 3_600_000);
       if (recent >= CLAIM_RATE_PER_USER_PER_HOUR) {
         return { ok: false, reason: 'rate-limited' };
       }
+      claimAttempts.record(claimer_user_id);
 
       const row = findCodeStmt.get(norm);
       if (!row) return { ok: false, reason: 'not-found' };

package/lib/prompt.js

@@ -43,6 +43,10 @@ function buildReplyToBlock(input) {
   if (!input) return '';
   const { telegram, dbRow, replyToId } = input;
 
+  // Defense-in-depth: msg_id, ts, file sizes are numeric or system-generated
+  // in normal flows, but we run them through xmlEscape anyway so an unexpected
+  // upstream change (Telegram payload shape, DB type drift) can't introduce
+  // an attribute-injection vector through one missed escape site.
   if (telegram) {
     const msgId = telegram.message_id;
     const user = telegram.from?.first_name || telegram.from?.username || 'Unknown';
@@ -52,9 +56,9 @@ function buildReplyToBlock(input) {
     const summary = hasMedia ? summarizeTelegramAttachments(telegram) : '';
     const body = [text, summary].filter(Boolean).join('\n');
     const editedAttr = telegram.edit_date
-      ? ` edited_ts="${new Date(telegram.edit_date * 1000).toISOString()}"`
+      ? ` edited_ts="${xmlEscape(new Date(telegram.edit_date * 1000).toISOString())}"`
       : '';
-    return `<reply_to msg_id="${msgId}" user="${xmlEscape(user)}" ts="${ts}"${editedAttr} source="telegram">
+    return `<reply_to msg_id="${xmlEscape(msgId)}" user="${xmlEscape(user)}" ts="${xmlEscape(ts)}"${editedAttr} source="telegram">
 ${xmlEscape(body)}
 </reply_to>`;
   }
@@ -72,15 +76,15 @@ ${xmlEscape(body)}
     const ts = dbRow.ts ? new Date(dbRow.ts).toISOString() : '';
     const text = truncateReplyText(dbRow.text || '');
     const editedAttr = dbRow.edited_ts
-      ? ` edited_ts="${new Date(dbRow.edited_ts).toISOString()}"`
+      ? ` edited_ts="${xmlEscape(new Date(dbRow.edited_ts).toISOString())}"`
       : '';
-    return `<reply_to msg_id="${dbRow.msg_id}" user="${xmlEscape(dbRow.user || 'Unknown')}" ts="${ts}"${editedAttr} source="bridge-db">
+    return `<reply_to msg_id="${xmlEscape(dbRow.msg_id)}" user="${xmlEscape(dbRow.user || 'Unknown')}" ts="${xmlEscape(ts)}"${editedAttr} source="bridge-db">
 ${xmlEscape(text)}
 </reply_to>`;
   }
 
   if (replyToId) {
-    return `<reply_to msg_id="${replyToId}" source="unresolvable">
+    return `<reply_to msg_id="${xmlEscape(replyToId)}" source="unresolvable">
 [original message not in transcript]
 </reply_to>`;
   }
@@ -126,7 +130,7 @@ function buildAttachmentTags(attachments) {
     if (a.error || !a.path) {
       return `<attachment-failed kind="${xmlEscape(a.kind)}" name="${xmlEscape(a.name)}" mime="${xmlEscape(a.mime_type)}" reason="${xmlEscape(a.error || 'no local path')}" />`;
     }
-    return `<attachment kind="${xmlEscape(a.kind)}" name="${xmlEscape(a.name)}" mime="${xmlEscape(a.mime_type)}" size="${a.size || 0}" path="${xmlEscape(a.path)}" />`;
+    return `<attachment kind="${xmlEscape(a.kind)}" name="${xmlEscape(a.name)}" mime="${xmlEscape(a.mime_type)}" size="${xmlEscape(a.size || 0)}" path="${xmlEscape(a.path)}" />`;
   }).join('\n');
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "polygram",
-  "version": "0.6.14",
+  "version": "0.6.16",
   "description": "Telegram daemon for Claude Code that preserves the OpenClaw per-chat session model. Migration path for OpenClaw users moving to Claude Code.",
   "main": "lib/ipc-client.js",
   "bin": {

package/polygram.js

@@ -211,6 +211,12 @@ function logEvent(kind, detail) {
 }
 
 function recordInbound(msg) {
+  // 0.6.4 wrapped the body in db.raw.transaction(...) for atomicity, but
+  // the wrap itself runs at call time — before dbWrite's null-db guard
+  // kicks in. A late-arriving inbound during shutdown (after db.raw.close())
+  // would TypeError and unhandled-reject grammy's update handler. Restore
+  // best-effort semantics with an explicit early-out.
+  if (!db) return;
   const chatId = msg.chat.id.toString();
   const threadId = msg.message_thread_id?.toString() || null;
   const user = msg.from?.first_name || msg.from?.username || null;
@@ -287,6 +293,22 @@ function sanitizeFilename(name) {
   return name.replace(/[\/\\:\0]/g, '_').slice(0, 120);
 }
 
+// Short, filesystem-safe handle from the file_unique_id for auto-gen names.
+// Telegram guarantees file_unique_id is stable per file across sessions; 8
+// chars is collision-safe within a chat (~48 bits) and short enough to read.
+// Falls back to msg.message_id for the rare case where file_unique_id is
+// unset (very old Bot API rows). The pre-0.6.15 pattern embedded message_id
+// directly, which then went stale after media-group reassignment rewrote
+// the row's msg_id → name and msg_id disagreed about which Telegram message
+// the file came from. Using file_unique_id makes the name stable across
+// reassignment.
+function shortFileTag(fileUniqueId, fallback) {
+  if (fileUniqueId) {
+    return String(fileUniqueId).replace(/[^A-Za-z0-9_-]/g, '').slice(0, 8) || String(fallback);
+  }
+  return String(fallback);
+}
+
 function extractAttachments(msg) {
   // Media-group bundling path: when we synthesised a single message from
   // several siblings sharing a media_group_id, the merged attachment list
@@ -300,7 +322,7 @@ function extractAttachments(msg) {
     items.push({
       file_id: d.file_id,
       file_unique_id: d.file_unique_id,
-      name: d.file_name || `document-${msg.message_id}`,
+      name: d.file_name || `document-${shortFileTag(d.file_unique_id, msg.message_id)}`,
       mime_type: d.mime_type || 'application/octet-stream',
       size: d.file_size || 0,
       kind: 'document',
@@ -311,7 +333,7 @@ function extractAttachments(msg) {
     items.push({
       file_id: largest.file_id,
       file_unique_id: largest.file_unique_id,
-      name: `photo-${msg.message_id}.jpg`,
+      name: `photo-${shortFileTag(largest.file_unique_id, msg.message_id)}.jpg`,
       mime_type: 'image/jpeg',
       size: largest.file_size || 0,
       kind: 'photo',
@@ -321,7 +343,7 @@ function extractAttachments(msg) {
     items.push({
       file_id: msg.voice.file_id,
       file_unique_id: msg.voice.file_unique_id,
-      name: `voice-${msg.message_id}.ogg`,
+      name: `voice-${shortFileTag(msg.voice.file_unique_id, msg.message_id)}.ogg`,
       mime_type: msg.voice.mime_type || 'audio/ogg',
       size: msg.voice.file_size || 0,
       kind: 'voice',
@@ -332,7 +354,7 @@ function extractAttachments(msg) {
     items.push({
       file_id: a.file_id,
       file_unique_id: a.file_unique_id,
-      name: a.file_name || `audio-${msg.message_id}.mp3`,
+      name: a.file_name || `audio-${shortFileTag(a.file_unique_id, msg.message_id)}.mp3`,
       mime_type: a.mime_type || 'audio/mpeg',
       size: a.file_size || 0,
       kind: 'audio',
@@ -343,7 +365,7 @@ function extractAttachments(msg) {
     items.push({
       file_id: v.file_id,
       file_unique_id: v.file_unique_id,
-      name: v.file_name || `video-${msg.message_id}.mp4`,
+      name: v.file_name || `video-${shortFileTag(v.file_unique_id, msg.message_id)}.mp4`,
       mime_type: v.mime_type || 'video/mp4',
       size: v.file_size || 0,
       kind: 'video',
@@ -764,6 +786,9 @@ function errorReplyText(err) {
   if (/Process (exited|killed)/i.test(msg)) {
     return '💥 Something crashed on my end. Try again.';
   }
+  if (/error_during_execution/i.test(msg)) {
+    return '💥 Something went wrong mid-stream. Try again.';
+  }
   const reason = msg.split('\n')[0].slice(0, 120);
   return `Hit a snag: ${reason || 'unknown error'}. Try resending.`;
 }
@@ -1739,7 +1764,16 @@ async function handleMessage(sessionKey, chatId, msg, bot) {
     if (result.error) {
       console.error(`[${label}] Error (${elapsed}s):`, result.error);
       reactor.setState('ERROR');
-      if (!result.text) { markReplied(); return; }
+      // 0.6.16: pre-fix, silently markReplied()+return — the user got an
+      // error reaction emoji on their message but no actual reply text,
+      // AND 'replied' status meant boot replay didn't re-dispatch on next
+      // boot. Worst-case: shutdown-killed turn (e.g. polygram upgrade
+      // mid-stream) → user sends "yes", sees 🤯, gets no answer ever,
+      // the row is silently lost. Promote to a thrown error so
+      // dispatchHandleMessage's catch correctly distinguishes shutdown
+      // (→ 'replay-pending', boot replay retries) from runtime failure
+      // (→ 'failed', user gets an apology with retry hint).
+      if (!result.text) throw new Error(result.error);
     } else {
       // Clear the progress reaction instead of stamping 👍 — the reply
       // bubble itself is the "done" signal and a permanent thumbs-up on