polygram 0.6.16 → 0.7.0

package/lib/telegram-chunk.js

@@ -0,0 +1,278 @@
+/**
+ * Markdown-aware chunking for Telegram-bound replies.
+ *
+ * Direct port of OpenClaw's chunkMarkdownText (`extensions/telegram` uses
+ * `chunkerMode: 'markdown'`). The naive byte-cut chunker we shipped pre-0.7.0
+ * landed boundaries mid-word and mid-HTML-tag, which Telegram's parse_mode=HTML
+ * rejected with `400 can't parse entities` — bubbles froze and content got
+ * dropped (see msg 10794 incident). This algorithm guarantees:
+ *
+ *   1. No chunk exceeds `limit`.
+ *   2. Breaks prefer newlines over whitespace over hard-cut.
+ *   3. Code fences (```...```) are never broken silently — if a chunk would
+ *      land inside a fence, we close it on chunk N and re-open with the same
+ *      marker + language on chunk N+1, so each chunk is independently
+ *      parseable.
+ *   4. Parenthesised expressions `(...)` aren't broken at whitespace inside
+ *      the parens (avoids splitting `[markdown link](http://example.com/...)`).
+ *
+ * Plain `chunkText` (no fence handling) is exported for callers that already
+ * know the input has no markdown — primarily code paths handling raw user
+ * input echoes or non-text payloads.
+ */
+
+// ─── Code-fence span detection ──────────────────────────────────────
+
+// Scan `buffer` for ```...``` and ~~~...~~~ fences. Returns the span list
+// of matched (open, close) pairs. An unclosed open fence at end-of-input
+// is treated as if it closes at end (so the chunker can still split inside
+// safely).
+function parseFenceSpans(buffer) {
+  const spans = [];
+  let open;
+  let offset = 0;
+  while (offset <= buffer.length) {
+    const nextNewline = buffer.indexOf('\n', offset);
+    const lineEnd = nextNewline === -1 ? buffer.length : nextNewline;
+    const line = buffer.slice(offset, lineEnd);
+    // Fence opens/closes start with up to 3 spaces of indent then 3+ of
+    // ` or ~. The "info string" after the marker (language hint) doesn't
+    // affect span boundaries.
+    const match = line.match(/^( {0,3})(`{3,}|~{3,})(.*)$/);
+    if (match) {
+      const indent = match[1];
+      const marker = match[2];
+      const markerChar = marker[0];
+      const markerLen = marker.length;
+      if (!open) {
+        open = { start: offset, markerChar, markerLen, openLine: line, marker, indent };
+      } else if (open.markerChar === markerChar && markerLen >= open.markerLen) {
+        // Closing fence must use the SAME char and at least as many of them.
+        // Different-char or shorter sequences are part of the body.
+        spans.push({
+          start: open.start, end: lineEnd,
+          openLine: open.openLine, marker: open.marker, indent: open.indent,
+        });
+        open = undefined;
+      }
+    }
+    if (nextNewline === -1) break;
+    offset = nextNewline + 1;
+  }
+  if (open) {
+    // Unclosed at EOF — treat as spanning to end so a later break-point
+    // inside knows it's "in fence".
+    spans.push({
+      start: open.start, end: buffer.length,
+      openLine: open.openLine, marker: open.marker, indent: open.indent,
+    });
+  }
+  return spans;
+}
+
+function findFenceSpanAt(spans, index) {
+  // Strict inequality: a break at exactly span.start is just before the
+  // opening fence (safe). At span.end, just after the close (also safe).
+  return spans.find((span) => index > span.start && index < span.end);
+}
+
+function isSafeFenceBreak(spans, index) {
+  return !findFenceSpanAt(spans, index);
+}
+
+// ─── Paren-aware break-point scan ───────────────────────────────────
+
+// Find the last newline / last whitespace in `window` that's NOT inside
+// `(...)` parens. Used by both plain and markdown chunkers.
+//
+// `isAllowed(i)` is consulted before every candidate — passed by the
+// markdown chunker to skip break points inside fence spans.
+function scanParenAwareBreakpoints(window, isAllowed = () => true) {
+  let lastNewline = -1;
+  let lastWhitespace = -1;
+  let depth = 0;
+  for (let i = 0; i < window.length; i++) {
+    if (!isAllowed(i)) continue;
+    const char = window[i];
+    if (char === '(') { depth += 1; continue; }
+    if (char === ')' && depth > 0) { depth -= 1; continue; }
+    if (depth !== 0) continue;
+    if (char === '\n') lastNewline = i;
+    else if (/\s/.test(char)) lastWhitespace = i;
+  }
+  return { lastNewline, lastWhitespace };
+}
+
+// ─── Chunkers ────────────────────────────────────────────────────────
+
+// Common early-out: empty / non-positive limit / fits-in-one returns
+// directly so the loop bodies can assume there's real work to do.
+function resolveChunkEarlyReturn(text, limit) {
+  if (!text) return [];
+  if (limit <= 0) return [text];
+  if (text.length <= limit) return [text];
+  return undefined;
+}
+
+// Generic break-resolver loop shared with markdown variant. The resolver
+// receives a `window` (text.slice(0, limit)) and returns where to break.
+// Negative / out-of-range break indices fall back to hard-cut at limit.
+function chunkTextByBreakResolver(text, limit, resolveBreakIndex) {
+  if (!text) return [];
+  if (limit <= 0 || text.length <= limit) return [text];
+  const chunks = [];
+  let remaining = text;
+  while (remaining.length > limit) {
+    const candidateBreak = resolveBreakIndex(remaining.slice(0, limit));
+    const breakIdx = Number.isFinite(candidateBreak) && candidateBreak > 0 && candidateBreak <= limit
+      ? candidateBreak
+      : limit;
+    const chunk = remaining.slice(0, breakIdx).trimEnd();
+    if (chunk.length > 0) chunks.push(chunk);
+    // If we broke on a separator (whitespace), consume it — don't carry it
+    // to the start of the next chunk where it'd just be trimmed anyway.
+    const brokeOnSeparator = breakIdx < remaining.length && /\s/.test(remaining[breakIdx]);
+    const nextStart = Math.min(remaining.length, breakIdx + (brokeOnSeparator ? 1 : 0));
+    remaining = remaining.slice(nextStart).trimStart();
+  }
+  if (remaining.length) chunks.push(remaining);
+  return chunks;
+}
+
+// Plain-text chunker: respects parens but ignores fences. Cheaper than
+// chunkMarkdownText when caller knows the input has no code blocks.
+function chunkText(text, limit) {
+  const early = resolveChunkEarlyReturn(text, limit);
+  if (early !== undefined) return early;
+  return chunkTextByBreakResolver(text, limit, (window) => {
+    const { lastNewline, lastWhitespace } = scanParenAwareBreakpoints(window);
+    return lastNewline > 0 ? lastNewline : lastWhitespace;
+  });
+}
+
+// Strip leading newlines from the remainder after a chunk break — they
+// would otherwise show up as blank lines at the top of the next bubble.
+function stripLeadingNewlines(value) {
+  let i = 0;
+  while (i < value.length && value[i] === '\n') i++;
+  return i > 0 ? value.slice(i) : value;
+}
+
+// Inside a code-fence, prefer the last newline (line boundary) — but only
+// inside the safe break region. Falls back to whitespace, then hard-cut.
+function pickSafeBreakIndex(window, spans) {
+  const { lastNewline, lastWhitespace } = scanParenAwareBreakpoints(
+    window,
+    (index) => isSafeFenceBreak(spans, index),
+  );
+  if (lastNewline > 0) return lastNewline;
+  if (lastWhitespace > 0) return lastWhitespace;
+  return -1;
+}
+
+// Markdown-aware chunker. The whole point of 0.7.0 over the previous
+// `lastIndexOf('\n', maxLen)` chunker.
+//
+// Flow per iteration:
+//   1. Parse fence spans of the remainder.
+//   2. Pick the best (newline > whitespace) break inside `[0..limit]`
+//      that's NOT inside a fence. Fall back to hard-cut at limit.
+//   3. If the break did land inside a fence (no safe alternative was
+//      reachable), search backwards for a newline within the fence body
+//      that still fits with a closing-fence appended; if found, split
+//      the fence — close it on this chunk and reopen with the same
+//      marker+language on the next.
+//   4. Append the chunk; advance `remaining` past the break + the
+//      reopened fence header (if any).
+function chunkMarkdownText(text, limit) {
+  const early = resolveChunkEarlyReturn(text, limit);
+  if (early !== undefined) return early;
+  const chunks = [];
+  let remaining = text;
+  while (remaining.length > limit) {
+    const spans = parseFenceSpans(remaining);
+    const softBreak = pickSafeBreakIndex(remaining.slice(0, limit), spans);
+    let breakIdx = softBreak > 0 ? softBreak : limit;
+    const initialFence = isSafeFenceBreak(spans, breakIdx) ? undefined : findFenceSpanAt(spans, breakIdx);
+    let fenceToSplit = initialFence;
+    if (initialFence) {
+      // The break landed inside a fence. We may still split the fence,
+      // but only if there's room for a closing line within the limit.
+      const closeLine = `${initialFence.indent}${initialFence.marker}`;
+      const maxIdxIfNeedNewline = limit - (closeLine.length + 1); // need a \n separator
+      if (maxIdxIfNeedNewline <= 0) {
+        // Even the close line wouldn't fit — give up and hard-cut.
+        // Caller will see a malformed chunk, but that's a degenerate
+        // input case (limit smaller than the close marker).
+        fenceToSplit = undefined;
+        breakIdx = limit;
+      } else {
+        // Look for a newline inside the fence body that's late enough
+        // to make progress (past the open line + at least one body line)
+        // and early enough that close line fits.
+        const minProgressIdx = Math.min(
+          remaining.length,
+          initialFence.start + initialFence.openLine.length + 2,
+        );
+        const maxIdxIfAlreadyNewline = limit - closeLine.length;
+        let pickedNewline = false;
+        let lastNewline = remaining.lastIndexOf('\n', Math.max(0, maxIdxIfAlreadyNewline - 1));
+        while (lastNewline !== -1) {
+          const candidateBreak = lastNewline + 1;
+          if (candidateBreak < minProgressIdx) break;
+          const candidateFence = findFenceSpanAt(spans, candidateBreak);
+          if (candidateFence && candidateFence.start === initialFence.start) {
+            breakIdx = Math.max(1, candidateBreak);
+            pickedNewline = true;
+            break;
+          }
+          lastNewline = remaining.lastIndexOf('\n', lastNewline - 1);
+        }
+        if (!pickedNewline) {
+          if (minProgressIdx > maxIdxIfAlreadyNewline) {
+            // No safe in-fence newline found and no room to add one —
+            // give up on splitting this fence; hard-cut at limit.
+            fenceToSplit = undefined;
+            breakIdx = limit;
+          } else {
+            // Force the break; chunker will append a synthetic newline
+            // before the close line.
+            breakIdx = Math.max(minProgressIdx, maxIdxIfNeedNewline);
+          }
+        }
+      }
+      // Re-check the break: if our adjusted index is no longer inside
+      // the same fence, don't try to split it.
+      const fenceAtBreak = findFenceSpanAt(spans, breakIdx);
+      fenceToSplit = fenceAtBreak && fenceAtBreak.start === initialFence.start ? fenceAtBreak : undefined;
+    }
+    let rawChunk = remaining.slice(0, breakIdx);
+    if (!rawChunk) break;
+    const brokeOnSeparator = breakIdx < remaining.length && /\s/.test(remaining[breakIdx]);
+    const nextStart = Math.min(remaining.length, breakIdx + (brokeOnSeparator ? 1 : 0));
+    let next = remaining.slice(nextStart);
+    if (fenceToSplit) {
+      // Close the fence on this chunk; reopen with the same marker line
+      // (preserving language hint) on the next.
+      const closeLine = `${fenceToSplit.indent}${fenceToSplit.marker}`;
+      rawChunk = rawChunk.endsWith('\n') ? `${rawChunk}${closeLine}` : `${rawChunk}\n${closeLine}`;
+      next = `${fenceToSplit.openLine}\n${next}`;
+    } else {
+      // Strip stray leading newlines on the next chunk so it doesn't
+      // open with blank lines.
+      next = stripLeadingNewlines(next);
+    }
+    chunks.push(rawChunk);
+    remaining = next;
+  }
+  if (remaining.length) chunks.push(remaining);
+  return chunks;
+}
+
+module.exports = {
+  chunkText,
+  chunkMarkdownText,
+  // Internals exported for tests; not part of the stable API.
+  parseFenceSpans,
+  scanParenAwareBreakpoints,
+};

package/lib/telegram-format.js

@@ -272,4 +272,110 @@ function toTelegramHtml(text) {
 
 function toTelegramMarkdown(text) { return toTelegramHtml(text); }
 
-module.exports = { toTelegramMarkdown, toTelegramHtml, wrapFileReferencesInHtml, escapeHtml };
+// 0.7.0 (Phase K) audit note: polygram's `toTelegramHtml` is functionally
+// aligned with OpenClaw's `markdownToTelegramHtml` + `renderTelegramHtmlText`
+// (extensions/telegram, send.ts:828-898). Both produce parse_mode=HTML
+// output, both run `wrapFileReferencesInHtml` as a post-processor, and
+// both handle the same set of formatting features (bold, italic, code,
+// pre/fence, links, lists, spoilers, blockquotes, tables).
+//
+// OpenClaw uses an internal markdown-IR (markdownToIR → renderTelegramHtml);
+// polygram uses `marked` + custom renderers. Both work; the IR approach
+// is more amenable to multi-output (HTML / plain / Slack), but polygram
+// only needs HTML so the regex-based path is simpler.
+//
+// The HTML→plain fallback shipped in 0.7.0 phase 2 makes converter
+// correctness less load-bearing: if any edge case slips through and
+// Telegram rejects the HTML, we automatically retry as plain text and
+// no content is lost.
+
+// ─── Telegram error classification ──────────────────────────────────
+
+// Ported from OpenClaw (`send-DVX_zY9w.js:1075-1077`). HTML parse errors
+// fire when our markdown→HTML conversion produces malformed output (e.g.
+// the streamer's truncate cut mid-tag pre-0.7.0). Caller reacts by
+// retrying the same call as plain text without parse_mode.
+const HTML_PARSE_ERR_RE = /can't parse entities|parse entities|find end of the entity/i;
+
+// 'message is not modified' fires when an editMessageText payload
+// matches the current message text exactly. Not a real failure — the
+// streamer's debounced edit just happened to land on a no-op. Swallow
+// to keep error logs clean. The phrase is unique enough that we don't
+// need to guard with a 400 prefix (grammy strips the status code in
+// some error shapes).
+const MESSAGE_NOT_MODIFIED_RE = /message is not modified|MESSAGE_NOT_MODIFIED/i;
+
+// grammy attaches the underlying API error in different shapes
+// depending on transport. Walk the candidates and pick the first
+// stringifiable message.
+function errorMessage(err) {
+  if (!err) return '';
+  return String(err.description || err.message || err.error_message || err);
+}
+
+function isHtmlParseError(err) {
+  return HTML_PARSE_ERR_RE.test(errorMessage(err));
+}
+
+function isMessageNotModifiedError(err) {
+  return MESSAGE_NOT_MODIFIED_RE.test(errorMessage(err));
+}
+
+// 0.7.0 (Phase G): 429 rate-limit detection + retry_after extraction.
+// Telegram returns "Too Many Requests: retry after N" (HTTP 429) when the
+// per-bot rate limit is hit (~30 req/s). N is in seconds. grammy attaches
+// retry_after as `err.parameters.retry_after` in some shapes; otherwise
+// we parse it out of the message string.
+const RATE_LIMIT_RE = /too many requests|429|retry after (\d+)/i;
+
+function isRateLimitError(err) {
+  if (!err) return false;
+  return RATE_LIMIT_RE.test(errorMessage(err));
+}
+
+// Returns retry_after in milliseconds, or null if not a 429 / not parseable.
+function getRetryAfterMs(err) {
+  if (!err) return null;
+  // grammy / Telegram Bot API: err.parameters.retry_after (seconds)
+  const fromParams = err.parameters?.retry_after ?? err.error_parameters?.retry_after;
+  if (typeof fromParams === 'number' && Number.isFinite(fromParams)) {
+    return Math.max(0, fromParams * 1000);
+  }
+  // Fall back to parsing the message: "retry after 5" / "retry after 12 seconds"
+  const m = errorMessage(err).match(/retry after (\d+)/i);
+  if (m) return Math.max(0, parseInt(m[1], 10) * 1000);
+  return null;
+}
+
+// ─── Caption length policy ──────────────────────────────────────────
+
+// Telegram caps captions on sendPhoto / sendVideo / sendAudio /
+// sendDocument at 1024 chars (vs 4096 for sendMessage). When a caption
+// would exceed this, OpenClaw's choice is to send the media WITHOUT a
+// caption and follow up with the text as a separate sendMessage. This
+// is simpler than splitting mid-caption (which would visually fragment
+// the description across the media bubble and a follow-up). Reused
+// here for any future skill that wants to send media with rich text.
+const TELEGRAM_MAX_CAPTION_LENGTH = 1024;
+
+function splitTelegramCaption(text) {
+  const trimmed = (text || '').trim();
+  if (!trimmed) return { caption: undefined, followUpText: undefined };
+  if (trimmed.length > TELEGRAM_MAX_CAPTION_LENGTH) {
+    return { caption: undefined, followUpText: trimmed };
+  }
+  return { caption: trimmed, followUpText: undefined };
+}
+
+module.exports = {
+  toTelegramMarkdown,
+  toTelegramHtml,
+  wrapFileReferencesInHtml,
+  escapeHtml,
+  isHtmlParseError,
+  isMessageNotModifiedError,
+  splitTelegramCaption,
+  TELEGRAM_MAX_CAPTION_LENGTH,
+  isRateLimitError,
+  getRetryAfterMs,
+};

package/lib/telegram.js

@@ -20,7 +20,13 @@
  */
 
 const crypto = require('crypto');
-const { toTelegramMarkdown } = require('./telegram-format');
+const {
+  toTelegramMarkdown,
+  isHtmlParseError,
+  isMessageNotModifiedError,
+  isRateLimitError,
+  getRetryAfterMs,
+} = require('./telegram-format');
 const { isSafeToRetry, redactBotToken } = require('./net-errors');
 
 // Topic deletion race: a user can delete a forum topic while a turn is in
@@ -112,7 +118,30 @@ async function send({ bot, method, params, db = null, meta = {}, logger = consol
   const text = deriveOutboundText(method, params, meta);
   const tracksMessage = !METHODS_WITHOUT_MSG.has(method);
 
+  // 0.7.0: snapshot the field that applyFormatting will convert and the
+  // current parse_mode state, so the HTML→plain fallback (if Telegram
+  // rejects the converted payload with `400 can't parse entities`) can
+  // restore the raw value and retry without parse_mode. Mirrors the
+  // applyFormatting decision (must run BEFORE applyFormatting mutates).
+  const willFormat = !meta.plainText
+    && FORMATTABLE_METHODS.has(method)
+    && params.parse_mode == null;
+  const formatField = willFormat ? (params.text ? 'text' : (params.caption ? 'caption' : null)) : null;
+  const rawFieldValue = formatField ? params[formatField] : null;
+
   applyFormatting(method, params, meta);
+  const formattingApplied = formatField && params.parse_mode === 'HTML';
+
+  // 0.7.0: per-bot/chat link-preview opt-out. When meta.linkPreview is
+  // explicitly false, suppress Telegram's auto-generated preview cards
+  // for any URL in the body (they clutter chats and add visual noise).
+  // Default (no flag set) preserves Telegram's native preview behavior
+  // — matches OpenClaw's account.config.linkPreview opt-out.
+  if (meta.linkPreview === false
+      && (method === 'sendMessage' || method === 'editMessageText')
+      && params.link_preview_options == null) {
+    params.link_preview_options = { is_disabled: true };
+  }
 
   // Capture which inbound this reply targets so the boot-replay dedupe
   // (`hasOutboundReplyTo`) can match outbound→inbound. Without this every
@@ -142,60 +171,126 @@ async function send({ bot, method, params, db = null, meta = {}, logger = consol
   }
 
   let res;
-  const attempt = async (p) => bot.api.raw[method](p);
-  try {
+  const rawAttempt = async (p) => bot.api.raw[method](p);
+
+  // safeAttempt wraps every API call with three OpenClaw-style fallbacks:
+  //   1. MESSAGE_NOT_MODIFIED on editMessageText → swallow as success.
+  //      The streamer's debounced edit can land on text that exactly
+  //      matches the bubble's current state (no-op edit). Telegram
+  //      returns 400; we treat it as success and skip the noise.
+  //   2. HTML parse error (`can't parse entities` etc) → retry the
+  //      same call as plain text, no parse_mode, original raw value
+  //      restored to the formatted field. Saves the call when our
+  //      markdown→HTML conversion produces malformed output (the
+  //      msg-10794 case: streamer truncate cut mid `**bold**` marker).
+  //   3. 429 rate limit → sleep retry_after seconds, retry once.
+  //      Telegram's per-bot limit is ~30 req/s; high-effort xhigh turns
+  //      with many parallel sessions can occasionally hit it. Honor
+  //      Telegram's hint rather than bombing the call.
+  const RETRY_AFTER_CAP_MS = 60_000;
+  const tryOnce = async (p) => {
+    try {
+      return await rawAttempt(p);
+    } catch (err) {
+      if (method === 'editMessageText' && isMessageNotModifiedError(err)) {
+        try { db?.logEvent('telegram-edit-skip-not-modified', { chat_id: chatId, message_id: p.message_id }); }
+        catch {}
+        // Synthetic success — message_id known, date best-effort.
+        return { message_id: p.message_id, date: Math.floor(Date.now() / 1000), _notModified: true };
+      }
+      if (formattingApplied && isHtmlParseError(err)) {
+        logger.warn?.(`[telegram] ${method}: HTML parse error, retrying as plain text`);
+        try {
+          db?.logEvent('telegram-html-fallback', {
+            chat_id: chatId, method,
+            error: redactBotToken(err.message)?.slice(0, 200),
+          });
+        } catch {}
+        const plainParams = { ...p };
+        delete plainParams.parse_mode;
+        plainParams[formatField] = rawFieldValue;
+        return await rawAttempt(plainParams);
+      }
+      throw err;
+    }
+  };
+  const safeAttempt = async (p) => {
     try {
-      res = await attempt(params);
+      return await tryOnce(p);
+    } catch (err) {
+      if (!isRateLimitError(err)) throw err;
+      // Sleep retry_after then retry once. Cap at 60s so a misconfigured
+      // value can't park the call indefinitely.
+      const ms = Math.min(getRetryAfterMs(err) ?? 1000, RETRY_AFTER_CAP_MS);
+      logger.warn?.(`[telegram] ${method}: 429 rate-limited, retry-after ${ms}ms`);
+      try { db?.logEvent('telegram-rate-limit', { chat_id: chatId, method, retry_after_ms: ms }); }
+      catch {}
+      await sleep(ms);
+      return await tryOnce(p);
+    }
+  };
+
+  // 0.7.0: pre-connect retry layer (single retry on transient pre-conn
+  // errors). Composes inside thread-fallback so a re-attempt without
+  // thread_id also benefits from the retry.
+  const withPreConnectRetry = async (p) => {
+    try {
+      return await safeAttempt(p);
     } catch (err) {
       // Pre-connect errors (DNS flap, TCP refused, net unreach) never
-      // reached Telegram, so retrying can't double-send. Retry ONCE after
-      // a short delay before treating as fatal. Post-connect errors
-      // (ETIMEDOUT, EPIPE, 5xx) are NOT retried — the message might have
-      // landed server-side.
+      // reached Telegram, so retrying can't double-send. Retry ONCE
+      // after a short delay before treating as fatal. Post-connect
+      // errors (ETIMEDOUT, EPIPE, 5xx) are NOT retried — the message
+      // might have landed server-side.
       if (isSafeToRetry(err)) {
         try { db?.logEvent('telegram-retry', { chat_id: chatId, method, code: err.code, name: err.name }); }
         catch {}
         await sleep(PRE_CONNECT_RETRY_DELAY_MS);
-        res = await attempt(params);
-      } else {
-        throw err;
+        return await safeAttempt(p);
       }
+      throw err;
     }
-  } catch (err) {
-    // Forum topic was deleted mid-turn — retry to chat root rather than
-    // failing the whole reply. Only for methods that accept a thread id
-    // (send*), and only once per call.
-    if (isThreadNotFound(err) && params.message_thread_id != null) {
-      const retryParams = { ...params };
+  };
+
+  // 0.7.0: thread-fallback layer (port of OpenClaw's
+  // withTelegramThreadFallback). On `message thread not found` /
+  // TOPIC_DELETED, retry once with thread_id stripped — the reply
+  // lands in the chat root instead of the deleted topic.
+  const withThreadFallback = async (p) => {
+    try {
+      return await withPreConnectRetry(p);
+    } catch (err) {
+      if (!isThreadNotFound(err) || p.message_thread_id == null) throw err;
+      const retryParams = { ...p };
       delete retryParams.message_thread_id;
+      logger.error?.(`[telegram] ${method}: thread gone, retrying without thread_id`);
       try {
-        logger.error?.(`[telegram] ${method}: thread gone, retrying without thread_id`);
-        res = await bot.api.raw[method](retryParams);
-        try { db?.logEvent('telegram-thread-fallback', { chat_id: chatId, method, original_thread_id: String(params.message_thread_id) }); }
+        const out = await withPreConnectRetry(retryParams);
+        try { db?.logEvent('telegram-thread-fallback', { chat_id: chatId, method, original_thread_id: String(p.message_thread_id) }); }
         catch {}
+        return out;
       } catch (err2) {
-        if (rowId != null && db) {
-          // 0.6.14: redact bot tokens before persisting err.message —
-          // some undici/network error shapes embed the request URL
-          // (which carries `bot${TOKEN}`) into err.message.
-          const safe2 = redactBotToken(err2.message);
-          try { db.markOutboundFailed(rowId, safe2); }
-          catch (e) { logger.error(`[telegram] markOutboundFailed: ${e.message}`); }
-          try { db.logEvent('telegram-api-error', { chat_id: chatId, method, error: safe2 }); }
-          catch (e) { logger.error(`[telegram] logEvent: ${e.message}`); }
-        }
+        // Re-throw with the SECOND error — that's the actually-fatal
+        // one (the thread-fallback retry didn't save us).
         throw err2;
       }
-    } else {
-      if (rowId != null && db) {
-        const safe = redactBotToken(err.message);
-        try { db.markOutboundFailed(rowId, safe); }
-        catch (e) { logger.error(`[telegram] markOutboundFailed: ${e.message}`); }
-        try { db.logEvent('telegram-api-error', { chat_id: chatId, method, error: safe }); }
-        catch (e) { logger.error(`[telegram] logEvent: ${e.message}`); }
-      }
-      throw err;
     }
+  };
+
+  try {
+    res = await withThreadFallback(params);
+  } catch (err) {
+    if (rowId != null && db) {
+      // 0.6.14: redact bot tokens before persisting err.message —
+      // some undici/network error shapes embed the request URL
+      // (which carries `bot${TOKEN}`) into err.message.
+      const safe = redactBotToken(err.message);
+      try { db.markOutboundFailed(rowId, safe); }
+      catch (e) { logger.error(`[telegram] markOutboundFailed: ${e.message}`); }
+      try { db.logEvent('telegram-api-error', { chat_id: chatId, method, error: safe }); }
+      catch (e) { logger.error(`[telegram] logEvent: ${e.message}`); }
+    }
+    throw err;
   }
 
   if (rowId != null && db) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "polygram",
-  "version": "0.6.16",
+  "version": "0.7.0",
   "description": "Telegram daemon for Claude Code that preserves the OpenClaw per-chat session model. Migration path for OpenClaw users moving to Claude Code.",
   "main": "lib/ipc-client.js",
   "bin": {