responses-proxy 0.1.0

package/dist/telegram-bot/commands/apply.js

@@ -0,0 +1,265 @@
+import { InlineKeyboard } from "grammy";
+import { buildApplyClientKeyboard, renderAdminScreen } from "../admin-actions.js";
+import { getProxyErrorMessage, replyWithProxyError } from "../actions.js";
+import { answerCallbackQuerySafely } from "../callbacks.js";
+import { maskApiKey } from "../format.js";
+import { ProxyClientError } from "../proxy-client.js";
+import { buildTelegramSessionScope } from "../sessions.js";
+export function registerApplyCommand(bot, deps, sessions) {
+    bot.command("apply", async (ctx) => {
+        const args = ctx.match?.toString().trim() || "";
+        if (!args) {
+            await ctx.reply("Choose a client to configure.", {
+                reply_markup: buildApplyClientKeyboard(),
+            });
+            return;
+        }
+        const [clientRaw, model, routeApiKey] = args.split(/\s+/g);
+        const client = clientRaw === "hermes" || clientRaw === "codex" ? clientRaw : null;
+        if (!client || !model) {
+            await ctx.reply("Usage: /apply <hermes|codex> <model> [routeApiKey]");
+            return;
+        }
+        try {
+            const result = await deps.proxyClient.applyClientConfig({
+                client,
+                model,
+                routeApiKey,
+            });
+            await ctx.reply([
+                `Applied config for ${client}`,
+                `model: ${model}`,
+                `routeApiKey: ${maskApiKey(routeApiKey ?? result?.status?.routeApiKey ?? null)}`,
+                `changed: ${String(result?.changed ?? false)}`,
+            ].join("\n"));
+        }
+        catch (error) {
+            await replyWithProxyError(ctx, error);
+        }
+    });
+    const applyActions = {
+        client: async (ctx) => {
+            await showProviderPicker(ctx, deps, ctx.match[1]);
+        },
+        start: async (ctx) => {
+            await showModelPicker(ctx, deps, sessions, {
+                client: ctx.match[1],
+                providerId: ctx.match[2],
+            });
+        },
+        provider: async (ctx) => {
+            await showModelPicker(ctx, deps, sessions, {
+                client: ctx.match[1],
+                providerId: ctx.match[2],
+            });
+        },
+        model: async (ctx) => {
+            const client = ctx.match[1];
+            const providerId = ctx.match[2];
+            const modelIndex = Number(ctx.match[3]);
+            const chatId = ctx.chat?.id?.toString();
+            const userId = ctx.from?.id?.toString();
+            const session = chatId && userId ? sessions.get(buildTelegramSessionScope(chatId, userId)) : undefined;
+            if (session?.kind !== "awaiting_apply_model_input" || session.providerId !== providerId) {
+                await showModelPicker(ctx, deps, sessions, { client, providerId });
+                return;
+            }
+            const model = session.models[modelIndex];
+            if (!model) {
+                await renderAdminScreen(ctx, {
+                    text: "Model selection expired. Please start /apply again.",
+                    loop: "apply",
+                });
+                return;
+            }
+            if (chatId && userId) {
+                sessions.clear(buildTelegramSessionScope(chatId, userId));
+            }
+            await applySelection(ctx, deps, { client, providerId, providerName: session.providerName, model });
+        },
+        "model-text": async (ctx) => {
+            const chatId = ctx.chat?.id?.toString();
+            const userId = ctx.from?.id?.toString();
+            if (!chatId || !userId) {
+                return;
+            }
+            const client = ctx.match[1];
+            const providerId = ctx.match[2];
+            const providerName = await maybeReadProviderName(deps, providerId);
+            sessions.set(buildTelegramSessionScope(chatId, userId), {
+                kind: "awaiting_apply_model_input",
+                client,
+                providerId,
+                providerName,
+                models: [],
+            });
+            await renderAdminScreen(ctx, {
+                text: "Send the model name to apply for this provider.",
+                loop: "apply",
+            });
+        },
+    };
+    bot.callbackQuery(/^v1:apply:client:(hermes|codex)$/, async (ctx) => {
+        await answerCallbackQuerySafely(ctx);
+        await applyActions.client(ctx);
+    });
+    bot.callbackQuery(/^v1:apply:start:(hermes|codex):(.+)$/, async (ctx) => {
+        await answerCallbackQuerySafely(ctx);
+        await applyActions.start(ctx);
+    });
+    bot.callbackQuery(/^v1:apply:provider:(hermes|codex):(.+)$/, async (ctx) => {
+        await answerCallbackQuerySafely(ctx);
+        await applyActions.provider(ctx);
+    });
+    bot.callbackQuery(/^v1:apply:model:(hermes|codex):([^:]+):(\d+)$/, async (ctx) => {
+        await answerCallbackQuerySafely(ctx);
+        await applyActions.model(ctx);
+    });
+    bot.callbackQuery(/^v1:apply:model-text:(hermes|codex):(.+)$/, async (ctx) => {
+        await answerCallbackQuerySafely(ctx);
+        await applyActions["model-text"](ctx);
+    });
+    bot.on("message:text", async (ctx, next) => {
+        const chatId = ctx.chat?.id?.toString();
+        const userId = ctx.from?.id?.toString();
+        if (!chatId || !userId) {
+            await next();
+            return;
+        }
+        const scope = buildTelegramSessionScope(chatId, userId);
+        const session = sessions.get(scope);
+        if (session?.kind !== "awaiting_apply_model_input") {
+            await next();
+            return;
+        }
+        if (ctx.message.text.startsWith("/")) {
+            await next();
+            return;
+        }
+        sessions.clear(scope);
+        await applySelection(ctx, deps, {
+            client: session.client,
+            providerId: session.providerId,
+            providerName: session.providerName,
+            model: ctx.message.text.trim(),
+        });
+    });
+}
+async function showProviderPicker(ctx, deps, client) {
+    try {
+        const payload = await deps.proxyClient.getClientConfigs();
+        const keyboard = new InlineKeyboard();
+        for (const provider of payload?.providerOptions ?? []) {
+            keyboard.text(provider.name, `v1:apply:provider:${client}:${provider.id}`).row();
+        }
+        await renderAdminScreen(ctx, {
+            text: `Choose provider for ${client}.`,
+            loop: "apply",
+            primaryKeyboard: keyboard,
+        });
+    }
+    catch (error) {
+        await renderAdminScreen(ctx, {
+            text: getProxyErrorMessage(error),
+            loop: "apply",
+        });
+    }
+}
+async function showModelPicker(ctx, deps, sessions, input) {
+    try {
+        const payload = await deps.proxyClient.getProviderModels(input.providerId);
+        const models = Array.isArray(payload?.models)
+            ? payload.models.filter((item) => typeof item === "string")
+            : [];
+        const providerName = await maybeReadProviderName(deps, input.providerId);
+        const chatId = ctx.chat?.id?.toString();
+        const userId = ctx.from?.id?.toString();
+        if (chatId && userId) {
+            sessions.set(buildTelegramSessionScope(chatId, userId), {
+                kind: "awaiting_apply_model_input",
+                client: input.client,
+                providerId: input.providerId,
+                providerName,
+                models,
+            });
+        }
+        const keyboard = new InlineKeyboard();
+        for (const [index, model] of models.slice(0, 8).entries()) {
+            keyboard.text(model.slice(0, 32), `v1:apply:model:${input.client}:${input.providerId}:${index}`).row();
+        }
+        keyboard.text("Type model manually", `v1:apply:model-text:${input.client}:${input.providerId}`);
+        await renderAdminScreen(ctx, {
+            text: [
+                `Provider: ${providerName ?? input.providerId}`,
+                `Choose model for ${input.client}, or type one manually.`,
+            ].join("\n"),
+            loop: "apply",
+            primaryKeyboard: keyboard,
+        });
+    }
+    catch (error) {
+        await renderAdminScreen(ctx, {
+            text: getProxyErrorMessage(error),
+            loop: "apply",
+        });
+    }
+}
+async function applySelection(ctx, deps, input) {
+    try {
+        await deps.proxyClient.setProviderRoute({
+            client: input.client,
+            providerId: input.providerId,
+        });
+        const result = await deps.proxyClient.applyClientConfig({
+            client: input.client,
+            model: input.model,
+        });
+        await renderAdminScreen(ctx, {
+            text: [
+                `Applied config for ${input.client}`,
+                `provider: ${input.providerName ?? input.providerId}`,
+                `model: ${input.model}`,
+                `baseUrl: ${result?.proxyBaseUrl ?? "n/a"}`,
+                `routeApiKey: ${maskApiKey(result?.status?.routeApiKey ?? null)}`,
+                `changed: ${String(result?.changed ?? false)}`,
+            ].join("\n"),
+            loop: "apply",
+        });
+    }
+    catch (error) {
+        if (error instanceof ProxyClientError && error.body?.error?.code === "MODEL_REQUIRED") {
+            await renderAdminScreen(ctx, {
+                text: "Model is required. Please choose a model or type one manually.",
+                loop: "apply",
+            });
+            return;
+        }
+        if (error instanceof ProxyClientError && error.body?.error?.code === "CLIENT_API_KEY_NOT_FOUND") {
+            await renderAdminScreen(ctx, {
+                text: "Selected client API key is no longer valid. Refreshing client status.",
+                loop: "apply",
+            });
+            return;
+        }
+        if (error instanceof ProxyClientError && error.body?.error?.code === "QUICK_APPLY_HOST_PATH_UNAVAILABLE") {
+            await renderAdminScreen(ctx, {
+                text: "Quick Apply cannot patch the host config path from this runtime.",
+                loop: "apply",
+            });
+            return;
+        }
+        await renderAdminScreen(ctx, {
+            text: getProxyErrorMessage(error),
+            loop: "apply",
+        });
+    }
+}
+async function maybeReadProviderName(deps, providerId) {
+    try {
+        const payload = await deps.proxyClient.getProviderDetails(providerId);
+        return typeof payload?.provider?.name === "string" ? payload.provider.name : undefined;
+    }
+    catch {
+        return undefined;
+    }
+}

package/dist/telegram-bot/commands/clients.js

@@ -0,0 +1,13 @@
+import { InlineKeyboard } from "grammy";
+import { sendClients } from "../actions.js";
+export function registerClientsCommand(bot, deps) {
+    bot.command("clients", async (ctx) => {
+        await sendClients(ctx, deps);
+        await ctx.reply("Quick Apply:", {
+            reply_markup: new InlineKeyboard()
+                .text("Apply to Hermes", "v1:apply:client:hermes")
+                .row()
+                .text("Apply to Codex", "v1:apply:client:codex"),
+        });
+    });
+}

package/dist/telegram-bot/commands/customer-billing.test.js

@@ -0,0 +1,271 @@
+import assert from "node:assert/strict";
+import { mkdtempSync, rmSync } from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import test from "node:test";
+import { AuditLogRepository } from "../../audit-log.js";
+import { BillingRepository } from "../../billing.js";
+import { CustomerKeyRepository } from "../../customer-keys.js";
+import { BotIdentityRepository } from "../bot-identity-repository.js";
+import { registerCustomerActionCallbacks } from "../customer-actions.js";
+import { registerMeCommand } from "./me.js";
+import { registerQuotaCommand } from "./quota.js";
+import { registerUsageCommand } from "./usage.js";
+import { CustomerWorkspaceRepository } from "../customer-workspace-repository.js";
+function createBotHarness() {
+    const handlers = new Map();
+    const callbackHandlers = [];
+    return {
+        bot: {
+            command(name, handler) {
+                handlers.set(name, handler);
+            },
+            callbackQuery(pattern, handler) {
+                callbackHandlers.push({ pattern, handler });
+            },
+        },
+        handler(name) {
+            const handler = handlers.get(name);
+            assert.ok(handler);
+            return handler;
+        },
+        callbackHandler(data) {
+            for (const entry of callbackHandlers) {
+                if (typeof entry.pattern === "string") {
+                    if (entry.pattern === data) {
+                        return { handler: entry.handler, match: [data] };
+                    }
+                    continue;
+                }
+                const match = data.match(entry.pattern);
+                if (match) {
+                    return { handler: entry.handler, match };
+                }
+            }
+            assert.fail(`No callback handler for ${data}`);
+        },
+    };
+}
+function createContext(input) {
+    const replies = [];
+    const replyOptions = [];
+    const answeredCallbacks = [];
+    return {
+        from: { id: input.userId, is_bot: false, first_name: "User" },
+        chat: input.chatType === "private"
+            ? { id: input.chatId, type: "private", first_name: "User" }
+            : { id: input.chatId, type: "group", title: "Ops" },
+        message: {
+            message_id: 1,
+            date: 0,
+            chat: input.chatType === "private"
+                ? { id: input.chatId, type: "private", first_name: "User" }
+                : { id: input.chatId, type: "group", title: "Ops" },
+            text: `/${input.command}`,
+        },
+        replies,
+        replyOptions,
+        answeredCallbacks,
+        reply(text, options) {
+            replies.push(text);
+            replyOptions.push(options);
+            return Promise.resolve({});
+        },
+        answerCallbackQuery(payload) {
+            answeredCallbacks.push(payload ?? {});
+            return Promise.resolve(true);
+        },
+    };
+}
+async function withRepos(fn) {
+    const dir = mkdtempSync(path.join(os.tmpdir(), "customer-billing-command-"));
+    try {
+        const dbFile = path.join(dir, "bot.sqlite");
+        await fn({
+            identities: BotIdentityRepository.create(dbFile),
+            workspaces: CustomerWorkspaceRepository.create(dbFile),
+            customerKeys: CustomerKeyRepository.create(dbFile),
+            billing: BillingRepository.create(dbFile),
+            auditLog: AuditLogRepository.create(dbFile),
+        });
+    }
+    finally {
+        rmSync(dir, { recursive: true, force: true });
+    }
+}
+test("usage command shows zero usage for a new entitlement", async () => {
+    await withRepos(async ({ workspaces, customerKeys, billing }) => {
+        const workspace = workspaces.ensureDefaultWorkspace({
+            ownerTelegramUserId: "42",
+            defaultClientRoute: "customers",
+            status: "active",
+        });
+        customerKeys.createKey({
+            workspaceId: workspace.id,
+            telegramUserId: "42",
+            clientRoute: "customers",
+        });
+        billing.grantSubscription({
+            workspaceId: workspace.id,
+            planId: "basic",
+            days: 30,
+            now: new Date("2026-04-27T00:00:00.000Z"),
+        });
+        const harness = createBotHarness();
+        registerUsageCommand(harness.bot, workspaces, customerKeys, billing);
+        const ctx = createContext({ userId: 42, chatId: 42, chatType: "private", command: "usage" });
+        await harness.handler("usage")(ctx);
+        assert.equal(ctx.replies.length, 1);
+        assert.equal(ctx.replies[0].includes("Tokens"), true);
+        assert.equal(ctx.replies[0].includes("• Used: 0"), true);
+        assert.equal(ctx.replies[0].includes("• Remaining: 10,000,000"), true);
+    });
+});
+test("me command shows the full customer key only in private chat", async () => {
+    await withRepos(async ({ identities, workspaces, customerKeys, auditLog }) => {
+        identities.upsertUser({
+            telegramUserId: "45",
+            defaultRole: "customer",
+            defaultStatus: "active",
+        });
+        const workspace = workspaces.ensureDefaultWorkspace({
+            ownerTelegramUserId: "45",
+            defaultClientRoute: "customers",
+            status: "active",
+        });
+        const created = customerKeys.createKey({
+            workspaceId: workspace.id,
+            telegramUserId: "45",
+            clientRoute: "customers",
+        });
+        const harness = createBotHarness();
+        registerMeCommand(harness.bot, identities, workspaces, customerKeys, auditLog);
+        const privateCtx = createContext({ userId: 45, chatId: 45, chatType: "private", command: "me" });
+        await harness.handler("me")(privateCtx);
+        assert.equal(privateCtx.replies[0].includes(`api_key: ${created.apiKey}`), true);
+        assert.equal(auditLog.listEvents({ event: "api_key.revealed", limit: 1 })[0]?.metadata.apiKey, "[redacted]");
+        const groupCtx = createContext({ userId: 45, chatId: -45, chatType: "group", command: "me" });
+        await harness.handler("me")(groupCtx);
+        assert.equal(groupCtx.replies[0].includes("api_key:"), false);
+        assert.equal(groupCtx.replies[0].includes("• Preview:"), true);
+    });
+});
+test("quota command shows expired entitlement details", async () => {
+    await withRepos(async ({ workspaces, customerKeys, billing }) => {
+        const workspace = workspaces.ensureDefaultWorkspace({
+            ownerTelegramUserId: "43",
+            defaultClientRoute: "customers",
+            status: "active",
+        });
+        customerKeys.createKey({
+            workspaceId: workspace.id,
+            telegramUserId: "43",
+            clientRoute: "customers",
+        });
+        const granted = billing.grantSubscription({
+            workspaceId: workspace.id,
+            planId: "basic",
+            days: 1,
+            now: new Date("2026-04-27T00:00:00.000Z"),
+        });
+        billing.incrementEntitlementUsage({
+            entitlementId: granted.entitlement.id,
+            workspaceId: workspace.id,
+            totalTokens: 11,
+            inputTokens: 5,
+            outputTokens: 6,
+            now: new Date("2026-04-27T01:00:00.000Z"),
+        });
+        billing.expireEntitlements(new Date("2026-04-29T00:00:00.000Z"));
+        const harness = createBotHarness();
+        registerQuotaCommand(harness.bot, workspaces, customerKeys, billing);
+        const ctx = createContext({ userId: 43, chatId: 43, chatType: "private", command: "quota" });
+        await harness.handler("quota")(ctx);
+        assert.equal(ctx.replies.length, 1);
+        assert.equal(ctx.replies[0].includes("Entitlement\n"), true);
+        assert.equal(ctx.replies[0].includes("• Status: expired"), true);
+        assert.equal(ctx.replies[0].includes("• Used: 11"), true);
+        assert.equal(ctx.replies[0].includes("• Remaining: 0"), true);
+    });
+});
+test("usage command refuses to show customer details in group chat", async () => {
+    await withRepos(async ({ workspaces, customerKeys, billing }) => {
+        const workspace = workspaces.ensureDefaultWorkspace({
+            ownerTelegramUserId: "44",
+            defaultClientRoute: "customers",
+            status: "active",
+        });
+        customerKeys.createKey({
+            workspaceId: workspace.id,
+            telegramUserId: "44",
+            clientRoute: "customers",
+        });
+        billing.grantSubscription({
+            workspaceId: workspace.id,
+            planId: "basic",
+            days: 30,
+            now: new Date("2026-04-27T00:00:00.000Z"),
+        });
+        const harness = createBotHarness();
+        registerUsageCommand(harness.bot, workspaces, customerKeys, billing);
+        const ctx = createContext({ userId: 44, chatId: -1001, chatType: "group", command: "usage" });
+        await harness.handler("usage")(ctx);
+        assert.equal(ctx.replies[0], "For safety, open a private chat with this bot and run /usage there.");
+    });
+});
+test("customer action buttons load key, usage, quota, and dashboard", async () => {
+    await withRepos(async ({ workspaces, customerKeys, billing, auditLog }) => {
+        const workspace = workspaces.ensureDefaultWorkspace({
+            ownerTelegramUserId: "46",
+            defaultClientRoute: "customers",
+            status: "active",
+        });
+        const created = customerKeys.createKey({
+            workspaceId: workspace.id,
+            telegramUserId: "46",
+            clientRoute: "customers",
+        });
+        const granted = billing.grantSubscription({
+            workspaceId: workspace.id,
+            planId: "basic",
+            days: 30,
+            now: new Date("2026-04-27T00:00:00.000Z"),
+        });
+        billing.incrementEntitlementUsage({
+            entitlementId: granted.entitlement.id,
+            workspaceId: workspace.id,
+            totalTokens: 13,
+            inputTokens: 5,
+            outputTokens: 8,
+            now: new Date("2026-04-27T01:00:00.000Z"),
+        });
+        const harness = createBotHarness();
+        registerCustomerActionCallbacks(harness.bot, workspaces, customerKeys, billing, auditLog);
+        const keyFound = harness.callbackHandler("v1:customer:key");
+        const keyCtx = createContext({ userId: 46, chatId: 46, chatType: "private", command: "callback" });
+        keyCtx.match = keyFound.match;
+        await keyFound.handler(keyCtx);
+        assert.equal(keyCtx.answeredCallbacks[0]?.text, "Loaded");
+        assert.equal(keyCtx.replies[0].includes(`api_key: ${created.apiKey}`), true);
+        assert.ok(keyCtx.replyOptions[0]);
+        assert.equal(auditLog.listEvents({ event: "api_key.revealed", limit: 1 })[0]?.metadata.apiKey, "[redacted]");
+        const usageFound = harness.callbackHandler("v1:customer:usage");
+        const usageCtx = createContext({ userId: 46, chatId: 46, chatType: "private", command: "callback" });
+        usageCtx.match = usageFound.match;
+        await usageFound.handler(usageCtx);
+        assert.equal(usageCtx.replies[0].includes("📊 Usage"), true);
+        assert.equal(usageCtx.replies[0].includes("• Used: 13"), true);
+        const quotaFound = harness.callbackHandler("v1:customer:quota");
+        const quotaCtx = createContext({ userId: 46, chatId: 46, chatType: "private", command: "callback" });
+        quotaCtx.match = quotaFound.match;
+        await quotaFound.handler(quotaCtx);
+        assert.equal(quotaCtx.replies[0].includes("🧾 Quota"), true);
+        assert.equal(quotaCtx.replies[0].includes("• Remaining: 9,999,987"), true);
+        const dashboardFound = harness.callbackHandler("v1:customer:dashboard");
+        const dashboardCtx = createContext({ userId: 46, chatId: 46, chatType: "private", command: "callback" });
+        dashboardCtx.match = dashboardFound.match;
+        await dashboardFound.handler(dashboardCtx);
+        assert.equal(dashboardCtx.answeredCallbacks[0]?.text, "Refreshed");
+        assert.equal(dashboardCtx.replies[0].includes("🏠 Dashboard"), true);
+    });
+});

package/dist/telegram-bot/commands/grant.js

@@ -0,0 +1,138 @@
+import { isAdmin } from "../auth.js";
+import { maskApiKey } from "../format.js";
+import { grantCustomerAccess } from "../grants.js";
+import { replyWithProxyError } from "../actions.js";
+import { formatDateTime, formatField, formatSection } from "../message-format.js";
+import { sendCustomerCodexSetup } from "../codex-config-delivery.js";
+function formatGrantUsage(billing) {
+    const planIds = billing.listPlans().map((plan) => plan.id);
+    return [
+        "Usage: /grant <telegramUserId> <planId> <days>",
+        planIds.length > 0 ? `Available planIds: ${planIds.join(", ")}` : undefined,
+    ]
+        .filter(Boolean)
+        .join("\n");
+}
+export function registerGrantCommand(bot, deps, identities, workspaces, customerKeys, billing, auditLog) {
+    bot.command("grant", async (ctx) => {
+        if (!isAdmin(ctx, deps.config)) {
+            await ctx.reply("Only admins can grant customer access.");
+            return;
+        }
+        const args = (ctx.match?.toString() || "").trim().split(/\s+/g).filter(Boolean);
+        const [telegramUserId, planId, daysRaw] = args;
+        const days = Number(daysRaw);
+        if (!/^\d+$/.test(telegramUserId ?? "") || !planId || !Number.isInteger(days) || days <= 0) {
+            await ctx.reply(formatGrantUsage(billing));
+            return;
+        }
+        if (!billing.getPlan(planId)) {
+            await ctx.reply([
+                `Unknown planId: ${planId}`,
+                formatGrantUsage(billing),
+            ].join("\n"));
+            return;
+        }
+        try {
+            const result = await grantCustomerAccess({
+                telegramUserId,
+                planId,
+                days,
+                defaultClientRoute: deps.config.defaultCustomerRoute,
+                identities,
+                workspaces,
+                customerKeys,
+                billing,
+                proxyClient: deps.proxyClient,
+                auditLog,
+                actor: { type: "admin", id: ctx.from?.id?.toString() },
+            });
+            const canShowApiKeyToAdmin = !!result.apiKey && ctx.chat?.type === "private";
+            if (result.apiKey && canShowApiKeyToAdmin) {
+                auditLog.record({
+                    event: "api_key.revealed",
+                    actor: { type: "admin", id: ctx.from?.id?.toString() },
+                    subjectType: "customer_api_key",
+                    subjectId: result.keyId,
+                    metadata: {
+                        telegramUserId,
+                        workspaceId: result.workspaceId,
+                        keyPreview: result.keyPreview,
+                        audience: "admin_private_chat",
+                        apiKey: result.apiKey,
+                    },
+                });
+            }
+            await ctx.reply([
+                "Customer access granted",
+                formatSection("Customer", [
+                    formatField("Telegram user ID", telegramUserId),
+                    formatField("Plan", planId),
+                    formatField("Client route", result.clientRoute),
+                    formatField("Mode", result.mode),
+                ]),
+                formatSection("Workspace", [
+                    formatField("Workspace ID", result.workspaceId),
+                    formatField("Subscription ends at", formatDateTime(result.subscriptionEndsAt)),
+                ]),
+                formatSection("Key", [
+                    formatField("Preview", result.apiKey ? maskApiKey(result.apiKey) : result.keyPreview),
+                    canShowApiKeyToAdmin ? `api_key: ${result.apiKey}` : undefined,
+                    result.apiKey && !canShowApiKeyToAdmin
+                        ? "Full key: shown only in private admin chat"
+                        : undefined,
+                ]),
+            ]
+                .filter(Boolean)
+                .join("\n\n"));
+            const customerNotified = result.apiKey
+                ? await sendCustomerCodexSetup(ctx, {
+                    telegramUserId,
+                    baseUrl: deps.config.publicResponsesBaseUrl,
+                    apiKey: result.apiKey,
+                    model: deps.config.defaultModel,
+                    title: "Your access is active",
+                    details: [
+                        formatField("Plan ID", planId),
+                        formatField("Client route", result.clientRoute),
+                        formatField("Subscription ends at", formatDateTime(result.subscriptionEndsAt)),
+                    ],
+                })
+                : false;
+            if (result.apiKey && customerNotified) {
+                auditLog.record({
+                    event: "api_key.revealed",
+                    actor: { type: "bot", id: "grant" },
+                    subjectType: "customer_api_key",
+                    subjectId: result.keyId,
+                    metadata: {
+                        telegramUserId,
+                        workspaceId: result.workspaceId,
+                        keyPreview: result.keyPreview,
+                        audience: "customer_private_chat",
+                        apiKey: result.apiKey,
+                    },
+                });
+            }
+            if (!customerNotified) {
+                let fallbackDelivered = false;
+                try {
+                    await ctx.api.sendMessage(Number(telegramUserId), [
+                        "Your access is active",
+                        "Run /apikey in this private chat to receive your Codex config files.",
+                    ].join("\n\n"));
+                    fallbackDelivered = true;
+                }
+                catch {
+                    // Admin receives the manual follow-up notice below.
+                }
+                if (!fallbackDelivered) {
+                    await ctx.reply("Customer notification could not be delivered yet. They may need to /start the bot first.");
+                }
+            }
+        }
+        catch (error) {
+            await replyWithProxyError(ctx, error);
+        }
+    });
+}