responses-proxy 0.1.0

package/dist/telegram-bot/commands/grant.test.js

@@ -0,0 +1,217 @@
+import assert from "node:assert/strict";
+import { mkdtempSync, rmSync } from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import test from "node:test";
+import { BillingRepository } from "../../billing.js";
+import { CustomerKeyRepository } from "../../customer-keys.js";
+import { AuditLogRepository } from "../../audit-log.js";
+import { BotIdentityRepository } from "../bot-identity-repository.js";
+import { CustomerWorkspaceRepository } from "../customer-workspace-repository.js";
+import { registerGrantCommand } from "./grant.js";
+import { registerPlansCommand } from "./plans.js";
+function createConfig(overrides = {}) {
+    return {
+        telegramBotToken: "token",
+        allowedUserIds: new Set(),
+        allowedChatIds: new Set(),
+        ownerUserIds: new Set(["1"]),
+        adminUserIds: new Set(),
+        botMode: "polling",
+        proxyAdminBaseUrl: "http://127.0.0.1:8318",
+        defaultModel: "gpt-5.5",
+        publicSignupEnabled: true,
+        requireAdminApproval: false,
+        defaultCustomerRoute: "customers",
+        publicResponsesBaseUrl: "http://127.0.0.1:8318/v1",
+        proxyRequestTimeoutMs: 30_000,
+        sessionDbPath: ":memory:",
+        sessionTtlMs: 900_000,
+        rateLimitWindowMs: 60_000,
+        rateLimitMaxRequests: 12,
+        logLevel: "info",
+        ...overrides,
+    };
+}
+function createMockProxyClient() {
+    return {
+        async getClientConfigs() {
+            return {
+                clientRoutes: [{ key: "customers", apiKeys: [] }],
+            };
+        },
+        async setClientRouteApiKeys() {
+            return { ok: true };
+        },
+    };
+}
+function createBotHarness() {
+    const handlers = new Map();
+    return {
+        bot: {
+            command(name, handler) {
+                handlers.set(name, handler);
+            },
+        },
+        handler(name) {
+            const handler = handlers.get(name);
+            assert.ok(handler);
+            return handler;
+        },
+    };
+}
+function createContext(input) {
+    const replies = [];
+    const sentMessages = [];
+    const sentDocuments = [];
+    return {
+        from: { id: input.fromId, is_bot: false, first_name: "Admin" },
+        chat: input.chatType === "private"
+            ? { id: input.chatId, type: "private", first_name: "Admin" }
+            : { id: input.chatId, type: "group", title: "Ops" },
+        message: {
+            message_id: 1,
+            date: 0,
+            chat: input.chatType === "private"
+                ? { id: input.chatId, type: "private", first_name: "Admin" }
+                : { id: input.chatId, type: "group", title: "Ops" },
+            text: `/${input.command} ${input.match}`.trim(),
+        },
+        match: input.match,
+        replies,
+        sentMessages,
+        sentDocuments,
+        reply(text) {
+            replies.push(text);
+            return Promise.resolve({});
+        },
+        api: {
+            async sendMessage(chatId, text) {
+                sentMessages.push({ chatId, text });
+                return {};
+            },
+            async sendDocument(chatId, document) {
+                sentDocuments.push({
+                    chatId,
+                    filename: document.filename,
+                    content: document.fileData ? Buffer.from(document.fileData).toString("utf8") : "",
+                });
+                return {};
+            },
+        },
+    };
+}
+async function withRepos(fn) {
+    const dir = mkdtempSync(path.join(os.tmpdir(), "grant-command-"));
+    try {
+        const dbFile = path.join(dir, "bot.sqlite");
+        await fn({
+            identities: BotIdentityRepository.create(dbFile),
+            workspaces: CustomerWorkspaceRepository.create(dbFile),
+            customerKeys: CustomerKeyRepository.create(dbFile),
+            billing: BillingRepository.create(dbFile),
+            auditLog: AuditLogRepository.create(dbFile),
+            deps: {
+                config: createConfig({ sessionDbPath: dbFile }),
+                proxyClient: createMockProxyClient(),
+            },
+        });
+    }
+    finally {
+        rmSync(dir, { recursive: true, force: true });
+    }
+}
+test("plans lists available seeded plan ids for admins", async () => {
+    await withRepos(async ({ billing, deps }) => {
+        const harness = createBotHarness();
+        registerPlansCommand(harness.bot, deps, billing);
+        const ctx = createContext({
+            command: "plans",
+            fromId: 1,
+            chatId: 1,
+            chatType: "private",
+            match: "",
+        });
+        await harness.handler("plans")(ctx);
+        assert.equal(ctx.replies.length, 1);
+        assert.equal(ctx.replies[0].includes("• basic:"), true);
+        assert.equal(ctx.replies[0].includes("price_cents="), true);
+    });
+});
+test("plans create adds a new admin-created plan", async () => {
+    await withRepos(async ({ billing, deps }) => {
+        const harness = createBotHarness();
+        registerPlansCommand(harness.bot, deps, billing);
+        const ctx = createContext({
+            command: "plans",
+            fromId: 1,
+            chatId: 1,
+            chatType: "private",
+            match: "create premium Premium 2500000 2 2900 USD month",
+        });
+        await harness.handler("plans")(ctx);
+        const plan = billing.getPlan("premium");
+        assert.ok(plan);
+        assert.equal(plan.name, "Premium");
+        assert.equal(plan.monthlyTokenLimit, 2_500_000);
+        assert.equal(plan.maxApiKeys, 2);
+        assert.equal(plan.priceCents, 2_900);
+        assert.equal(plan.currency, "USD");
+        assert.equal(plan.billingInterval, "month");
+        assert.equal(ctx.replies[0].includes("Created plan premium"), true);
+    });
+});
+test("plans create rejects duplicate plan ids", async () => {
+    await withRepos(async ({ deps, billing }) => {
+        const harness = createBotHarness();
+        registerPlansCommand(harness.bot, deps, billing);
+        const ctx = createContext({
+            command: "plans",
+            fromId: 1,
+            chatId: 1,
+            chatType: "private",
+            match: "create basic Basic 10000000 1 5000 VND month",
+        });
+        await harness.handler("plans")(ctx);
+        assert.equal(ctx.replies[0], "Plan already exists: basic");
+    });
+});
+test("grant sends Codex config files to the customer", async () => {
+    await withRepos(async ({ identities, workspaces, customerKeys, billing, auditLog, deps }) => {
+        const harness = createBotHarness();
+        registerGrantCommand(harness.bot, deps, identities, workspaces, customerKeys, billing, auditLog);
+        const ctx = createContext({
+            command: "grant",
+            fromId: 1,
+            chatId: 1,
+            chatType: "private",
+            match: "42 basic 30",
+        });
+        await harness.handler("grant")(ctx);
+        assert.equal(customerKeys.getActiveKeyForUser("42")?.status, "active");
+        assert.equal(ctx.sentMessages[0]?.chatId, 42);
+        assert.equal(ctx.sentMessages[0]?.text.includes("Your access is active"), true);
+        assert.deepEqual(ctx.sentDocuments.map((document) => document.filename), ["config.toml", "auth.json"]);
+        assert.match(ctx.sentDocuments[0]?.content ?? "", /base_url = "http:\/\/127\.0\.0\.1:8318\/v1"/);
+        assert.match(ctx.sentDocuments[0]?.content ?? "", /api_key = "sk-/);
+        assert.match(ctx.sentDocuments[1]?.content ?? "", /"OPENAI_API_KEY": "sk-/);
+        assert.equal(auditLog.listEvents({ event: "api_key.revealed", limit: 5 }).length, 2);
+    });
+});
+test("grant suggests valid plan ids when planId is unknown", async () => {
+    await withRepos(async ({ identities, workspaces, customerKeys, billing, auditLog, deps }) => {
+        const harness = createBotHarness();
+        registerGrantCommand(harness.bot, deps, identities, workspaces, customerKeys, billing, auditLog);
+        const ctx = createContext({
+            command: "grant",
+            fromId: 1,
+            chatId: 1,
+            chatType: "private",
+            match: "42 unknown 30",
+        });
+        await harness.handler("grant")(ctx);
+        assert.equal(ctx.replies.length, 1);
+        assert.equal(ctx.replies[0].includes("Unknown planId: unknown"), true);
+        assert.equal(ctx.replies[0].includes("Available planIds: basic"), true);
+    });
+});

package/dist/telegram-bot/commands/help.js

@@ -0,0 +1,52 @@
+import { isAdmin } from "../auth.js";
+export function registerHelpCommand(bot, deps) {
+    bot.command("help", async (ctx) => {
+        const topic = (ctx.match?.toString() ?? "").trim().toLowerCase();
+        const lines = isAdmin(ctx, deps.config)
+            ? topic === "proxy"
+                ? [
+                    "Proxy Maintenance:",
+                    "/status - health and active provider",
+                    "/providers - provider list and client routes",
+                    "/clients - Hermes and Codex config status",
+                    "/models - list models through proxy routing",
+                    "/apply <hermes|codex> <model> [routeApiKey] - quick apply config",
+                    "/oauth - show OAuth status and start account connect flow",
+                    "/accounts - list OAuth accounts",
+                    "/test [prompt] - send a small Responses API request",
+                ]
+                : topic === "customer"
+                    ? [
+                        "Customer Commands:",
+                        "/me - show your Telegram account and workspace status",
+                        "/apikey - show your Responses API key",
+                        "/usage - show token usage for your current period",
+                        "/quota - show token limit, remaining balance, and expiration",
+                        "/renew - request a 24h renewal from admin",
+                        "/tailscale - install Tailscale and ask admin for a fresh invite",
+                    ]
+                    : [
+                        "Admin Ops:",
+                        "/plans - list billing plan ids, limits, and pricing",
+                        "/plans create <planId> <name> <monthlyTokenLimit> <maxApiKeys> [priceCents] [currency] [billingInterval] - create a billing plan",
+                        "/grant <telegramUserId> <planId> <days> - activate customer access",
+                        "/renewuser <telegramUserId> <planId> <days> [replace-key] - renew customer access",
+                        "/renew list | approve | close - manage renewal requests",
+                        "/apikey issue <telegramUserId> [clientRoute] [apiKey] - issue a customer key",
+                        "",
+                        "More:",
+                        "/help customer - show customer-facing commands",
+                        "/help proxy - show proxy maintenance commands",
+                    ]
+            : [
+                "Available commands:",
+                "/me - show your Telegram account and workspace status",
+                "/apikey - show your Responses API key",
+                "/usage - show token usage for your current period",
+                "/quota - show token limit, remaining balance, and expiration",
+                "/renew - request a 24h renewal from admin",
+                "/tailscale - install Tailscale and ask admin for a fresh invite",
+            ];
+        await ctx.reply(lines.join("\n"));
+    });
+}

package/dist/telegram-bot/commands/me.js

@@ -0,0 +1,53 @@
+import { renderCustomerActionText } from "../customer-actions.js";
+import { formatField, formatSection } from "../message-format.js";
+export function registerMeCommand(bot, identities, workspaces, customerKeys, auditLog) {
+    bot.command("me", async (ctx) => {
+        const userId = ctx.from?.id?.toString();
+        const chatId = ctx.chat?.id?.toString();
+        const user = userId ? identities.getUser(userId) : undefined;
+        const workspace = userId ? workspaces.getDefaultWorkspace(userId) : undefined;
+        const keyRecord = userId
+            ? customerKeys.getActiveKeyForUser(userId) ?? customerKeys.getLatestKeyForUser(userId)
+            : undefined;
+        const canShowApiKey = ctx.chat?.type === "private" && !!keyRecord;
+        const apiKey = keyRecord && canShowApiKey ? customerKeys.getApiKeySecret(keyRecord.id) : undefined;
+        if (apiKey && keyRecord) {
+            auditLog.record({
+                event: "api_key.revealed",
+                actor: { type: "customer", id: userId },
+                subjectType: "customer_api_key",
+                subjectId: keyRecord.id,
+                metadata: {
+                    telegramUserId: userId,
+                    workspaceId: keyRecord.workspaceId,
+                    keyPreview: keyRecord.apiKeyPreview,
+                    audience: "customer_account_page",
+                    apiKey,
+                },
+            });
+        }
+        await renderCustomerActionText(ctx, [
+            "👤 Your account",
+            formatSection("Telegram", [
+                formatField("User ID", userId ?? "unknown"),
+                formatField("Chat ID", chatId ?? "unknown"),
+                formatField("Role", user?.role ?? "unknown"),
+                formatField("Account status", formatStatus(user?.status ?? "unknown")),
+            ]),
+            formatSection("Workspace", [
+                formatField("ID", workspace?.id ?? "none"),
+                workspace ? formatField("Status", formatStatus(workspace.status)) : undefined,
+                workspace ? formatField("Client route", workspace.defaultClientRoute) : undefined,
+            ]),
+            formatSection("API key", [
+                keyRecord ? formatField("Status", formatStatus(keyRecord.status)) : formatField("Status", "none"),
+                keyRecord ? formatField("Preview", keyRecord.apiKeyPreview) : undefined,
+                apiKey ? `api_key: ${apiKey}` : undefined,
+                keyRecord && canShowApiKey && !apiKey ? "Full key: unavailable for legacy key" : undefined,
+            ]),
+        ].join("\n\n"), keyRecord?.status === "active");
+    });
+}
+function formatStatus(value) {
+    return value.replace(/_/g, " ");
+}

package/dist/telegram-bot/commands/models.js

@@ -0,0 +1,6 @@
+import { sendModels } from "../actions.js";
+export function registerModelsCommand(bot, deps) {
+    bot.command("models", async (ctx) => {
+        await sendModels(ctx, deps);
+    });
+}

package/dist/telegram-bot/commands/oauth.js

@@ -0,0 +1,64 @@
+import { InlineKeyboard } from "grammy";
+import { replyWithProxyError, sendOauthStatus } from "../actions.js";
+import { answerCallbackQuerySafely } from "../callbacks.js";
+import { buildTelegramSessionScope } from "../sessions.js";
+export function registerOauthCommand(bot, deps, sessions) {
+    bot.command("oauth", async (ctx) => {
+        await sendOauthStatus(ctx, deps);
+        await ctx.reply("Choose an OAuth action.", {
+            reply_markup: new InlineKeyboard().text("Add Account", "oauth:start"),
+        });
+    });
+    bot.callbackQuery("oauth:start", async (ctx) => {
+        try {
+            const result = await deps.proxyClient.startOauth();
+            const chatId = ctx.chat?.id?.toString();
+            const userId = ctx.from?.id?.toString();
+            if (chatId && userId) {
+                sessions.set(buildTelegramSessionScope(chatId, userId), { kind: "awaiting_oauth_callback" });
+            }
+            await answerCallbackQuerySafely(ctx);
+            await ctx.reply([
+                "Open this URL and complete sign-in:",
+                result?.authUrl ?? "Missing auth URL",
+                "",
+                "Warning: the callback URL may contain short-lived authorization material.",
+                "Only paste it into this authorized bot chat.",
+                "",
+                "Then paste the full callback URL into this chat.",
+            ].join("\n"));
+        }
+        catch (error) {
+            await answerCallbackQuerySafely(ctx);
+            await replyWithProxyError(ctx, error);
+        }
+    });
+    bot.on("message:text", async (ctx, next) => {
+        const chatId = ctx.chat?.id?.toString();
+        const userId = ctx.from?.id?.toString();
+        if (!chatId || !userId) {
+            await next();
+            return;
+        }
+        const session = sessions.get(buildTelegramSessionScope(chatId, userId));
+        if (session?.kind !== "awaiting_oauth_callback") {
+            await next();
+            return;
+        }
+        if (ctx.message.text.startsWith("/")) {
+            await next();
+            return;
+        }
+        try {
+            const result = await deps.proxyClient.completeOauth(ctx.message.text.trim());
+            sessions.clear(buildTelegramSessionScope(chatId, userId));
+            await ctx.reply("OAuth account connected.");
+            if (result?.accounts) {
+                await sendOauthStatus(ctx, deps);
+            }
+        }
+        catch (error) {
+            await replyWithProxyError(ctx, error);
+        }
+    });
+}

package/dist/telegram-bot/commands/plans.js

@@ -0,0 +1,96 @@
+import { isAdmin } from "../auth.js";
+function formatPlans(plans) {
+    if (plans.length === 0) {
+        return "💳 Billing plans:\nNo billing plans are configured yet.";
+    }
+    return [
+        "💳 Billing plans:",
+        ...plans.map((plan) => `• ${plan.id}: ${plan.name} | status=${plan.status} | monthly_token_limit=${plan.monthlyTokenLimit} | max_api_keys=${plan.maxApiKeys} | price_cents=${plan.priceCents} | billing_interval=${plan.billingInterval}`),
+    ].join("\n");
+}
+function formatCreatePlanUsage() {
+    return [
+        "💳 Plan commands",
+        "Usage: /plans create <planId> <name> <monthlyTokenLimit> <maxApiKeys> [priceCents] [currency] [billingInterval]",
+        "Example: /plans create pro Pro 5000000 3 4900 USD month",
+    ].join("\n");
+}
+function parseCreatePlanArgs(rawArgs) {
+    const parts = rawArgs.trim().split(/\s+/g).filter(Boolean);
+    if (parts.length < 4) {
+        return null;
+    }
+    const [id] = parts;
+    let end = parts.length;
+    const billingIntervalCandidate = parts[end - 1];
+    const hasBillingInterval = billingIntervalCandidate === "month" || billingIntervalCandidate === "year" || billingIntervalCandidate === "one_time";
+    const billingInterval = hasBillingInterval ? billingIntervalCandidate : "month";
+    if (hasBillingInterval) {
+        end -= 1;
+    }
+    const currencyCandidate = parts[end - 1];
+    const hasCurrency = /^[A-Za-z]{3}$/.test(currencyCandidate);
+    const currency = hasCurrency ? currencyCandidate.toUpperCase() : "USD";
+    if (hasCurrency) {
+        end -= 1;
+    }
+    let numericStart = end;
+    while (numericStart > 1 && /^\d+$/.test(parts[numericStart - 1])) {
+        numericStart -= 1;
+    }
+    const numericParts = parts.slice(numericStart, end);
+    if (numericParts.length !== 2 && numericParts.length !== 3) {
+        return null;
+    }
+    const [monthlyTokenLimitRaw, maxApiKeysRaw, priceCentsRaw] = numericParts;
+    const name = parts.slice(1, numericStart).join(" ");
+    if (!name) {
+        return null;
+    }
+    const monthlyTokenLimit = Number(monthlyTokenLimitRaw);
+    const maxApiKeys = Number(maxApiKeysRaw);
+    const priceCents = priceCentsRaw ? Number(priceCentsRaw) : 0;
+    if (!Number.isInteger(monthlyTokenLimit) ||
+        monthlyTokenLimit <= 0 ||
+        !Number.isInteger(maxApiKeys) ||
+        maxApiKeys <= 0 ||
+        !Number.isInteger(priceCents) ||
+        priceCents < 0) {
+        return null;
+    }
+    return { id, name, monthlyTokenLimit, maxApiKeys, priceCents, currency, billingInterval };
+}
+export function registerPlansCommand(bot, deps, billing) {
+    bot.command("plans", async (ctx) => {
+        if (!isAdmin(ctx, deps.config)) {
+            await ctx.reply("Only admins can view billing plans.");
+            return;
+        }
+        const rawArgs = (ctx.match?.toString() || "").trim();
+        if (rawArgs.startsWith("create")) {
+            const createArgs = rawArgs.slice("create".length).trim();
+            const parsed = parseCreatePlanArgs(createArgs);
+            if (!parsed) {
+                await ctx.reply(formatCreatePlanUsage());
+                return;
+            }
+            if (billing.getPlan(parsed.id)) {
+                await ctx.reply(`Plan already exists: ${parsed.id}`);
+                return;
+            }
+            const created = billing.createPlan(parsed);
+            await ctx.reply([
+                `Created plan ${created.id}`,
+                `name=${created.name}`,
+                `status=${created.status}`,
+                `monthly_token_limit=${created.monthlyTokenLimit}`,
+                `max_api_keys=${created.maxApiKeys}`,
+                `price_cents=${created.priceCents}`,
+                `currency=${created.currency}`,
+                `billing_interval=${created.billingInterval}`,
+            ].join("\n"));
+            return;
+        }
+        await ctx.reply(formatPlans(billing.listPlans()));
+    });
+}

package/dist/telegram-bot/commands/providers.js

@@ -0,0 +1,27 @@
+import { InlineKeyboard } from "grammy";
+import { sendProviderDetails, sendProviders } from "../actions.js";
+import { answerCallbackQuerySafely } from "../callbacks.js";
+export function registerProvidersCommand(bot, deps) {
+    bot.command("providers", async (ctx) => {
+        await sendProviders(ctx, deps);
+        try {
+            const payload = await deps.proxyClient.getProviders();
+            for (const provider of payload?.providers ?? []) {
+                await ctx.reply(`${provider.name} (${provider.id})`, {
+                    reply_markup: new InlineKeyboard()
+                        .text("Details", `v1:provider:details:${provider.id}`)
+                        .row()
+                        .text("Apply Hermes", `v1:apply:start:hermes:${provider.id}`)
+                        .text("Apply Codex", `v1:apply:start:codex:${provider.id}`),
+                });
+            }
+        }
+        catch {
+            return;
+        }
+    });
+    bot.callbackQuery(/^v1:provider:details:(.+)$/, async (ctx) => {
+        await answerCallbackQuerySafely(ctx);
+        await sendProviderDetails(ctx, deps, ctx.match[1]);
+    });
+}

package/dist/telegram-bot/commands/quota.js

@@ -0,0 +1,10 @@
+import { replyWithCustomerView } from "../customer-actions.js";
+export function registerQuotaCommand(bot, workspaces, customerKeys, billing) {
+    bot.command("quota", async (ctx) => {
+        if (ctx.chat?.type !== "private") {
+            await ctx.reply("For safety, open a private chat with this bot and run /quota there.");
+            return;
+        }
+        await replyWithCustomerView(ctx, "quota", workspaces, customerKeys, billing);
+    });
+}

package/dist/telegram-bot/commands/renew-user.js

@@ -0,0 +1,139 @@
+import { isAdmin } from "../auth.js";
+import { maskApiKey } from "../format.js";
+import { renewCustomerAccess } from "../grants.js";
+import { replyWithProxyError } from "../actions.js";
+import { formatField, formatSection } from "../message-format.js";
+import { sendCustomerCodexSetup } from "../codex-config-delivery.js";
+export function registerRenewUserCommand(bot, deps, identities, workspaces, customerKeys, billing, auditLog) {
+    bot.command("renewuser", async (ctx) => {
+        if (!isAdmin(ctx, deps.config)) {
+            await ctx.reply("Only admins can renew customer access.");
+            return;
+        }
+        const parsed = parseRenewUserArgs(ctx.match?.toString() || "");
+        if (!parsed) {
+            await ctx.reply("Usage: /renewuser <telegramUserId> <planId> <days> [replace-key]");
+            return;
+        }
+        try {
+            const result = await renewCustomerAccess({
+                telegramUserId: parsed.telegramUserId,
+                planId: parsed.planId,
+                days: parsed.days,
+                replaceKey: parsed.replaceKey,
+                defaultClientRoute: deps.config.defaultCustomerRoute,
+                identities,
+                workspaces,
+                customerKeys,
+                billing,
+                proxyClient: deps.proxyClient,
+                auditLog,
+                actor: { type: "admin", id: ctx.from?.id?.toString() },
+            });
+            const canShowApiKeyToAdmin = !!result.apiKey && ctx.chat?.type === "private";
+            if (result.apiKey && canShowApiKeyToAdmin) {
+                auditLog.record({
+                    event: "api_key.revealed",
+                    actor: { type: "admin", id: ctx.from?.id?.toString() },
+                    subjectType: "customer_api_key",
+                    subjectId: result.keyId,
+                    metadata: {
+                        telegramUserId: parsed.telegramUserId,
+                        workspaceId: result.workspaceId,
+                        keyPreview: result.keyPreview,
+                        audience: "admin_private_chat",
+                        apiKey: result.apiKey,
+                    },
+                });
+            }
+            await ctx.reply([
+                "Customer access renewed",
+                formatSection("Customer", [
+                    formatField("Telegram user ID", parsed.telegramUserId),
+                    formatField("Plan", parsed.planId),
+                    formatField("Client route", result.clientRoute),
+                    formatField("Mode", result.mode),
+                ]),
+                formatSection("Workspace", [
+                    formatField("Workspace ID", result.workspaceId),
+                    formatField("Subscription ends at", result.subscriptionEndsAt),
+                ]),
+                formatSection("Key", [
+                    formatField("Preview", result.apiKey ? maskApiKey(result.apiKey) : result.keyPreview),
+                    canShowApiKeyToAdmin ? `api_key: ${result.apiKey}` : undefined,
+                    result.apiKey && !canShowApiKeyToAdmin
+                        ? "Full key: replacement key is shown only in private chat"
+                        : undefined,
+                ]),
+            ]
+                .filter(Boolean)
+                .join("\n\n"));
+            const customerNotified = await notifyCustomer(ctx, parsed.telegramUserId, parsed.planId, deps.config.publicResponsesBaseUrl, deps.config.defaultModel, result);
+            if (result.apiKey && customerNotified) {
+                auditLog.record({
+                    event: "api_key.revealed",
+                    actor: { type: "bot", id: "renewuser" },
+                    subjectType: "customer_api_key",
+                    subjectId: result.keyId,
+                    metadata: {
+                        telegramUserId: parsed.telegramUserId,
+                        workspaceId: result.workspaceId,
+                        keyPreview: result.keyPreview,
+                        audience: "customer_private_chat",
+                        apiKey: result.apiKey,
+                    },
+                });
+            }
+        }
+        catch (error) {
+            await replyWithProxyError(ctx, error);
+        }
+    });
+}
+function parseRenewUserArgs(raw) {
+    const args = raw.trim().split(/\s+/g).filter(Boolean);
+    const [telegramUserId, planId, daysRaw, replaceKeyRaw] = args;
+    const days = Number(daysRaw);
+    if (!/^\d+$/.test(telegramUserId ?? "") || !planId || !Number.isInteger(days) || days <= 0) {
+        return undefined;
+    }
+    if (replaceKeyRaw && replaceKeyRaw !== "replace-key") {
+        return undefined;
+    }
+    return {
+        telegramUserId,
+        planId,
+        days,
+        replaceKey: replaceKeyRaw === "replace-key",
+    };
+}
+async function notifyCustomer(ctx, telegramUserId, planId, baseUrl, model, result) {
+    if (result.apiKey) {
+        const sent = await sendCustomerCodexSetup(ctx, {
+            telegramUserId,
+            baseUrl,
+            apiKey: result.apiKey,
+            model,
+            title: "Your access has been renewed",
+            details: [
+                formatField("Plan ID", planId),
+                formatField("Client route", result.clientRoute),
+                formatField("Subscription ends at", result.subscriptionEndsAt),
+            ],
+        });
+        if (sent) {
+            return true;
+        }
+    }
+    try {
+        await ctx.api.sendMessage(Number(telegramUserId), [
+            "Your access has been renewed",
+            "Run /apikey in this private chat to receive your Codex config files.",
+        ].join("\n\n"));
+        return true;
+    }
+    catch {
+        await ctx.reply("Customer notification could not be delivered yet. They may need to /start the bot first.");
+        return false;
+    }
+}