responses-proxy 0.1.0

package/dist/telegram-bot/config.js

@@ -0,0 +1,98 @@
+import { z } from "zod";
+function parseIdList(value) {
+    return (value ?? "")
+        .split(/[,\r?\n]+/g)
+        .map((entry) => entry.trim())
+        .filter(Boolean);
+}
+function normalizeBaseUrl(value) {
+    const trimmed = value.trim().replace(/\/+$/, "");
+    if (trimmed.endsWith("/v1")) {
+        return trimmed.slice(0, -3);
+    }
+    return trimmed;
+}
+const envBoolean = (defaultValue) => z
+    .string()
+    .optional()
+    .transform((value) => {
+    const normalized = value?.trim().toLowerCase();
+    if (normalized === undefined || normalized === "") {
+        return defaultValue;
+    }
+    return normalized === "1" || normalized === "true" || normalized === "yes" || normalized === "on";
+});
+const envSchema = z.object({
+    TELEGRAM_BOT_TOKEN: z.string().min(1),
+    TELEGRAM_ALLOWED_USER_IDS: z.string().optional(),
+    TELEGRAM_ALLOWED_CHAT_IDS: z.string().optional(),
+    TELEGRAM_OWNER_USER_IDS: z.string().optional(),
+    TELEGRAM_ADMIN_USER_IDS: z.string().optional(),
+    // Deprecated. Customers should be managed in the bot database, not in env.
+    TELEGRAM_CUSTOMER_USER_IDS: z.string().optional(),
+    TELEGRAM_BOT_MODE: z.enum(["polling", "webhook"]).default("polling"),
+    TELEGRAM_WEBHOOK_URL: z.string().optional(),
+    TELEGRAM_WEBHOOK_SECRET: z.string().optional(),
+    RESPONSES_PROXY_ADMIN_BASE_URL: z
+        .string()
+        .default("http://127.0.0.1:8318")
+        .transform(normalizeBaseUrl),
+    RESPONSES_PROXY_CLIENT_API_KEY: z.string().optional(),
+    RESPONSES_PROXY_DEFAULT_MODEL: z.string().default("gpt-5.5"),
+    BOT_PUBLIC_SIGNUP_ENABLED: envBoolean(false),
+    BOT_REQUIRE_ADMIN_APPROVAL: envBoolean(true),
+    BOT_DEFAULT_CUSTOMER_ROUTE: z.string().default("customers"),
+    BOT_PUBLIC_RESPONSES_BASE_URL: z
+        .string()
+        .default("http://127.0.0.1:8318/v1")
+        .transform((value) => value.trim().replace(/\/+$/, "")),
+    BOT_PROXY_REQUEST_TIMEOUT_MS: z.coerce.number().int().positive().default(30_000),
+    BOT_SESSION_DB_PATH: z.string().default("./logs/telegram-bot.sqlite"),
+    BOT_SESSION_TTL_MS: z.coerce.number().int().positive().default(15 * 60 * 1000),
+    BOT_RATE_LIMIT_WINDOW_MS: z.coerce.number().int().positive().default(60 * 1000),
+    BOT_RATE_LIMIT_MAX_REQUESTS: z.coerce.number().int().positive().default(12),
+    BOT_LOG_LEVEL: z
+        .enum(["fatal", "error", "warn", "info", "debug", "trace", "silent"])
+        .default("info"),
+    BOT_SEPAY_ACCOUNT_NUMBER: z.string().optional(),
+    BOT_SEPAY_BANK_CODE: z.string().default("MBBank"),
+    BOT_SEPAY_TEMPLATE: z.string().default("compact"),
+    BOT_SEPAY_DOWNLOAD: envBoolean(false),
+});
+export function readTelegramBotConfig(env) {
+    const parsed = envSchema.parse(env);
+    return {
+        telegramBotToken: parsed.TELEGRAM_BOT_TOKEN,
+        allowedUserIds: new Set(parseIdList(parsed.TELEGRAM_ALLOWED_USER_IDS)),
+        allowedChatIds: new Set(parseIdList(parsed.TELEGRAM_ALLOWED_CHAT_IDS)),
+        ownerUserIds: new Set(parseIdList(parsed.TELEGRAM_OWNER_USER_IDS)),
+        adminUserIds: new Set(parseIdList(parsed.TELEGRAM_ADMIN_USER_IDS)),
+        botMode: parsed.TELEGRAM_BOT_MODE,
+        webhookUrl: parsed.TELEGRAM_WEBHOOK_URL?.trim() || undefined,
+        webhookSecret: parsed.TELEGRAM_WEBHOOK_SECRET?.trim() || undefined,
+        proxyAdminBaseUrl: parsed.RESPONSES_PROXY_ADMIN_BASE_URL,
+        proxyClientApiKey: parsed.RESPONSES_PROXY_CLIENT_API_KEY?.trim() || undefined,
+        defaultModel: parsed.RESPONSES_PROXY_DEFAULT_MODEL.trim(),
+        publicSignupEnabled: parsed.BOT_PUBLIC_SIGNUP_ENABLED,
+        requireAdminApproval: parsed.BOT_REQUIRE_ADMIN_APPROVAL,
+        defaultCustomerRoute: normalizeRouteKey(parsed.BOT_DEFAULT_CUSTOMER_ROUTE),
+        publicResponsesBaseUrl: parsed.BOT_PUBLIC_RESPONSES_BASE_URL,
+        proxyRequestTimeoutMs: parsed.BOT_PROXY_REQUEST_TIMEOUT_MS,
+        sessionDbPath: parsed.BOT_SESSION_DB_PATH.trim(),
+        sessionTtlMs: parsed.BOT_SESSION_TTL_MS,
+        rateLimitWindowMs: parsed.BOT_RATE_LIMIT_WINDOW_MS,
+        rateLimitMaxRequests: parsed.BOT_RATE_LIMIT_MAX_REQUESTS,
+        logLevel: parsed.BOT_LOG_LEVEL,
+        sepayAccountNumber: parsed.BOT_SEPAY_ACCOUNT_NUMBER?.trim() || undefined,
+        sepayBankCode: parsed.BOT_SEPAY_BANK_CODE.trim() || "MBBank",
+        sepayTemplate: parsed.BOT_SEPAY_TEMPLATE.trim() || "compact",
+        sepayDownload: parsed.BOT_SEPAY_DOWNLOAD,
+    };
+}
+function normalizeRouteKey(value) {
+    return (value
+        .trim()
+        .toLowerCase()
+        .replace(/[^a-z0-9_-]+/g, "-")
+        .replace(/^-+|-+$/g, "") || "customers");
+}

package/dist/telegram-bot/config.test.js

@@ -0,0 +1,42 @@
+import assert from "node:assert/strict";
+import test from "node:test";
+import { readTelegramBotConfig } from "./config.js";
+test("readTelegramBotConfig supports legacy allowlist env", () => {
+    const config = readTelegramBotConfig({
+        TELEGRAM_BOT_TOKEN: "bot-token",
+        TELEGRAM_ALLOWED_USER_IDS: "123,456",
+        TELEGRAM_ADMIN_USER_IDS: "123",
+    });
+    assert.equal(config.telegramBotToken, "bot-token");
+    assert.deepEqual([...config.allowedUserIds], ["123", "456"]);
+    assert.deepEqual([...config.adminUserIds], ["123"]);
+    assert.equal(config.publicSignupEnabled, false);
+    assert.equal(config.requireAdminApproval, true);
+});
+test("readTelegramBotConfig supports public bot env without customer allowlist", () => {
+    const config = readTelegramBotConfig({
+        TELEGRAM_BOT_TOKEN: "bot-token",
+        TELEGRAM_OWNER_USER_IDS: "1283361952",
+        BOT_PUBLIC_SIGNUP_ENABLED: "true",
+        BOT_REQUIRE_ADMIN_APPROVAL: "false",
+        BOT_DEFAULT_CUSTOMER_ROUTE: "Paid Customers",
+        BOT_PUBLIC_RESPONSES_BASE_URL: "https://proxy.example.com/v1/",
+    });
+    assert.deepEqual([...config.allowedUserIds], []);
+    assert.deepEqual([...config.ownerUserIds], ["1283361952"]);
+    assert.equal(config.publicSignupEnabled, true);
+    assert.equal(config.requireAdminApproval, false);
+    assert.equal(config.defaultCustomerRoute, "paid-customers");
+    assert.equal(config.publicResponsesBaseUrl, "https://proxy.example.com/v1");
+});
+test("readTelegramBotConfig ignores deprecated customer env allowlist", () => {
+    const config = readTelegramBotConfig({
+        TELEGRAM_BOT_TOKEN: "bot-token",
+        TELEGRAM_OWNER_USER_IDS: "1283361952",
+        TELEGRAM_CUSTOMER_USER_IDS: "42,43",
+        BOT_PUBLIC_SIGNUP_ENABLED: "true",
+    });
+    assert.deepEqual([...config.ownerUserIds], ["1283361952"]);
+    assert.deepEqual([...config.allowedUserIds], []);
+    assert.equal(config.publicSignupEnabled, true);
+});

package/dist/telegram-bot/customer-actions.js

@@ -0,0 +1,160 @@
+import { InlineKeyboard } from "grammy";
+import { answerCallbackQuerySafely, replyOrEditMessage } from "./callbacks.js";
+import { readCustomerBillingOverview } from "./customer-billing.js";
+import { formatDateTime, formatField, formatMessage, formatSection } from "./message-format.js";
+export function buildCustomerActionKeyboard(hasActiveKey) {
+    const keyboard = new InlineKeyboard()
+        .text("🔐 View key", "v1:customer:key")
+        .text("📊 Usage", "v1:customer:usage")
+        .row()
+        .text("🧾 Quota", "v1:customer:quota")
+        .text(hasActiveKey ? "⏱ Renew 24h" : "💳 Buy API key", "v1:renew:open");
+    if (hasActiveKey) {
+        keyboard.row().text("➕ Buy tokens", "v1:topup:open");
+    }
+    return keyboard.row().text("🔄 Refresh", "v1:customer:dashboard");
+}
+export function registerCustomerActionCallbacks(bot, workspaces, customerKeys, billing, auditLog) {
+    bot.callbackQuery(/^v1:customer:(dashboard|key|usage|quota)$/, async (ctx) => {
+        const view = ctx.match[1];
+        await answerCallbackQuerySafely(ctx, { text: view === "dashboard" ? "Refreshed" : "Loaded" });
+        await replyWithCustomerView(ctx, view, workspaces, customerKeys, billing, auditLog);
+    });
+}
+export async function renderCustomerActionText(ctx, text, hasActiveKey) {
+    await replyOrEditMessage(ctx, text, {
+        reply_markup: buildCustomerActionKeyboard(hasActiveKey),
+    });
+}
+export async function replyWithCustomerView(ctx, view, workspaces, customerKeys, billing, auditLog) {
+    if (ctx.chat?.type !== "private") {
+        await replyOrEditMessage(ctx, "For safety, open a private chat with this bot.");
+        return;
+    }
+    const userId = ctx.from?.id?.toString();
+    if (!userId) {
+        await replyOrEditMessage(ctx, "Could not determine your Telegram user.");
+        return;
+    }
+    const overview = readCustomerBillingOverview({
+        telegramUserId: userId,
+        workspaces,
+        customerKeys,
+        billing,
+    });
+    if (!overview.workspace) {
+        await renderCustomerActionText(ctx, formatMessage("⚠️ Workspace not ready", ["No customer workspace has been assigned to your Telegram user yet."]), false);
+        return;
+    }
+    await renderCustomerActionText(ctx, formatCustomerView(view, userId, overview, customerKeys, auditLog), overview.apiKey?.status === "active");
+}
+function formatCustomerView(view, userId, overview, customerKeys, auditLog) {
+    if (view === "key") {
+        const apiKey = overview.apiKey ? customerKeys.getApiKeySecret(overview.apiKey.id) : undefined;
+        if (apiKey && overview.apiKey) {
+            auditLog?.record({
+                event: "api_key.revealed",
+                actor: { type: "customer", id: userId },
+                subjectType: "customer_api_key",
+                subjectId: overview.apiKey.id,
+                metadata: {
+                    telegramUserId: userId,
+                    workspaceId: overview.apiKey.workspaceId,
+                    keyPreview: overview.apiKey.apiKeyPreview,
+                    audience: "customer_action_key",
+                    apiKey,
+                },
+            });
+        }
+        return formatCustomerMessage("🔐 Your API key", [
+            formatWorkspaceSection(overview),
+            formatSection("API key", [
+                overview.apiKey ? formatField("Status", formatStatus(overview.apiKey.status)) : formatField("Status", "none"),
+                overview.apiKey ? formatField("Preview", overview.apiKey.apiKeyPreview) : undefined,
+                formatField("Client route", overview.workspace?.defaultClientRoute ?? overview.apiKey?.clientRoute ?? "none"),
+            ]),
+            formatSection("Copy value", [
+                apiKey ? `api_key: ${apiKey}` : undefined,
+                overview.apiKey && !apiKey ? "Full key: unavailable for legacy key" : undefined,
+            ]),
+        ]);
+    }
+    if (view === "usage") {
+        const lotLines = formatTokenLotLines(overview);
+        return formatCustomerMessage("📊 Usage", [
+            formatWorkspaceSection(overview),
+            formatSection("Entitlement", [
+                formatField("Status", formatStatus(overview.entitlementStatus)),
+                overview.entitlement ? formatField("Period start", formatDateTime(overview.entitlement.validFrom)) : undefined,
+                overview.entitlement ? formatField("Period end", formatDateTime(overview.entitlement.validUntil)) : undefined,
+            ]),
+            formatUsageSection(overview),
+            lotLines.length > 0 ? formatSection("Token lots", lotLines) : undefined,
+            formatApiKeySummarySection(overview),
+        ]);
+    }
+    if (view === "quota") {
+        const lotLines = formatTokenLotLines(overview);
+        return formatCustomerMessage("🧾 Quota", [
+            formatWorkspaceSection(overview),
+            formatSection("Entitlement", [
+                formatField("Status", formatStatus(overview.entitlementStatus)),
+                overview.entitlement ? formatField("Expires at", formatDateTime(overview.entitlement.validUntil)) : undefined,
+            ]),
+            formatUsageSection(overview),
+            lotLines.length > 0 ? formatSection("Token lots", lotLines) : undefined,
+            formatApiKeySummarySection(overview),
+        ]);
+    }
+    return formatCustomerMessage("🏠 Dashboard", [
+        formatWorkspaceSection(overview),
+        formatSection("Access", [
+            formatField("Entitlement", formatStatus(overview.entitlementStatus)),
+            overview.entitlement ? formatField("Expires at", formatDateTime(overview.entitlement.validUntil)) : undefined,
+            overview.apiKey ? formatField("API key", formatStatus(overview.apiKey.status)) : formatField("API key", "none"),
+            overview.apiKey ? formatField("Key preview", overview.apiKey.apiKeyPreview) : undefined,
+        ]),
+        formatUsageSection(overview),
+        overview.tokenLots.length > 0 ? formatSection("Token lots", formatTokenLotLines(overview)) : undefined,
+    ]);
+}
+function formatCustomerMessage(title, blocks) {
+    return [title, ...blocks.filter(Boolean)].join("\n\n");
+}
+function formatWorkspaceSection(overview) {
+    return formatSection("Workspace", [
+        formatField("ID", overview.workspace?.id ?? "none"),
+        formatField("Status", formatStatus(overview.workspace?.status ?? "none")),
+        formatField("Client route", overview.workspace?.defaultClientRoute ?? "none"),
+    ]);
+}
+function formatApiKeySummarySection(overview) {
+    return formatSection("API key", [
+        overview.apiKey ? formatField("Status", formatStatus(overview.apiKey.status)) : formatField("Status", "none"),
+        overview.apiKey ? formatField("Preview", overview.apiKey.apiKeyPreview) : undefined,
+    ]);
+}
+function formatUsageSection(overview) {
+    const limit = overview.tokenLots.length > 0
+        ? overview.tokenLots.reduce((sum, lot) => sum + lot.entitlement.monthlyTokenLimit, 0)
+        : overview.entitlement?.monthlyTokenLimit;
+    return formatSection("Tokens", [
+        formatField("Input", formatTokenCount(overview.usage.inputTokens)),
+        formatField("Output", formatTokenCount(overview.usage.outputTokens)),
+        formatField("Used", formatTokenCount(overview.usage.totalTokens)),
+        typeof limit === "number" ? formatField("Limit", formatTokenCount(limit)) : undefined,
+        overview.remainingTokens !== null ? formatField("Remaining", formatTokenCount(overview.remainingTokens)) : undefined,
+    ]);
+}
+function formatTokenLotLines(overview) {
+    if (overview.tokenLots.length === 0) {
+        return [];
+    }
+    return overview.tokenLots.map((lot, index) => `• Lot ${index + 1}: ${formatTokenCount(lot.remainingTokens)} remaining / ${formatTokenCount(lot.entitlement.monthlyTokenLimit)} limit, expires ${formatDateTime(lot.entitlement.validUntil)}`);
+}
+function formatTokenCount(value) {
+    return new Intl.NumberFormat("en-US").format(value);
+}
+function formatStatus(value) {
+    return value.replace(/_/g, " ");
+}

package/dist/telegram-bot/customer-api-keys.js

@@ -0,0 +1,68 @@
+import { mkdirSync } from "node:fs";
+import path from "node:path";
+import BetterSqlite3 from "better-sqlite3";
+export class CustomerApiKeyStore {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    static create(dbFile) {
+        mkdirSync(path.dirname(dbFile), { recursive: true });
+        const db = new BetterSqlite3(dbFile);
+        ensureCustomerApiKeySchema(db);
+        return new CustomerApiKeyStore(db);
+    }
+    get(userId) {
+        const row = this.db
+            .prepare(`SELECT user_id, client_route, api_key, created_by_user_id, created_at
+         FROM telegram_customer_api_keys
+         WHERE user_id = ?`)
+            .get(userId);
+        return row ? mapCustomerApiKeyRow(row) : undefined;
+    }
+    upsert(input) {
+        const createdAt = (input.now ?? new Date()).toISOString();
+        this.db
+            .prepare(`INSERT INTO telegram_customer_api_keys (
+           user_id,
+           client_route,
+           api_key,
+           created_by_user_id,
+           created_at
+         )
+         VALUES (?, ?, ?, ?, ?)
+         ON CONFLICT(user_id) DO UPDATE SET
+           client_route = excluded.client_route,
+           api_key = excluded.api_key,
+           created_by_user_id = excluded.created_by_user_id,
+           created_at = excluded.created_at`)
+            .run(input.userId, input.clientRoute, input.apiKey, input.createdByUserId, createdAt);
+        return {
+            userId: input.userId,
+            clientRoute: input.clientRoute,
+            apiKey: input.apiKey,
+            createdByUserId: input.createdByUserId,
+            createdAt,
+        };
+    }
+}
+function ensureCustomerApiKeySchema(db) {
+    db.exec(`
+    CREATE TABLE IF NOT EXISTS telegram_customer_api_keys (
+      user_id TEXT PRIMARY KEY,
+      client_route TEXT NOT NULL,
+      api_key TEXT NOT NULL,
+      created_by_user_id TEXT NOT NULL,
+      created_at TEXT NOT NULL
+    )
+  `);
+}
+function mapCustomerApiKeyRow(row) {
+    return {
+        userId: row.user_id,
+        clientRoute: row.client_route,
+        apiKey: row.api_key,
+        createdByUserId: row.created_by_user_id,
+        createdAt: row.created_at,
+    };
+}

package/dist/telegram-bot/customer-billing.js

@@ -0,0 +1,72 @@
+export function readCustomerBillingOverview(args) {
+    const now = args.now ?? new Date();
+    const workspace = args.workspaces.getDefaultWorkspace(args.telegramUserId);
+    const apiKey = args.customerKeys.getActiveKeyForUser(args.telegramUserId) ??
+        args.customerKeys.getLatestKeyForUser(args.telegramUserId);
+    const activeLots = workspace ? args.billing.getActiveEntitlementLotsForWorkspace(workspace.id, now) : [];
+    const entitlement = activeLots[0]?.entitlement ?? (workspace ? args.billing.getLatestEntitlementForWorkspace(workspace.id) : undefined);
+    const tokenLots = workspace
+        ? activeLots.length > 0
+            ? activeLots
+            : entitlement
+                ? [{
+                        entitlement,
+                        usage: args.billing.getEntitlementUsage(entitlement.id) ?? buildEmptyUsage(entitlement.id, workspace.id),
+                        remainingTokens: entitlement.status === "active"
+                            ? Math.max(0, entitlement.monthlyTokenLimit -
+                                (args.billing.getEntitlementUsage(entitlement.id)?.totalTokens ?? 0))
+                            : 0,
+                    }]
+                : []
+        : [];
+    const usage = tokenLots.length > 0
+        ? tokenLots.reduce((acc, lot) => ({
+            entitlementId: acc.entitlementId,
+            workspaceId: acc.workspaceId,
+            inputTokens: acc.inputTokens + lot.usage.inputTokens,
+            outputTokens: acc.outputTokens + lot.usage.outputTokens,
+            totalTokens: acc.totalTokens + lot.usage.totalTokens,
+            createdAt: acc.createdAt,
+            updatedAt: acc.updatedAt,
+        }), buildEmptyUsage(tokenLots[0]?.entitlement.id, workspace?.id))
+        : buildEmptyUsage(undefined, workspace?.id);
+    const entitlementStatus = resolveEntitlementStatus(entitlement, now);
+    const remainingTokens = tokenLots.length > 0
+        ? tokenLots.reduce((sum, lot) => sum + lot.remainingTokens, 0)
+        : entitlement
+            ? 0
+            : null;
+    return {
+        workspace,
+        apiKey,
+        entitlement,
+        tokenLots,
+        usage,
+        entitlementStatus,
+        remainingTokens,
+    };
+}
+function resolveEntitlementStatus(entitlement, now) {
+    if (!entitlement) {
+        return "none";
+    }
+    if (entitlement.status === "suspended") {
+        return "suspended";
+    }
+    if (entitlement.status === "expired" || new Date(entitlement.validUntil).getTime() < now.getTime()) {
+        return "expired";
+    }
+    return "active";
+}
+function buildEmptyUsage(entitlementId, workspaceId) {
+    const timestamp = new Date(0).toISOString();
+    return {
+        entitlementId: entitlementId ?? "none",
+        workspaceId: workspaceId ?? "none",
+        inputTokens: 0,
+        outputTokens: 0,
+        totalTokens: 0,
+        createdAt: timestamp,
+        updatedAt: timestamp,
+    };
+}

package/dist/telegram-bot/customer-workspace-repository.js

@@ -0,0 +1,134 @@
+import { randomUUID } from "node:crypto";
+import { mkdirSync } from "node:fs";
+import path from "node:path";
+import BetterSqlite3 from "better-sqlite3";
+export class CustomerWorkspaceRepository {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    static create(dbFile) {
+        mkdirSync(path.dirname(dbFile), { recursive: true });
+        const db = new BetterSqlite3(dbFile);
+        ensureWorkspaceSchema(db);
+        return new CustomerWorkspaceRepository(db);
+    }
+    getDefaultWorkspace(ownerTelegramUserId) {
+        const row = this.db
+            .prepare(`SELECT
+          id,
+          owner_telegram_user_id,
+          telegram_chat_id,
+          name,
+          default_client_route,
+          status,
+          created_at,
+          updated_at
+        FROM customer_workspaces
+        WHERE owner_telegram_user_id = ?
+        ORDER BY created_at ASC
+        LIMIT 1`)
+            .get(ownerTelegramUserId);
+        return row ? mapWorkspaceRow(row) : undefined;
+    }
+    getById(id) {
+        const row = this.db
+            .prepare(`SELECT
+          id,
+          owner_telegram_user_id,
+          telegram_chat_id,
+          name,
+          default_client_route,
+          status,
+          created_at,
+          updated_at
+        FROM customer_workspaces
+        WHERE id = ?`)
+            .get(id);
+        return row ? mapWorkspaceRow(row) : undefined;
+    }
+    listWorkspaces() {
+        const rows = this.db
+            .prepare(`SELECT
+          id,
+          owner_telegram_user_id,
+          telegram_chat_id,
+          name,
+          default_client_route,
+          status,
+          created_at,
+          updated_at
+        FROM customer_workspaces
+        ORDER BY created_at ASC`)
+            .all();
+        return rows.map(mapWorkspaceRow);
+    }
+    ensureDefaultWorkspace(input) {
+        const existing = this.getDefaultWorkspace(input.ownerTelegramUserId);
+        if (existing) {
+            return existing;
+        }
+        const now = (input.now ?? new Date()).toISOString();
+        const id = randomUUID();
+        this.db
+            .prepare(`INSERT INTO customer_workspaces (
+          id,
+          owner_telegram_user_id,
+          telegram_chat_id,
+          name,
+          default_client_route,
+          status,
+          created_at,
+          updated_at
+        )
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?)`)
+            .run(id, input.ownerTelegramUserId, input.telegramChatId ?? null, input.name ?? null, input.defaultClientRoute, input.status, now, now);
+        return this.getDefaultWorkspace(input.ownerTelegramUserId);
+    }
+    setStatus(id, status, now = new Date()) {
+        this.db
+            .prepare(`UPDATE customer_workspaces
+         SET status = ?,
+             updated_at = ?
+         WHERE id = ?`)
+            .run(status, now.toISOString(), id);
+        return this.getById(id);
+    }
+}
+function ensureWorkspaceSchema(db) {
+    db.exec(`
+    CREATE TABLE IF NOT EXISTS customer_workspaces (
+      id TEXT PRIMARY KEY,
+      owner_telegram_user_id TEXT NOT NULL,
+      telegram_chat_id TEXT,
+      name TEXT,
+      default_client_route TEXT NOT NULL DEFAULT 'customers',
+      status TEXT NOT NULL DEFAULT 'active',
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_customer_workspaces_owner
+      ON customer_workspaces(owner_telegram_user_id, created_at);
+  `);
+}
+function mapWorkspaceRow(row) {
+    return {
+        id: row.id,
+        ownerTelegramUserId: row.owner_telegram_user_id,
+        telegramChatId: row.telegram_chat_id ?? undefined,
+        name: row.name ?? undefined,
+        defaultClientRoute: row.default_client_route,
+        status: normalizeStatus(row.status),
+        createdAt: row.created_at,
+        updatedAt: row.updated_at,
+    };
+}
+function normalizeStatus(value) {
+    return value === "active" ||
+        value === "pending_approval" ||
+        value === "suspended" ||
+        value === "closed"
+        ? value
+        : "active";
+}

package/dist/telegram-bot/customer-workspace-repository.test.js

@@ -0,0 +1,47 @@
+import { mkdtempSync, rmSync } from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import assert from "node:assert/strict";
+import test from "node:test";
+import { CustomerWorkspaceRepository } from "./customer-workspace-repository.js";
+function withRepository(fn) {
+    const dir = mkdtempSync(path.join(os.tmpdir(), "customer-workspace-"));
+    try {
+        fn(CustomerWorkspaceRepository.create(path.join(dir, "bot.sqlite")));
+    }
+    finally {
+        rmSync(dir, { recursive: true, force: true });
+    }
+}
+test("CustomerWorkspaceRepository creates default workspace idempotently", () => {
+    withRepository((repo) => {
+        const first = repo.ensureDefaultWorkspace({
+            ownerTelegramUserId: "1283361952",
+            telegramChatId: "1283361952",
+            defaultClientRoute: "customers",
+            status: "active",
+            now: new Date("2026-04-27T00:00:00.000Z"),
+        });
+        const second = repo.ensureDefaultWorkspace({
+            ownerTelegramUserId: "1283361952",
+            defaultClientRoute: "other",
+            status: "pending_approval",
+            now: new Date("2026-04-28T00:00:00.000Z"),
+        });
+        assert.equal(second.id, first.id);
+        assert.equal(second.defaultClientRoute, "customers");
+        assert.equal(second.status, "active");
+        assert.equal(second.createdAt, "2026-04-27T00:00:00.000Z");
+    });
+});
+test("CustomerWorkspaceRepository can create pending approval workspace", () => {
+    withRepository((repo) => {
+        const workspace = repo.ensureDefaultWorkspace({
+            ownerTelegramUserId: "42",
+            defaultClientRoute: "customers",
+            status: "pending_approval",
+        });
+        assert.equal(workspace.ownerTelegramUserId, "42");
+        assert.equal(workspace.status, "pending_approval");
+    });
+});

package/dist/telegram-bot/dashboard-login.js

@@ -0,0 +1,39 @@
+import { answerCallbackQuerySafely, replyOrEditMessage } from "./callbacks.js";
+import { isAdmin } from "./auth.js";
+export function registerDashboardLoginCallbacks(bot, config, dashboardAuth) {
+    bot.callbackQuery(/^v1:dashauth:([a-f0-9]+):(\d{2})$/, async (ctx) => {
+        if (!isAdmin(ctx, config)) {
+            await answerCallbackQuerySafely(ctx, { text: "Admin only.", show_alert: true });
+            return;
+        }
+        const challengeId = ctx.match[1];
+        const selectedCode = ctx.match[2];
+        const telegramUserId = ctx.from?.id?.toString();
+        if (!telegramUserId) {
+            await answerCallbackQuerySafely(ctx, { text: "Missing Telegram user.", show_alert: true });
+            return;
+        }
+        const result = dashboardAuth.resolveApprovalChoice({
+            challengeId,
+            telegramUserId,
+            selectedCode,
+        });
+        if (!result.ok) {
+            await answerCallbackQuerySafely(ctx, {
+                text: result.reason === "expired"
+                    ? "Approval request expired."
+                    : result.reason === "consumed"
+                        ? "Approval request already handled."
+                        : "Approval request not found.",
+                show_alert: true,
+            });
+            return;
+        }
+        const approved = result.status === "approved";
+        await answerCallbackQuerySafely(ctx, {
+            text: approved ? "Dashboard login approved." : "Wrong code.",
+            show_alert: !approved,
+        });
+        await replyOrEditMessage(ctx, approved ? "Responses Proxy dashboard login approved." : "Responses Proxy dashboard login rejected.");
+    });
+}