switchroom 0.13.33 → 0.13.36

package/telegram-plugin/gateway/config-approval-handler.test.ts

@@ -17,6 +17,7 @@ import {
   handleRequestConfigFinalize,
   parseConfigApprovalCallback,
   resolvePendingConfigApproval,
+  truncateDiffForCard,
   _resetPendingConfigApprovalsForTest,
   _peekPendingConfigApprovalForTest,
 } from "./config-approval-handler.js";
@@ -66,7 +67,7 @@ afterEach(() => {
 
 describe("buildConfigApprovalCardBody", () => {
   it("HTML-escapes the diff body so `<` / `&` can't break out of the <pre> block", () => {
-    const body = buildConfigApprovalCardBody({
+    const { body } = buildConfigApprovalCardBody({
       agentName: "klanker",
       reason: "<script>",
       unifiedDiff: "a & b <c>",
@@ -74,6 +75,97 @@ describe("buildConfigApprovalCardBody", () => {
     expect(body).toContain("&lt;script&gt;");
     expect(body).toContain("a &amp; b &lt;c&gt;");
   });
+
+  it("rendered body stays under Telegram's 4096-char limit when raw diff is all `&` (worst-case 5x escape inflation)", () => {
+    // 3000 `&` chars escape to 15000 `&amp;` chars — far past 4096.
+    // The post-escape cap MUST kick in and truncate the rendered body.
+    const evilDiff = "&".repeat(3000);
+    const { body } = buildConfigApprovalCardBody({
+      agentName: "klanker",
+      reason: "test",
+      unifiedDiff: evilDiff,
+    });
+    expect(body.length).toBeLessThanOrEqual(4096);
+    expect(body).toContain("diff continues, see attached file");
+  });
+
+  it("rendered body stays under 4096 when raw diff is all `<` (5x escape)", () => {
+    const evilDiff = "<".repeat(3000);
+    const { body } = buildConfigApprovalCardBody({
+      agentName: "klanker",
+      reason: "test",
+      unifiedDiff: evilDiff,
+    });
+    expect(body.length).toBeLessThanOrEqual(4096);
+    expect(body).toContain("&lt;");
+  });
+
+  it("clips an unbounded operator-supplied `reason` to ~500 chars with ellipsis", () => {
+    const longReason = "x".repeat(2000);
+    const { body } = buildConfigApprovalCardBody({
+      agentName: "klanker",
+      reason: longReason,
+      unifiedDiff: "small",
+    });
+    // The escaped reason should appear, but capped.
+    const reasonLine = body
+      .split("\n")
+      .find((l) => l.startsWith("Reason: "))!;
+    // "Reason: " prefix (8) + clipped reason.
+    expect(reasonLine.length).toBeLessThanOrEqual(8 + 500);
+    expect(reasonLine.endsWith("…")).toBe(true);
+  });
+
+  it("returns truncated:false when the rendered body fits without trimming", () => {
+    const { body, truncated } = buildConfigApprovalCardBody({
+      agentName: "klanker",
+      reason: "small",
+      unifiedDiff: "-a\n+b\n",
+    });
+    expect(truncated).toBe(false);
+    expect(body).toContain("<pre>-a\n+b\n</pre>");
+  });
+
+  it("returns truncated:true and appends the sentinel when the body has to shrink", () => {
+    const { body, truncated } = buildConfigApprovalCardBody({
+      agentName: "klanker",
+      reason: "test",
+      unifiedDiff: "&".repeat(3000),
+    });
+    expect(truncated).toBe(true);
+    expect(body).toContain("diff continues, see attached file");
+  });
+
+  it("handles a single unbroken line (no `\\n` to snap to) by char-truncation fallback", () => {
+    // 8000 `x` chars on a single line. After HTML escape (no inflation
+    // for `x`) the diff body alone is 8000 chars + framing — way past
+    // the cap. There's no newline to snap to, so the helper must fall
+    // through to char-truncation rather than returning empty.
+    const oneLongLine = "x".repeat(8000);
+    const { body, truncated } = buildConfigApprovalCardBody({
+      agentName: "klanker",
+      reason: "test",
+      unifiedDiff: oneLongLine,
+    });
+    expect(truncated).toBe(true);
+    expect(body.length).toBeLessThanOrEqual(4096);
+    // Should still contain SOME of the line content — the helper
+    // shouldn't degenerate to "framing + sentinel only" when char-
+    // truncation is available.
+    expect(body).toMatch(/x{100,}/);
+    expect(body).toContain("diff continues, see attached file");
+  });
+
+  it("rendered body stays under 4096 even when reason is also adversarial", () => {
+    const evilDiff = "&".repeat(3000);
+    const evilReason = "&".repeat(2000);
+    const { body } = buildConfigApprovalCardBody({
+      agentName: "klanker",
+      reason: evilReason,
+      unifiedDiff: evilDiff,
+    });
+    expect(body.length).toBeLessThanOrEqual(4096);
+  });
 });
 
 describe("handleRequestConfigApproval", () => {
@@ -100,6 +192,7 @@ describe("handleRequestConfigApproval", () => {
         requestId: "req-1",
         verdict: "deny",
         reason: expect.stringContaining("gateway serves 'klanker'"),
+        denySource: "dispatch_failure",
       },
     ]);
   });
@@ -225,6 +318,100 @@ describe("handleRequestConfigFinalize", () => {
   });
 });
 
+describe("oversize diff → attachment fallback (#1762)", () => {
+  function bigDiff(lines: number): string {
+    // Each line ~80 chars → 200 lines ≈ 16 KB, comfortably > 4096.
+    const row =
+      "-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
+    return Array.from({ length: lines }, (_, i) => `${row}${i}`).join("\n");
+  }
+
+  it("truncateDiffForCard caps the diff and appends a sentinel", () => {
+    const truncated = truncateDiffForCard(bigDiff(200), 50, 3000);
+    expect(truncated.length).toBeLessThanOrEqual(3050);
+    expect(truncated.endsWith("[… diff continues, see attached file]")).toBe(
+      true,
+    );
+  });
+
+  it("returns the original diff unchanged when below the line cap", () => {
+    const small = "--- a\n+++ b\n@@\n-x\n+y\n";
+    expect(truncateDiffForCard(small, 50)).toBe(small);
+  });
+
+  it("oversize body still posts a card with buttons AND fires postAttachment", async () => {
+    const huge = bigDiff(200);
+    const attachmentCalls: Array<{
+      chatId: number | string;
+      filename: string;
+      content: string;
+    }> = [];
+    const { client, sent, deps } = fakeDeps({
+      postAttachment: async (a: {
+        chatId: number | string;
+        filename: string;
+        content: string;
+      }) => {
+        attachmentCalls.push({
+          chatId: a.chatId,
+          filename: a.filename,
+          content: a.content,
+        });
+      },
+    });
+    await handleRequestConfigApproval(
+      client,
+      { ...baseMsg, unifiedDiff: huge },
+      deps,
+    );
+
+    // Card was posted exactly once, with buttons, and within Telegram's limit.
+    expect(deps.postCard).toHaveBeenCalledTimes(1);
+    const postArgs = (deps.postCard as ReturnType<typeof vi.fn>).mock
+      .calls[0]![0] as { text: string; replyMarkup: unknown };
+    expect(postArgs.text.length).toBeLessThanOrEqual(4096);
+    expect(postArgs.text).toMatch(/diff continues, see attached file/);
+    expect(postArgs.replyMarkup).toBeDefined();
+
+    // Attachment carries the FULL diff, named .patch, keyed by requestId.
+    expect(attachmentCalls.length).toBe(1);
+    expect(attachmentCalls[0]!.filename).toBe("config-edit-req-1.patch");
+    expect(attachmentCalls[0]!.content).toBe(huge);
+
+    // The pending entry is registered — handler hasn't auto-denied.
+    expect(_peekPendingConfigApprovalForTest("req-1")).toBeDefined();
+    // No verdict has crossed the wire yet (still pending operator tap).
+    expect(sent.filter((s) => s.type === "config_approval_resolved")).toEqual(
+      [],
+    );
+  });
+
+  it("oversize but no postAttachment dep → card still posts, missing-attachment is logged", async () => {
+    const huge = bigDiff(200);
+    const logs: string[] = [];
+    const { client, deps } = fakeDeps({ log: (m: string) => logs.push(m) });
+    await handleRequestConfigApproval(
+      client,
+      { ...baseMsg, unifiedDiff: huge },
+      deps,
+    );
+    expect(deps.postCard).toHaveBeenCalledTimes(1);
+    expect(
+      logs.some((l) => l.includes("no postAttachment dep wired")),
+    ).toBe(true);
+    expect(_peekPendingConfigApprovalForTest("req-1")).toBeDefined();
+  });
+
+  it("postCard failure → deny carries denySource='dispatch_failure'", async () => {
+    const { client, sent, deps } = fakeDeps({
+      postCard: vi.fn(async () => null),
+    });
+    await handleRequestConfigApproval(client, baseMsg, deps);
+    expect(sent[0]!.verdict).toBe("deny");
+    expect(sent[0]!.denySource).toBe("dispatch_failure");
+  });
+});
+
 describe("parseConfigApprovalCallback", () => {
   it("parses well-formed callbacks", () => {
     expect(parseConfigApprovalCallback("cfg:abc:approve")).toEqual({

package/telegram-plugin/gateway/config-approval-handler.ts

@@ -7,6 +7,7 @@ import type {
   RequestConfigApprovalMessage,
   RequestConfigFinalizeMessage,
 } from "./ipc-protocol.js";
+import { truncateRawToFit } from "./oversize-card-body.js";
 
 /** Pending approval state — in-memory only (no SQLite per RFC §3.4). */
 interface PendingConfigApproval {
@@ -50,6 +51,18 @@ export interface ConfigApprovalHandlerDeps {
     messageId: number;
     text: string;
   }) => Promise<void>;
+  /**
+   * Send the full diff as a `.patch` document attachment when the
+   * card body exceeds Telegram's 4096-char sendMessage limit
+   * (#1762). Best-effort — failures are logged and do NOT block the
+   * approval flow (the truncated card is still actionable).
+   */
+  postAttachment?: (args: {
+    chatId: number | string;
+    threadId?: number;
+    filename: string;
+    content: string;
+  }) => Promise<void>;
   log?: (msg: string) => void;
 }
 
@@ -59,19 +72,107 @@ export interface ConfigApprovalHandlerDeps {
  * diffs may be truncated by the API; the validator already caps
  * unified_diff at ~63 KiB so practical fleet edits fit comfortably.
  */
+/**
+ * Truncate a unified diff for inline display in the card body when
+ * the full diff would exceed Telegram's 4096-char sendMessage limit.
+ * Caps at `maxLines` lines AND at `maxChars` *raw* characters
+ * (whichever trips first), then appends a sentinel pointing to the
+ * attached `.patch` document. (#1762)
+ *
+ * NOTE: This is a *raw-input* cap. HTML escaping happens downstream
+ * and can inflate by up to 5x per char (`&` → `&amp;`). The
+ * load-bearing post-escape cap lives in `buildConfigApprovalCardBody`
+ * (rendered-body cap), which re-truncates the raw diff if escaping
+ * blew past Telegram's 4096 sendMessage limit. This function is the
+ * cheap fast-path for the common case.
+ */
+export function truncateDiffForCard(
+  unifiedDiff: string,
+  maxLines = 50,
+  maxChars = 3000,
+): string {
+  const sentinel = "\n[… diff continues, see attached file]";
+  const lines = unifiedDiff.split("\n");
+  let out: string;
+  if (lines.length <= maxLines) {
+    out = unifiedDiff;
+  } else {
+    out = lines.slice(0, maxLines).join("\n");
+  }
+  if (out.length > maxChars) {
+    // Snap to the last complete line within the cap, falling back to
+    // a hard char cut if a single line exceeds maxChars.
+    const cap = out.slice(0, maxChars);
+    const lastNl = cap.lastIndexOf("\n");
+    out = lastNl > 0 ? cap.slice(0, lastNl) : cap;
+  }
+  return out === unifiedDiff ? out : out + sentinel;
+}
+
+/**
+ * Telegram `sendMessage` hard limit. We render with `parse_mode=HTML`,
+ * so the limit applies to the rendered (escaped) body, NOT the raw
+ * pre-escape source. Worst-case escape is `&` → `&amp;` (5x).
+ */
+const TELEGRAM_SENDMESSAGE_LIMIT = 4096;
+/** Safety margin under the hard limit for invisible framing wobble. */
+const RENDERED_BODY_CAP = 3900;
+/** Operator-supplied `reason` is unbounded at the wire — clip it. */
+const REASON_MAX_CHARS = 500;
+const REASON_ELLIPSIS = "…";
+/**
+ * Sentinel appended to a truncated diff in the inline card body when
+ * the full diff ships separately as a `.patch` attachment. Exported
+ * so the dispatcher can key oversize detection off the
+ * `{truncated}` flag returned by `buildConfigApprovalCardBody`
+ * instead of substring-matching this string.
+ */
+export const DIFF_SENTINEL = "\n[… diff continues, see attached file]";
+
+function escapeHtml(s: string): string {
+  return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+}
+
+function clipReason(reason: string): string {
+  if (reason.length <= REASON_MAX_CHARS) return reason;
+  return reason.slice(0, REASON_MAX_CHARS - REASON_ELLIPSIS.length) +
+    REASON_ELLIPSIS;
+}
+
+/**
+ * Render the card body, guaranteeing the result fits under Telegram's
+ * 4096-char sendMessage limit even when HTML escaping inflates the
+ * raw diff up to 5x (worst case: all `&`). Strategy:
+ *
+ *   1. Clip `reason` (user-supplied, unbounded) to REASON_MAX_CHARS.
+ *   2. Render with the (already line/char-capped) diff.
+ *   3. If the rendered body still exceeds RENDERED_BODY_CAP, binary-
+ *      shrink the raw diff and re-render until it fits. Truncation
+ *      happens on the RAW diff (then re-escaped), so we never cut
+ *      mid-entity like `&am|p;`.
+ *
+ * The full diff still ships as a `.patch` attachment — this cap only
+ * shrinks the inline preview.
+ */
 export function buildConfigApprovalCardBody(args: {
   agentName: string;
   reason: string;
   unifiedDiff: string;
-}): string {
-  const esc = (s: string) =>
-    s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
-  return (
+}): { body: string; truncated: boolean } {
+  const safeReason = clipReason(args.reason);
+  const render = (diff: string): string =>
     `🛠 <b>Config edit proposed</b>\n` +
-    `Agent: <code>${esc(args.agentName)}</code>\n` +
-    `Reason: ${esc(args.reason)}\n\n` +
-    `<pre>${esc(args.unifiedDiff)}</pre>`
-  );
+    `Agent: <code>${escapeHtml(args.agentName)}</code>\n` +
+    `Reason: ${escapeHtml(safeReason)}\n\n` +
+    `<pre>${escapeHtml(diff)}</pre>`;
+
+  return truncateRawToFit({
+    raw: args.unifiedDiff,
+    render,
+    cap: RENDERED_BODY_CAP,
+    sentinel: DIFF_SENTINEL,
+    hardLimit: TELEGRAM_SENDMESSAGE_LIMIT,
+  });
 }
 
 /**
@@ -85,6 +186,7 @@ export async function handleRequestConfigApproval(
   const reply = (
     verdict: "approve" | "deny" | "timeout",
     reason?: string,
+    denySource?: "operator" | "dispatch_failure",
   ) => {
     try {
       client.send({
@@ -92,6 +194,7 @@ export async function handleRequestConfigApproval(
         requestId: msg.requestId,
         verdict,
         ...(reason ? { reason } : {}),
+        ...(denySource ? { denySource } : {}),
       });
     } catch (err) {
       deps.log?.(
@@ -101,21 +204,44 @@ export async function handleRequestConfigApproval(
   };
 
   if (msg.agentName !== deps.agentName) {
-    reply("deny", `gateway serves '${deps.agentName}', not '${msg.agentName}'`);
+    reply(
+      "deny",
+      `gateway serves '${deps.agentName}', not '${msg.agentName}'`,
+      "dispatch_failure",
+    );
     return;
   }
 
   const target = deps.loadTargetChat();
   if (target === null) {
-    reply("deny", "no target chat available — operator not paired?");
+    reply(
+      "deny",
+      "no target chat available — operator not paired?",
+      "dispatch_failure",
+    );
     return;
   }
 
-  const body = buildConfigApprovalCardBody({
+  // Pre-flight oversize handling (#1762). Telegram caps sendMessage
+  // at 4096 chars and we render with parse_mode=HTML, so the limit
+  // applies to the rendered (escaped) body — worst-case `&` → `&amp;`
+  // inflates 5x. Fast-path with a cheap raw-input cap, then let
+  // buildConfigApprovalCardBody enforce the post-escape rendered cap
+  // (which re-truncates the diff if escaping blew past the limit). We
+  // ship the full diff as a `.patch` attachment whenever truncation
+  // happens in either layer.
+  const prelim = truncateDiffForCard(msg.unifiedDiff);
+  const built = buildConfigApprovalCardBody({
     agentName: msg.agentName,
     reason: msg.reason,
-    unifiedDiff: msg.unifiedDiff,
+    unifiedDiff: prelim,
   });
+  const body = built.body;
+  // Oversize iff EITHER the cheap raw fast-path trimmed lines OR the
+  // post-escape rendered cap had to re-truncate. Keyed off the
+  // builder's structured `truncated` flag instead of substring-
+  // matching the sentinel string (#1767 nit).
+  const oversize = prelim !== msg.unifiedDiff || built.truncated;
   const replyMarkup = deps.buildKeyboard(msg.requestId);
 
   const posted = await deps.postCard({
@@ -125,9 +251,12 @@ export async function handleRequestConfigApproval(
     replyMarkup,
   });
   if (posted === null) {
-    reply("deny", "Telegram sendMessage failed");
+    reply("deny", "Telegram sendMessage failed", "dispatch_failure");
     return;
   }
+  if (oversize) {
+    await maybePostAttachment(deps, target, msg);
+  }
 
   const entry: PendingConfigApproval = {
     requestId: msg.requestId,
@@ -245,8 +374,34 @@ export async function handleRequestConfigFinalize(
   }
 }
 
-function escapeHtml(s: string): string {
-  return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+/**
+ * Best-effort attachment of the full diff as a `.patch` document.
+ * Logged-and-swallowed on failure — the truncated card body remains
+ * actionable even without the attachment. (#1762)
+ */
+async function maybePostAttachment(
+  deps: ConfigApprovalHandlerDeps,
+  target: { chatId: number | string; threadId?: number },
+  msg: RequestConfigApprovalMessage,
+): Promise<void> {
+  if (deps.postAttachment === undefined) {
+    deps.log?.(
+      `oversize config approval card but no postAttachment dep wired (requestId=${msg.requestId})`,
+    );
+    return;
+  }
+  try {
+    await deps.postAttachment({
+      chatId: target.chatId,
+      ...(target.threadId !== undefined ? { threadId: target.threadId } : {}),
+      filename: `config-edit-${msg.requestId}.patch`,
+      content: msg.unifiedDiff,
+    });
+  } catch (err) {
+    deps.log?.(
+      `config approval attachment failed (requestId=${msg.requestId}): ${(err as Error).message}`,
+    );
+  }
 }
 
 // Test-only: clear the in-memory pending map between cases.

package/telegram-plugin/gateway/diff-preview-card.test.ts

@@ -111,7 +111,7 @@ describe("buildDiffPreviewCard — input validation", () => {
     const preview = buildDiffPreview(baseInput());
     expect(() =>
       buildDiffPreviewCard({ preview, suggestRequestId: "not-hex" }),
-    ).toThrow(/8 hex chars/);
+    ).toThrow(/32 hex chars/);
   });
 
   it("throws on a malformed writeRequestId", () => {
@@ -122,7 +122,7 @@ describe("buildDiffPreviewCard — input validation", () => {
         suggestRequestId: "aabbccddaabbccddaabbccddaabbccdd",
         writeRequestId: "ABCDEF01", // wrong case
       }),
-    ).toThrow(/8 hex chars/);
+    ).toThrow(/32 hex chars/);
   });
 });
 

package/telegram-plugin/gateway/diff-preview-card.ts

@@ -73,12 +73,12 @@ export function buildDiffPreviewCard(
 ): BuiltDiffPreviewCard {
   if (!REQUEST_ID_RE.test(input.suggestRequestId)) {
     throw new Error(
-      `buildDiffPreviewCard: suggestRequestId must be 8 hex chars (got '${input.suggestRequestId}')`,
+      `buildDiffPreviewCard: suggestRequestId must be 32 hex chars (got '${input.suggestRequestId}')`,
     );
   }
   if (input.writeRequestId !== undefined && !REQUEST_ID_RE.test(input.writeRequestId)) {
     throw new Error(
-      `buildDiffPreviewCard: writeRequestId must be 8 hex chars (got '${input.writeRequestId}')`,
+      `buildDiffPreviewCard: writeRequestId must be 32 hex chars (got '${input.writeRequestId}')`,
     );
   }
 

package/telegram-plugin/gateway/drive-write-approval.test.ts

@@ -279,6 +279,76 @@ describe("handleRequestDriveApproval — TTL clamping", () => {
   });
 });
 
+// ────────────────────────────────────────────────────────────────────────
+// Oversize-body fit (#1767)
+// ────────────────────────────────────────────────────────────────────────
+
+describe("handleRequestDriveApproval — oversize card body fit (#1767)", () => {
+  it("truncates the rendered text under 4096 chars before posting", async () => {
+    const spy = makeSpy();
+    // buildCard returns a body well past Telegram's 4096-char limit
+    // (simulates a docTitle / anchor / summary whose HTML-escape
+    // inflated past the limit). Handler must shrink it before postCard.
+    const giantText =
+      "<b>Title</b>\n" +
+      Array.from({ length: 200 }, (_, i) => `line-${i}-${"x".repeat(40)}`).join(
+        "\n",
+      );
+    expect(giantText.length).toBeGreaterThan(4096);
+    await handleRequestDriveApproval(
+      clientFor(spy),
+      msgFor(),
+      deps({
+        spy,
+        buildCard: () => ({ text: giantText, reply_markup: { stub: true } }),
+      }),
+    );
+    expect(spy.posted).toHaveLength(1);
+    expect(spy.posted[0]!.text.length).toBeLessThanOrEqual(4096);
+    expect(spy.posted[0]!.text).toContain("preview truncated");
+    // Card was successfully posted → ok:true response went back.
+    expect(spy.sent[0]?.ok).toBe(true);
+    // The log line surfaces the truncation event.
+    expect(
+      spy.logs.some((l) => l.includes("oversize-truncated")),
+    ).toBe(true);
+  });
+
+  it("does not touch the body when it already fits", async () => {
+    const spy = makeSpy();
+    const small = "<b>Small</b>\nline 1\nline 2";
+    await handleRequestDriveApproval(
+      clientFor(spy),
+      msgFor(),
+      deps({
+        spy,
+        buildCard: () => ({ text: small, reply_markup: { stub: true } }),
+      }),
+    );
+    expect(spy.posted[0]!.text).toBe(small);
+    expect(
+      spy.logs.some((l) => l.includes("oversize-truncated")),
+    ).toBe(false);
+  });
+
+  it("post failure after truncation surfaces a structured reason", async () => {
+    const spy = makeSpy();
+    const giantText =
+      "<b>Title</b>\n" + "x".repeat(8000);
+    await handleRequestDriveApproval(
+      clientFor(spy),
+      msgFor(),
+      deps({
+        spy,
+        buildCard: () => ({ text: giantText, reply_markup: { stub: true } }),
+        postCard: async () => null,
+      }),
+    );
+    expect(spy.sent[0]?.ok).toBe(false);
+    expect(spy.sent[0]?.reason).toMatch(/oversize-body truncation/);
+  });
+});
+
 // ────────────────────────────────────────────────────────────────────────
 // Always responds (no path drops the response)
 // ────────────────────────────────────────────────────────────────────────

package/telegram-plugin/gateway/drive-write-approval.ts

@@ -30,6 +30,7 @@ import type {
   DriveApprovalPostedEvent,
   RequestDriveApprovalMessage,
 } from "./ipc-protocol.js";
+import { truncateRawToFit } from "./oversize-card-body.js";
 
 // ────────────────────────────────────────────────────────────────────────
 // Injected deps — caller (gateway.ts) wires these from the existing
@@ -100,6 +101,18 @@ const DEFAULT_TTL_MS = 5 * 60 * 1000; // 5 minutes
 const MAX_TTL_MS = 30 * 60 * 1000; // 30 minutes
 const MIN_TTL_MS = 30 * 1000; // 30 seconds
 
+/**
+ * Telegram `sendMessage` hard limit. `buildDiffPreviewCard` HTML-
+ * escapes the docTitle + every body line with no upstream length
+ * cap, so an adversarial or just-unusually-long docTitle / anchor
+ * displayName / agent-supplied summary can render past 4096 once
+ * `&` / `<` / `>` inflate up to 5x. We rebuild a truncated body
+ * keyed off the wrapper-attested fields when that happens. (#1767)
+ */
+const TELEGRAM_SENDMESSAGE_LIMIT = 4096;
+const RENDERED_BODY_CAP = 3900;
+const OVERSIZE_SENTINEL = "\n[… preview truncated; open in Drive for full context]";
+
 /**
  * Top-level handler called by ipc-server's onRequestDriveApproval.
  * Always sends a single `drive_approval_posted` reply (success or
@@ -204,20 +217,56 @@ export async function handleRequestDriveApproval(
     });
     return;
   }
+  // Oversize guard (#1767). buildDiffPreviewCard renders title +
+  // every body line HTML-escaped with no length cap. Worst-case `&`
+  // / `<` / `>` inflate 5x — a long docTitle or anchor displayName
+  // pushes past Telegram's 4096-char sendMessage limit and the API
+  // returns a generic 400 that surfaces as a silent E_DENIED. Cap
+  // the rendered body BEFORE posting.
+  let cardText = card.text;
+  let truncatedForFit = false;
+  if (cardText.length > RENDERED_BODY_CAP) {
+    const fit = truncateRawToFit({
+      raw: card.text,
+      // The "raw" here is the already-escaped card text — we don't
+      // have access to pre-escape source at this layer because
+      // buildDiffPreviewCard owns escaping. Line-snap is the safe
+      // granularity: HTML entities like `&amp;` never span `\n`, so
+      // truncating at a newline boundary can't bisect an entity.
+      // The defensive single-long-line fallback may char-cut into an
+      // entity, but the drive-preview lines are short (anchor name,
+      // metrics, capped 200-char summary) so this is unreachable
+      // unless a multi-KB docTitle slipped through Drive itself.
+      render: (slice) => slice,
+      cap: RENDERED_BODY_CAP,
+      sentinel: OVERSIZE_SENTINEL,
+      hardLimit: TELEGRAM_SENDMESSAGE_LIMIT,
+    });
+    cardText = fit.body;
+    truncatedForFit = fit.truncated;
+  }
+
   const posted = await deps.postCard({
     chatId: target.chatId,
     ...(target.threadId !== undefined ? { threadId: target.threadId } : {}),
-    text: card.text,
+    text: cardText,
     replyMarkup: card.reply_markup,
   });
   if (posted === null) {
     reply({
       correlationId: msg.correlationId,
       ok: false,
-      reason: "Telegram sendMessage failed",
+      reason: truncatedForFit
+        ? "Telegram sendMessage failed even after oversize-body truncation"
+        : "Telegram sendMessage failed",
     });
     return;
   }
+  if (truncatedForFit) {
+    deps.log?.(
+      `drive_approval_posted oversize-truncated correlation=${msg.correlationId} original_len=${card.text.length} rendered_len=${cardText.length}`,
+    );
+  }
 
   deps.log?.(
     `drive_approval_posted ok correlation=${msg.correlationId} request_id=${registered.request_id} file=${fileId}`,