fix(telegram): graceful degradation when credentials are missing#28
Merged
auroracapital merged 1 commit intodevfrom Apr 12, 2026
Merged
fix(telegram): graceful degradation when credentials are missing#28auroracapital merged 1 commit intodevfrom
auroracapital merged 1 commit intodevfrom
Conversation
Server no longer exits at startup when TELEGRAM_API_ID/HASH/SESSION are unset. It starts as a valid MCP server and returns a clear "not configured" error on every tool call instead of crashing, keeping the plugin loadable without Telegram credentials. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Contributor
|
Mention Blocks like a regular teammate with your question or request: @blocks review this pull request Run |
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4400e2bebd
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| process.exit(1); | ||
| } | ||
| // Detect whether credentials are present — server always starts regardless | ||
| const CONFIGURED = !!(API_ID && API_HASH && SESSION_STRING); |
There was a problem hiding this comment.
Allow auth mode without an existing session
Including SESSION_STRING in CONFIGURED blocks first-time authentication: when users run node index.js --auth with valid TELEGRAM_API_ID/TELEGRAM_API_HASH but no TELEGRAM_SESSION yet (the normal bootstrap case), the --auth branch is skipped and the server starts in unconfigured mode, so a new session can never be generated. This regresses the documented/manual setup flow and the auth script behavior; --auth should remain reachable without a preexisting session.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is ON, but it could not run because the branch was deleted or merged before autofix could start.
Reviewed by Cursor Bugbot for commit 4400e2b. Configure here.
| await client.disconnect(); | ||
| process.exit(0); | ||
| } | ||
| if (CONFIGURED) { |
There was a problem hiding this comment.
--auth flow unreachable without existing session string
High Severity
CONFIGURED requires SESSION_STRING to be truthy, but the --auth flow (inside if (CONFIGURED)) exists precisely to generate the session string when it doesn't exist yet. The README documents running --auth with only API_ID, API_HASH, and PHONE set — no session. This makes initial setup completely impossible since the --auth branch is now unreachable without the very credential it's supposed to produce.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 4400e2b. Configure here.
| process.stderr.write( | ||
| `Warning: Failed to connect to Telegram: ${err.message}\n`, | ||
| ); | ||
| client = null; |
There was a problem hiding this comment.
Connected client not disconnected before nulling reference
Medium Severity
When client.connect() succeeds on line 94 but checkAuthorization() fails on line 95, client is set to null on line 99 without first calling client.disconnect(). This leaks an open MTProto connection. The same concern applies less critically in the catch block (line 105) if connect() partially succeeded before throwing.
Reviewed by Cursor Bugbot for commit 4400e2b. Configure here.
Comment on lines
+48
to
+49
| if (CONFIGURED) { | ||
| // First-run interactive auth mode (only when creds are available) |
There was a problem hiding this comment.
Bug: The --auth flag for first-time setup is unreachable because the CONFIGURED check now requires a SESSION_STRING, which doesn't exist on the first run.
Severity: CRITICAL
Suggested Fix
The check for the --auth flag should be moved outside of the if (CONFIGURED) block. Alternatively, the logic for CONFIGURED should be adjusted to not require SESSION_STRING when the --auth flag is present, allowing the first-run authentication flow to execute as intended.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: claude-ops/telegram-server/index.js#L48-L49
Potential issue: The refactoring introduced a new constant `CONFIGURED` which is true
only if `API_ID`, `API_HASH`, and `SESSION_STRING` are all present. However, the
documented first-run authentication flow, triggered by the `--auth` flag, is
specifically for generating the initial `SESSION_STRING`, so it is not provided. The
code block handling the `--auth` logic is now wrapped in an `if (CONFIGURED)` check.
Since `SESSION_STRING` is falsy on the first run, `CONFIGURED` evaluates to `false`, and
the authentication logic is never executed. This prevents new users from being able to
authenticate and generate their session string as per the setup instructions.
Did we get this right? 👍 / 👎 to inform future reviews.
There was a problem hiding this comment.
Pull request overview
This PR updates the Telegram MCP server startup behavior to avoid failing fast when Telegram environment variables are missing, allowing the MCP server to load and respond with a helpful error message instead of exiting.
Changes:
- Replace startup
process.exit(1)failures with an “unconfigured mode” that still starts the MCP server. - Add a
!clientguard in the tool call handler that returns a consistent “Telegram not configured” response when Telegram isn’t usable. - Guard shutdown handlers to avoid calling
disconnect()on a null client.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+41
to
+52
| // Detect whether credentials are present — server always starts regardless | ||
| const CONFIGURED = !!(API_ID && API_HASH && SESSION_STRING); | ||
| const NOT_CONFIGURED_MSG = | ||
| "Telegram not configured. Run /ops:setup telegram to set up your credentials."; | ||
|
|
||
| const stringSession = new StringSession(SESSION_STRING); | ||
| const client = new TelegramClient(stringSession, API_ID, API_HASH, { | ||
| connectionRetries: 5, | ||
| baseLogger: { | ||
| log: () => {}, | ||
| warn: () => {}, | ||
| error: (...args) => process.stderr.write(args.join(" ") + "\n"), | ||
| info: () => {}, | ||
| debug: () => {}, | ||
| }, | ||
| }); | ||
| let client = null; | ||
|
|
||
| // First-run interactive auth mode | ||
| if (process.argv.includes("--auth")) { | ||
| const rl = readline.createInterface({ input, output }); | ||
| await client.start({ | ||
| phoneNumber: async () => | ||
| PHONE || (await rl.question("Phone number (E.164): ")), | ||
| password: async () => await rl.question("2FA password (blank if none): "), | ||
| phoneCode: async () => await rl.question("SMS code: "), | ||
| onError: (err) => process.stderr.write(`Auth error: ${err.message}\n`), | ||
| }); | ||
| rl.close(); | ||
| const saved = client.session.save(); | ||
| process.stdout.write("\n=== AUTH SUCCESSFUL ===\n"); | ||
| process.stdout.write("Save this to TELEGRAM_SESSION env var:\n\n"); | ||
| process.stdout.write(saved + "\n"); | ||
| await client.disconnect(); | ||
| process.exit(0); | ||
| } | ||
| if (CONFIGURED) { | ||
| // First-run interactive auth mode (only when creds are available) | ||
| if (process.argv.includes("--auth")) { | ||
| const stringSession = new StringSession(SESSION_STRING); | ||
| const authClient = new TelegramClient(stringSession, API_ID, API_HASH, { |
There was a problem hiding this comment.
CONFIGURED currently requires SESSION_STRING, which prevents running the intended first-run --auth flow when TELEGRAM_SESSION is unset (the common case). Consider separating “has API creds” (API_ID/API_HASH) from “has session”, and allow --auth to run with an empty StringSession so it can generate a new session string.
Comment on lines
216
to
+221
| server.setRequestHandler(CallToolRequestSchema, async (request) => { | ||
| const { name, arguments: args } = request.params; | ||
|
|
||
| if (!client) { | ||
| return { | ||
| content: [{ type: "text", text: NOT_CONFIGURED_MSG }], |
There was a problem hiding this comment.
The !client guard returns NOT_CONFIGURED_MSG for any case where client is null, including failed connections or an invalid/expired session. That message is accurate for missing env vars but misleading for “configured but currently unavailable” scenarios. Suggest tracking an explicit reason/status (e.g., missing creds vs connect failed vs unauthorized) and returning a more accurate, non-sensitive message accordingly.
Suggested change
| server.setRequestHandler(CallToolRequestSchema, async (request) => { | |
| const { name, arguments: args } = request.params; | |
| if (!client) { | |
| return { | |
| content: [{ type: "text", text: NOT_CONFIGURED_MSG }], | |
| function getClientUnavailableMessage() { | |
| if (!API_ID || !API_HASH) { | |
| return NOT_CONFIGURED_MSG; | |
| } | |
| if (!process.env.TELEGRAM_SESSION) { | |
| return "Telegram is configured but not authenticated. Run `node index.js --auth` to create a session."; | |
| } | |
| return "Telegram is configured but currently unavailable. Re-authenticate or restart the server and try again."; | |
| } | |
| server.setRequestHandler(CallToolRequestSchema, async (request) => { | |
| const { name, arguments: args } = request.params; | |
| if (!client) { | |
| return { | |
| content: [{ type: "text", text: getClientUnavailableMessage() }], |
Comment on lines
+52
to
+61
| const authClient = new TelegramClient(stringSession, API_ID, API_HASH, { | ||
| connectionRetries: 5, | ||
| baseLogger: { | ||
| log: () => {}, | ||
| warn: () => {}, | ||
| error: (...args) => process.stderr.write(args.join(" ") + "\n"), | ||
| info: () => {}, | ||
| debug: () => {}, | ||
| }, | ||
| }); |
There was a problem hiding this comment.
baseLogger and the TelegramClient options object are duplicated for authClient and the main client. Extracting these options into a small helper/constant would reduce duplication and the chance they drift over time (e.g., logger behavior or retry settings).
| if (!(await client.checkAuthorization())) { | ||
| process.stderr.write( | ||
| "Warning: Telegram session is no longer valid. Re-run `node index.js --auth`.\n", | ||
| ); |
There was a problem hiding this comment.
If checkAuthorization() fails after a successful connect(), the code sets client = null but doesn’t disconnect the already-open connection. Consider calling await client.disconnect() before dropping the reference to avoid leaving a lingering MTProto connection/handles alive in “degraded” mode.
Suggested change
| ); | |
| ); | |
| await client.disconnect(); |
auroracapital
added a commit
that referenced
this pull request
Apr 12, 2026
… telegram fix) (#32) * docs: rewrite READMEs with correct install flow, MCP vs CLI guide, and org URLs (#11) - All GitHub URLs now point to Lifecycle-Innovations-Limited/claude-ops - Root README: correct /plugin marketplace add + install commands, MCP vs CLI comparison table showing what each path gains/loses per integration - Inner README: consistent /ops:* colon syntax, GSD as optional, integrations split into CLI-only / MCP-only / choose-with-tradeoffs / plugin-bundled - setup.sh: auto-install missing core tools + npm deps on SessionStart - plugin.json: updated author URL, homepage, repository - marketplace.json + SECURITY.md: updated email Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: clarify Telegram setup is fully automated (phone + 2 codes) (#12) Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: add GSD companion plugin auto-install to setup wizard (#13) Setup wizard now offers to install GSD (Get Shit Done) as a companion plugin. Pulls latest version via plugin marketplace. Users choose [Install GSD] or [Skip]. Enhances /ops:go, /ops:projects, /ops:next dashboards with project roadmap state. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: replace gitleaks-action with local binary * Add CONTRIBUTING.md and issue/PR templates Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(ci): update gitleaks to v8.30.1 — linux_x64 asset name * feat: add /ops:uninstall skill for complete plugin removal (#26) Interactive uninstall that cleans up everything: keychain credentials, preferences, cache, shell profile exports, MCP registrations, and the plugin itself. Confirms each deletion step before proceeding. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(telegram): graceful degradation when credentials are missing (#28) Server no longer exits at startup when TELEGRAM_API_ID/HASH/SESSION are unset. It starts as a valid MCP server and returns a clear "not configured" error on every tool call instead of crashing, keeping the plugin loadable without Telegram credentials. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: polish README with ASCII art and terminal aesthetic (#29) Rewrote README with block ASCII logo, terminal-style /ops:go dashboard mockup, box-drawing tables throughout, and section headers — no content removed. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(setup): fix CLI probes, add appendix, improve registry/prefs/Telegram/WhatsApp flows (#30) * fix(setup): fix CLI probes, add appendix, improve registry/prefs/Telegram flows - Replace broken `gog inbox list` probe with `gog gmail labels list --json` - Replace broken `gog cal events --time-min` probe with `gog cal list --json --max 3` - Add CLI Reference Appendix with exact, tested syntax for gog, wacli, Slack, and keychain - Preferences step now always asks owner name, timezone (7 options), verbosity, and default channels — never auto-fills from memory - Registry step now scans filesystem for git repos via find and presents multiSelect; adds "Auto-detect from existing registry" option - Add parallelization rule to Hard Rules: run all diagnostic probes in parallel, background slow commands - Telegram flow now requires explicit opt-in ask before starting phone/auth flow; no silent skip - WhatsApp backfill failures are now swallowed silently; summary line never shows message counts or 0-result spam - Never show user's real name or email unless explicitly provided in the current session - Fix `wacli chats` → `wacli chats list` (correct subcommand) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add first-run onboarding banners (ops-welcome + ops-setup-complete) Animated ASCII art welcome sequence on first SessionStart (gates on preferences.json existence). Setup completion dashboard with channel/ project/agent/skill counts. Both scripts use ANSI colors with NO_COLOR graceful degradation. SessionStart hook updated to run welcome before setup check. Setup SKILL.md Step 8 calls completion banner with actual counts. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
auroracapital
added a commit
that referenced
this pull request
Apr 12, 2026
* docs: rewrite READMEs with correct install flow, MCP vs CLI guide, and org URLs (#11) - All GitHub URLs now point to Lifecycle-Innovations-Limited/claude-ops - Root README: correct /plugin marketplace add + install commands, MCP vs CLI comparison table showing what each path gains/loses per integration - Inner README: consistent /ops:* colon syntax, GSD as optional, integrations split into CLI-only / MCP-only / choose-with-tradeoffs / plugin-bundled - setup.sh: auto-install missing core tools + npm deps on SessionStart - plugin.json: updated author URL, homepage, repository - marketplace.json + SECURITY.md: updated email Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: clarify Telegram setup is fully automated (phone + 2 codes) (#12) Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: add GSD companion plugin auto-install to setup wizard (#13) Setup wizard now offers to install GSD (Get Shit Done) as a companion plugin. Pulls latest version via plugin marketplace. Users choose [Install GSD] or [Skip]. Enhances /ops:go, /ops:projects, /ops:next dashboards with project roadmap state. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: replace gitleaks-action with local binary * Add CONTRIBUTING.md and issue/PR templates Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(ci): update gitleaks to v8.30.1 — linux_x64 asset name * feat: add /ops:uninstall skill for complete plugin removal (#26) Interactive uninstall that cleans up everything: keychain credentials, preferences, cache, shell profile exports, MCP registrations, and the plugin itself. Confirms each deletion step before proceeding. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(telegram): graceful degradation when credentials are missing (#28) Server no longer exits at startup when TELEGRAM_API_ID/HASH/SESSION are unset. It starts as a valid MCP server and returns a clear "not configured" error on every tool call instead of crashing, keeping the plugin loadable without Telegram credentials. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: polish README with ASCII art and terminal aesthetic (#29) Rewrote README with block ASCII logo, terminal-style /ops:go dashboard mockup, box-drawing tables throughout, and section headers — no content removed. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(setup): fix CLI probes, add appendix, improve registry/prefs/Telegram/WhatsApp flows (#30) * fix(setup): fix CLI probes, add appendix, improve registry/prefs/Telegram flows - Replace broken `gog inbox list` probe with `gog gmail labels list --json` - Replace broken `gog cal events --time-min` probe with `gog cal list --json --max 3` - Add CLI Reference Appendix with exact, tested syntax for gog, wacli, Slack, and keychain - Preferences step now always asks owner name, timezone (7 options), verbosity, and default channels — never auto-fills from memory - Registry step now scans filesystem for git repos via find and presents multiSelect; adds "Auto-detect from existing registry" option - Add parallelization rule to Hard Rules: run all diagnostic probes in parallel, background slow commands - Telegram flow now requires explicit opt-in ask before starting phone/auth flow; no silent skip - WhatsApp backfill failures are now swallowed silently; summary line never shows message counts or 0-result spam - Never show user's real name or email unless explicitly provided in the current session - Fix `wacli chats` → `wacli chats list` (correct subcommand) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add first-run onboarding banners (ops-welcome + ops-setup-complete) Animated ASCII art welcome sequence on first SessionStart (gates on preferences.json existence). Setup completion dashboard with channel/ project/agent/skill counts. Both scripts use ANSI colors with NO_COLOR graceful degradation. SessionStart hook updated to run welcome before setup check. Setup SKILL.md Step 8 calls completion banner with actual counts. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: critical setup flow bugs (fatal shell redirects, wrong scripts, sync installs) (#33) - Fix Step 8 completion banner: move from ! fence to regular bash fence so <N> placeholders aren't shell-redirected - Fix Step 3a Telegram scout: replace incorrect ops-slack-autolink call with direct keychain check - Fix Step 2b GSD install: replace bash claude plugin commands (not shell commands) with slash command instructions - Fix setup.sh: add 30s timeout to brew installs and silence npm stdout with &>/dev/null - Fix CLI appendix + Step 3b.2: add Linux date fallback alongside macOS date -v-1d - Fix ops-welcome: detect actual skill/agent counts dynamically instead of hardcoding 15/9 Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: preflight data gatherer for zero-wait setup * fix: critical setup flow bugs (fatal shell redirects, wrong scripts, sync installs) - Fix Step 8 completion banner: move from ! fence to regular bash fence so <N> placeholders aren't shell-redirected - Fix Step 3a Telegram scout: replace incorrect ops-slack-autolink call with direct keychain check - Fix Step 2b GSD install: replace bash claude plugin commands (not shell commands) with slash command instructions - Fix setup.sh: add 30s timeout to brew installs and silence npm stdout with &>/dev/null - Fix CLI appendix + Step 3b.2: add Linux date fallback alongside macOS date -v-1d - Fix ops-welcome: detect actual skill/agent counts dynamically instead of hardcoding 15/9 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: preflight data gatherer for zero-wait setup Add ops-setup-preflight script that runs all environment probes in parallel as background jobs, writing results to /tmp/ops-preflight/ so the setup wizard has zero-latency data by the time the user answers the first question. Update ops-setup-detect to read from the preflight cache when available, avoiding redundant probes. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
auroracapital
added a commit
that referenced
this pull request
Apr 13, 2026
Server no longer exits at startup when TELEGRAM_API_ID/HASH/SESSION are unset. It starts as a valid MCP server and returns a clear "not configured" error on every tool call instead of crashing, keeping the plugin loadable without Telegram credentials. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
auroracapital
added a commit
that referenced
this pull request
Apr 13, 2026
… telegram fix) (#32) * docs: rewrite READMEs with correct install flow, MCP vs CLI guide, and org URLs (#11) - All GitHub URLs now point to Lifecycle-Innovations-Limited/claude-ops - Root README: correct /plugin marketplace add + install commands, MCP vs CLI comparison table showing what each path gains/loses per integration - Inner README: consistent /ops:* colon syntax, GSD as optional, integrations split into CLI-only / MCP-only / choose-with-tradeoffs / plugin-bundled - setup.sh: auto-install missing core tools + npm deps on SessionStart - plugin.json: updated author URL, homepage, repository - marketplace.json + SECURITY.md: updated email Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: clarify Telegram setup is fully automated (phone + 2 codes) (#12) Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: add GSD companion plugin auto-install to setup wizard (#13) Setup wizard now offers to install GSD (Get Shit Done) as a companion plugin. Pulls latest version via plugin marketplace. Users choose [Install GSD] or [Skip]. Enhances /ops:go, /ops:projects, /ops:next dashboards with project roadmap state. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: replace gitleaks-action with local binary * Add CONTRIBUTING.md and issue/PR templates Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(ci): update gitleaks to v8.30.1 — linux_x64 asset name * feat: add /ops:uninstall skill for complete plugin removal (#26) Interactive uninstall that cleans up everything: keychain credentials, preferences, cache, shell profile exports, MCP registrations, and the plugin itself. Confirms each deletion step before proceeding. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(telegram): graceful degradation when credentials are missing (#28) Server no longer exits at startup when TELEGRAM_API_ID/HASH/SESSION are unset. It starts as a valid MCP server and returns a clear "not configured" error on every tool call instead of crashing, keeping the plugin loadable without Telegram credentials. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: polish README with ASCII art and terminal aesthetic (#29) Rewrote README with block ASCII logo, terminal-style /ops:go dashboard mockup, box-drawing tables throughout, and section headers — no content removed. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(setup): fix CLI probes, add appendix, improve registry/prefs/Telegram/WhatsApp flows (#30) * fix(setup): fix CLI probes, add appendix, improve registry/prefs/Telegram flows - Replace broken `gog inbox list` probe with `gog gmail labels list --json` - Replace broken `gog cal events --time-min` probe with `gog cal list --json --max 3` - Add CLI Reference Appendix with exact, tested syntax for gog, wacli, Slack, and keychain - Preferences step now always asks owner name, timezone (7 options), verbosity, and default channels — never auto-fills from memory - Registry step now scans filesystem for git repos via find and presents multiSelect; adds "Auto-detect from existing registry" option - Add parallelization rule to Hard Rules: run all diagnostic probes in parallel, background slow commands - Telegram flow now requires explicit opt-in ask before starting phone/auth flow; no silent skip - WhatsApp backfill failures are now swallowed silently; summary line never shows message counts or 0-result spam - Never show user's real name or email unless explicitly provided in the current session - Fix `wacli chats` → `wacli chats list` (correct subcommand) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add first-run onboarding banners (ops-welcome + ops-setup-complete) Animated ASCII art welcome sequence on first SessionStart (gates on preferences.json existence). Setup completion dashboard with channel/ project/agent/skill counts. Both scripts use ANSI colors with NO_COLOR graceful degradation. SessionStart hook updated to run welcome before setup check. Setup SKILL.md Step 8 calls completion banner with actual counts. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
auroracapital
added a commit
that referenced
this pull request
Apr 13, 2026
* docs: rewrite READMEs with correct install flow, MCP vs CLI guide, and org URLs (#11) - All GitHub URLs now point to Lifecycle-Innovations-Limited/claude-ops - Root README: correct /plugin marketplace add + install commands, MCP vs CLI comparison table showing what each path gains/loses per integration - Inner README: consistent /ops:* colon syntax, GSD as optional, integrations split into CLI-only / MCP-only / choose-with-tradeoffs / plugin-bundled - setup.sh: auto-install missing core tools + npm deps on SessionStart - plugin.json: updated author URL, homepage, repository - marketplace.json + SECURITY.md: updated email Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: clarify Telegram setup is fully automated (phone + 2 codes) (#12) Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: add GSD companion plugin auto-install to setup wizard (#13) Setup wizard now offers to install GSD (Get Shit Done) as a companion plugin. Pulls latest version via plugin marketplace. Users choose [Install GSD] or [Skip]. Enhances /ops:go, /ops:projects, /ops:next dashboards with project roadmap state. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: replace gitleaks-action with local binary * Add CONTRIBUTING.md and issue/PR templates Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(ci): update gitleaks to v8.30.1 — linux_x64 asset name * feat: add /ops:uninstall skill for complete plugin removal (#26) Interactive uninstall that cleans up everything: keychain credentials, preferences, cache, shell profile exports, MCP registrations, and the plugin itself. Confirms each deletion step before proceeding. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(telegram): graceful degradation when credentials are missing (#28) Server no longer exits at startup when TELEGRAM_API_ID/HASH/SESSION are unset. It starts as a valid MCP server and returns a clear "not configured" error on every tool call instead of crashing, keeping the plugin loadable without Telegram credentials. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: polish README with ASCII art and terminal aesthetic (#29) Rewrote README with block ASCII logo, terminal-style /ops:go dashboard mockup, box-drawing tables throughout, and section headers — no content removed. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(setup): fix CLI probes, add appendix, improve registry/prefs/Telegram/WhatsApp flows (#30) * fix(setup): fix CLI probes, add appendix, improve registry/prefs/Telegram flows - Replace broken `gog inbox list` probe with `gog gmail labels list --json` - Replace broken `gog cal events --time-min` probe with `gog cal list --json --max 3` - Add CLI Reference Appendix with exact, tested syntax for gog, wacli, Slack, and keychain - Preferences step now always asks owner name, timezone (7 options), verbosity, and default channels — never auto-fills from memory - Registry step now scans filesystem for git repos via find and presents multiSelect; adds "Auto-detect from existing registry" option - Add parallelization rule to Hard Rules: run all diagnostic probes in parallel, background slow commands - Telegram flow now requires explicit opt-in ask before starting phone/auth flow; no silent skip - WhatsApp backfill failures are now swallowed silently; summary line never shows message counts or 0-result spam - Never show user's real name or email unless explicitly provided in the current session - Fix `wacli chats` → `wacli chats list` (correct subcommand) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add first-run onboarding banners (ops-welcome + ops-setup-complete) Animated ASCII art welcome sequence on first SessionStart (gates on preferences.json existence). Setup completion dashboard with channel/ project/agent/skill counts. Both scripts use ANSI colors with NO_COLOR graceful degradation. SessionStart hook updated to run welcome before setup check. Setup SKILL.md Step 8 calls completion banner with actual counts. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: critical setup flow bugs (fatal shell redirects, wrong scripts, sync installs) (#33) - Fix Step 8 completion banner: move from ! fence to regular bash fence so <N> placeholders aren't shell-redirected - Fix Step 3a Telegram scout: replace incorrect ops-slack-autolink call with direct keychain check - Fix Step 2b GSD install: replace bash claude plugin commands (not shell commands) with slash command instructions - Fix setup.sh: add 30s timeout to brew installs and silence npm stdout with &>/dev/null - Fix CLI appendix + Step 3b.2: add Linux date fallback alongside macOS date -v-1d - Fix ops-welcome: detect actual skill/agent counts dynamically instead of hardcoding 15/9 Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: preflight data gatherer for zero-wait setup * fix: critical setup flow bugs (fatal shell redirects, wrong scripts, sync installs) - Fix Step 8 completion banner: move from ! fence to regular bash fence so <N> placeholders aren't shell-redirected - Fix Step 3a Telegram scout: replace incorrect ops-slack-autolink call with direct keychain check - Fix Step 2b GSD install: replace bash claude plugin commands (not shell commands) with slash command instructions - Fix setup.sh: add 30s timeout to brew installs and silence npm stdout with &>/dev/null - Fix CLI appendix + Step 3b.2: add Linux date fallback alongside macOS date -v-1d - Fix ops-welcome: detect actual skill/agent counts dynamically instead of hardcoding 15/9 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: preflight data gatherer for zero-wait setup Add ops-setup-preflight script that runs all environment probes in parallel as background jobs, writing results to /tmp/ops-preflight/ so the setup wizard has zero-latency data by the time the user answers the first question. Update ops-setup-detect to read from the preflight cache when available, avoiding redundant probes. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
process.exit(1)at startup whenTELEGRAM_API_ID,TELEGRAM_API_HASH, orTELEGRAM_SESSIONare unset"Telegram not configured. Run /ops:setup telegram to set up."when credentials are missingclient.disconnect()Test plan
🤖 Generated with Claude Code
Note
Low Risk
Low risk behavioral change limited to Telegram server startup and tool-call gating; main risk is unintentionally masking misconfiguration by running in degraded mode instead of failing fast.
Overview
The Telegram MCP server now gracefully degrades when
TELEGRAM_API_ID/TELEGRAM_API_HASH/TELEGRAM_SESSIONare missing or the session is invalid: it starts in an unconfigured mode instead of exiting at startup.All tool invocations are gated on an initialized Telegram client; when unconfigured (or connection/auth fails) calls return a consistent
Telegram not configured...error message, and shutdown handlers nowdisconnect()only when a client exists.Reviewed by Cursor Bugbot for commit 4400e2b. Bugbot is set up for automated code reviews on this repo. Configure here.