Bug Description
Telegram MEDIA:<path> delivery can report success while the user receives only text and no playable audio attachment. This is a regression in a high-value gateway capability: archived Chronicle/voice-episode audio must be attachable from the canonical archive path, not silently dropped.
Observed Evidence
- User-visible failure: message said the official teaser was published, but no attachment appeared in Telegram.
- Gateway log showed the real failure earlier in the path:
Skipping unsafe MEDIA directive path outside allowed roots
- The tool response still surfaced success because the text portion was sent after media filtering removed the attachment.
- Direct Telegram Bot API retry worked from the same file:
- endpoint:
sendVoice
- result:
ok: true
- message_id:
1219
- returned
voice.duration: 152, mime_type: audio/ogg, file_size: 827183
Reproduction Shape
- Have a valid Ogg/Opus file under a durable archive path such as
~/.hermes/voice-episodes/.../teaser.ogg.
- Send a Telegram message through Hermes containing:
[[audio_as_voice]]MEDIA:/home/<user>/.hermes/voice-episodes/.../teaser.ogg
- Observe whether Telegram receives a native voice/audio attachment.
- Compare the result to a direct
sendVoice call with the same file.
Expected Behavior
- If a MEDIA directive is accepted, Telegram receives a playable attachment.
- If a MEDIA directive is rejected, the user/tool result must clearly report attachment failure, not plain-message success.
storage.safepath / operator-approved archival roots should be honored for media delivery after gateway/service restart.
Actual Behavior
- The user got no attachment.
- The assistant/tool reported success based on the text send.
- The failure became visible only through gateway logs or direct user complaint.
Acceptance Criteria
- Add a regression test for Telegram
[[audio_as_voice]] + MEDIA:<canonical archive path> delivery or at least media extraction/filtering result propagation.
- Ensure dropped media produces a warning/error in the returned result, not a false successful attachment claim.
- Add an operator-facing self-test command/script or documented probe that performs a real Telegram
sendVoice/sendAudio smoke test after updates.
- Verify
storage.safepath and HERMES_MEDIA_ALLOW_DIRS behavior in both gateway auto-delivery and send_message tool paths.
Timeline / Chronicle Note
This was encountered during Miadi Chronicle teaser publication and should remain part of the Iris/Hermes co-agency update timeline: an update/security tightening broke or obscured a core creative workflow until the user caught it in the field.
Bug Description
Telegram
MEDIA:<path>delivery can report success while the user receives only text and no playable audio attachment. This is a regression in a high-value gateway capability: archived Chronicle/voice-episode audio must be attachable from the canonical archive path, not silently dropped.Observed Evidence
Skipping unsafe MEDIA directive path outside allowed rootssendVoiceok: true1219voice.duration: 152,mime_type: audio/ogg,file_size: 827183Reproduction Shape
~/.hermes/voice-episodes/.../teaser.ogg.[[audio_as_voice]]MEDIA:/home/<user>/.hermes/voice-episodes/.../teaser.oggsendVoicecall with the same file.Expected Behavior
storage.safepath/ operator-approved archival roots should be honored for media delivery after gateway/service restart.Actual Behavior
Acceptance Criteria
[[audio_as_voice]] + MEDIA:<canonical archive path>delivery or at least media extraction/filtering result propagation.sendVoice/sendAudiosmoke test after updates.storage.safepathandHERMES_MEDIA_ALLOW_DIRSbehavior in both gateway auto-delivery andsend_messagetool paths.Timeline / Chronicle Note
This was encountered during Miadi Chronicle teaser publication and should remain part of the Iris/Hermes co-agency update timeline: an update/security tightening broke or obscured a core creative workflow until the user caught it in the field.