Telegram retry regex too strict: bare grammy `Network request for 'X' failed!` (no "after") never classified as recoverable for `context: send`, drops outbound messages

[charlie-morrison]

Summary

isRecoverableTelegramNetworkError(err, { context: "send" }) in extensions/telegram/src/network-errors.ts (compiled dist/send-*.js) fails to classify grammy's bare pre-connect form Network request for 'sendChatAction' failed! as recoverable — so the per-request shouldRetry predicate in createTelegramRequestWithDiag returns false and the user-visible reply is silently dropped.

Root cause

The regex used to whitelist grammy network errors only matches the post-connect form:

// dist/send-BZcD66uc.js (compiled from extensions/telegram/src/network-errors.ts)
const GRAMMY_NETWORK_REQUEST_FAILED_AFTER_RE =
    /^network request(?:\s+for\s+["']?[^"']+["']?)?\s+failed\s+after\b.*[!.]?$/i;

…but grammy raises two distinct forms:

Form	Example message	Meaning
Pre-connect	Network request for 'sendChatAction' failed!	fetch aborted before bytes hit the wire (event-loop starvation timer, dead-pool socket synchronous error, DNS failure). Safe to retry — message did NOT reach Telegram.
Post-connect	Network request for 'sendChatAction' failed after 5 attempts: ...	grammy's own retry budget exhausted. Risky to retry — message MAY have been delivered.

The current regex requires the literal failed\s+after\b, so the pre-connect form (the safer one to retry) is rejected, while the post-connect form (the riskier one) passes.

For context: "send", allowMessageMatch=false is set deliberately to avoid retrying the post-connect form and producing duplicate user messages. That's correct for the post-connect case — but it also skips the snippet check RECOVERABLE_MESSAGE_SNIPPETS (which DOES contain "network request"), leaving only the broken regex as the gatekeeper.

Net effect: a single transient socket-pool failure during event-loop starvation drops the user's reply with no retry.

Reproduction

1. Run openclaw gateway under CPU pressure on a low-resource machine (we hit it on a 2GB Asus E200HA with concurrent model calls).
2. Observe periodic [diagnostic] liveness warning: ... eventLoopDelayMaxMs=15000 and accompanying [fetch-timeout] timer delayed 33208ms, likely event-loop starvation.
3. Around the starvation window, watch grammy raise Network request for 'sendChatAction' failed! (no "after").
4. Confirm [telegram] message processing failed: HttpError: Network request for 'sendMessage' failed! — single attempt, no retry.

Repro on our box: 2026-05-10 20:15:19-20:17:47 — 39 send failures over 140s, all single-attempt, no retry log lines. v2026.5.3-1.

Suggested fix

Make the post-connect after ... clause optional — the regex still matches both forms safely:

- const GRAMMY_NETWORK_REQUEST_FAILED_AFTER_RE =
-     /^network request(?:\s+for\s+["']?[^"']+["']?)?\s+failed\s+after\b.*[!.]?$/i;
+ const GRAMMY_NETWORK_REQUEST_FAILED_RE =
+     /^network request(?:\s+for\s+["']?[^"']+["']?)?\s+failed(?:\s+after\b.*)?[!.]?$/i;

Test cases (all should match):

Network request for 'sendChatAction' failed!              ← pre-connect, currently DROPS
Network request for 'sendChatAction' failed after 5 attempts.  ← post-connect, currently matches
Network request failed                                    ← bare, currently DROPS
Network request for getMe failed.                         ← currently DROPS

Negative cases (should NOT match):

telegram returned 401 unauthorized
ETIMEDOUT
completely unrelated error message

Verified locally — old regex matches 1/4 positive cases; new regex matches 4/4 with no false positives.

Why this is safe

The pre-connect form happens specifically when grammy's internal fetch aborts before any bytes are written — either via AbortSignal (timeout firing) or synchronously from a dead undici pool socket. In both cases the request never reached api.telegram.org, so retry cannot create a duplicate.

Related

• Telegram long-polling stalls permanently after NAT drops idle TCP connections — undici connection pool not recycled on restart #48029 — Telegram long-polling stalls when undici keep-alive pool not recycled (same underlying cause: dead pool sockets after NAT idle eviction)
• Telegram polling stalls indefinitely when proxy TCP connection drops silently #41704 — Telegram polling stalls when proxy TCP connection drops silently
• Gateway CPU spin causes Telegram replies to stall and status probe to time out #72338 — Gateway CPU spin causes Telegram replies to stall

Workaround

Patch dist/send-*.js post-install (we wired this into a post-openclaw-upgrade.sh hook to survive package updates).

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed May 26, 2026, 12:52 AM ET / 04:52 UTC.

Summary
Keep open: current main and the latest release still reject the reported bare grammY network envelope in send-context classification, and the open linked PR is the active fix path rather than a reason to close this issue early.

Reproducibility: yes. for the source-level classifier path: current source and tests show the bare Network request for 'sendMessage' failed! envelope returns false in send context. I did not run a live low-resource Telegram reproduction in this read-only review.

Next step
No new repair job: an open linked PR already references this issue and should be reviewed, proved, or replaced instead of queueing a competing fix.

Review details

Best possible solution:

Land or replace the linked PR with a focused Telegram retry fix that safely identifies dependency-proven pre-connect grammY failures, preserves duplicate-delivery guardrails, and adds regression plus real Telegram proof.

Do we have a high-confidence way to reproduce the issue?

Yes for the source-level classifier path: current source and tests show the bare Network request for 'sendMessage' failed! envelope returns false in send context. I did not run a live low-resource Telegram reproduction in this read-only review.

Is this the best way to solve the issue?

Unclear that the exact optional-regex suggestion is the safest final shape. The maintainable fix should distinguish dependency-proven pre-connect failures from ambiguous non-idempotent send failures and include tests for both outcomes.

AGENTS.md: found and applied where relevant.

Remaining risk / open question:

• The suggested optional-regex fix may retry ambiguous non-idempotent send failures unless it proves the bare envelope is safe or keys off grammY's nested HttpError.error details.
• The linked PR still needs maintainer review and real behavior proof because a retry-policy mistake can trade message loss for duplicate Telegram messages.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 23e9bc8c0b61.

Label changes

Label changes:

• add clawsweeper:needs-product-decision: Current issue advisory state selects this label.
• remove clawsweeper:linked-pr-open: Current issue advisory state no longer selects this label.

Label justifications:

• P1: The issue reports a Telegram outbound retry path that can drop real channel replies during transient network failure.
• impact:message-loss: The affected behavior is lost outbound Telegram delivery when retry classification rejects a recoverable send-context network failure.

Evidence reviewed

What I checked:

• Current source keeps the strict envelope regex: GRAMMY_NETWORK_REQUEST_FAILED_AFTER_RE still requires failed after, so the bare grammY message form does not match this allowlist before broad snippets are suppressed for send context. (extensions/telegram/src/network-errors.ts:57, 23e9bc8c0b61)
• Current tests preserve the reported rejection: The test suite explicitly expects Network request for 'sendMessage' failed! to return false in context: "send" while polling remains recoverable. (extensions/telegram/src/network-errors.test.ts:130, 23e9bc8c0b61)
• Send-context retry predicates still depend on this classifier for visible Telegram operations: Typing, reaction, and delete send-context operations pass isRecoverableTelegramNetworkError(err, { context: "send" }) into the retry runner; message sends use a stricter safe-send path that still rejects generic bare envelopes without nested safe evidence. (extensions/telegram/src/send.ts:1033, 23e9bc8c0b61)
• Dependency contract emits the bare grammY envelope: OpenClaw pins grammy 1.43.0, whose toHttpError constructs Network request for '<method>' failed! and stores the original thrown error on HttpError.error; the final fix should use that dependency-backed shape safely. (extensions/telegram/package.json:10, 23e9bc8c0b61)
• Latest release still has the same behavior: Tag v2026.5.22 still contains the strict failed after regex and the send-context test expecting the bare envelope to be false, so the latest release did not ship a fix. (extensions/telegram/src/network-errors.ts:57, a374c3a5bfd5)
• Open linked PR owns the current implementation path: GitHub API data shows fix(telegram): make pre-connect network failures recoverable in send context #80529 is open, unmerged, and its body uses closing syntax for this issue, so this issue should stay open until that PR lands or is replaced. (78030a768cc5)

Likely related people:

• steipete: Local shortlog/blame and GitHub commit history show repeated recent work on Telegram send paths, retry-adjacent delivery behavior, and the current carried source snapshot. (role: recent area contributor; confidence: high; commits: d00d0a21c2dd, 3cf806d17215, 827b0de0ce74; files: extensions/telegram/src/network-errors.ts, extensions/telegram/src/network-errors.test.ts, extensions/telegram/src/send.ts)
• chinar-amrutkar: Authored the earlier wrapped Telegram send-failure retry work that added grammY HttpError retry coverage and strict send retry tests around this classifier area. (role: introduced adjacent behavior; confidence: medium; commits: 3f67581e50a3; files: extensions/telegram/src/network-errors.ts, extensions/telegram/src/network-errors.test.ts, src/infra/retry-policy.ts)
• MarsDoge: Authored the recent Telegram 421 retry change that touched the same network-error classifier and strict non-idempotent send retry policy. (role: adjacent retry contributor; confidence: medium; commits: 63b728de4325; files: extensions/telegram/src/network-errors.ts, extensions/telegram/src/network-errors.test.ts, src/infra/retry-policy.ts)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[openclaw-barnacle]

This issue has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.