fix(telegram): lower polling keepalive delay

[amittell]

Summary

Lower Telegram polling's TCP keepalive initial delay from undici's default 60s to 30s.

Telegram getUpdates long-poll requests can sit idle for a long time. On some home or office networks, NAT entries expire around the same time as undici's default first keepalive probe, leaving no safety margin before the connection goes stale. This patch makes the Telegram dispatcher pass explicit keepalive options for direct, env-proxy, and explicit-proxy transports.

The PR was narrowed after review:

• No shared gateway health-policy change.
• No channel connect-grace change.
• No duplicate polling status/session test churn.

Test plan

• node scripts/run-vitest.mjs extensions/telegram/src/fetch.test.ts
• git diff --check

Real behavior proof

• Behavior addressed: Telegram long-poll connections can silently stall when a NAT/router drops an idle connection before the first TCP keepalive probe refreshes it.
• Real environment tested: Two production gateway hosts previously ran the Telegram transport keepalive subset: mac-mini.lan with two Telegram polling accounts and rh-bot.lan with one Telegram polling account. This narrowed final head was also verified locally with focused dispatcher-policy tests.
• Exact steps or command run after this patch: production soak used openclaw gateway status and openclaw channels status; final narrowed PR head used node scripts/run-vitest.mjs extensions/telegram/src/fetch.test.ts and git diff --check.
• Evidence after fix: copied live output from the production soak:

CLI version: 2026.5.12 (/opt/homebrew/bin/openclaw)
Gateway version: 2026.5.12
Runtime: running (pid 50650, state active)
Connectivity probe: ok
- Telegram default: enabled, configured, running, connected, in:12h ago, out:16m ago, mode:polling, token:config, groups:unmentioned
- Telegram ratbot: enabled, configured, running, connected, in:28h ago, out:28h ago, mode:polling, token:config, groups:unmentioned

fetch.test.ts now asserts that direct and env-proxy Telegram dispatchers carry keepAlive: true and keepAliveInitialDelay: 30_000 in the connect options.

• Observed result after fix: The production gateways' Telegram channels stayed running, connected during the soak with runtime uptime measured in days rather than repeated restart cycles. On the narrowed final head, 37 Telegram fetch tests passed locally and the PR diff is narrowed to extensions/telegram/src/fetch.ts and extensions/telegram/src/fetch.test.ts.
• What was not tested: Deliberately induced NAT expiry, because that needs a controlled router/NAT scenario. Final-head live Telegram deploy was not rerun after narrowing the branch.

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed May 28, 2026, 12:37 AM ET / 04:37 UTC.

Summary
This PR adds explicit Telegram dispatcher TCP keepalive options with a 30s initial delay and focused fetch tests for direct and env-proxy dispatcher policies.

PR surface: Source +4, Tests +8. Total +12 across 2 files.

Reproducibility: no. high-confidence current-main reproduction path was established. Source inspection and undici 8.3.0 source show current main relies on the 60s default keepalive delay, but the PR discussion says controlled NAT expiry and final-head live Telegram deploy were not tested.

Review metrics: 1 noteworthy metric.

• Telegram transport default: 1 keepalive timing changed; 3 dispatcher modes affected. The PR changes the effective TCP keepalive initial delay for Telegram polling across direct, env-proxy, and explicit-proxy transports, which is runtime behavior CI cannot fully simulate.

Merge readiness
Overall: 🦪 silver shellfish
Proof: 🦪 silver shellfish
Patch quality: 🐚 platinum hermit
Result: blocked until stronger real behavior proof is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• [P1] Post redacted final-head live Telegram polling proof from the narrowed head, including the command or gateway/channel status output used after the patch.
• [P1] Add an explicit-proxy keepalive assertion if maintainers want test parity for every dispatcher mode named in the PR body.

Proof guidance:

• [P1] Needs stronger real behavior proof before merge: The PR includes earlier production logs, but not a final-head live run; the contributor should add redacted final-head live output, logs, terminal proof, or a recording, then update the PR body so ClawSweeper re-reviews automatically or ask a maintainer for @clawsweeper re-review.

Mantis proof suggestion
A final-head live Telegram polling smoke would materially improve review confidence, even though it will not prove controlled NAT expiry by itself. A maintainer can ask Mantis to capture proof by posting a new PR comment that starts with the OpenClaw Mantis account mention, followed by:

telegram live: run a final-head Telegram polling smoke that sends and receives a message and includes redacted gateway/channel status logs.

Risk before merge

• [P1] The live proof is not tied to the narrowed final head, so maintainers still do not have real Telegram evidence that the final patch improves polling transport behavior in a deployed gateway.
• [P1] Changing TCP keepalive timing for Telegram long-poll sockets can affect real direct, env-proxy, and explicit-proxy networks in ways unit tests cannot settle, including socket churn, stalled delivery, or gateway availability.
• [P1] The PR source maps the explicit-proxy path through requestTls, but the new keepalive assertions directly cover only direct and env-proxy dispatchers.

Maintainer options:

1. Add final-head live Telegram proof (recommended)
   Have the contributor or a maintainer run the narrowed head with a Telegram polling account and post redacted gateway/channel output or logs showing the live transport path after the patch.
2. Accept the transport timing risk
   A maintainer can land based on source, undici contract, and focused tests while explicitly owning that final-head NAT/proxy behavior was not re-run live.
3. Pause for controlled NAT proof
   If maintainers need proof of the claimed NAT failure mode rather than a live smoke, pause this PR until a controlled router/NAT repro or equivalent network harness is available.

Next step before merge

• [P1] Needs maintainer proof/risk handling rather than a code repair; automation cannot supply the contributor’s final-head Telegram network evidence.

Security
Cleared: The diff only changes Telegram fetch transport options and focused tests; I found no concrete security or supply-chain regression.

Review details

Best possible solution:

Land the narrowed Telegram-only dispatcher change after final-head live Telegram polling proof is supplied or maintainers explicitly accept the transport risk.

Do we have a high-confidence way to reproduce the issue?

No high-confidence current-main reproduction path was established. Source inspection and undici 8.3.0 source show current main relies on the 60s default keepalive delay, but the PR discussion says controlled NAT expiry and final-head live Telegram deploy were not tested.

Is this the best way to solve the issue?

Yes for code shape: the narrowed Telegram dispatcher change is more maintainable than the earlier gateway grace and health-policy changes. The remaining blocker is proof and merge-risk handling, not a different implementation direction.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 647e18aa04a2.

Label changes

Label justifications:

• P1: The PR targets Telegram polling stalls that can interrupt live channel delivery and gateway availability for affected users.
• merge-risk: 🚨 message-delivery: Merging changes the live Telegram long-poll transport behavior, so incorrect timing or proxy behavior could still stall or disrupt message delivery.
• merge-risk: 🚨 availability: The change affects long-lived gateway sockets and needs live proof because socket churn or stale connections can affect channel and gateway availability.
• rating: 🦪 silver shellfish: Overall readiness is 🦪 silver shellfish; proof is 🦪 silver shellfish and patch quality is 🐚 platinum hermit.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs stronger real behavior proof before merge: The PR includes earlier production logs, but not a final-head live run; the contributor should add redacted final-head live output, logs, terminal proof, or a recording, then update the PR body so ClawSweeper re-reviews automatically or ask a maintainer for @clawsweeper re-review.

Evidence reviewed

PR surface:

Source +4, Tests +8. Total +12 across 2 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	1	21	17	+4
Tests	1	8	0	+8
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	2	29	17	+12

What I checked:

• Repository policy applied: Root AGENTS.md was read fully, extensions/AGENTS.md was read for the bundled plugin boundary, and the Telegram maintainer note says Telegram transport PRs need real Telegram proof, preferably bot-to-bot QA or an equivalent live probe. (.agents/maintainer-notes/telegram.md:28, 647e18aa04a2)
• Current main behavior: Current main builds Telegram connect options only for auto-select, IPv4 forcing, or DNS lookup and has no keepAliveInitialDelay setting in the Telegram dispatcher policy. (extensions/telegram/src/fetch.ts:162, 647e18aa04a2)
• PR implementation: The PR branch makes buildTelegramConnectOptions always return keepAlive: true and keepAliveInitialDelay: 30_000, then attaches that object to direct, env-proxy, and explicit-proxy policy paths. (extensions/telegram/src/fetch.ts:161, d31d6b4033d0)
• PR tests: The PR adds a helper asserting keepAlive and keepAliveInitialDelay and wires it into the direct and env-proxy dispatcher tests; explicit-proxy coverage remains indirect through the existing requestTls path. (extensions/telegram/src/fetch.test.ts:280, d31d6b4033d0)
• Dependency contract: OpenClaw pins undici 8.3.0, whose connector source sets TCP keepalive by default and uses a 60_000 ms default when keepAliveInitialDelay is undefined; the PR changes that timing to 30_000 for Telegram dispatchers. (package.json:1875, 647e18aa04a2)
• Release/current-main check: The latest release tag v2026.5.26 also lacks keepAliveInitialDelay in Telegram fetch.ts, and no tag contains the PR head SHA, so this change is not already shipped or implemented on current main. (extensions/telegram/src/fetch.ts:162, 10ad3aa16068)

Likely related people:

• steipete: Git history shows Peter Steinberger authored the fetch runtime SDK seam and recent Telegram network logging work, and shortlog shows the heaviest recent contribution count across the fetch/runtime files sampled. (role: recent area contributor; confidence: high; commits: a126d23f0df4, b96f5d94dba6; files: extensions/telegram/src/fetch.ts, src/infra/net/undici-runtime.ts)
• obviyus: The central Telegram transport fallback chain that resolveTelegramDispatcherPolicy builds on appears in the sampled history as authored by Ayaan Zaidi, who maps to the obviyus account in the PR context. (role: transport fallback feature history; confidence: medium; commits: e4825a0f9385; files: extensions/telegram/src/fetch.ts)
• vincentkoc: Vincent Koc authored the trusted explicit-proxy Telegram work that is adjacent to the requestTls/proxyTls path this PR now relies on for explicit-proxy keepalive behavior. (role: adjacent explicit-proxy owner; confidence: medium; commits: 4251ad6638e7; files: extensions/telegram/src/fetch.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[Copilot]

Pull request overview

Addresses Telegram long-poll stalls and spurious "disconnected" channel restarts. Adds OS-level TCP keepalive to undici's connect options for api.telegram.org so NAT timeouts and dead sockets surface promptly, stops the polling status publisher from clobbering connected: false at every cycle start, and widens the shared channel connect-grace window from 120s to 300s so slow-handshake channels aren't flagged disconnected before they finish connecting.

Changes:

• Always set keepAlive: true / keepAliveInitialDelay: 30_000 on the Telegram undici Agent connect options.
• Remove the connected: false write from notePollingStart; only notePollingStop/notePollingError mark the channel disconnected.
• Bump DEFAULT_CHANNEL_CONNECT_GRACE_MS from 120s to 300s and update related Telegram tests.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
extensions/telegram/src/fetch.ts	Enables undici TCP keepalive on the Telegram getUpdates transport; returns connect opts unconditionally.
extensions/telegram/src/polling-status.ts	Stops notePollingStart from publishing connected: false; keeps telemetry-only reset.
extensions/telegram/src/polling-status.test.ts	Adds regression test asserting notePollingStart patch omits connected.
extensions/telegram/src/polling-session.test.ts	Updates expectations: one (not two) connected:false patch per stall+recover cycle; verifies cycle-start telemetry reset.
src/gateway/channel-health-policy.ts	Widens default channel connect grace from 120s to 300s with motivating comment.

[amittell]

Addressed both findings in 835553c (fix/telegram-polling-nat-keepalive).

P1 (preserve startup liveness after reconnects): added a post-grace branch to evaluateChannelHealth that flags polling channels as stale-socket when an inherited connected:true is paired with null lastConnectedAt AND null lastTransportActivityAt AND a non-null lastStartAt. Scoped to mode === "polling" so webhook channels and channels without continuous transport tracking are not falsely flagged.

P2 (align Telegram status grace with health grace): set TELEGRAM_POLLING_CONNECT_GRACE_MS = 300_000 in extensions/telegram/src/status-issues.ts with a comment cross-referencing DEFAULT_CHANNEL_CONNECT_GRACE_MS. openclaw channels status now suppresses polling-startup runtime issues for the same 300s window as the background health monitor.

Tests added in src/gateway/channel-health-policy.test.ts:

• flags polling startups that hang before first transport activity (covers the new branch)
• keeps polling channels healthy during the connect grace even with null transport (regression for the grace branch)
• does not flag stale-startup when the polling channel has a prior successful connect (regression for legitimate quiet polling)

extensions/telegram/src/status.test.ts post-grace tests updated to lastStartAt: Date.now() - 301_000.

Acceptance criteria run locally and green:

node scripts/run-vitest.mjs \
  extensions/telegram/src/polling-status.test.ts \
  extensions/telegram/src/polling-session.test.ts \
  extensions/telegram/src/status.test.ts \
  extensions/telegram/src/fetch.test.ts \
  src/gateway/channel-health-policy.test.ts
# Tests 162 passed (162)

pnpm check:changed
# exit 0

[obviyus]

Landed via squash onto main.

• Scoped tests: node scripts/run-vitest.mjs extensions/telegram/src/fetch.test.ts; git diff --check origin/main...HEAD; node ~/.codex/skills/custom/telegram-e2e-bot-to-bot/scripts/run-mock-sut-e2e.mjs --gateway-port 19979 --mock-port 19982 --text '@{sut} Please answer with OPENCLAW_E2E_OK only.' --expect OPENCLAW_E2E_OK
• Real behavior proof: Telegram bot-to-bot smoke passed on rebased head; SUT replied OPENCLAW_E2E_OK in-thread, mockRequests=1
• Changelog: not updated; CHANGELOG.md is release-owned for normal PRs, release-note context is in the PR body
• Land commit: 6462fff
• Merge commit: f7c32fc

Thanks @amittell!