Fix Telegram callback API handling

[obviyus]

Summary

• Remove Telegram callback duck-typing around concrete grammy API methods.
• Preserve callback business connection and topic routing metadata on direct Bot API calls.
• Add regressions for callback edit, reply, delete, business metadata, and General-topic routing.

Verification

• node scripts/run-vitest.mjs extensions/telegram/src/bot.test.ts extensions/telegram/src/bot.create-telegram-bot.test.ts (176 passed)
• .agents/skills/autoreview/scripts/autoreview --mode branch --base main (clean)

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed June 10, 2026, 3:52 AM ET / 07:52 UTC.

Summary
The PR changes Telegram callback handling to use concrete bot.api methods, preserve callback business/topic metadata on edits and replies, and add focused Telegram callback regression tests.

PR surface: Source -7, Tests +129. Total +122 across 4 files.

Reproducibility: no. live high-confidence reproduction was established. Source inspection shows the current callback fallback path drops explicit business/topic params when context helpers are absent, and the PR adds focused unit coverage for that path.

Review metrics: 1 noteworthy metric.

• Callback Bot API actions: 5 switched to concrete bot.api calls. The PR changes answer, edit text, edit markup, delete, and reply callback paths, so live transport proof matters before merge.

Merge readiness
Overall: 🧂 unranked krab
Proof: 🧂 unranked krab
Patch quality: 🐚 platinum hermit
Result: blocked until real behavior proof from a real setup is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• [P1] Add redacted real Telegram proof for callback edit, reply, delete, and topic routing after this patch.
• Include the exact live environment and observed result in the PR body.

Proof guidance:

• [P1] Needs real behavior proof before merge: The PR body only lists unit tests and autoreview; add redacted screenshot, recording, terminal output, or logs from a real Telegram callback flow, then update the PR body for automatic re-review or ask a maintainer to comment @clawsweeper re-review.

Mantis proof suggestion
A native Telegram Desktop proof would materially verify the visible callback edit, reply, delete, and topic-routing behavior that unit tests cannot prove. A maintainer can ask Mantis to capture proof by posting a new PR comment that starts with the OpenClaw Mantis account mention, followed by:

telegram desktop proof: verify callback edit, reply, and delete after button taps, including topic routing where available.

Risk before merge

• [P1] No real Telegram callback proof is attached; unit tests do not prove live Bot API behavior for business metadata, topic routing, button edits, replies, and deletes.
• [P1] The changed callback transport path can fail or misroute visible Telegram replies/buttons if the explicit business or topic params differ from grammy context behavior.

Maintainer options:

1. Prove Callback Transport Live (recommended)
   Add redacted Telegram Desktop or bot-to-bot proof covering callback edit, reply, delete, and topic routing before merge.
2. Accept Unit-Only Transport Risk
   A maintainer could intentionally land with the focused unit tests while owning the unproven live Telegram Bot API behavior.

Next step before merge

• [P1] The protected maintainer label and missing live Telegram proof make this a human validation item rather than an automated repair lane.

Security
Cleared: The diff only changes Telegram runtime callback calls and tests; it does not touch dependencies, CI, secrets, permissions, or package execution paths.

Review details

Best possible solution:

Land the direct bot.api implementation only after maintainer review and redacted real Telegram proof confirm callback edit, reply, delete, and topic-routing behavior in a live transport.

Do we have a high-confidence way to reproduce the issue?

No live high-confidence reproduction was established. Source inspection shows the current callback fallback path drops explicit business/topic params when context helpers are absent, and the PR adds focused unit coverage for that path.

Is this the best way to solve the issue?

Yes, the code shape appears to be the right narrow fix: direct bot.api calls remove callback-context duck typing and explicitly carry the metadata OpenClaw needs. The remaining blocker is live Telegram proof, not a code finding.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against e3fe6715afb6.

Label changes

Label justifications:

• P2: This is a normal Telegram callback bug fix with limited blast radius and focused tests, not an urgent core outage.
• merge-risk: 🚨 message-delivery: The changed callback transport path can misroute or fail visible Telegram callback replies/buttons if business or topic metadata is wrong.
• rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🧂 unranked krab and patch quality is 🐚 platinum hermit.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: The PR body only lists unit tests and autoreview; add redacted screenshot, recording, terminal output, or logs from a real Telegram callback flow, then update the PR body for automatic re-review or ask a maintainer to comment @clawsweeper re-review.
• mantis: telegram-visible-proof: Mantis should capture Telegram visible proof. The PR changes visible Telegram callback button edit, reply, and delete behavior that can be demonstrated in a short Telegram Desktop recording.

Evidence reviewed

PR surface:

Source -7, Tests +129. Total +122 across 4 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	2	38	45	-7
Tests	2	130	1	+129
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	4	168	46	+122

What I checked:

• Repository policy applied: Root and extension policy were read, and the Telegram maintainer note says callback/topic transport changes need real Telegram proof over synthetic-only validation. (.agents/maintainer-notes/telegram.md:37, e3fe6715afb6)
• Current main behavior: Current main still duck-types grammy context helpers for callback answer/edit/reply/delete paths, with direct API fallbacks that do not explicitly add callback business or topic routing parameters. (extensions/telegram/src/bot-handlers.runtime.ts:1961, e3fe6715afb6)
• PR implementation: The PR head calls bot.api.answerCallbackQuery, editMessageText, editMessageReplyMarkup, deleteMessage, and sendMessage directly, adding business metadata and reusable thread params for callback replies. (extensions/telegram/src/bot-handlers.runtime.ts:1963, 22c2c41f344e)
• Regression coverage: The PR adds callback tests for business edit metadata, direct Bot API deletion, topic reply params, and General-topic omission. (extensions/telegram/src/bot.test.ts:2831, 22c2c41f344e)
• Dependency contract checked: grammY 1.43.0 / @grammyjs/types 3.27.3 expose these Bot API methods with business_connection_id, message_thread_id, and direct_messages_topic_id where relevant, so the direct-call fix needs to preserve those params explicitly.
• Proof and label state: The live PR body lists unit-test and autoreview commands only, and the PR currently carries maintainer, status: 📣 needs proof, and mantis: telegram-visible-proof labels.

Likely related people:

• steipete: Recent GitHub path history shows repeated Telegram handler and interactive-dispatch maintenance, including refactor: trim telegram helper exports touching extensions/telegram/src/interactive-dispatch.ts. (role: recent area contributor; confidence: medium; commits: d5736710a9d8; files: extensions/telegram/src/interactive-dispatch.ts, extensions/telegram/src/bot-handlers.runtime.ts)
• yaanfpv: The portable Codex command picker work changed Telegram callback-button routing and extensions/telegram/src/bot-handlers.runtime.ts, which is adjacent to this callback API fix. (role: feature owner; confidence: medium; commits: 400be62f76ca; files: extensions/telegram/src/bot-handlers.runtime.ts, extensions/telegram/src/native-command-callback-data.ts, extensions/telegram/src/button-types.ts)
• alexph-dev: Recent DM topic routing work changed bot-handlers.runtime.ts, bot/helpers.ts, and Telegram topic tests, which overlap the callback topic metadata behavior under review. (role: adjacent owner; confidence: medium; commits: aa117ec4dece; files: extensions/telegram/src/bot-handlers.runtime.ts, extensions/telegram/src/bot/helpers.ts, extensions/telegram/src/bot.test.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[obviyus]

Land proof for PR #91876:

• Rebased onto origin/main at 0948bd648af890ba0c342e48b0e50271deddb1df.
• Pushed head 22c2c41f344e7df0564a21aebbedf941c5e502bf.
• Focused tests passed: node scripts/run-vitest.mjs extensions/telegram/src/bot.test.ts extensions/telegram/src/bot.create-telegram-bot.test.ts.
• Fresh branch autoreview clean: .agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main.
• CI has unrelated red checks outside this Telegram diff:
  • checks-node-agentic-agents-core-runner: src/agents/main-session-restart-recovery.test.ts:910, expected skipped: 2, got skipped: 1.
  • build-artifacts: scripts/package-acceptance-workflow.test.ts:1398, QA workflow runner-label assertion.
• Branch diff only touches extensions/telegram/src/*.
• Changelog not updated; normal PRs use release-generated changelog entries.

Merging via rebase per maintainer instruction despite unrelated red CI.