Skip to content

Telegram: add webhookCertPath and skip stale-socket in webhook mode#39313

Closed
fellanH wants to merge 1 commit intoopenclaw:mainfrom
fellanH:feat/39303-telegram-webhook-cert-fix
Closed

Telegram: add webhookCertPath and skip stale-socket in webhook mode#39313
fellanH wants to merge 1 commit intoopenclaw:mainfrom
fellanH:feat/39303-telegram-webhook-cert-fix

Conversation

@fellanH
Copy link
Copy Markdown
Contributor

@fellanH fellanH commented Mar 8, 2026

closes #39303

@openclaw-barnacle openclaw-barnacle bot added channel: telegram Channel integration: telegram gateway Gateway runtime size: S labels Mar 8, 2026
@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps bot commented Mar 8, 2026

Greptile Summary

This PR adds two focused fixes for Telegram webhook mode: (1) a webhookCertPath config option that uploads a self-signed PEM certificate via grammy's InputFile during setWebhook registration, preventing SSL verification failures; and (2) a general snapshot.mode !== "webhook" guard in evaluateChannelHealth to skip stale-socket detection for any channel operating in webhook mode (where there is no persistent outgoing socket to go half-dead).

Key observations:

  • The webhookCertPath is correctly threaded through all layers: Zod schema → TelegramAccountConfigchannel.tsMonitorTelegramOptsstartTelegramWebhookbot.api.setWebhook.
  • The health-policy bypass is general and benefits other webhook channels (LINE, Nextcloud Talk, Zalo) in addition to Telegram, which was already excluded via the pre-existing channelId !== "telegram" check.
  • Both changes have corresponding unit tests with good coverage of the new code paths.
  • The mode field added to ChannelHealthSnapshot is typed as string rather than a narrower union ("webhook" | "polling"), which leaves room for silent typos to bypass the new guard.

Confidence Score: 4/5

  • Safe to merge; changes are well-scoped and tested with only a minor typing concern.
  • The two features are independently useful, fully tested, and correctly wired through the config/channel/monitor chain. The single verified issue is the loosely-typed mode?: string field, which could allow silent typos that bypass the webhook stale-socket guard. However, this does not affect any currently deployed code paths since all assignments use hardcoded literals.
  • src/gateway/channel-health-policy.ts — the mode field type should be narrowed to prevent silent bypasses.

Last reviewed commit: b798609

greptile-apps[bot]
greptile-apps bot reviewed Mar 8, 2026
View reviewed changes
src/gateway/channel-health-policy.ts
lastEventAt?: number | null;
lastStartAt?: number | null;
reconnectAttempts?: number;
mode?: string;
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps bot Mar 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mode is typed as string, but the only values used across the codebase are "webhook" and "polling" (and occasionally undefined). Using a bare string means a typo like "Webhook" or "webhooks" would silently bypass the stale-socket check without any compile-time or runtime error.

Consider narrowing the type:

Suggested change
mode?: string;
mode?: "webhook" | "polling";

This would make the intent clearer and catch incorrect values at compile time.

Prompt To Fix With AI 
This is a comment left during a code review.
Path: src/gateway/channel-health-policy.ts
Line: 15

Comment:
`mode` is typed as `string`, but the only values used across the codebase are `"webhook"` and `"polling"` (and occasionally `undefined`). Using a bare `string` means a typo like `"Webhook"` or `"webhooks"` would silently bypass the stale-socket check without any compile-time or runtime error.

Consider narrowing the type:

```suggestion
  mode?: "webhook" | "polling";
```

This would make the intent clearer and catch incorrect values at compile time.

How can I resolve this? If you propose a fix, please make it concise.

@steipete steipete mentioned this pull request Mar 8, 2026
Open
steipete added a commit that referenced this pull request Mar 8, 2026
@steipete @fellanH
fix: restore Telegram webhook-mode health after restarts
9d7d961 
Landed from contributor PR #39313 by @fellanH.

Co-authored-by: Felix Hellström <[email protected]>
@steipete
Copy link
Copy Markdown
Contributor

steipete commented Mar 8, 2026

Landed on main after rebasing onto the latest origin/main.

What we shipped:

  • added webhookCertPath through Telegram config/schema/runtime so self-signed webhook certs get re-uploaded during webhook registration
  • skipped stale-socket detection for Telegram channels running in webhook mode so health-monitor restarts do not flap them unhealthy
  • added regression coverage in src/telegram/webhook.test.ts and src/gateway/channel-health-policy.test.ts
  • updated CHANGELOG.md
  • ran pnpm lint, pnpm build, and pnpm test

Landed commits:

Thanks @fellanH.

@steipete steipete closed this Mar 8, 2026
mcaxtr pushed a commit to mcaxtr/openclaw that referenced this pull request Mar 8, 2026
@steipete @fellanH @mcaxtr
fix: restore Telegram webhook-mode health after restarts
28f1150 
Landed from contributor PR openclaw#39313 by @fellanH.

Co-authored-by: Felix Hellström <[email protected]>
Saitop pushed a commit to NomiciAI/openclaw that referenced this pull request Mar 8, 2026
@steipete @fellanH
fix: restore Telegram webhook-mode health after restarts
5f6e0e4 
Landed from contributor PR openclaw#39313 by @fellanH.

Co-authored-by: Felix Hellström <[email protected]>
GordonSH-oss pushed a commit to GordonSH-oss/openclaw that referenced this pull request Mar 9, 2026
@steipete @fellanH @GordonSH-oss
fix: restore Telegram webhook-mode health after restarts
1784e76 
Landed from contributor PR openclaw#39313 by @fellanH.

Co-authored-by: Felix Hellström <[email protected]>
jenawant pushed a commit to jenawant/openclaw that referenced this pull request Mar 10, 2026
@steipete @fellanH @jenawant
fix: restore Telegram webhook-mode health after restarts
52470e2 
Landed from contributor PR openclaw#39313 by @fellanH.

Co-authored-by: Felix Hellström <[email protected]>
dhoman pushed a commit to dhoman/chrono-claw that referenced this pull request Mar 11, 2026
@steipete @fellanH @dhoman
fix: restore Telegram webhook-mode health after restarts
a53282c 
Landed from contributor PR openclaw#39313 by @fellanH.

Co-authored-by: Felix Hellström <[email protected]>
@karesansui-u karesansui-u mentioned this pull request Mar 15, 2026
Closed
senw-developers pushed a commit to senw-developers/va-openclaw that referenced this pull request Mar 17, 2026
@steipete @fellanH @Shlemon
fix: restore Telegram webhook-mode health after restarts
366d333 
Landed from contributor PR openclaw#39313 by @fellanH.

Co-authored-by: Felix Hellström <[email protected]>
V-Gutierrez pushed a commit to V-Gutierrez/openclaw-vendor that referenced this pull request Mar 17, 2026
@steipete @fellanH @V-Gutierrez
fix: restore Telegram webhook-mode health after restarts
8b3df3e 
Landed from contributor PR openclaw#39313 by @fellanH.

Co-authored-by: Felix Hellström <[email protected]>
alexey-pelykh pushed a commit to remoteclaw/remoteclaw that referenced this pull request Mar 22, 2026
@steipete @fellanH @alexey-pelykh
fix: restore Telegram webhook-mode health after restarts
3fad7a5 
Landed from contributor PR openclaw#39313 by @fellanH.

Co-authored-by: Felix Hellström <[email protected]>
(cherry picked from commit 9d7d961)
alexey-pelykh added a commit to remoteclaw/remoteclaw that referenced this pull request Mar 22, 2026
@alexey-pelykh @steipete
@Sid-Qin @fellanH @obviyus
Cherry-pick issue #892: upstream CI, gateway, chat, channels fixes (#…
a9a56dd 
…1796)

* fix(ci): stabilize detect-secrets baseline

(cherry picked from commit 08597e8)

* fix(gateway): distinguish disconnected from stuck in health-monitor restart reason

resolveChannelRestartReason did not handle the "disconnected" evaluation
reason explicitly, so it fell through to "stuck". This conflates a clean
WebSocket drop (e.g. Discord 1006) with a genuinely stuck channel, making
logs misleading and preventing future policy differentiation.

Add "disconnected" to ChannelRestartReason and handle it before the
catch-all "stuck" return.

Closes openclaw#36404

(cherry picked from commit 066d589)

* fix: land health-monitor disconnected reason label (openclaw#36436) (thanks @Sid-Qin)

(cherry picked from commit 1e05f14)

* fix: restore Telegram webhook-mode health after restarts

Landed from contributor PR openclaw#39313 by @fellanH.

Co-authored-by: Felix Hellström <[email protected]>
(cherry picked from commit 9d7d961)

* fix(chat): preserve sender labels in dashboard history

(cherry picked from commit 930caea)

* refactor(channels): share native command session targets

(cherry picked from commit e381ab6)

---------

Co-authored-by: Peter Steinberger <[email protected]>
Co-authored-by: SidQin-cyber <[email protected]>
Co-authored-by: Felix Hellström <[email protected]>
Co-authored-by: Ayaan Zaidi <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

channel: telegram Channel integration: telegram gateway Gateway runtime size: S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: health-monitor stale-socket breaks webhook mode with self-signed certs

2 participants

@fellanH @steipete