Over the last week I saw a noticeable regression in Telegram reliability, with bot sends intermittently failing and logs filling up with Network request for 'sendMessage' failed and repeated fallback messages.

After digging into it, the core issue turned out not to be a single failing request path, but how Telegram networking state was being managed. Several parts of the Telegram stack could update shared network settings, which on my system led to autoSelectFamily repeatedly flipping between true and false and caused fallback behaviour to be retried far more often than expected.

That investigation surfaced three related problems:

• Telegram networking depended on shared global dispatcher state for proxy handling, IPv4/IPv6 selection, and DNS order. When fallback occurred, that state was not effectively retained, so later requests could trigger the same fallback path again.
• Telegram did not consistently use the same fetch path across sends, probes, and media, so behaviour varied across different parts of the integration.
• I got my system up and running again with a narrow fix in fix(telegram): use sticky IPv4 fallback on dual-stack failures #40435, but that left the broader issue of shared mutable state and repeated reinitialisation, and the fallback during probes left more log messages than was desired.

This PR takes a more durable approach: it moves Telegram networking to resolver-scoped dispatchers, makes fallback behaviour consistent across all Telegram network paths, and adds a range of new tests to ensure consistent handling across Telegram network calls.

Summary

Describe the problem and fix in 2–5 bullets:

• Problem: Telegram transport handling relied on process-global network state (autoSelectFamily, DNS order, and undici global dispatcher), which made transport behavior vulnerable to reapplication across unrelated Telegram flows.
• Why it matters: Users could see flaky Telegram delivery (ETIMEDOUT, EHOSTUNREACH), repeated fallback warnings, and inconsistent behaviour between polling, sends, probes, audits, and media downloads.
• What changed:
  • Reworked src/telegram/fetch.ts to build resolver-scoped undici dispatchers instead of mutating process-global Telegram network state
  • Routed polling/webhook bot clients, outbound sends, probes, group membership audits, and inbound media downloads through the same Telegram transport resolution path
  • Preserved caller-provided init.dispatcher across retries, and prevented caller-owned dispatcher failures from arming sticky IPv4 fallback
  • Added guarded fallback when env-proxy dispatcher initialisation fails, while keeping explicit proxy initialisation fail-closed
  • Added bounded in-memory transport caching for repeated send/probe resolution to reduce dispatcher churn and repeated probe-triggered fallback noise
  • Updated probe retries to respect a single overall timeoutMs budget
• What did NOT change: no new config or env keys, no non-Telegram channel changes, and no auth, pairing, or routing policy changes.

History / Context

This section documents why this PR is a core transport fix

Previous Telegram network handling (before this PR)

From late January through early March 2026, Telegram fetch behavior evolved into a process-global transport model:

1. 2026-01-26 (b861a0bd73): Telegram network hardening introduced process-level autoSelectFamily handling.
2. 2026-02-16 (c762bf71f6): Node 22 default moved to autoSelectFamily=true.
3. 2026-02-22 (53adae9cec): added default dnsResultOrder=ipv4first behavior on Node 22+.
4. 2026-02-25 (0078070680): added global undici dispatcher refresh to align with autoSelectFamily.
5. 2026-03-01 (e6049345db) and 2026-03-02 (666a4763ee): added proxy-preservation behavior around global dispatcher replacement.
6. 2026-03-02 (9c03f8be08, then 493ebb915b): added retry path that forced IPv4 fallback on qualifying network errors.
7. 2026-03-02 (c973b053a5): proxy-env plumbing refactor (same fallback semantics).
8. 2026-03-05 (05fb16d151): global undici timeout hardening added another path that can reapply global dispatcher state.

Why this became a concern

• Telegram network behaviour was being coordinated through process-global knobs.
• In multi-account or mixed network conditions, that creates room for cross-flow contention and flip-flop behaviour.
• The observed logs (autoSelectFamily=true (default-node22) interleaved with autoSelectFamily=false (config), plus repeated fallback warnings) were consistent with that shared-state contention pattern.

What this PR changes architecturally

• Moves Telegram network handling from process-global mutation to resolver-scoped dispatchers.
• Reuses resolved transport state across long-lived bot instances and bounded send/probe caches.
• Keeps sticky IPv4 fallback local to the resolved transport instance instead of a process-global toggle.
• Removes Telegram-path mutation of process-global net, dns, and undici dispatcher state.

This is intended to supersede symptom-level fallback tweaks by removing the underlying shared-global-state coupling in Telegram fetch handling.

Change Type (select all)

• Bug fix
• Refactor
• Feature
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Integrations
• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes Telegram channel broken after upgrading to 2026.3.x — undici bypasses macOS TUN/VPN #33013
• Closes [Bug]: Telegram inbound messages not reaching agent after v2026.2.19-2 update #21737
• Related fix: recover from Telegram undici dispatcher failures in TUN/VPN environments, Issue 33013 #33336
• Related fix(telegram): use sticky IPv4 fallback on dual-stack failures #40435
• Related 2026.2.23 regression: all outbound Telegram API calls fail with TypeError: fetch failed (Node 22 undici) #25676
• Related [Bug]: 2026.2.24 regression — setGlobalDispatcher breaks HTTP proxy for all outbound requests #26207
• Related fix(telegram): preserve HTTP proxy env in global dispatcher workaround #29940

User-visible / Behavior Changes

• Telegram transport no longer flips process-global network defaults during normal Telegram operation.
• Direct Telegram traffic can switch to sticky IPv4 after qualifying connect failures and continue using that resolved transport state for subsequent requests in the same bot/fetcher lifetime.
• Repeated sends and probes can reuse cached transport resolution, reducing repeated fallback-transition log noise.
• Proxied Telegram accounts now use the same transport resolution path and configured network policy as other Telegram flows, but sticky IPv4 fallback remains limited to direct or NO_PROXY-bypassed traffic.
• Caller-provided dispatchers are preserved on retry, and their failures no longer taint later Telegram transport state.
• Telegram probe retries now honor timeoutMs as an overall budget.
• No config/default changes required by users.

Security Impact (required)

• New permissions/capabilities? (No)
• Secrets/tokens handling changed? (No)
• New/changed network calls? (No)
• Command/tool execution surface changed? (No)
• Data access scope changed? (No)
• If any Yes, explain risk + mitigation: N/A

Repro + Verification

Environment

• OS: macOS
• Runtime/container: Node 25.x, pnpm, bun/vitest
• Model/provider: N/A
• Integration/channel (if any): Telegram
• Relevant config (redacted): multi-account Telegram with mixed/default network settings; with and without proxy env present

Steps

1. Start gateway with Telegram accounts in a dual-stack environment where IPv6 path is intermittently unreachable.
2. Trigger Telegram API sends and observe network/fallback logs.
3. Verify resolver behavior and retries via targeted tests.

Expected

• Telegram send/poll transport remains stable per resolver and avoids global flip-flop behavior.
• On qualifying connect failures, fallback switches to IPv4 and stays there for subsequent resolver requests.

Actual

• Implemented resolver-scoped dispatcher policy achieves this behavior in tests and build/type checks.

Evidence

Attach at least one:

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Before (production logs showing transport thrash):

autoSelectFamily=true (default-node22)
autoSelectFamily=false (config)
fetch fallback: forcing autoSelectFamily=false + dnsResultOrder=ipv4first
telegram sendMessage failed: Network request for 'sendMessage' failed!

After (this branch):

$ bunx vitest run src/telegram/fetch.test.ts
✓ Test Files 1 passed
✓ Tests 9 passed (9)

$ bunx vitest run src/telegram/probe.test.ts
✓ Test Files 1 passed
✓ Tests 8 passed (8)

$ bunx vitest run extensions/telegram/src/channel.test.ts
✓ Test Files 1 passed
✓ Tests 8 passed (8)

Focused regression checks (this branch):

$ bunx vitest run src/telegram/fetch.test.ts -t "retries once and then keeps sticky IPv4 dispatcher for subsequent requests"
✓ Tests 1 passed | 8 skipped

$ bunx vitest run src/telegram/fetch.test.ts -t "keeps per-resolver transport policy isolated across multiple accounts"
✓ Tests 1 passed | 8 skipped

• Sticky IPv4 fallback works and remains resolver-local.
• Per-resolver transport policy isolation works across conflicting account settings.
• Telegram fetch path no longer relies on process-global network toggling behavior.

Human Verification (required)

What you personally verified (not just CI), and how:

• Verified scenarios:
• bunx vitest run src/telegram/fetch.test.ts src/telegram/send.proxy.test.ts src/telegram/proxy.test.ts src/telegram/network-config.test.ts passed.
• pnpm tsgo passed.
• pnpm format:check passed.
• pnpm build passed.
• Edge cases checked:
• Explicit proxy fetch path remains caller-owned.
• Env-proxy dispatcher path works and falls back to direct Agent if proxy agent init throws.
• Retry preserves caller-provided init.dispatcher.
• Multi-resolver conflicting network policies remain isolated.
• Verified flaky Telegram delivery (ETIMEDOUT, EHOSTUNREACH) with repeated fallback warnings when not applied, and confirmed these were resolved once the patch was applied.
• Verified Telegram appears as Enabled / On / OK in status/doctor
• What you did not verify:
• End-to-end validation on a TUN/VPN host in this branch.

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.

Compatibility / Migration

• Backward compatible? (Yes)
• Config/env changes? (No)
• Migration needed? (No)
• If yes, exact upgrade steps: N/A

Failure Recovery (if this breaks)

• How to disable/revert this change quickly: Revert the Telegram transport unification changes in src/telegram/fetch.ts, src/telegram/send.ts, src/telegram/probe.ts, src/telegram/bot.ts, src/telegram/bot-handlers.ts, src/telegram/bot/delivery.resolve-media.ts, src/telegram/audit-membership-runtime.ts, and extensions/telegram/src/channel.ts.
• Files/config to restore: all of the above, plus their corresponding test files.
• Known bad symptoms reviewers should watch for: Retries not activating on qualifying direct-connect failures, unexpected proxy routing behavior, or transport state persisting longer than intended across repeated sends/probes.

Risks and Mitigations

• Risk: Sticky IPv4 mode can persist longer than a single request burst because resolved transport state is reused and cached.
• Mitigation: Activation is still limited to qualifying network failures and remains scoped to the resolved Telegram transport instance rather than the process.
• Risk: Env-proxy dispatcher creation can fail with malformed proxy config.
• Mitigation: Direct-Agent fallback keeps Telegram functional.
• Risk: Long-lived dispatchers are reused more aggressively than before.
• Mitigation: Caches are bounded and transport state is isolated from other Telegram accounts and flows.

AI Assisted: yes, Codex investigation, root cause analysis, tests, review, edge-case discovery