Greptile Summary

This PR adds a new optional apiRoot config field (plus a TELEGRAM_API_ROOT env-var fallback) to the Telegram channel integration, allowing outbound Bot API calls to be routed through a custom server instead of the default https://api.telegram.org. The feature is clean, minimal, and directly maps to grammY's existing first-class ApiClientOptions.apiRoot option.

• TelegramAccountConfig.apiRoot?: string added with clear JSDoc covering all three intended use cases.
• Zod schema entry is consistent with the proxy and webhookUrl fields (optional string, no URL-format validation, which matches existing patterns in the file).
• bot.ts resolves apiRoot from config first, then env var, then undefined, using .trim() to guard against whitespace-only values — correct and consistent with timeoutSeconds handling.
• Help text in schema.help.ts is correctly placed and clearly worded.
• No existing behavior is affected when the field is omitted.

Confidence Score: 5/5

• This PR is safe to merge — it is a purely additive, opt-in config field with no behavioral change when unset.
• All four changed files make minimal, well-scoped additions that follow existing patterns. No existing logic is modified, the new code path is only exercised when apiRoot is explicitly configured, and grammY already supports this option natively. No tests need updating for the unchanged default path.
• No files require special attention.

_{Last reviewed commit: 885cbd7}

Thanks for adding apiRoot config support! We deployed a self-hosted Bot API server (with --local flag) and found a few additional places that still hard-code https://api.telegram.org:

Media download (delivery.resolve-media.ts)

This is the most critical gap. downloadAndSaveTelegramFile (line 128) builds the file download URL with a hard-coded base:

const url = `https://api.telegram.org/file/bot${params.token}/${params.filePath}`;

This should use apiRoot from config instead. Additionally, when using --local mode, the Bot API server returns absolute filesystem paths (e.g. /var/lib/telegram-bot-api/.../photos/file_40.jpg) as file_path in getFile responses. These need to be read directly from disk via fs.readFile() rather than fetched over HTTP, since the local server does not serve a /file/bot.../ download endpoint.

The apiRoot parameter also needs to be threaded through resolveMedia() → resolveStickerMedia() → downloadAndSaveTelegramFile(), and passed from bot-handlers.ts where telegramCfg is available.

SSRF policy (delivery.resolve-media.ts)

TELEGRAM_MEDIA_SSRF_POLICY.allowedHostnames only includes api.telegram.org. When apiRoot points to localhost or 127.0.0.1, media fetches are blocked by the SSRF filter. Needs allowPrivateNetworkRanges: true and the custom hostname added.

Other hard-coded endpoints

These should also respect apiRoot config (or TELEGRAM_API_ROOT env) to be consistent.

We have a working patch for the media download path (including local file read support) in a dedicated branch: tata-meow/openclaw@fix/telegram-apiroot-media.

@tata-meow Great analysis — these are exactly the gaps I ran into as well.

I've addressed all of these in #48842:

• Media downloads: resolveTelegramApiBase(apiRoot) threaded through resolveMedia() → resolveStickerMedia() → downloadAndSaveTelegramFile(), with a dynamic buildTelegramMediaSsrfPolicy(apiRoot) that adds the custom hostname and enables private network ranges when needed
• Probe & audit: both probeTelegram() and auditTelegramGroupMembershipImpl() use resolveTelegramApiBase() instead of the hard-coded constant
• Config schema: Zod URL validation with telegram.apiRoot config key + TELEGRAM_API_ROOT env var

The --local mode filesystem read path you mentioned is a good follow-up — that's a separate concern (transport mode rather than URL base) and probably warrants its own PR to keep scope clean.