Fix Telegram auto-verify flow and routing

[henrypark133]

Summary

• keep the Telegram configure modal open, render the actual /start CODE command inline, and auto-start owner verification without a second click
• stop auth_required SSE events from clobbering the modal, clear the chat composer lock, and remove the non-actionable waiting button
• fix Telegram message routing to use the bound owner target when switching channels and add regression coverage for routing and event traces

Testing

Manual testing

• cargo test --test e2e_telegram_message_routing -- --nocapture
• cargo test test_extensions_setup_submit_telegram_verification_does_not_broadcast_auth_required -- --nocapture
• cargo test test_send_telegram_text_message_posts_expected_payload -- --nocapture
• cargo test routine_event_trigger_telegram_channel_fires --test e2e_advanced_traces -- --nocapture
• cargo test routine_event_trigger_without_channel_filter_still_fires --test e2e_advanced_traces -- --nocapture
• tests/e2e/.venv/bin/pytest tests/e2e/scenarios/test_telegram_hot_activation.py -q
• tests/e2e/.venv/bin/pytest tests/e2e/scenarios/test_extensions.py -q -k auth_required_does_not_reopen_existing_configure_modal

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the Telegram integration by streamlining the owner verification process, making it more intuitive and less prone to user interface disruptions. It also refines how messages are routed within Telegram channels, ensuring that notifications and routine-triggered messages are delivered accurately. The changes aim to provide a smoother and more reliable experience for users interacting with Telegram through the system, backed by improved internal logic and comprehensive test coverage.

Highlights

• Improved Telegram Auto-Verification Flow: The Telegram configuration modal now remains open during setup, displays the actual /start CODE command inline, and automatically initiates owner verification without requiring an additional click from the user.
• Prevented UI Clobbering and Enhanced Chat Experience: The system no longer broadcasts auth_required Server-Sent Events (SSE) that could inadvertently close the Telegram configure modal. The chat composer lock is now correctly cleared, and a non-actionable 'waiting' button has been removed, streamlining the user experience during verification.
• Refined Telegram Message Routing: Telegram message routing has been updated to correctly utilize the bound owner target when switching channels, ensuring messages are delivered to the intended recipient. This includes new logic for resolving notification targets based on explicit user, channel, and owner fallback.
• Early Consumption of Event-Triggered Routines: Event-triggered routines now process plain user input before it enters the main chat/tool pipeline. This prevents duplicate responses where both the primary agent and a routine might react to the same inbound message.
• Expanded Test Coverage: New regression tests have been added to cover the improved Telegram message routing and event trace behaviors, ensuring the stability and correctness of these changes.

Changelog

• FEATURE_PARITY.md
  • Updated Telegram feature description to reflect 'setup-time owner auto-verification'.
• src/agent/agent_loop.rs
  • Added trimmed_option helper function for string processing.
  • Introduced resolve_channel_notification_user to determine the correct notification user based on channel, explicit user, and owner fallback.
  • Implemented resolve_routine_notification_target to resolve notification targets for routines.
  • Modified agent logic to use resolve_channel_notification_user for heartbeat configuration notifications.
  • Updated notification forwarder to use resolve_channel_notification_user for targeted and broadcast messages.
  • Changed routine notification handling to use resolve_routine_notification_target.
  • Relocated and modified event trigger check to consume user input earlier in the message processing pipeline, preventing duplicate agent responses.
• src/channels/web/server.rs
  • Modified extensions_setup_submit_handler to prevent AuthRequired SSE events from being broadcast when a verification challenge is pending.
  • Added test_extensions_setup_submit_telegram_verification_does_not_broadcast_auth_required test case to verify the new SSE event behavior.
• src/channels/web/static/app.js
  • Removed placeholder text from chat input fields when disabled or enabled.
  • Adjusted handleAuthRequired to prevent reopening an existing configure modal if one is already present for the same extension.
  • Added data-telegramVerificationState attribute to the configure overlay for managing Telegram verification state.
  • Modified configure modal click handler to prevent closing the Telegram modal when in 'waiting' state.
  • Added data-secretName attribute to configure fields.
  • Introduced configure-inline-error and configure-inline-status elements for displaying inline messages within the modal.
  • Updated renderTelegramVerificationChallenge to position the verification panel correctly and display the /start CODE command directly.
  • Added helper functions getConfigurePrimaryButton, getConfigureCancelButton, setConfigureInlineError, clearConfigureInlineError, setConfigureInlineStatus for modal state management.
  • Implemented setTelegramConfigureState to manage the UI state of the Telegram configure modal during verification.
  • Added startTelegramAutoVerify to initiate the auto-verification process.
  • Modified submitConfigureModal to handle Telegram auto-verification, update modal state, clear chat composer lock, and enable chat input.
  • Updated error and success handling in submitConfigureModal to reflect Telegram verification states.
  • Enhanced closeConfigureModal to reset auth flow pending state and enable chat input if no other modals or auth cards are active.
• src/channels/web/static/i18n/en.js
  • Updated config.telegramOwnerHint to reflect auto-verification.
  • Removed config.telegramVerifyOwner string.
  • Added config.telegramCommandLabel for the inline command display.
  • Added config.telegramStartOver and config.telegramStartOverHint for retry scenarios.
• src/channels/web/static/style.css
  • Added CSS styles for .configure-inline-error and .configure-inline-status to display messages within the configure modal.
• src/extensions/manager.rs
  • Added TelegramApiOkResponse struct for parsing Telegram API responses.
  • Updated channel_auth_instructions and telegram_verification_instructions to reflect the auto-verification flow.
  • Introduced send_telegram_text_message asynchronous function for sending messages via the Telegram API.
  • Added set_test_telegram_pending_verification for testing purposes.
  • Implemented notification_target_for_channel to retrieve the owner ID for a given channel.
  • Corrected has_auth logic to properly reflect authentication status.
  • Added logic to send a 'Verification received' message to the Telegram owner upon successful binding.
  • Modified the Telegram owner verification timeout message to suggest requesting a new code.
• src/main.rs
  • Updated the call to register_message_tools to pass the extension_manager.
• src/tools/builtin/message.rs
  • Added extension_manager field to the MessageTool struct.
  • Added with_extension_manager builder method to MessageTool.
  • Modified the call method to use the extension_manager to resolve the notification target for a channel, falling back to the user ID if no specific target is found.
• src/tools/registry.rs
  • Updated register_message_tools to accept an optional extension_manager and pass it to the MessageTool.
• tests/e2e/scenarios/test_extensions.py
  • Added test_auth_required_does_not_reopen_existing_configure_modal to ensure auth_required SSE events do not interfere with an already open configure modal.
• tests/e2e/scenarios/test_telegram_hot_activation.py
  • Updated the test to reflect the new auto-verification flow, including waiting for the 'Waiting for Telegram owner verification...' status and verifying the inline /start CODE command.
  • Modified the test to simulate a click outside the modal to close it, confirming the new modal closing behavior.
• tests/e2e_advanced_traces.rs
  • Modified routine_event_trigger_telegram_channel_fires and routine_event_trigger_without_channel_filter_still_fires tests to assert that only the routine's LLM call is made after an event trigger, preventing additional LLM calls from the main agent.
• tests/e2e_telegram_message_routing.rs
  • Added a new E2E test file for Telegram message routing.
  • Implemented RecordingTelegramChannel to capture broadcast messages for testing.
  • Created a Harness for setting up and testing Telegram message routing scenarios.
  • Added telegram_message_tool_uses_bound_owner_target_when_target_omitted test to verify that the message tool uses the bound owner target when no explicit target is provided.
  • Added telegram_message_tool_prefers_explicit_target_over_bound_owner_target test to confirm that an explicit target overrides the bound owner target.
• tests/fixtures/llm_traces/advanced/routine_event_any_channel.json
  • Removed an unnecessary 'I saw the Telegram message.' response from the LLM trace.
• tests/fixtures/llm_traces/advanced/routine_event_telegram.json
  • Removed an unnecessary 'I saw the Telegram message.' response from the LLM trace.
• tests/support/test_rig.rs
  • Updated the call to register_message_tools to pass the extension_manager.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request significantly improves the Telegram channel setup flow by introducing an auto-verification process and making the UI more robust. It also fixes an important message routing issue where owner-bound targets were not being used correctly, and adds comprehensive tests for this. Additionally, it corrects the behavior of event-triggered routines to prevent duplicate agent responses. The changes are well-implemented across both the frontend and backend. I have one minor suggestion for code simplification in the JavaScript part.

[Copilot]

Pull request overview

This PR refines Telegram channel setup and routing across the Rust backend and the web UI, aiming to make Telegram owner verification automatic and to ensure outbound notifications/messages route to the bound Telegram owner target.

Changes:

• Updates the web configure modal + gateway SSE behavior so Telegram setup stays inline, auto-starts verification, and doesn’t reopen/overwrite an existing modal on auth_required.
• Extends the message tool + agent notification routing to resolve a channel-bound notification target (e.g., Telegram owner chat id) via the ExtensionManager.
• Adds regression/E2E coverage for Telegram routing and event-triggered routine consumption (preventing duplicate “main agent + routine” turns).

Reviewed changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
tests/support/test_rig.rs	Updates test rig to register message tool with optional extension manager support.
tests/fixtures/llm_traces/advanced/routine_event_telegram.json	Adjusts trace fixture to match new event-trigger consumption behavior (no extra assistant turn).
tests/fixtures/llm_traces/advanced/routine_event_any_channel.json	Same as above for the “any channel” variant.
tests/e2e_telegram_message_routing.rs	Adds E2E coverage asserting Telegram broadcasts use the bound owner target when target is omitted.
tests/e2e_advanced_traces.rs	Tightens assertions to ensure only the routine LLM call happens and only one notification is emitted.
tests/e2e/scenarios/test_telegram_hot_activation.py	Updates Playwright scenario to validate inline Telegram /start CODE + waiting state and auto-verify behavior.
tests/e2e/scenarios/test_extensions.py	Adds regression test ensuring auth_required SSE doesn’t clobber an already-open Telegram configure modal.
src/tools/registry.rs	Changes register_message_tools to accept an optional ExtensionManager and wires it into MessageTool.
src/tools/builtin/message.rs	Updates target/channel resolution to prefer bound channel owner target when appropriate.
src/main.rs	Passes extension_manager into message tool registration.
src/extensions/manager.rs	Implements Telegram sendMessage helper + exposes notification_target_for_channel; adjusts Telegram verification flow and messaging.
src/channels/web/static/style.css	Adds inline error/status styles for the configure modal.
src/channels/web/static/i18n/en.js	Updates Telegram copy and adds strings for command label + start-over flow.
src/channels/web/static/app.js	Keeps Telegram setup modal open, renders /start CODE inline, auto-verifies, and avoids reopening modal on auth_required.
src/channels/web/server.rs	Stops broadcasting auth_required SSE for Telegram verification responses; adds regression test.
src/agent/agent_loop.rs	Consumes event-triggered routine messages before main pipeline; resolves notification targets via ExtensionManager.
FEATURE_PARITY.md	Updates Telegram parity note to “owner auto-verification”.

Comments suppressed due to low confidence (1)

src/agent/agent_loop.rs:610

• Routine notification fallback uses broadcast_all(&user, ...), but user may now resolve to a channel-specific target via notification_target_for_channel when notify_channel is set. Because broadcast_all passes the same user_id to every channel, fallback routing to channels that expect the owner scope may break. Consider using the owner scope (owner_id from metadata) for fallback broadcast, or resolving a per-channel target list for the fallback path.

                            let Some(user) = resolve_routine_notification_target(
                                extension_manager.as_ref(),
                                &response.metadata,
                            )
                            .await
                            else {
                                tracing::warn!(
                                    notify_channel = ?notify_channel,
                                    "Skipping routine notification with no explicit target or owner scope"
                                );
                                continue;
                            };

                            // Try the configured channel first, fall back to
                            // broadcasting on all channels.
                            let targeted_ok = if let Some(ref channel) = notify_channel {
                                match channels.broadcast(channel, &user, response.clone()).await {
                                    Ok(()) => true,
                                    Err(e) => {
                                        let should_fallback =
                                            should_fallback_routine_notification(&e);
                                        tracing::warn!(
                                            channel = %channel,
                                            user = %user,
                                            error = %e,
                                            should_fallback,
                                            "Failed to send routine notification to configured channel"
                                        );
                                        if !should_fallback {
                                            continue;
                                        }
                                        false
                                    }
                                }
                            } else {
                                false
                            };

                            if !targeted_ok {
                                let results = channels.broadcast_all(&user, response).await;
                                for (ch, result) in results {
                                    if let Err(e) = result {

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

This PR fixes the Telegram setup/verification UX in the web gateway and corrects Telegram notification/message routing by preferring the channel’s bound owner target when appropriate. It also updates event-triggered routine handling to avoid duplicate LLM turns and adds regression coverage across Rust and Playwright tests.

Changes:

• Update the web configure modal to keep Telegram verification inline, auto-start verification, and avoid auth_required SSE re-opening/clobbering the modal.
• Improve routing for Telegram notifications/messages by resolving the channel owner binding via ExtensionManager (used by the message tool and routine/heartbeat notification forwarding).
• Add/adjust E2E and trace-based tests to cover Telegram routing and ensure event-triggered routines don’t produce duplicate responses.

Reviewed changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
tests/support/test_rig.rs	Update message tool registration to pass extension_manager.
tests/fixtures/llm_traces/advanced/routine_event_telegram.json	Adjust fixture to match new event-trigger consumption behavior (fewer responses).
tests/fixtures/llm_traces/advanced/routine_event_any_channel.json	Same as above for “any channel” fixture.
tests/e2e_telegram_message_routing.rs	New E2E coverage for Telegram message tool target resolution (bound owner vs explicit target).
tests/e2e_advanced_traces.rs	Tighten assertions around event-triggered routines (LLM calls + expected responses).
tests/e2e/scenarios/test_telegram_hot_activation.py	Playwright regression coverage for Telegram modal staying open + auto-verify request flow.
tests/e2e/scenarios/test_extensions.py	Regression test to ensure auth_required SSE doesn’t reopen an existing configure modal.
src/tools/registry.rs	Extend register_message_tools to optionally wire ExtensionManager into MessageTool.
src/tools/builtin/message.rs	Resolve channel-scoped notification target via owner binding when target omitted.
src/main.rs	Pass extension_manager into message tool registration.
src/extensions/manager.rs	Add Telegram sendMessage helper; expose notification_target_for_channel; update Telegram verification text + behavior.
src/channels/web/static/style.css	Add inline status/error styles for the configure modal.
src/channels/web/static/i18n/en.js	Update Telegram setup strings and add new labels (“Send this in Telegram”, “Start over”, etc.).
src/channels/web/static/app.js	Prevent modal clobbering by auth_required; keep Telegram verification inline; auto-verify flow + composer unlock changes.
src/channels/web/server.rs	Stop broadcasting auth_required SSE on Telegram verification response; add regression test.
src/agent/agent_loop.rs	Route notifications using channel-bound targets; consume event-triggered inputs before main chat loop to prevent duplicate turns.
FEATURE_PARITY.md	Update Telegram feature note to reflect auto-verification.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

This PR fixes Telegram’s setup/auto-verify UX in the web gateway, prevents auth_required SSE events from reopening/clobbering an existing configure modal, and corrects Telegram notification routing so outbound messages use the bound owner target when switching channels.

Changes:

• Update the web configure modal to render the /start CODE command inline, keep the modal open during Telegram verification, and auto-start owner verification without a second click.
• Fix notification/message routing by resolving per-channel notification targets (e.g., Telegram chat_id) via ExtensionManager when the target is omitted.
• Add/adjust regression tests covering Telegram routing, SSE event behavior, and event-trigger routine traces.

Reviewed changes

Copilot reviewed 18 out of 18 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
tests/support/test_rig.rs	Updates message-tool registration to pass the extension manager so tests match runtime routing behavior.
tests/fixtures/llm_traces/advanced/routine_event_telegram.json	Updates fixture trace to reflect new “consume event-trigger message” behavior (avoids duplicate turns).
tests/fixtures/llm_traces/advanced/routine_event_any_channel.json	Same as above for any-channel event-trigger trace fixture.
tests/e2e_telegram_message_routing.rs	Adds E2E regression coverage ensuring Telegram outbound routing prefers bound owner target when target is omitted.
tests/e2e_advanced_traces.rs	Tightens assertions to ensure only the routine LLM call/notification occurs for matching event triggers.
tests/e2e/scenarios/test_telegram_hot_activation.py	Updates Playwright scenario for the new Telegram auto-verify setup flow and waiting state UX.
tests/e2e/scenarios/test_extensions.py	Adds regression test to ensure auth_required SSE does not reopen an already-open configure modal.
src/tools/registry.rs	Extends register_message_tools to optionally wire in ExtensionManager for target resolution.
src/tools/builtin/message.rs	Adds per-channel target resolution using ExtensionManager and fixes default/metadata target application rules.
src/main.rs	Passes the extension manager into message-tool registration in the main runtime.
src/extensions/manager.rs	Implements Telegram auto-verification messaging, improves timeout handling, and exposes channel notification target resolution.
src/channels/web/static/style.css	Adds inline status/error styling for the configure modal verification flow.
src/channels/web/static/i18n/en.js	Updates/extends Telegram configure strings for the new auto-verify UI.
src/channels/web/static/i18n/zh-CN.js	Adds matching Telegram configure strings for parity with English.
src/channels/web/static/app.js	Prevents auth_required from clobbering an open modal; implements inline Telegram verification command/status + auto-verify UX.
src/channels/web/server.rs	Stops broadcasting auth_required SSE for Telegram verification responses; adds a regression test.
src/agent/agent_loop.rs	Resolves routine/heartbeat notification targets with channel bindings and consumes matching event-trigger messages pre-pipeline.
FEATURE_PARITY.md	Updates Telegram note to reflect auto-verification behavior.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.