M4: Webhook lifecycle reconciliation#6211
Conversation
Co-Authored-By: Claude <noreply@anthropic.com>
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 877e4afb94
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| // Telegram does not expose the current secret_token via getWebhookInfo, | ||
| // so we cannot compare it directly. When credentials are refreshed | ||
| // (forceUpdate), we always re-set to ensure the secret is current. | ||
| if (urlMatches && !options?.forceUpdate) { |
There was a problem hiding this comment.
This early return skips setWebhook whenever the URL matches, but getWebhookInfo does not expose the currently registered secret token. In the startup path (reconcileTelegramWebhook(config) in gateway/src/index.ts), rotating TELEGRAM_WEBHOOK_SECRET while keeping the same ingress URL leaves Telegram using the old secret, and the gateway then rejects all webhook deliveries with 401 at createTelegramWebhookHandler's secret check. This creates a production outage until someone manually calls setWebhook or triggers a forced reconcile.
Useful? React with 👍 / 👎.
| return; | ||
| } | ||
|
|
||
| const expectedUrl = `${config.ingressPublicBaseUrl}/webhooks/telegram`; |
There was a problem hiding this comment.
Building expectedUrl via raw string concatenation means a configured INGRESS_PUBLIC_BASE_URL ending with / produces ...//webhooks/telegram. Telegram will then post to a different path than the gateway route check (/webhooks/telegram), so webhook delivery fails even though reconciliation reports success. Because this commit automates registration, this malformed URL can now be introduced automatically from config instead of only via manual setup mistakes.
Useful? React with 👍 / 👎.
* fix: remove assistantId dependency from Telegram attachment delivery (#6210) Co-authored-by: Claude <noreply@anthropic.com> * feat: add Telegram webhook lifecycle reconciliation (#6211) Co-authored-by: Claude <noreply@anthropic.com> * feat: auto-configure gateway routing for single-assistant mode and add rejection visibility (#6212) Co-authored-by: Claude <noreply@anthropic.com> * feat: add Telegram Bot messaging provider for proactive outbound sends (#6222) Co-authored-by: Claude <noreply@anthropic.com> * feat: harden /deliver/telegram auth and align docs with Telegram capabilities (#6238) Co-authored-by: Claude <noreply@anthropic.com> * fix: correct misleading comment in Telegram attachment download path (#6241) Co-authored-by: Claude <noreply@anthropic.com> * fix: bound rejection notice cache with periodic eviction (#6242) Co-authored-by: Claude <noreply@anthropic.com> * fix: support tokenless providers in withProviderToken and fix testConnection error handling (#6244) Co-authored-by: Claude <noreply@anthropic.com> * fix: always reconcile webhook and normalize ingress URL (#6245) Co-authored-by: Claude <noreply@anthropic.com> * fix: resolve gateway lint error and credential security allowlist for Telegram adapter (#6257) Co-authored-by: Claude <noreply@anthropic.com> * fix: require webhook_secret in Telegram isConnected check (#6259) Co-authored-by: Claude <noreply@anthropic.com> * fix: only default routing policy in single-assistant deployments (#6261) Co-authored-by: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
1 participant
Add webhook-manager module that reconciles Telegram webhook registration on startup and credential changes. Compares current webhook state against expected URL and secret, auto-updates if drifted. Includes tests for reconciliation scenarios. Part of #6200.