fix(onboard): revert Telegram non-interactive skip

[cv]

Summary

Reverts #4307 because the non-interactive Telegram reachability skip caused fake-token E2E scenarios to drop Telegram during onboarding. The nightly full E2E run then failed Telegram provider, registry, channel-list, and token-rotation assertions that expect the configured Telegram channel to remain present.

Related Issue

Reverts #4307.

Changes

• Restores the previous Telegram reachability behavior: rejected tokens warn but keep Telegram configured, and network reachability failures still abort non-interactive onboarding.
• Moves that behavior into src/lib/onboard/telegram-reachability.ts so src/lib/onboard.ts stays net-smaller under the growth guardrail.
• Adds focused unit coverage for valid tokens, fake/rejected tokens, network failures, interactive prompts, and NEMOCLAW_SKIP_TELEGRAM_REACHABILITY.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• npm run docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

---

Signed-off-by: Carlos Villela cvillela@nvidia.com

Summary by CodeRabbit

• Refactor

  • Onboarding’s Telegram reachability check now probes reachability but no longer auto-disables the Telegram channel when the probe is skipped.

• Bug Fixes / Behavior

  • Network failures during the probe can abort onboarding in non-interactive runs or prompt the user to continue in interactive runs.
  • Invalid tokens log a warning but won’t automatically disable Telegram.
  • Opt-out via environment variable skips the probe and records a note.

• Tests

  • Tests updated to reflect the new probe outcomes and abort/prompt behavior.

[coderabbitai]

📝 Walkthrough

Walkthrough

checkTelegramReachability was changed to return void and gained an optional exit dependency; onboarding now awaits the probe without disabling the "telegram" channel on a skipped outcome. Tests were updated to assert exit/prompt behaviors and logging for various probe results.

Changes

Telegram reachability changes

Layer / File(s)	Summary
Probe implementation and deps src/lib/onboard/telegram-reachability.ts	Kept TELEGRAM_NETWORK_CURL_CODES, added optional exit in TelegramReachabilityDeps, fast-path for NEMOCLAW_SKIP_TELEGRAM_REACHABILITY, changed checkTelegramReachability to return Promise<void>, removed TelegramReachabilityResult, and reworked post-probe control flow (OK returns, 401/404 logs and return, curl network failures cause exit in non-interactive or prompt in interactive).
Onboard messaging integration src/lib/onboard.ts	Removed runCurlProbe from local destructuring and updated non-interactive and interactive messaging setup to await checkTelegramReachability(telegramToken, deps) without removing/disabling the telegram channel based on a skipped outcome.
Tests for new control flow src/lib/onboard/telegram-reachability.test.ts	Rewrote tests to import TELEGRAM_NETWORK_CURL_CODES and TelegramReachabilityDeps, mock deps.exit as throwing, assert that HTTP 200 resolves, HTTP 401/404 logs warning without exit, curl network failures exit in non-interactive or prompt in interactive (exit on decline), HTTP 5xx logs only, and NEMOCLAW_SKIP_TELEGRAM_REACHABILITY=1 suppresses probe and emits a note.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• nightly-e2e: Telegram reachability probe breaks fake-token E2E jobs #4556: Changes modify the Telegram reachability probe and its onboarding handling, addressing prior probe-triggered removal of the Telegram channel.

Possibly related PRs

• NVIDIA/NemoClaw#4307: Refactors Telegram onboarding reachability handling; both PRs change checkTelegramReachability implementation and consumption.

Suggested labels

fix, bug, Integration: Telegram, NV QA

Suggested reviewers

• ericksoa
• jyaunches

Poem

🐰 I hopped through code with tiny paws,

Rewrote a probe without a cause,
Now Telegram checks return just air,
No channel dropped — the flow is fair,
A little hop, a cleaner call, hooray! 🥕

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the main change: reverting the Telegram non-interactive skip functionality that was introduced in a previous commit.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch revert-4307-telegram-skip

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

PR Review Advisor

Findings: 0 needs attention, 5 worth checking, 0 nice ideas
Since last review: 3 prior items resolved, 3 still apply, 1 new item found

Review findings

🛠️ Needs attention

• None.

🔎 Worth checking

• Source-of-truth review needed: Telegram rejected/fake token compatibility during onboarding: The advisor marked localized patch analysis as needs_followup.
  • Recommendation: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Evidence: HTTP 401/404 handling in checkTelegramReachability() logs a warning and returns; setupMessagingChannels() no longer removes telegram based on reachability.
• Telegram bot token can be exposed through probe URL tracing or failure messages (src/lib/onboard/telegram-reachability.ts:39): The reachability probe embeds the bot token in the URL path and passes that URL to the shared curl probe. The nearby probe sanitizer redacts userinfo, query parameters, and hashes, but not secret path segments such as /bot<TOKEN>/getMe. Unexpected failure handling may also print result.message, which is built from curl stderr/body and could include the requested URL from curl, proxies, or diagnostics.
  • Recommendation: Redact Telegram bot-token path segments before tracing or logging, or add a sensitive URL option to runCurlProbe so http.url and failure messages cannot contain /bot<TOKEN>/getMe. Add a regression test that a fake token never appears in trace attributes or emitted messages.
  • Evidence: checkTelegramReachability() calls runCurlProbe([... `https://api.telegram.org/bot${token}/getMe\` ...]). src/lib/adapters/http/probe.ts sanitizeCurlUrl() only clears username/password/query/hash before storing http.url, and the helper logs `Telegram reachability probe failed: ${result.message}` for unexpected probe failures.
• Fake-token compatibility path still lacks a source-of-truth contract (src/lib/onboard/telegram-reachability.ts:43): The PR intentionally preserves Telegram when Telegram rejects the bot token, apparently to support fake-token E2E scenarios. The helper unit test now covers the local 401 behavior, but the code still does not identify where the fake-token state is created, why that source cannot use a mocked probe or NEMOCLAW_SKIP_TELEGRAM_REACHABILITY, or when this compatibility behavior can be removed.
  • Recommendation: Document the supported contract for rejected/fake Telegram tokens at the source boundary or in the helper, add a fixture/caller-level regression test proving the configured Telegram channel remains present for that source, and include a removal condition or tracking issue if this is meant to be temporary.
  • Evidence: PR body: "fake-token E2E scenarios" caused Telegram to be dropped. Diff evidence: HTTP 401/404 logs a warning and returns without disabling Telegram. Test evidence covers helper 401 behavior, but no fixture/source-boundary documentation or removal condition is added.
• Caller-level channel-preservation regression is not directly tested (src/lib/onboard/telegram-reachability.test.ts:48): The new helper tests are useful and address the deleted-coverage concern, but the original regression occurred in setupMessagingChannels() removing telegram from the returned channel set. The current tests do not directly verify that setupMessagingChannels() returns Telegram for rejected-token or accepted-network-failure paths, and the rejected-token branch only exercises HTTP 401 even though the helper treats both 401 and 404 as token rejection.
  • Recommendation: Add a caller/callee contract test for setupMessagingChannels() showing Telegram remains in the returned channel list for fake/rejected tokens, and add a 404 token-rejection case or table-test 401/404 in the helper tests.
  • Evidence: setupMessagingChannels() now awaits checkTelegramReachability() without filtering the found/enabled channel set. The test file verifies helper behavior for HTTP 401, network curl codes, prompt accept/decline, and skip env, but it does not assert setupMessagingChannels() return values and does not cover HTTP 404.
• User-facing Telegram reachability behavior changed without docs or release notes (src/lib/onboard/telegram-reachability.ts:48): The PR changes CLI-visible onboarding behavior for rejected Telegram tokens and network reachability failures: rejected tokens now warn while preserving Telegram, and non-interactive network failures abort instead of skipping the optional channel. The PR explicitly leaves the docs checkbox unchecked.
  • Recommendation: Add or update user-facing notes for non-interactive Telegram reachability behavior, rejected/fake token handling if supported, and the NEMOCLAW_SKIP_TELEGRAM_REACHABILITY escape hatch.
  • Evidence: PR verification has `Docs updated for user-facing behavior changes` unchecked. Diff evidence: 401/404 now return after warning, while network curl failures call exit(1) in non-interactive mode and prompt interactively with default false.

🌱 Nice ideas

• None.

Since last review details

Current findings:

• Source-of-truth review needed: Telegram rejected/fake token compatibility during onboarding: The advisor marked localized patch analysis as needs_followup.
  • Recommendation: Identify the invalid state, source boundary, source-fix constraint, regression test, and removal condition before merging the localized behavior.
  • Evidence: HTTP 401/404 handling in checkTelegramReachability() logs a warning and returns; setupMessagingChannels() no longer removes telegram based on reachability.
• Telegram bot token can be exposed through probe URL tracing or failure messages (src/lib/onboard/telegram-reachability.ts:39): The reachability probe embeds the bot token in the URL path and passes that URL to the shared curl probe. The nearby probe sanitizer redacts userinfo, query parameters, and hashes, but not secret path segments such as /bot<TOKEN>/getMe. Unexpected failure handling may also print result.message, which is built from curl stderr/body and could include the requested URL from curl, proxies, or diagnostics.
  • Recommendation: Redact Telegram bot-token path segments before tracing or logging, or add a sensitive URL option to runCurlProbe so http.url and failure messages cannot contain /bot<TOKEN>/getMe. Add a regression test that a fake token never appears in trace attributes or emitted messages.
  • Evidence: checkTelegramReachability() calls runCurlProbe([... `https://api.telegram.org/bot${token}/getMe\` ...]). src/lib/adapters/http/probe.ts sanitizeCurlUrl() only clears username/password/query/hash before storing http.url, and the helper logs `Telegram reachability probe failed: ${result.message}` for unexpected probe failures.
• Fake-token compatibility path still lacks a source-of-truth contract (src/lib/onboard/telegram-reachability.ts:43): The PR intentionally preserves Telegram when Telegram rejects the bot token, apparently to support fake-token E2E scenarios. The helper unit test now covers the local 401 behavior, but the code still does not identify where the fake-token state is created, why that source cannot use a mocked probe or NEMOCLAW_SKIP_TELEGRAM_REACHABILITY, or when this compatibility behavior can be removed.
  • Recommendation: Document the supported contract for rejected/fake Telegram tokens at the source boundary or in the helper, add a fixture/caller-level regression test proving the configured Telegram channel remains present for that source, and include a removal condition or tracking issue if this is meant to be temporary.
  • Evidence: PR body: "fake-token E2E scenarios" caused Telegram to be dropped. Diff evidence: HTTP 401/404 logs a warning and returns without disabling Telegram. Test evidence covers helper 401 behavior, but no fixture/source-boundary documentation or removal condition is added.
• Caller-level channel-preservation regression is not directly tested (src/lib/onboard/telegram-reachability.test.ts:48): The new helper tests are useful and address the deleted-coverage concern, but the original regression occurred in setupMessagingChannels() removing telegram from the returned channel set. The current tests do not directly verify that setupMessagingChannels() returns Telegram for rejected-token or accepted-network-failure paths, and the rejected-token branch only exercises HTTP 401 even though the helper treats both 401 and 404 as token rejection.
  • Recommendation: Add a caller/callee contract test for setupMessagingChannels() showing Telegram remains in the returned channel list for fake/rejected tokens, and add a 404 token-rejection case or table-test 401/404 in the helper tests.
  • Evidence: setupMessagingChannels() now awaits checkTelegramReachability() without filtering the found/enabled channel set. The test file verifies helper behavior for HTTP 401, network curl codes, prompt accept/decline, and skip env, but it does not assert setupMessagingChannels() return values and does not cover HTTP 404.
• User-facing Telegram reachability behavior changed without docs or release notes (src/lib/onboard/telegram-reachability.ts:48): The PR changes CLI-visible onboarding behavior for rejected Telegram tokens and network reachability failures: rejected tokens now warn while preserving Telegram, and non-interactive network failures abort instead of skipping the optional channel. The PR explicitly leaves the docs checkbox unchecked.
  • Recommendation: Add or update user-facing notes for non-interactive Telegram reachability behavior, rejected/fake token handling if supported, and the NEMOCLAW_SKIP_TELEGRAM_REACHABILITY escape hatch.
  • Evidence: PR verification has `Docs updated for user-facing behavior changes` unchecked. Diff evidence: 401/404 now return after warning, while network curl failures call exit(1) in non-interactive mode and prompt interactively with default false.

Workflow run details

This is an automated advisory review. A human maintainer must make the final merge decision.

[github-actions]

E2E Advisor Recommendation

Required E2E: ubuntu-repo-cloud-openclaw-telegram
Optional E2E: messaging-providers-e2e, channels-add-remove-e2e

Dispatch hint: ubuntu-repo-cloud-openclaw-telegram

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• ubuntu-repo-cloud-openclaw-telegram (high): Directly exercises the affected real user flow: repo install/onboard in non-interactive mode with Telegram selected, Telegram credentials present, sandbox creation, and the messaging-telegram validation suite.

Optional E2E

• messaging-providers-e2e (high): Broad confidence check for Telegram messaging provider creation, credential isolation, placeholder configuration, network reachability through the sandbox/proxy path, and L7 token rewriting after onboarding messaging changes.
• channels-add-remove-e2e (high): Adjacent Telegram channel lifecycle coverage; useful to ensure Telegram channel add/rebuild/remove flows still work after changing onboarding-time Telegram reachability behavior.

New E2E recommendations

• Telegram reachability negative onboarding (high): Existing E2E coverage does not appear to hermetically force api.telegram.org curl-level failures during onboarding and assert the new contract: non-interactive onboarding aborts without leaving provider/sandbox side effects, while interactive users can explicitly continue.
  • Suggested test: telegram-reachability-negative-e2e
• Telegram invalid-token onboarding behavior (medium): The PR changes invalid-token handling to warn but keep Telegram enabled; add E2E coverage that onboards with a hermetic Telegram 401/404 response and verifies resulting provider/config state and user-visible warning.
  • Suggested test: telegram-invalid-token-onboard-e2e

Dispatch hint

• Workflow: .github/workflows/e2e-scenarios.yaml
• jobs input: ubuntu-repo-cloud-openclaw-telegram

[github-actions]

E2E Scenario Advisor Recommendation

Required scenario E2E: ubuntu-repo-cloud-openclaw-telegram
Optional scenario E2E: None

Dispatch required scenario E2E:

• gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=ubuntu-repo-cloud-openclaw-telegram

Workflow run

Full scenario advisor summary

E2E Scenario Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required scenario E2E

• ubuntu-repo-cloud-openclaw-telegram: Onboarding changes alter Telegram messaging reachability behavior and whether non-interactive onboarding aborts or keeps Telegram enabled. This scenario is the smallest ROUTES-listed scenario that exercises OpenClaw cloud onboarding with Telegram messaging and the messaging-telegram validation suite.
  • Dispatch: gh workflow run e2e-scenarios.yaml --ref <pr-head-ref> --field scenarios=ubuntu-repo-cloud-openclaw-telegram

Optional scenario E2E

• None.

Relevant changed files

• src/lib/onboard.ts
• src/lib/onboard/telegram-reachability.ts

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/lib/onboard.ts`:
- Around line 5581-5638: The checkTelegramReachability implementation was
inlined and inflated the onboard file; extract this logic into a small helper
module (e.g., a telegram reachability helper) and replace the inlined code with
a call to that helper to keep semantics identical. Specifically, move the
TELEGRAM_NETWORK_CURL_CODES constant and the body of checkTelegramReachability
(including the runCurlProbe call, the checks for result.ok, result.httpStatus
401/404, the curlStatus set membership, the interactive prompt via
promptYesNoOrDefault and isNonInteractive, and the final warning branches using
result.message) into the new helper function (e.g.,
checkTelegramReachabilityInHost or checkTelegramReachabilityProbe) and export
it; then import and invoke that helper from the onboard file so
checkTelegramReachability in the onboard file delegates to the extracted
function without changing behavior or logging.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: db95fe1f-df74-4d94-8113-36ecc98afd59

📥 Commits

Reviewing files that changed from the base of the PR and between d4d1f9a and 53c6a7d.

📒 Files selected for processing (3)

• src/lib/onboard.ts
• src/lib/onboard/telegram-reachability.test.ts
• src/lib/onboard/telegram-reachability.ts

💤 Files with no reviewable changes (2)

• src/lib/onboard/telegram-reachability.test.ts
• src/lib/onboard/telegram-reachability.ts

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26675957926
Target ref: 53c6a7d76b6644a2f0b9f5161ba047c897014c10
Workflow ref: main
Requested jobs: messaging-providers-e2e
Summary: 1 passed, 0 failed, 0 skipped

Job	Result
messaging-providers-e2e	✅ success

[coderabbitai]

🧹 Nitpick comments (1)

src/lib/onboard.ts (1)

5606-5610: Run the onboarding E2E slice before merge.

This change is small, but it sits directly on the Telegram gating path in core onboarding. I’d still run cloud-e2e, channels-stop-start-e2e, and messaging-compatible-endpoint-e2e on this branch before merge.

As per coding guidelines, src/lib/onboard.ts "contains core onboarding logic" and the recommended E2E jobs include cloud-e2e, channels-stop-start-e2e, and messaging-compatible-endpoint-e2e.

Also applies to: 5735-5739

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/onboard.ts` around lines 5606 - 5610, This change touches the
Telegram gating path in core onboarding: when
getValidatedMessagingTokenByEnvKey(...) returns a token the code calls
checkTelegramReachability(...), so before merging run the recommended E2E slices
to validate behavior; specifically execute the cloud-e2e,
channels-stop-start-e2e, and messaging-compatible-endpoint-e2e jobs (they cover
the onboarding flows involving getValidatedMessagingTokenByEnvKey and
checkTelegramReachability) and confirm no regressions in the onboarding flows
referenced around the checkTelegramReachability and surrounding onboarding logic
(also verify the same checks at the second occurrence noted in the comment).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/lib/onboard.ts`:
- Around line 5606-5610: This change touches the Telegram gating path in core
onboarding: when getValidatedMessagingTokenByEnvKey(...) returns a token the
code calls checkTelegramReachability(...), so before merging run the recommended
E2E slices to validate behavior; specifically execute the cloud-e2e,
channels-stop-start-e2e, and messaging-compatible-endpoint-e2e jobs (they cover
the onboarding flows involving getValidatedMessagingTokenByEnvKey and
checkTelegramReachability) and confirm no regressions in the onboarding flows
referenced around the checkTelegramReachability and surrounding onboarding logic
(also verify the same checks at the second occurrence noted in the comment).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 3ea826ba-dc0f-4e73-8440-d497db423196

📥 Commits

Reviewing files that changed from the base of the PR and between 53c6a7d and 61a1a92.

📒 Files selected for processing (3)

• src/lib/onboard.ts
• src/lib/onboard/telegram-reachability.test.ts
• src/lib/onboard/telegram-reachability.ts

[cv]

Closing in preference of #4555