Skip to content

chore: promote staging to staging-promote/946c040f-23134229055 (2026-03-16 15:23 UTC)#1246

Merged
henrypark133 merged 1 commit intostaging-promote/946c040f-23134229055from
staging-promote/63a23550-23151342222
Mar 16, 2026
Merged

chore: promote staging to staging-promote/946c040f-23134229055 (2026-03-16 15:23 UTC)#1246
henrypark133 merged 1 commit intostaging-promote/946c040f-23134229055from
staging-promote/63a23550-23151342222

Conversation

@ironclaw-ci
Copy link
Contributor

@ironclaw-ci ironclaw-ci bot commented Mar 16, 2026
edited by github-actions bot
Loading

Auto-promotion from staging CI

Batch range: 946c040fff27cde387de288371e1e6bb2c902289..63a23550d6b485de6eb3b9a8aefeee47de569ddd
Promotion branch: staging-promote/63a23550-23151342222
Base: staging-promote/946c040f-23134229055
Triggered by: Staging CI batch at 2026-03-16 15:23 UTC

Commits in this batch (1):

Current commits in this promotion (1)

Current base: staging-promote/946c040f-23134229055
Current head: staging-promote/63a23550-23151342222
Current range: origin/staging-promote/946c040f-23134229055..origin/staging-promote/63a23550-23151342222

Auto-updated by staging promotion metadata workflow

Waiting for gates:

  • Tests: pending
  • E2E: pending
  • Claude Code review: pending (will post comments on this PR)

Auto-created by staging-ci workflow

@henrypark133
feat: verify telegram owner during hot activation (#1157)
63a2355 
* feat(telegram): verify owner during hot activation

* fix(ci): satisfy no-panics and clippy checks

* fix(web): preserve relay activation status

* fix(telegram): redact setup errors

* fix(telegram): require owner verification code

* fix(telegram): allow code in conversational dm
@github-actions github-actions bot added scope: channel/web Web gateway channel scope: channel/wasm WASM channel runtime scope: extensions Extension management scope: docs Documentation size: XL 500+ changed lines risk: medium Business logic, config, or moderate-risk modules contributor: core 20+ merged PRs labels Mar 16, 2026
@claude
Copy link

claude bot commented Mar 16, 2026

Code review

Found 14 issues:

  1. [HIGH:95] Synchronous 120-second blocking poll in HTTP request handler

    The configure_telegram_binding() function performs a blocking polling loop (up to 120 seconds) while holding the HTTP request connection, blocking the Axum thread for the entire duration. This will starve other requests under load.

    https://github.com/anthropics/ironclaw/blob/63a2355e4d6b485de6eb3b9a8aefeee47de569ddd/src/extensions/manager.rs#L4275-L4353

  2. [HIGH:95] Hardcoded channel-specific logic violates CLAUDE.md architecture

    The PR introduces hardcoded Telegram-specific logic in setup.rs (line 173) and extensive Telegram handling in ExtensionManager, rather than using trait-based abstractions. CLAUDE.md states: "Prefer generic/extensible architectures over hardcoding specific integrations."

    https://github.com/anthropics/ironclaw/blob/63a2355e4d6b485de6eb3b9a8aefeee47de569ddd/src/channels/wasm/setup.rs#L173-L181

  3. [HIGH:92] Telegram-specific business logic bloats ExtensionManager

    The ExtensionManager now contains ~1200 lines of Telegram-specific logic (verification, binding resolution, challenge persistence) that should live in a Telegram-owned module, not in the extensions manager. This violates the "module-owned initialization" principle.

    https://github.com/anthropics/ironclaw/blob/63a2355e4d6b485de6eb3b9a8aefeee47de569ddd/src/extensions/manager.rs#L98-L248

  4. [MEDIUM:95] Response success/failure logic mismatch in chat auth handler

    In chat.rs, the handler unconditionally returns ActionResponse::ok() regardless of verification success, while server.rs correctly checks if verification succeeded. This causes failed verifications to be reported as successes to clients.

    https://github.com/anthropics/ironclaw/blob/63a2355e4d6b485de6eb3b9a8aefeee47de569ddd/src/channels/web/handlers/chat.rs#L115-L125

  5. [MEDIUM:75] Weak verification code entropy allows brute force

    The 8-character verification code (~47 bits entropy) with 120-second polling and 5-minute challenge TTL can be brute-forced across multiple accounts with no rate limiting on verify attempts.

  6. [MEDIUM:75] Multiple sequential database writes without transaction batching

    The configure_telegram_binding() performs set_channel_owner_id() and set_setting() as separate async calls without a transaction wrapper, creating a window where owner_id is persisted but bot_username is not.

    https://github.com/anthropics/ironclaw/blob/63a2355e4d6b485de6eb3b9a8aefeee47de569ddd/src/extensions/manager.rs#L4151-L4185

  7. [MEDIUM:82] Channel-specific configuration mappings lack extensibility

    The inject_channel_secrets_into_config() uses hardcoded match on channel names rather than a registry or trait-based mechanism, forcing every new channel needing config injection to modify the central setup.rs file.

  8. [MEDIUM:80] String concatenation in hot polling loop creates unbounded allocations

    The polling loop creates new JSON strings and URLs on every iteration via format!() calls (up to ~5 iterations over 120 seconds), causing unnecessary allocations.

    https://github.com/anthropics/ironclaw/blob/63a2355e4d6b485de6eb3b9a8aefeee47de569ddd/src/extensions/manager.rs#L4288-L4300

  9. [MEDIUM:78] Telegram constants scattered across module boundaries

    TELEGRAM_CHANNEL_NAME and bot_username_setting_key() are defined in telegram_host_config.rs but tightly couple setup.rs and extensions/manager.rs rather than being queried through trait abstractions.

    https://github.com/anthropics/ironclaw/blob/63a2355e4d6b485de6eb3b9a8aefeee47de569ddd/src/channels/wasm/mod.rs#L110-L111

  10. [MEDIUM:72] Telegram bot token exposed in logs without sanitization

    The bot token is interpolated into the URL format string for API requests. If HTTP middleware logging is enabled (common in debug mode), tokens could be exposed in request logs.

    https://github.com/anthropics/ironclaw/blob/63a2355e4d6b485de6eb3b9a8aefeee47de569ddd/src/extensions/manager.rs#L4288-L4289

  11. [MEDIUM:70] Race condition: bot_username saved before verification completes

    In the Pending branch, bot_username is written to database immediately before the user verifies ownership. If verification fails, the setting persists in a partially-initialized state.

    https://github.com/anthropics/ironclaw/blob/63a2355e4d6b485de6eb3b9a8aefeee47de569ddd/src/extensions/manager.rs#L4167-L4183

  12. [LOW:72] Test-only fields in ExtensionManager increase prod code surface

    The PR adds #[cfg(test)] fields to ExtensionManager that tie testing concerns to the production struct definition.

  13. [LOW:65] Missing URL encoding in Telegram deep_link

    The bot_username is directly interpolated into the deep link URL without URL encoding. While Telegram usernames are restricted, malformed API responses could generate invalid URLs.

  14. [LOW:65] Database query on every Telegram channel setup at startup

    Every Telegram WASM channel loaded at startup performs an async get_setting() call, causing N sequential queries that delay server startup with slow settings storage.

    https://github.com/anthropics/ironclaw/blob/63a2355e4d6b485de6eb3b9a8aefeee47de569ddd/src/channels/wasm/setup.rs#L173-L181

This was referenced Mar 16, 2026
Open
Open
Open
Open
Open
Open
@henrypark133 henrypark133 merged commit e212c00 into staging-promote/946c040f-23134229055 Mar 16, 2026
83 checks passed
@henrypark133 henrypark133 deleted the staging-promote/63a23550-23151342222 branch March 16, 2026 20:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

contributor: core 20+ merged PRs risk: medium Business logic, config, or moderate-risk modules scope: channel/wasm WASM channel runtime scope: channel/web Web gateway channel scope: docs Documentation scope: extensions Extension management size: XL 500+ changed lines staging-promotion

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@henrypark133