Bot foundations + Telegram connector Add classical bot runtime (springtale-bot) with deterministic command routing and first chat connector (connector-telegram). No AI in the critical path — the entire bot operates with NoopAdapter. springtale-bot crate (new): - Command router: prefix, pattern, alias, fallback (longest-match for multi-word commands like /github create_issue) - 6 builtin handlers: /help, /status, /rules, /connectors, /prefs, /alias

  - Connector auto-registration: installed connector actions become commands
  - Session state per (user_id, channel_id) with SQLite isolation
  - Conversation memory with provenance tracking (author, source, trust_score) and random XChaCha20 nonces for Phase 2 encryption readiness
  - Truncation compaction (drop oldest beyond context window)
  - Bot identity: Ed25519 keypair stored in vault
  - Event loop: tokio::select! over connector + rule channels, never crashes on bad messages, dispatches actions with chain depth limits
  - HeadlessBot test harness for testing without Telegram
  - Alias runtime reload after /alias set/remove connector-telegram (new):
  - Hand-rolled Telegram Bot API client (no teloxide dependency)
  - 5 actions: send_message, send_photo, edit_message, delete_message,  send_inline_keyboard
  - 2 triggers: message_received, command_received
  - Long-polling loop with offset tracking (at-most-once delivery)
  - Webhook secret verification via subtle::ConstantTimeEq
  - Handles Telegram ok:false responses and 429 rate limiting  springtale-store extensions:
  - Migration 002: bot_sessions, user_prefs, bot_memory, bot_aliases tables
  - 12 new StorageBackend trait methods (sessions, prefs, memory, aliases)
  - Memory compaction with deterministic tie-breaking (created_at DESC, id DESC)

  springtaled integration:
  - Bot runtime initialized between job queue and API server in boot sequence
  - Optional [telegram] config section for connector instantiation
  - Polling dispatcher bridges sync callback to async bot channel via tokio::spawn
  - Response dispatcher routes bot replies through connector registry                                                                                                           Security:
  - #![forbid(unsafe_code)] on both new crates
  - All credentials in Secret<T> with SECURITY-annotated expose_secret() calls
  - Notifications default OFF (IPV safety — docs/current-arch/SECURITY.md §2.8)
  - Parameterized SQL throughout (no injection vectors)
  - Empty alias validation, chain depth limits (MAX_CHAIN_DEPTH)
  - Response channel failures logged (no silent drops)

Author: radicalkjax

Cargo.lock

@@ -10,7 +10,7 @@ members = [
   "crates/springtale-ai",
   "crates/springtale-mcp",
   # Phase 1b
-  # "crates/springtale-bot",
+  "crates/springtale-bot",
   # Phase 2a
   # "crates/springtale-sentinel",
   # Phase 1a connectors
@@ -22,7 +22,7 @@ members = [
   "connectors/connector-shell",
   "connectors/connector-http",
   # Phase 1b connectors
-  # "connectors/connector-telegram",
+  "connectors/connector-telegram",
   # Apps
   "apps/springtaled",
   "apps/springtale-cli",
@@ -141,4 +141,6 @@ springtale-connector  = { path = "crates/springtale-connector" }
 springtale-scheduler  = { path = "crates/springtale-scheduler" }
 springtale-store      = { path = "crates/springtale-store" }
 springtale-ai         = { path = "crates/springtale-ai" }
+springtale-bot        = { path = "crates/springtale-bot" }
 springtale-mcp        = { path = "crates/springtale-mcp" }
+connector-telegram    = { path = "connectors/connector-telegram" }

Cargo.toml

@@ -56,8 +56,9 @@ pub async fn run(action: ConnectorAction, store: &SqliteBackend, json: bool) ->
             println!("Removed connector: {name}");
         }
         ConnectorAction::Install { path } => {
-            let contents = std::fs::read_to_string(&path)
-                .map_err(|e| anyhow::anyhow!("failed to read manifest at {}: {e}", path.display()))?;
+            let contents = std::fs::read_to_string(&path).map_err(|e| {
+                anyhow::anyhow!("failed to read manifest at {}: {e}", path.display())
+            })?;
             let manifest: ConnectorManifest = toml::from_str(&contents)
                 .map_err(|e| anyhow::anyhow!("failed to parse manifest TOML: {e}"))?;
 
@@ -66,7 +67,9 @@ pub async fn run(action: ConnectorAction, store: &SqliteBackend, json: bool) ->
                 .map_err(|e| anyhow::anyhow!("manifest validation failed: {e}"))?;
 
             if manifest.signature.is_some() {
-                println!("  Note: manifest has signature — verification requires author key registry (Phase 2)");
+                println!(
+                    "  Note: manifest has signature — verification requires author key registry (Phase 2)"
+                );
             }
 
             let manifest_json = serde_json::to_string(&manifest)

apps/springtale-cli/src/commands/connector.rs

@@ -33,18 +33,15 @@ pub async fn run() -> Result<()> {
         }
 
         let keypair = Keypair::generate().context("failed to generate identity")?;
-        let mut vault = Vault::create(&vault_path, passphrase.as_bytes())
-            .context("failed to create vault")?;
+        let mut vault =
+            Vault::create(&vault_path, passphrase.as_bytes()).context("failed to create vault")?;
         // SECURITY: expose needed to persist identity key material
         vault
             .set("identity", keypair.expose_secret_bytes().to_vec())
             .context("failed to store identity")?;
         vault.save().context("failed to save vault")?;
 
-        println!(
-            "  Created vault at {}",
-            vault_path.display()
-        );
+        println!("  Created vault at {}", vault_path.display());
         println!(
             "  Generated identity: {}",
             hex::encode(keypair.node_id().as_bytes())
@@ -56,8 +53,7 @@ pub async fn run() -> Result<()> {
     if db_path.exists() {
         println!("  Database already exists at {}", db_path.display());
     } else {
-        let _store = SqliteBackend::open(&db_path)
-            .context("failed to create database")?;
+        let _store = SqliteBackend::open(&db_path).context("failed to create database")?;
         println!("  Created database at {}", db_path.display());
     }
 
@@ -87,12 +83,10 @@ bind = "127.0.0.1:8080"
             socket_path = data_dir.join("springtale.sock").display(),
         );
 
-        std::fs::write(&config_path, default_config)
-            .context("failed to write springtale.toml")?;
+        std::fs::write(&config_path, default_config).context("failed to write springtale.toml")?;
         println!("  Created {}", config_path.display());
     }
 
     println!("\nSpringtale initialized. Run `springtale server start` to begin.");
     Ok(())
 }
-

apps/springtale-cli/src/commands/init.rs

@@ -48,8 +48,9 @@ pub async fn run(action: RuleAction, store: &SqliteBackend, json: bool) -> Resul
             }
         }
         RuleAction::Add { file } => {
-            let contents = std::fs::read_to_string(&file)
-                .map_err(|e| anyhow::anyhow!("failed to read rule file at {}: {e}", file.display()))?;
+            let contents = std::fs::read_to_string(&file).map_err(|e| {
+                anyhow::anyhow!("failed to read rule file at {}: {e}", file.display())
+            })?;
 
             let rule: Rule = match file.extension().and_then(|ext| ext.to_str()) {
                 Some("toml") => toml::from_str(&contents)
@@ -59,10 +60,9 @@ pub async fn run(action: RuleAction, store: &SqliteBackend, json: bool) -> Resul
                 _ => {
                     // Try TOML first, then JSON
                     toml::from_str(&contents).or_else(|_| {
-                        serde_json::from_str(&contents)
-                            .map_err(|e| anyhow::anyhow!(
-                                "failed to parse rule file (tried TOML and JSON): {e}"
-                            ))
+                        serde_json::from_str(&contents).map_err(|e| {
+                            anyhow::anyhow!("failed to parse rule file (tried TOML and JSON): {e}")
+                        })
                     })?
                 }
             };
@@ -71,8 +71,8 @@ pub async fn run(action: RuleAction, store: &SqliteBackend, json: bool) -> Resul
             println!("Added rule: {} (id: {rule_id})", rule.name);
         }
         RuleAction::Run { id } => {
-            let uuid = uuid::Uuid::parse_str(&id)
-                .map_err(|e| anyhow::anyhow!("invalid rule ID: {e}"))?;
+            let uuid =
+                uuid::Uuid::parse_str(&id).map_err(|e| anyhow::anyhow!("invalid rule ID: {e}"))?;
             let rule_id = RuleId(uuid);
 
             // Load all rules and find the target
@@ -102,8 +102,8 @@ pub async fn run(action: RuleAction, store: &SqliteBackend, json: bool) -> Resul
             }
         }
         RuleAction::Toggle { id } => {
-            let uuid = uuid::Uuid::parse_str(&id)
-                .map_err(|e| anyhow::anyhow!("invalid rule ID: {e}"))?;
+            let uuid =
+                uuid::Uuid::parse_str(&id).map_err(|e| anyhow::anyhow!("invalid rule ID: {e}"))?;
             let rule_id = RuleId(uuid);
             // Toggle: read current state and flip
             let rules = store.list_rules().await?;

apps/springtale-cli/src/commands/rule.rs

@@ -20,7 +20,10 @@ pub async fn run() -> Result<()> {
         .with_context(|| format!("failed to start {}", springtaled_path.display()))?;
 
     // Wait for the child process
-    let status = child.wait().await.context("failed to wait for springtaled")?;
+    let status = child
+        .wait()
+        .await
+        .context("failed to wait for springtaled")?;
 
     if status.success() {
         println!("springtaled exited cleanly");

apps/springtale-cli/src/commands/server.rs

@@ -51,9 +51,10 @@ fn open_store() -> Result<SqliteBackend> {
         // Parse just the store section from config
         let figment = figment::Figment::new()
             .merge(<figment::providers::Toml as figment::providers::Format>::file(config_path))
-            .merge(figment::providers::Env::prefixed("SPRINGTALE_").map(|key| {
-                key.as_str().replace("__", ".").into()
-            }));
+            .merge(
+                figment::providers::Env::prefixed("SPRINGTALE_")
+                    .map(|key| key.as_str().replace("__", ".").into()),
+            );
 
         #[derive(serde::Deserialize, Default)]
         struct PartialConfig {

apps/springtale-cli/src/main.rs

@@ -31,7 +31,10 @@ springtale-connector = { workspace = true }
 springtale-scheduler = { workspace = true }
 springtale-store = { workspace = true }
 springtale-ai = { workspace = true }
+springtale-bot = { workspace = true }
 springtale-mcp = { workspace = true }
+connector-telegram = { workspace = true }
+secrecy = { workspace = true }
 
 [dev-dependencies]
 tokio = { workspace = true, features = ["test-util"] }

apps/springtaled/Cargo.toml

@@ -1,7 +1,7 @@
+use axum::Json;
 use axum::extract::{Path, State};
 use axum::http::StatusCode;
 use axum::response::IntoResponse;
-use axum::Json;
 
 use springtale_store::backend::trait_::StorageBackend;
 
@@ -31,9 +31,7 @@ pub async fn remove(
 ) -> Result<impl IntoResponse, StatusCode> {
     super::validate_path_param(&name)?;
     let mut registry = state.registry.write().await;
-    registry
-        .remove(&name)
-        .map_err(|_| StatusCode::NOT_FOUND)?;
+    registry.remove(&name).map_err(|_| StatusCode::NOT_FOUND)?;
 
     Ok((StatusCode::OK, Json(serde_json::json!({ "removed": name }))))
 }
@@ -45,9 +43,7 @@ pub async fn enable(
 ) -> Result<impl IntoResponse, StatusCode> {
     super::validate_path_param(&name)?;
     let mut registry = state.registry.write().await;
-    registry
-        .enable(&name)
-        .map_err(|_| StatusCode::NOT_FOUND)?;
+    registry.enable(&name).map_err(|_| StatusCode::NOT_FOUND)?;
 
     Ok((StatusCode::OK, Json(serde_json::json!({ "enabled": name }))))
 }
@@ -59,11 +55,12 @@ pub async fn disable(
 ) -> Result<impl IntoResponse, StatusCode> {
     super::validate_path_param(&name)?;
     let mut registry = state.registry.write().await;
-    registry
-        .disable(&name)
-        .map_err(|_| StatusCode::NOT_FOUND)?;
+    registry.disable(&name).map_err(|_| StatusCode::NOT_FOUND)?;
 
-    Ok((StatusCode::OK, Json(serde_json::json!({ "disabled": name }))))
+    Ok((
+        StatusCode::OK,
+        Json(serde_json::json!({ "disabled": name })),
+    ))
 }
 
 /// POST /connectors/install — install a connector from manifest JSON.
@@ -77,11 +74,10 @@ pub async fn install(
     Json(manifest): Json<springtale_connector::ConnectorManifest>,
 ) -> Result<impl IntoResponse, StatusCode> {
     // Validate manifest structure (name, version, no wildcard hosts)
-    springtale_connector::manifest::verify::verify_manifest(&manifest)
-        .map_err(|e| {
-            tracing::warn!(error = %e, "manifest validation failed");
-            StatusCode::BAD_REQUEST
-        })?;
+    springtale_connector::manifest::verify::verify_manifest(&manifest).map_err(|e| {
+        tracing::warn!(error = %e, "manifest validation failed");
+        StatusCode::BAD_REQUEST
+    })?;
 
     // If manifest has a signature, log that verification is deferred to Phase 2
     // (requires author public key registry which doesn't exist yet)
@@ -92,8 +88,8 @@ pub async fn install(
         );
     }
 
-    let manifest_json = serde_json::to_string(&manifest)
-        .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
+    let manifest_json =
+        serde_json::to_string(&manifest).map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
 
     let row = springtale_store::schema::connectors::ConnectorRow {
         name: manifest.name.clone(),

apps/springtaled/src/api/connectors.rs

@@ -1,6 +1,6 @@
+use axum::Json;
 use axum::extract::{Query, State};
 use axum::response::IntoResponse;
-use axum::Json;
 
 use springtale_store::backend::trait_::StorageBackend;
 use springtale_store::schema::events::EventFilter;
@@ -38,7 +38,11 @@ pub async fn list(
     let filter = EventFilter {
         connector_name: params.connector.clone(),
         limit: Some(clamped_limit),
-        offset: if params.offset > 0 { Some(params.offset) } else { None },
+        offset: if params.offset > 0 {
+            Some(params.offset)
+        } else {
+            None
+        },
         ..Default::default()
     };