#14419: feat(extensions): add telegram-files Mini App

## Summary - Adds `telegram-files` extension: Telegram Mini App for managing agent workspace files from mobile - File browser, text editor, search, upload, and directory management via `/files` command - Secure pairing flow: one-time codes (5min TTL) → session tokens (24h TTL) via Telegram CloudStorage - Path traversal prevention via `fs.realpath()` + allowed path whitelist - Webapp built with Vite (vanilla TS, no framework); build: `pnpm --filter @openclaw/telegram-files build` ## Security - All file operations scoped to configured `allowedPaths` - CORS origin derived from `externalUrl` config; malformed URL defaults to deny - Token eviction: max 200 active, lazy cleanup of expired tokens - Pairing store capped at 100 codes to prevent memory growth - Error sanitization: internal paths stripped from responses - CSP headers restrict iframe embedding to Telegram origins - X-Content-Type-Options: nosniff on all JSON responses ## Test plan - [x] `pnpm build && pnpm check && pnpm test` passes - [x] All source files under 500 LOC limit - [x] Manually tested all file operations (ls, read, write, mkdir, delete, upload, search) - [x] Verified path traversal attempts are blocked - [x] Tested pairing code expiry and token lifecycle - [x] Tested Mini App in Telegram iOS and Android 🤖 AI-assisted development (Claude). Code has been thoroughly reviewed, security-hardened, and locally tested on VM. I understand what the code does. <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR adds a new `telegram-files` extension that exposes a Telegram Mini App (served under `/plugins/telegram-files/`) plus an authenticated HTTP API (`/plugins/telegram-files/api/*`) to browse, read, edit, upload, mkdir, delete, and search within configured `allowedPaths`. It also registers a `/files` command that generates a one-time pairing code and links to the Mini App, which exchanges that code for a 24h session token stored in Telegram CloudStorage. Main issue to address before merge: the custom static asset server’s directory traversal protection is implemented using naive string prefix checks and can be bypassed in certain path layouts (see comment). <h3>Confidence Score: 3/5</h3> - This PR has a must-fix security issue in static asset path validation before it’s safe to merge. - Most changes are additive and include basic auth/whitelisting, but the static file server’s traversal protection relies on `startsWith` without enforcing a path-segment boundary, which can allow serving files outside the intended dist directory in certain filesystem layouts. - extensions/telegram-files/src/static-server.ts <!-- greptile_other_comments_section --> _{(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!} **Context used:** - Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=fd949e91-5c3a-4ab5-90a1-cbe184fd6ce8)) - Context from `dashboard` - AGENTS.md ([source](https://app.greptile.com/review/custom-context?memory=0d0c8278-ef8e-4d6c-ab21-f5527e322f13)) <!-- /greptile_comment -->