fix(policy): allow Telegram file downloads in default sandbox policy

[latenighthackathon]

Summary

• Add GET /file/bot*/** rule to the Telegram endpoint in the default sandbox policy

Related Issue

Closes #1301

Changes

The Telegram Bot API uses two path patterns:

• API calls: /bot<token>/getFile, /bot<token>/sendMessage — covered by existing /bot*/** rules
• File downloads: /file/bot<token>/<file_path> — not covered

When a user sends an audio message, photo, document, or video to the bot, OpenClaw calls getFile (works) then downloads the file from /file/bot<token>/<path> (blocked with 403).

Validated with OPA's glob.match:

• glob.match("/bot*/**", ["/"], "/file/bot123:ABC/voice/file.oga") → false (current — blocked)
• glob.match("/file/bot*/**", ["/"], "/file/bot123:ABC/voice/file.oga") → true (fix — allowed)

Credit

Reported by @after-ephemera in the NVIDIA Developer Discord community.

Testing

• OPA glob.match validation confirms the pattern matches file download paths
• No impact on existing API call rules (/bot*/** unchanged)
• Single line addition, no schema changes

Checklist

• Conventional commit format
• Scoped to issue, no unrelated changes
• No secrets or credentials

Summary by CodeRabbit

• Infrastructure Updates
  • Network policy updated to allow additional Telegram file-download endpoints (adds GET access for file transfers).
  • Improves Telegram bot integration by enabling retrieval of file resources while preserving existing bot API request permissions.

Signed-off-by: latenighthackathon latenighthackathon@users.noreply.github.com

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 15aa6f30-c374-4da0-9e13-956a25701bb1

📥 Commits

Reviewing files that changed from the base of the PR and between 353ddc1 and 3e05cb9.

📒 Files selected for processing (2)

• nemoclaw-blueprint/policies/openclaw-sandbox.yaml
• nemoclaw-blueprint/policies/presets/telegram.yaml

✅ Files skipped from review due to trivial changes (2)

• nemoclaw-blueprint/policies/presets/telegram.yaml
• nemoclaw-blueprint/policies/openclaw-sandbox.yaml

---

📝 Walkthrough

Walkthrough

Added a network policy rule to allow GET requests for Telegram file download paths (/file/bot*/**), enabling bots to download incoming attachments served from api.telegram.org.

Changes

Cohort / File(s)	Summary
Sandbox Policy nemoclaw-blueprint/policies/openclaw-sandbox.yaml	Added allow: { method: GET, path: "/file/bot*/**" } to network_policies.telegram.endpoints[host: api.telegram.org].rules.
Preset Update nemoclaw-blueprint/policies/presets/telegram.yaml	Added matching GET /file/bot*/** rule to the Telegram preset to align with the sandbox policy.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I hopped a path of bytes and beams,

Found files stuck just out of streams,
One small rule I left behind,
Now voices, docs, and stickers find,
Their way to paws and curious dreams.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a policy rule to allow Telegram file downloads in the default sandbox policy.
Linked Issues check	✅ Passed	The PR implementation directly addresses issue #1301 by adding the required GET rule for '/file/bot*/**' path to allow Telegram file downloads.
Out of Scope Changes check	✅ Passed	All changes are scoped to adding the single policy rule for Telegram file downloads; no extraneous modifications present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

nemoclaw-blueprint/policies/openclaw-sandbox.yaml (1)

186-188: LGTM — rule correctly enables Telegram file downloads.

The glob pattern /file/bot*/** accurately matches Telegram's file download endpoint structure (/file/bot<token>/<file_path>), and restricting to GET is appropriate for read-only file retrieval.

Note: The preset policy at nemoclaw-blueprint/policies/presets/telegram.yaml only defines rules for /bot*/** and does not include this /file/bot*/** rule. Consider updating the preset as well for consistency, so users who apply the Telegram preset also get file download support.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@nemoclaw-blueprint/policies/openclaw-sandbox.yaml` around lines 186 - 188,
The preset policy for Telegram (telegram.yaml) is missing the file-download rule
present in openclaw-sandbox.yaml; add an allow rule for GET with the path
pattern /file/bot*/** to the telegram.yaml preset so the preset matches the
sandbox behavior and enables Telegram file downloads for users applying the
preset.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@nemoclaw-blueprint/policies/openclaw-sandbox.yaml`:
- Around line 186-188: The preset policy for Telegram (telegram.yaml) is missing
the file-download rule present in openclaw-sandbox.yaml; add an allow rule for
GET with the path pattern /file/bot*/** to the telegram.yaml preset so the
preset matches the sandbox behavior and enables Telegram file downloads for
users applying the preset.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3afeddfa-8752-408f-9071-2db30bcc3b7b

📥 Commits

Reviewing files that changed from the base of the PR and between 8f631ae and 2eb34ae.

📒 Files selected for processing (1)

• nemoclaw-blueprint/policies/openclaw-sandbox.yaml

[prekshivyas]

Clean and correct — thanks @latenighthackathon!

• Glob pattern validated with OPA glob.match ✓
• GET-only for file downloads (least privilege) ✓
• Applied consistently to both openclaw-sandbox.yaml and presets/telegram.yaml ✓
• Additive rule, no regression risk to existing /bot*/** rules ✓

Confirmed this is still needed post-#1081 since native OpenClaw channels inside the sandbox still make outbound requests to api.telegram.org through policy enforcement.

LGTM.