From 06d6903d3cf16010e89914334aabcceab263d260 Mon Sep 17 00:00:00 2001
From: root <root@debian.debian>
Date: Tue, 14 Apr 2026 23:03:34 +0800
Subject: [PATCH] fix(telegram): escape Markdown special chars in
 send_exec_approval

The command preview and description were wrapped in Markdown v1 inline
code (backticks) without escaping, causing Telegram API parse errors
when the command itself contained backticks or asterisks.

Fixes: 'Can't parse entities: can't find end of the entity'
---
 gateway/platforms/telegram.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/gateway/platforms/telegram.py b/gateway/platforms/telegram.py
index 09af14f344..02e6beb000 100644
--- a/gateway/platforms/telegram.py
+++ b/gateway/platforms/telegram.py
@@ -1076,10 +1076,13 @@ class TelegramAdapter(BasePlatformAdapter):
 
         try:
             cmd_preview = command[:3800] + "..." if len(command) > 3800 else command
+            # Escape backticks that would break Markdown v1 inline code parsing
+            safe_cmd = cmd_preview.replace("`", "'")
+            safe_desc = description.replace("`", "'").replace("*", "∗")
             text = (
                 f"⚠️ *Command Approval Required*\n\n"
-                f"`{cmd_preview}`\n\n"
-                f"Reason: {description}"
+                f"`{safe_cmd}`\n\n"
+                f"Reason: {safe_desc}"
             )
 
             # Resolve thread context for thread replies