- Add logging.getLogger("httpx/httpcore").setLevel(WARNING) to prevent
token-embedded API URLs from leaking through transport-level loggers
- Add _mask_token() helper showing only last 4 chars of token
- Fix validate_bot_token() exception handler: log exc type + masked token
instead of raw exc which may contain the full URL in some httpx versions
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add validate_bot_token() to backend/telegram.py: calls getMe on startup,
logs ERROR if token is invalid (never raises per #1215 contract)
- Call validate_bot_token() in lifespan() after db.init_db() for early detection
- Update conftest.py make_app_client() to mock getMe endpoint
- Add 3 tests for validate_bot_token (200, 401, network error cases)
Root cause: CHAT_ID=5190015988 (positive) was wrong — fixed to -5190015988
on server per decision #1212. Group "Big Red Button" confirmed via getChat.
Service restarted.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
