overpod/mcp-telegram

What's new

Profile write tools (8 new tools)

These tools require a Telegram Premium subscription where noted.

| Tool | Description |
|------|-------------|
| telegram-set-emoji-status | Set or clear your emoji status — pass documentId (from a sticker set) + optional until Unix timestamp. Pass clear=true to remove. |
| telegram-list-emoji-statuses | List popular emoji statuses available to set. Returns up to 200 entries with documentId, title, accessHash. |
| telegram-clear-recent-emoji-statuses | Clear your recently used emoji status history. |
| telegram-set-profile-color | Set your profile accent color (0–7 for standard colors, or a custom palette color ID). Optionally set backgroundEmojiId. Requires Premium for custom colors. |
| telegram-set-birthday | Set or clear your birthday on your Telegram profile. Accepts day, month, and optional year. Pass clear=true to remove. |
| telegram-set-personal-channel | Link or unlink a personal channel shown on your profile. Pass channelId (username or numeric ID) or clear=true. |
| telegram-set-profile-photo | Upload a new profile photo from an absolute local filesystem path (URLs rejected). Returns the new photo ID. |
| telegram-delete-profile-photos | Delete one or more profile photos by their numeric IDs (from telegram-get-profile). Returns deleted and missing arrays. |

Telegram Business tools (9 new tools)

All require an active Telegram Business subscription.

Chat links:

| Tool | Description |
|------|-------------|
| telegram-get-business-chat-links | List all business chat links with their slug, pre-filled message, title, and view count. |
| telegram-create-business-chat-link | Create a t.me/m/… link that opens a chat with you pre-filled with a message. Supports message, title (admin label), parseMode (md/html). |
| telegram-edit-business-chat-link | Edit an existing link by slug. Same fields as create. |
| telegram-delete-business-chat-link | Delete a business chat link by slug. |
| telegram-resolve-business-chat-link | Resolve a slug to see the peer it opens and the pre-filled message. |

Business profile:

| Tool | Description |
|------|-------------|
| telegram-set-business-hours | Set weekly work hours schedule (IANA timezone + per-day openFrom/openTo in 24h HH:MM). Multiple ranges per day are supported. Pass clear=true to disable. |
| telegram-set-business-location | Set your business address and optional geo coordinates. Pass clear=true to remove. |
| telegram-set-business-greeting | Configure an auto-reply greeting for new conversations using a quick reply shortcut as template. Audience filtering: all_new, contacts_only, non_contacts, existing_only. Pass clear=true to disable. |
| telegram-set-business-away | Set an away message for when you're offline or outside work hours. Schedule modes: always, outside_hours, custom (with customFrom/customTo Unix timestamps). Pass clear=true to disable. |
| telegram-set-business-intro | Set the intro card (title + description) shown to new users opening your chat. Optional illustrative sticker via stickerId + stickerAccessHash + stickerFileReference (all three required together). Pass clear=true to remove. |

Security improvements

• telegram-set-profile-photo: filePath validated with isSafeAbsolutePath — rejects URLs, relative paths, and path traversal attempts
• telegram-set-business-intro: stickerFileReference validated as even-length hex string before Buffer.from(hex, "hex")
• telegram-delete-profile-photos: photoIds elements validated as pure numeric strings (prevents injection via crafted IDs)

Tests

30 new unit tests covering all 17 tools, including minute-of-week conversion tests that call the actual service and assert on the TL request. 475 tests total.