feat(telegram): show HTTP version in per-request approval messages

Approval messages now display the negotiated HTTP version alongside
the request method, e.g. "GET https://example.com/api (HTTP/2)".
Helps distinguish HTTP/1.1 from HTTP/2 traffic in approval prompts.

Author: nnemirovsky

internal/channel/broker.go

@@ -136,6 +136,14 @@ func WithMethodAndPath(method, path string) RequestOption {
 	}
 }
 
+// WithHTTPVersion sets the negotiated HTTP version (e.g. "HTTP/2") for a
+// per-request approval so channels can display the protocol version.
+func WithHTTPVersion(version string) RequestOption {
+	return func(c *requestConfig) {
+		c.req.HTTPVersion = version
+	}
+}
+
 // WithBypassRateLimit tells the broker to skip the per-destination rate
 // limiter for this request. Per-request policy callers use this so a
 // keep-alive connection hammering a single destination does not silently

internal/channel/channel.go

@@ -71,8 +71,11 @@ type ApprovalRequest struct {
 	Method string
 	// Path is the request URL path for per-request approvals (e.g. "/users/me").
 	// Empty for connection-level approvals and non-HTTP protocols.
-	Path      string
-	CreatedAt time.Time
+	Path string
+	// HTTPVersion is the negotiated HTTP version (e.g. "HTTP/1.1", "HTTP/2").
+	// Empty for non-HTTP protocols.
+	HTTPVersion string
+	CreatedAt   time.Time
 }
 
 // Command represents an admin command received from a channel (e.g. Telegram

internal/proxy/addon.go

@@ -424,9 +424,14 @@ func (a *SluiceAddon) Requestheaders(f *mitmproxy.Flow) {
 	proto := a.detectRequestProtocol(f, connectPort)
 	protoStr := proto.String()
 
+	httpVer := f.Request.Proto
+	if httpVer == "" && f.ConnContext.ClientConn.NegotiatedProtocol == "h2" {
+		httpVer = "HTTP/2"
+	}
 	verdict, err := checker.CheckAndConsume(connectHost, connectPort,
 		WithRequestInfo(f.Request.Method, f.Request.URL.Path),
 		WithProtocol(protoStr),
+		WithHTTPVersion(httpVer),
 		WithSkipBrokerRateLimit(),
 	)
 	if err != nil {

internal/proxy/request_policy.go

@@ -214,6 +214,7 @@ type checkContext struct {
 	method          string
 	path            string
 	protocol        string
+	httpVersion     string
 	bypassRateLimit bool
 }
 
@@ -246,6 +247,14 @@ func WithProtocol(proto string) CheckOption {
 	}
 }
 
+// WithHTTPVersion attaches the negotiated HTTP version (e.g. "HTTP/2") so
+// channels can display it alongside the request.
+func WithHTTPVersion(version string) CheckOption {
+	return func(c *checkContext) {
+		c.httpVersion = version
+	}
+}
+
 // WithSkipBrokerRateLimit signals that the broker should skip its per-
 // destination rate limiter for this approval request. Use this for
 // per-request policy callers so that a keep-alive connection to a single
@@ -281,6 +290,9 @@ func (c *RequestPolicyChecker) resolveAsk(dest string, port int, eng *policy.Eng
 	if ctx.method != "" || ctx.path != "" {
 		reqOpts = append(reqOpts, channel.WithMethodAndPath(ctx.method, ctx.path))
 	}
+	if ctx.httpVersion != "" {
+		reqOpts = append(reqOpts, channel.WithHTTPVersion(ctx.httpVersion))
+	}
 	if ctx.bypassRateLimit {
 		reqOpts = append(reqOpts, channel.WithBypassRateLimit())
 	}

internal/telegram/bot.go

@@ -70,10 +70,14 @@ func FormatApprovalMessage(req channel.ApprovalRequest) string {
 		display = req.Protocol
 	}
 	if req.Method != "" {
+		ver := ""
+		if req.HTTPVersion != "" {
+			ver = " (" + htmlEscape(req.HTTPVersion) + ")"
+		}
 		return fmt.Sprintf(
-			"OpenClaw wants to connect to:\n\n%s %s:%d\n%s %s\n\nAllow this request?",
+			"OpenClaw wants to connect to:\n\n%s %s:%d\n%s %s%s\n\nAllow this request?",
 			htmlEscape(display), htmlEscape(req.Destination), req.Port,
-			htmlEscape(req.Method), htmlEscape(buildRequestURL(req)),
+			htmlEscape(req.Method), htmlEscape(buildRequestURL(req)), ver,
 		)
 	}
 	return fmt.Sprintf(