Implement Telegram AI assistant with WebApp viewer

[kukutz]

Summary

• add aiogram handlers for chat and inline modes, including streaming edits and web-app buttons
• implement OpenAI streaming client, markdown rendering utilities, and async repository layer
• expose FastAPI webhook and mini-app with static assets, plus project tooling and documentation

Testing

• ruff check app tests
• pytest

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Use bot token as HMAC key when validating WebApp init data

The WebApp signature validation computes the secret key with hmac.new(key=b"WebAppData", msg=settings.telegram_bot_token.encode(), ...), but Telegram requires the bot token to be the HMAC key and the literal string "WebAppData" to be the message. Because the parameters are swapped, every init payload in production will fail verification and /api/* endpoints will consistently return 401 even for legitimate clients. Swapping the arguments so the bot token is the key will align with Telegram’s spec and allow signed WebApp requests to succeed.

Useful? React with 👍 / 👎.