fix(core): tolerate missing optional SSM secrets (#72)

[cursor]

📝 Description

What

• Keep bot cold-start SSM batch loading limited to required Telegram secrets.
• Allow optional AI provider SSM parameters to be absent by loading them with required=False on first feature use.
• Add tests for optional SSM misses and bot config import behavior.

Why

• A missing optional groq-api-key, gemini-api-key, or deepseek-api-key parameter could make the bot Lambda fail during cold start before it can handle webhooks or SQS events.
• Optional provider keys should disable their dependent features, not take down the entire bot.

🚀 Type of Change

• 🐛 Bug Fix (Fix an issue)
• ✨ New Feature (Add a new feature)
• 🏗️ Infrastructure (CDK/AWS resource changes)
• ♻️ Refactoring (Code refactoring, no logic changes)
• 📚 Documentation (Documentation update)

🏗️ Infrastructure Changes (Crucial)

• Resources Created: None
• Resources Modified: None
• Resources Deleted: None
• Cost Impact: None

✅ Checklist

• I have performed a self-review of my code.
• I have run pre-commit run --all-files locally and fixed all issues.
• I have added/updated Unit Tests (pytest).
• My changes do not generate new warnings.
• (If Infra change) I have run cdk diff locally to verify changes.

🔗 Related Issues

• Closes feat(bot): explain multimodal + document auto summary #72

Verification

• python3 -m pytest tests/test_ssm_secrets.py tests/test_webhook.py tests/test_explain_enqueue.py tests/test_sqs_task_router.py (19 passed)
• python3 -m pytest (108 passed)

  

[github-actions]

📊 Infrastructure Changes Preview (Zerde Telegram Bot)

This PR will modify the following AWS resources:

ℹ️ No infrastructure changes detected

This PR only contains code changes (Lambda functions, etc.)

📋 Full CDK Diff Output

b'!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n'
b'!!                                                                                                                   !!\n'
b'!!  Node 20 has reached end-of-life on 2026-04-30 and will no longer be supported in new releases after 2026-10-30.  !!\n'
b'!!  Please upgrade to a supported node version as soon as possible.                                                  !!\n'
b'!!                                                                                                                   !!\n'
b'!!  This software is currently running on node v20.20.0.                                                             !!\n'
b'!!  As of the current release of this software, supported node releases are:                                         !!\n'
b'!!  - ^24.0.0 (Planned end-of-life: 2028-04-30)                                                                      !!\n'
b'!!  - ^22.0.0 (Planned end-of-life: 2027-04-30)                                                                      !!\n'
b'!!  - ^20.0.0 (Planned end-of-life: 2026-04-30) [DEPRECATED]                                                         !!\n'
b'!!                                                                                                                   !!\n'
b'!!  This warning can be silenced by setting the JSII_SILENCE_WARNING_DEPRECATED_NODE_VERSION environment variable.   !!\n'
b'!!                                                                                                                   !!\n'
b'!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n'
#0 building with "default" instance using docker driver

#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 1.82kB done
#1 DONE 0.0s

#2 [internal] load metadata for public.ecr.aws/sam/build-python3.13:latest
#2 DONE 0.1s

#3 [internal] load .dockerignore
#3 transferring context: 2B done
#3 DONE 0.0s

#4 [1/2] FROM public.ecr.aws/sam/build-python3.13:latest@sha256:be015b4dbfce398c76feb589c307073a48aed25b6accee4db41a481b78a490d2
#4 DONE 0.0s

#5 [2/2] RUN     python -m venv /usr/app/venv &&     mkdir /tmp/pip-cache &&     chmod -R 777 /tmp/pip-cache &&     pip install --upgrade pip &&     mkdir /tmp/poetry-cache &&     chmod -R 777 /tmp/poetry-cache &&     mkdir /tmp/uv-cache &&     chmod -R 777 /tmp/uv-cache &&     pip install pipenv==2022.4.8 poetry==1.5.1 uv==0.6.9 &&     rm -rf /tmp/pip-cache/* /tmp/poetry-cache/* /tmp/uv-cache/*
#5 CACHED

#6 exporting to image
#6 exporting layers done
#6 writing image sha256:f58f5fff9581f9ec3dfbf791dc5bb1550d9a142b0ad5be2021c6cb708b4bf5d0 done
#6 naming to docker.io/library/cdk-2f00c4750ff59e99d116a24eff743410b40db5d1bdfb8bf3dfedcc34816a707d 0.0s done
#6 DONE 0.0s
#0 building with "default" instance using docker driver

#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 1.82kB done
#1 DONE 0.0s

#2 [internal] load metadata for public.ecr.aws/sam/build-python3.13:latest
#2 DONE 0.1s

#3 [internal] load .dockerignore
#3 transferring context: 2B done
#3 DONE 0.0s

#4 [1/2] FROM public.ecr.aws/sam/build-python3.13:latest@sha256:be015b4dbfce398c76feb589c307073a48aed25b6accee4db41a481b78a490d2
#4 DONE 0.0s

#5 [2/2] RUN     python -m venv /usr/app/venv &&     mkdir /tmp/pip-cache &&     chmod -R 777 /tmp/pip-cache &&     pip install --upgrade pip &&     mkdir /tmp/poetry-cache &&     chmod -R 777 /tmp/poetry-cache &&     mkdir /tmp/uv-cache &&     chmod -R 777 /tmp/uv-cache &&     pip install pipenv==2022.4.8 poetry==1.5.1 uv==0.6.9 &&     rm -rf /tmp/pip-cache/* /tmp/poetry-cache/* /tmp/uv-cache/*
#5 CACHED

#6 exporting to image
#6 exporting layers done
#6 writing image sha256:f58f5fff9581f9ec3dfbf791dc5bb1550d9a142b0ad5be2021c6cb708b4bf5d0 done
#6 naming to docker.io/library/cdk-2f00c4750ff59e99d116a24eff743410b40db5d1bdfb8bf3dfedcc34816a707d done
#6 DONE 0.0s
#0 building with "default" instance using docker driver

#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 1.82kB done
#1 DONE 0.0s

#2 [internal] load metadata for public.ecr.aws/sam/build-python3.13:latest
#2 DONE 0.1s

#3 [internal] load .dockerignore
#3 transferring context: 2B done
#3 DONE 0.0s

#4 [1/2] FROM public.ecr.aws/sam/build-python3.13:latest@sha256:be015b4dbfce398c76feb589c307073a48aed25b6accee4db41a481b78a490d2
#4 DONE 0.0s

#5 [2/2] RUN     python -m venv /usr/app/venv &&     mkdir /tmp/pip-cache &&     chmod -R 777 /tmp/pip-cache &&     pip install --upgrade pip &&     mkdir /tmp/poetry-cache &&     chmod -R 777 /tmp/poetry-cache &&     mkdir /tmp/uv-cache &&     chmod -R 777 /tmp/uv-cache &&     pip install pipenv==2022.4.8 poetry==1.5.1 uv==0.6.9 &&     rm -rf /tmp/pip-cache/* /tmp/poetry-cache/* /tmp/uv-cache/*
#5 CACHED

#6 exporting to image
#6 exporting layers done
#6 writing image sha256:f58f5fff9581f9ec3dfbf791dc5bb1550d9a142b0ad5be2021c6cb708b4bf5d0 done
#6 naming to docker.io/library/cdk-2f00c4750ff59e99d116a24eff743410b40db5d1bdfb8bf3dfedcc34816a707d done
#6 DONE 0.0s
start: Building zerde-serverless-telegram-bot-dev Template
success: Built zerde-serverless-telegram-bot-dev Template
start: Publishing zerde-serverless-telegram-bot-dev Template (current_account-current_region-0d7e8c33)
success: Published zerde-serverless-telegram-bot-dev Template (current_account-current_region-0d7e8c33)
Hold on while we create a read-only change set to get a diff with accurate replacement information (use --method=template to use a less accurate but faster template-only diff)

Stack ZerdeServerlessTelegramBotStack-dev (zerde-serverless-telegram-bot-dev)
Resources
[~] AWS::Lambda::LayerVersion ZerdeServerlessZerdeCommonLayer ZerdeServerlessZerdeCommonLayer41490F86 replace
 └─ [~] Content (requires replacement)
     └─ [~] .S3Key:
         ├─ [-] 0dcc5891de830f6f76afa33dfb31eed76e8777a2639f009c03225b20751af5e3.zip
         └─ [+] fb15d5c05a5fad76ffeee4cb0746158cd2e92f08647d605d059f434f25f1bdb4.zip
[~] AWS::Lambda::Function ZerdeServerlessBot/ZerdeServerlessBotLambda ZerdeServerlessBotZerdeServerlessBotLambdaA4D02A14
 ├─ [~] Code
 │   └─ [~] .S3Key:
 │       ├─ [-] df87ab2e1e02879d3be2c59b3598082f9e21c7b1efa245cdbe230096d7d9e4fb.zip
 │       └─ [+] 4535e045a3cbff14c90d0d9f8887af5950e07c71958579d130891305603356a9.zip
 └─ [~] Environment
     └─ [~] .Variables:
         └─ [~] .CHAT_LANG_MAP:
             ├─ [-] {"-1001450935528": "kk", "-1001244628965": "kk", "-1003930600007": "zh", "-1002211083217": "zh", "-1002914248981": "ru"}
             └─ [+] {"-1001450935528": "kk", "-1001244628965": "kk", "-1002211083217": "zh", "-1003930600007": "zh", "-1002914248981": "ru"}
[~] AWS::Lambda::Function ZerdeServerlessQuiz/ZerdeServerlessQuizLambda ZerdeServerlessQuizZerdeServerlessQuizLambda4D9EA339
 └─ [~] Code
     └─ [~] .S3Key:
         ├─ [-] d9d7c1ef28c4be304708c4a3e7fae5d324d5b70daf1c3eb4d2355715272c9f83.zip
         └─ [+] b7faec796eb61c662cf722c4db31e312967fe96eebb817b56dcc1c3269c0a443.zip



✨  Number of stacks with differences: 1