@gonzih/cc-tg 0.2.10 → 0.2.12

package/dist/bot.d.ts

@@ -39,6 +39,7 @@ export declare class CcTgBot {
     private handleMcpVersion;
     private handleClearNpxCache;
     private handleRestart;
+    private handleGetFile;
     private killSession;
     stop(): void;
 }

package/dist/bot.js

@@ -5,7 +5,8 @@
 import TelegramBot from "node-telegram-bot-api";
 import { existsSync, createWriteStream, mkdirSync } from "fs";
 import { resolve, basename, join } from "path";
-import { execSync, spawn } from "child_process";
+import os from "os";
+import { execSync } from "child_process";
 import https from "https";
 import http from "http";
 import { ClaudeProcess, extractText } from "./claude.js";
@@ -22,6 +23,7 @@ const BOT_COMMANDS = [
     { command: "mcp_version", description: "Show cc-agent npm version and npx cache info" },
     { command: "clear_npx_cache", description: "Clear npx cache and restart MCP to pick up latest version" },
     { command: "restart", description: "Restart the bot process in-place" },
+    { command: "get_file", description: "Get a file from the server by path" },
 ];
 const FLUSH_DELAY_MS = 800; // debounce streaming chunks into one Telegram message
 const TYPING_INTERVAL_MS = 4000; // re-send typing action before Telegram's 5s expiry
@@ -137,6 +139,11 @@ export class CcTgBot {
             await this.handleRestart(chatId);
             return;
         }
+        // /get_file <path> — send a file from the server to the user
+        if (text.startsWith("/get_file")) {
+            await this.handleGetFile(chatId, text);
+            return;
+        }
         const session = this.getOrCreateSession(chatId);
         try {
             session.claude.sendPrompt(text);
@@ -334,21 +341,44 @@ export class CcTgBot {
             if (block.type !== "tool_use")
                 continue;
             const name = block.name;
-            if (!["Write", "Edit", "NotebookEdit"].includes(name))
-                continue;
             const input = block.input;
             if (!input)
                 continue;
-            // Write tool uses file_path, Edit uses file_path
-            const filePath = input.file_path ?? input.path;
-            if (!filePath)
-                continue;
-            // Resolve relative paths against cwd
-            const resolved = filePath.startsWith("/")
-                ? filePath
-                : resolve(cwd ?? process.cwd(), filePath);
-            console.log(`[claude:files] tracked written file: ${resolved}`);
-            session.writtenFiles.add(resolved);
+            if (["Write", "Edit", "NotebookEdit"].includes(name)) {
+                // Write tool uses file_path, Edit uses file_path
+                const filePath = input.file_path ?? input.path;
+                if (!filePath)
+                    continue;
+                // Resolve relative paths against cwd
+                const resolved = filePath.startsWith("/")
+                    ? filePath
+                    : resolve(cwd ?? process.cwd(), filePath);
+                console.log(`[claude:files] tracked written file: ${resolved}`);
+                session.writtenFiles.add(resolved);
+            }
+            else if (name === "Bash") {
+                const cmd = input.command ?? "";
+                // yt-dlp / ffmpeg -o "path"
+                const oFlag = cmd.match(/-o\s+["']?([^\s"']+\.[\w]{1,10})["']?/);
+                if (oFlag)
+                    session.writtenFiles.add(resolve(cwd ?? process.cwd(), oFlag[1]));
+                // mv source dest — track dest
+                const mvMatch = cmd.match(/\bmv\s+\S+\s+["']?([^\s"']+)["']?$/);
+                if (mvMatch)
+                    session.writtenFiles.add(resolve(cwd ?? process.cwd(), mvMatch[1]));
+                // cp source dest — track dest
+                const cpMatch = cmd.match(/\bcp\s+\S+\s+["']?([^\s"']+)["']?$/);
+                if (cpMatch)
+                    session.writtenFiles.add(resolve(cwd ?? process.cwd(), cpMatch[1]));
+                // curl -o path or wget -O path
+                const curlMatch = cmd.match(/curl\s+.*?-o\s+["']?([^\s"']+)["']?/);
+                if (curlMatch)
+                    session.writtenFiles.add(resolve(cwd ?? process.cwd(), curlMatch[1]));
+                // wget -O path
+                const wgetMatch = cmd.match(/wget\s+.*?-O\s+["']?([^\s"']+)["']?/);
+                if (wgetMatch)
+                    session.writtenFiles.add(resolve(cwd ?? process.cwd(), wgetMatch[1]));
+            }
         }
     }
     isSensitiveFile(filePath) {
@@ -362,8 +392,6 @@ export class CcTgBot {
         return sensitivePatterns.some((p) => p.test(name));
     }
     uploadMentionedFiles(chatId, resultText, session) {
-        if (session.writtenFiles.size === 0)
-            return;
         // Extract file path candidates from result text
         // Match: /absolute/path/file.ext or relative like ./foo/bar.csv or just foo.pdf
         const pathPattern = /(?:^|[\s`'"(])(\/?[\w.\-/]+\.[\w]{1,10})(?:[\s`'")\n]|$)/gm;
@@ -372,24 +400,38 @@ export class CcTgBot {
         while ((match = pathPattern.exec(resultText)) !== null) {
             candidates.add(match[1]);
         }
+        const safeDirs = ["/tmp/", "/var/folders/", os.homedir() + "/Downloads/"];
+        const isSafeDir = (p) => safeDirs.some(d => p.startsWith(d)) || p.startsWith(this.opts.cwd ?? process.cwd());
         const toUpload = [];
+        if (session.writtenFiles.size > 0) {
+            for (const candidate of candidates) {
+                // Try as-is (absolute), or resolve against cwd
+                const resolved = candidate.startsWith("/")
+                    ? candidate
+                    : resolve(this.opts.cwd ?? process.cwd(), candidate);
+                if (session.writtenFiles.has(resolved) && existsSync(resolved)) {
+                    toUpload.push(resolved);
+                }
+                else {
+                    // Also check by basename — result might mention just the filename
+                    for (const written of session.writtenFiles) {
+                        if (basename(written) === basename(candidate) && existsSync(written)) {
+                            toUpload.push(written);
+                            break;
+                        }
+                    }
+                }
+            }
+        }
+        // Also upload files mentioned in result text that exist in safe dirs
+        // even if not tracked via Write tool
         for (const candidate of candidates) {
-            // Try as-is (absolute), or resolve against cwd
             const resolved = candidate.startsWith("/")
                 ? candidate
                 : resolve(this.opts.cwd ?? process.cwd(), candidate);
-            if (session.writtenFiles.has(resolved) && existsSync(resolved)) {
+            if (existsSync(resolved) && isSafeDir(resolved) && !toUpload.includes(resolved)) {
                 toUpload.push(resolved);
             }
-            else {
-                // Also check by basename — result might mention just the filename
-                for (const written of session.writtenFiles) {
-                    if (basename(written) === basename(candidate) && existsSync(written)) {
-                        toUpload.push(written);
-                        break;
-                    }
-                }
-            }
         }
         // Deduplicate and filter sensitive files
         const unique = [...new Set(toUpload)];
@@ -613,22 +655,39 @@ export class CcTgBot {
         await this.bot.sendMessage(chatId, `NPX cache cleared and MCP restarted.${pidNote} Will pick up latest npm version on next call.`);
     }
     async handleRestart(chatId) {
-        await this.bot.sendMessage(chatId, "Restarting bot... brb.");
-        await new Promise(resolve => setTimeout(resolve, 1000));
-        this.stop();
-        const isLaunchd = process.ppid === 1;
-        if (!isLaunchd) {
-            // Running manually — spawn a replacement process
-            const child = spawn(process.execPath, process.argv.slice(1), {
-                detached: true,
-                stdio: "ignore",
-                env: process.env,
-            });
-            child.unref();
-        }
-        // If launchd-managed, just exit — launchd will restart us
+        await this.bot.sendMessage(chatId, "Restarting... brb.");
+        await new Promise(resolve => setTimeout(resolve, 500));
         process.exit(0);
     }
+    async handleGetFile(chatId, text) {
+        const arg = text.slice("/get_file".length).trim();
+        if (!arg) {
+            await this.bot.sendMessage(chatId, "Usage: /get_file <path>");
+            return;
+        }
+        const filePath = resolve(arg);
+        const safeDirs = ["/tmp/", "/var/folders/", os.homedir() + "/Downloads/", this.opts.cwd ?? process.cwd()];
+        const inSafeDir = safeDirs.some(d => filePath.startsWith(d));
+        if (!inSafeDir) {
+            await this.bot.sendMessage(chatId, "Access denied: path not in allowed directories");
+            return;
+        }
+        if (!existsSync(filePath)) {
+            await this.bot.sendMessage(chatId, `File not found: ${filePath}`);
+            return;
+        }
+        const { statSync } = await import("fs");
+        const stat = statSync(filePath);
+        if (!stat.isFile()) {
+            await this.bot.sendMessage(chatId, `Not a file: ${filePath}`);
+            return;
+        }
+        if (this.isSensitiveFile(filePath)) {
+            await this.bot.sendMessage(chatId, "Access denied: sensitive file");
+            return;
+        }
+        await this.bot.sendDocument(chatId, filePath);
+    }
     killSession(chatId, keepCrons = true) {
         const session = this.sessions.get(chatId);
         if (session) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gonzih/cc-tg",
-  "version": "0.2.10",
+  "version": "0.2.12",
   "description": "Claude Code Telegram bot — chat with Claude Code via Telegram",
   "type": "module",
   "bin": {