@inetafrica/open-claudia 1.0.2 → 1.0.4

package/bin/cli.js

@@ -18,6 +18,12 @@ switch (command) {
     require(path.join(botDir, "bot.js"));
     break;
 
+  case "auth":
+    // Pass through to setup.js auth mode
+    process.argv = [process.argv[0], process.argv[1], "--auth"];
+    require(path.join(botDir, "setup.js"));
+    break;
+
   case "stop":
     try {
       execSync('pkill -f "node.*bot.js"', { stdio: "inherit" });
@@ -28,7 +34,8 @@ switch (command) {
     break;
 
   case "logs":
-    const logFile = path.join(botDir, "bot.log");
+    const configDir = require(path.join(botDir, "config-dir"));
+    const logFile = path.join(configDir, "bot.log");
     try {
       execSync(`tail -50 "${logFile}"`, { stdio: "inherit" });
     } catch (e) {
@@ -51,6 +58,7 @@ Open Claudia — AI Coding Assistant via Telegram
 
 Commands:
   open-claudia setup    Interactive setup wizard
+  open-claudia auth     Manage chat authorizations
   open-claudia start    Start the bot
   open-claudia stop     Stop the bot
   open-claudia status   Check if running

package/bot.js

@@ -5,10 +5,11 @@ const path = require("path");
 const https = require("https");
 const cron = require("node-cron");
 const Vault = require("./vault");
+const CONFIG_DIR = require("./config-dir");
 
 // ── Load Config from .env ───────────────────────────────────────────
 function loadEnv() {
-  const envPath = path.join(__dirname, ".env");
+  const envPath = path.join(CONFIG_DIR, ".env");
   if (!fs.existsSync(envPath)) {
     console.error("No .env file found. Run: node setup.js");
     process.exit(1);
@@ -23,7 +24,7 @@ function loadEnv() {
 }
 
 function saveEnvKey(key, value) {
-  const envPath = path.join(__dirname, ".env");
+  const envPath = path.join(CONFIG_DIR, ".env");
   const content = fs.readFileSync(envPath, "utf-8");
   const lines = content.split("\n");
   let found = false;
@@ -37,15 +38,17 @@ function saveEnvKey(key, value) {
 
 const config = loadEnv();
 const TOKEN = config.TELEGRAM_BOT_TOKEN;
-const CHAT_ID = config.TELEGRAM_CHAT_ID;
+const CHAT_IDS = (config.TELEGRAM_CHAT_ID || "").split(",").map((s) => s.trim()).filter(Boolean);
+const CHAT_ID = CHAT_IDS[0]; // Primary owner chat for crons/notifications
 const WORKSPACE = config.WORKSPACE;
 const CLAUDE_PATH = config.CLAUDE_PATH;
 const WHISPER_CLI = config.WHISPER_CLI || "";
 const WHISPER_MODEL = config.WHISPER_MODEL || "";
 const FFMPEG = config.FFMPEG || "";
-const SOUL_FILE = config.SOUL_FILE || path.join(__dirname, "soul.md");
-const CRONS_FILE = config.CRONS_FILE || path.join(__dirname, "crons.json");
-const VAULT_FILE = config.VAULT_FILE || path.join(__dirname, "vault.enc");
+const SOUL_FILE = config.SOUL_FILE || path.join(CONFIG_DIR, "soul.md");
+const CRONS_FILE = config.CRONS_FILE || path.join(CONFIG_DIR, "crons.json");
+const VAULT_FILE = config.VAULT_FILE || path.join(CONFIG_DIR, "vault.enc");
+const AUTH_FILE = config.AUTH_FILE || path.join(CONFIG_DIR, "auth.json");
 const BOT_DIR = __dirname;
 
 // Detect PATH for subprocess
@@ -104,9 +107,59 @@ function resetSettings() {
 }
 
 function isAuthorized(msg) {
+  const chatId = String(msg.chat.id);
+  if (CHAT_IDS.includes(chatId)) return true;
+  // Also check auth.json for dynamically added chats
+  try {
+    const auth = JSON.parse(fs.readFileSync(AUTH_FILE, "utf-8"));
+    return auth.authorized.some((a) => a.chatId === chatId);
+  } catch (e) {}
+  return false;
+}
+
+function isOwner(msg) {
   return String(msg.chat.id) === CHAT_ID;
 }
 
+// ── Auth request handler (for unauthorized users) ──────────────────
+bot.onText(/\/auth$/, async (msg) => {
+  if (isAuthorized(msg)) {
+    bot.sendMessage(msg.chat.id, "You're already authorized.");
+    return;
+  }
+  const chatId = String(msg.chat.id);
+  const name = [msg.from?.first_name, msg.from?.last_name].filter(Boolean).join(" ");
+  const username = msg.from?.username || "";
+
+  // Add to pending in auth.json
+  let auth;
+  try {
+    auth = JSON.parse(fs.readFileSync(AUTH_FILE, "utf-8"));
+  } catch (e) {
+    auth = { authorized: [], pending: [] };
+  }
+
+  // Check if already pending
+  if (auth.pending.some((p) => p.chatId === chatId)) {
+    bot.sendMessage(msg.chat.id, "Your request is already pending. The bot owner will review it.");
+    return;
+  }
+
+  auth.pending.push({
+    chatId,
+    name,
+    username,
+    requestedAt: new Date().toISOString(),
+  });
+  fs.writeFileSync(AUTH_FILE, JSON.stringify(auth, null, 2));
+
+  bot.sendMessage(msg.chat.id, "Access requested! The bot owner will review your request.");
+
+  // Notify owner
+  const label = username ? `@${username}` : name;
+  bot.sendMessage(CHAT_ID, `New auth request from ${label} (${chatId}).\nRun 'open-claudia auth' to approve or deny.`);
+});
+
 // ── Onboarding ──────────────────────────────────────────────────────
 let onboardingStep = null; // null | "name" | "role" | "style" | "done"
 let onboardingData = {};

package/config-dir.js

@@ -0,0 +1,11 @@
+const path = require("path");
+const fs = require("fs");
+
+const CONFIG_DIR = path.join(process.env.HOME || require("os").homedir(), ".open-claudia");
+
+// Ensure directory exists
+if (!fs.existsSync(CONFIG_DIR)) {
+  fs.mkdirSync(CONFIG_DIR, { recursive: true });
+}
+
+module.exports = CONFIG_DIR;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inetafrica/open-claudia",
-  "version": "1.0.2",
+  "version": "1.0.4",
   "description": "Your always-on AI coding assistant — Claude Code via Telegram",
   "main": "bot.js",
   "bin": {
@@ -15,9 +15,8 @@
     "bot.js",
     "vault.js",
     "setup.js",
+    "config-dir.js",
     "bin/",
-    "soul.md",
-    "crons.json",
     ".env.example",
     "README.md"
   ],

package/setup.js

@@ -4,13 +4,17 @@ const readline = require("readline");
 const https = require("https");
 const fs = require("fs");
 const path = require("path");
+const crypto = require("crypto");
 const { execSync } = require("child_process");
 const Vault = require("./vault");
+const CONFIG_DIR = require("./config-dir");
 
-const ENV_FILE = path.join(__dirname, ".env");
-const VAULT_FILE = path.join(__dirname, "vault.enc");
-const SOUL_FILE = path.join(__dirname, "soul.md");
-const CRONS_FILE = path.join(__dirname, "crons.json");
+const ENV_FILE = path.join(CONFIG_DIR, ".env");
+const VAULT_FILE = path.join(CONFIG_DIR, "vault.enc");
+const SOUL_FILE = path.join(CONFIG_DIR, "soul.md");
+const CRONS_FILE = path.join(CONFIG_DIR, "crons.json");
+const AUTH_FILE = path.join(CONFIG_DIR, "auth.json");
+const SETUP_STATE_FILE = path.join(CONFIG_DIR, ".setup-state.json");
 
 const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
 const ask = (q) => new Promise((r) => rl.question(q, r));
@@ -44,71 +48,117 @@ const askHidden = (q) => new Promise((resolve) => {
   stdin.on("data", onData);
 });
 
-function testTelegramToken(token) {
+// ── Auth file helpers ──────────────────────────────────────────────
+
+function loadAuth() {
+  if (fs.existsSync(AUTH_FILE)) {
+    try { return JSON.parse(fs.readFileSync(AUTH_FILE, "utf-8")); } catch (e) {}
+  }
+  return { authorized: [], pending: [] };
+}
+
+function saveAuth(auth) {
+  fs.writeFileSync(AUTH_FILE, JSON.stringify(auth, null, 2));
+}
+
+// ── Setup state helpers ────────────────────────────────────────────
+
+function loadSetupState() {
+  if (fs.existsSync(SETUP_STATE_FILE)) {
+    try { return JSON.parse(fs.readFileSync(SETUP_STATE_FILE, "utf-8")); } catch (e) {}
+  }
+  return null;
+}
+
+function saveSetupState(state) {
+  fs.writeFileSync(SETUP_STATE_FILE, JSON.stringify(state, null, 2));
+}
+
+function clearSetupState() {
+  if (fs.existsSync(SETUP_STATE_FILE)) fs.unlinkSync(SETUP_STATE_FILE);
+}
+
+// ── Telegram helpers ───────────────────────────────────────────────
+
+function telegramGet(token, method, params = "") {
   return new Promise((resolve) => {
-    https.get(`https://api.telegram.org/bot${token}/getMe`, (res) => {
+    const qs = params ? `?${params}` : "";
+    https.get(`https://api.telegram.org/bot${token}/${method}${qs}`, (res) => {
       let data = "";
       res.on("data", (d) => { data += d; });
       res.on("end", () => {
-        try {
-          const json = JSON.parse(data);
-          resolve(json.ok ? json.result : null);
-        } catch (e) { resolve(null); }
+        try { resolve(JSON.parse(data)); } catch (e) { resolve({ ok: false }); }
       });
-    }).on("error", () => resolve(null));
+    }).on("error", () => resolve({ ok: false }));
   });
 }
 
-function sendTestMessage(token, chatId) {
+function telegramPost(token, method, body) {
   return new Promise((resolve) => {
-    const postData = `chat_id=${chatId}&text=${encodeURIComponent("Setup complete! Your Claude Code bot is connected.")}`;
+    const postData = Object.entries(body).map(([k, v]) => `${k}=${encodeURIComponent(v)}`).join("&");
     const req = https.request({
       hostname: "api.telegram.org",
-      path: `/bot${token}/sendMessage`,
+      path: `/bot${token}/${method}`,
       method: "POST",
       headers: { "Content-Type": "application/x-www-form-urlencoded" },
     }, (res) => {
       let data = "";
       res.on("data", (d) => { data += d; });
       res.on("end", () => {
-        try { resolve(JSON.parse(data).ok); } catch (e) { resolve(false); }
+        try { resolve(JSON.parse(data)); } catch (e) { resolve({ ok: false }); }
       });
     });
-    req.on("error", () => resolve(false));
+    req.on("error", () => resolve({ ok: false }));
     req.write(postData);
     req.end();
   });
 }
 
-function getUpdatesForChatId(token) {
-  return new Promise((resolve) => {
-    https.get(`https://api.telegram.org/bot${token}/getUpdates?limit=5`, (res) => {
-      let data = "";
-      res.on("data", (d) => { data += d; });
-      res.on("end", () => {
-        try {
-          const json = JSON.parse(data);
-          if (json.ok && json.result.length > 0) {
-            const msg = json.result[json.result.length - 1].message;
-            if (msg?.chat?.id) {
-              resolve({
-                chatId: String(msg.chat.id),
-                firstName: msg.from?.first_name || "",
-                lastName: msg.from?.last_name || "",
-                username: msg.from?.username || "",
-              });
-            } else {
-              resolve(null);
-            }
-          } else {
-            resolve(null);
-          }
-        } catch (e) { resolve(null); }
-      });
-    }).on("error", () => resolve(null));
-  });
+function testTelegramToken(token) {
+  return telegramGet(token, "getMe").then((r) => r.ok ? r.result : null);
+}
+
+function sendMessage(token, chatId, text) {
+  return telegramPost(token, "sendMessage", { chat_id: chatId, text }).then((r) => r.ok);
+}
+
+async function flushUpdates(token) {
+  const res = await telegramGet(token, "getUpdates", "offset=-1");
+  if (res.ok && res.result.length > 0) {
+    const lastId = res.result[res.result.length - 1].update_id;
+    await telegramGet(token, "getUpdates", `offset=${lastId + 1}`);
+  }
+}
+
+async function waitForAuthCode(token, code, timeoutSec = 60) {
+  const deadline = Date.now() + timeoutSec * 1000;
+  while (Date.now() < deadline) {
+    const res = await telegramGet(token, "getUpdates", "limit=10&timeout=2");
+    if (res.ok && res.result.length > 0) {
+      for (const update of res.result) {
+        const msg = update.message;
+        if (msg?.text?.trim() === code) {
+          // Acknowledge this update
+          await telegramGet(token, "getUpdates", `offset=${update.update_id + 1}`);
+          return {
+            chatId: String(msg.chat.id),
+            firstName: msg.from?.first_name || "",
+            lastName: msg.from?.last_name || "",
+            username: msg.from?.username || "",
+          };
+        }
+      }
+      // Acknowledge all updates
+      const lastId = res.result[res.result.length - 1].update_id;
+      await telegramGet(token, "getUpdates", `offset=${lastId + 1}`);
+    }
+    await new Promise((r) => setTimeout(r, 1000));
+  }
+  return null;
 }
 
+// ── System detection ───────────────────────────────────────────────
+
 function detectPlatform() {
   const platform = process.platform;
   if (platform === "darwin") return "macos";
@@ -144,6 +194,8 @@ function findWhisperModel() {
   return null;
 }
 
+// ── Daemon setup ───────────────────────────────────────────────────
+
 async function setupDaemon(platform) {
   const nodePath = process.execPath;
   const botPath = path.join(__dirname, "bot.js");
@@ -169,9 +221,9 @@ async function setupDaemon(platform) {
   <key>KeepAlive</key>
   <true/>
   <key>StandardOutPath</key>
-  <string>${path.join(__dirname, "bot.log")}</string>
+  <string>${path.join(CONFIG_DIR, "bot.log")}</string>
   <key>StandardErrorPath</key>
-  <string>${path.join(__dirname, "bot.log")}</string>
+  <string>${path.join(CONFIG_DIR, "bot.log")}</string>
   <key>EnvironmentVariables</key>
   <dict>
     <key>PATH</key>
@@ -200,8 +252,8 @@ WorkingDirectory=${__dirname}
 ExecStart=${nodePath} ${botPath}
 Restart=always
 RestartSec=10
-StandardOutput=append:${path.join(__dirname, "bot.log")}
-StandardError=append:${path.join(__dirname, "bot.log")}
+StandardOutput=append:${path.join(CONFIG_DIR, "bot.log")}
+StandardError=append:${path.join(CONFIG_DIR, "bot.log")}
 
 [Install]
 WantedBy=multi-user.target`;
@@ -225,155 +277,401 @@ WantedBy=multi-user.target`;
   return false;
 }
 
-async function main() {
-  console.log("\n  Claude Code Telegram Bot — Setup\n");
+// ── Auth subcommand ────────────────────────────────────────────────
+
+async function runAuth(token) {
+  if (!token) {
+    // Try to load from .env
+    if (fs.existsSync(ENV_FILE)) {
+      const lines = fs.readFileSync(ENV_FILE, "utf-8").split("\n");
+      for (const line of lines) {
+        const idx = line.indexOf("=");
+        if (idx > 0 && line.slice(0, idx).trim() === "TELEGRAM_BOT_TOKEN") {
+          token = line.slice(idx + 1).trim();
+        }
+      }
+    }
+    if (!token) {
+      console.log("  No .env found. Run 'open-claudia setup' first.");
+      process.exit(1);
+    }
+  }
 
-  // 1. Check prerequisites
-  console.log("Checking prerequisites...\n");
+  const auth = loadAuth();
 
-  const claudePath = findClaude();
-  if (!claudePath) {
-    console.log("  Claude Code CLI not found. Install it first:");
-    console.log("  https://docs.anthropic.com/en/docs/claude-code");
-    process.exit(1);
+  console.log("\n  Open Claudia — Chat Authorization\n");
+
+  // Show current authorized chats
+  if (auth.authorized.length > 0) {
+    console.log("  Authorized chats:");
+    for (const a of auth.authorized) {
+      const label = a.username ? `@${a.username}` : a.name || a.chatId;
+      const owner = a.isOwner ? " (owner)" : "";
+      console.log(`    ${a.chatId} — ${label}${owner}`);
+    }
+  } else {
+    console.log("  No authorized chats.");
   }
-  console.log(`  Claude CLI: ${claudePath}`);
 
-  // Check if Claude is authenticated
-  try {
-    const authCheck = execSync(`"${claudePath}" -p "say ok" --max-budget-usd 0.01 --output-format text 2>&1`, {
-      encoding: "utf-8", timeout: 30000,
-    });
-    console.log("  Claude auth: OK");
-  } catch (e) {
-    const errMsg = (e.stderr || e.stdout || e.message || "").toLowerCase();
-    if (errMsg.includes("auth") || errMsg.includes("login") || errMsg.includes("api key") || errMsg.includes("unauthorized")) {
-      console.log("  Claude auth: NOT LOGGED IN");
-      console.log("  Run 'claude auth' or 'claude login' to authenticate first.");
-      process.exit(1);
+  // Show pending requests
+  if (auth.pending.length > 0) {
+    console.log(`\n  Pending requests (${auth.pending.length}):\n`);
+    for (let i = 0; i < auth.pending.length; i++) {
+      const p = auth.pending[i];
+      const label = p.username ? `@${p.username}` : p.name || p.chatId;
+      const time = new Date(p.requestedAt).toLocaleString();
+      console.log(`    ${i + 1}. ${label} (${p.chatId}) — requested ${time}`);
     }
-    // Other errors (like budget exceeded) mean auth is fine
-    console.log("  Claude auth: OK");
+
+    console.log("");
+    const action = await ask("  Approve/deny? (e.g. 'approve 1', 'deny 2', or 'skip'): ");
+    const parts = action.trim().toLowerCase().split(/\s+/);
+
+    if (parts[0] === "approve" && parts[1]) {
+      const idx = parseInt(parts[1], 10) - 1;
+      if (idx >= 0 && idx < auth.pending.length) {
+        const approved = auth.pending.splice(idx, 1)[0];
+        auth.authorized.push({
+          chatId: approved.chatId,
+          name: approved.name,
+          username: approved.username,
+          isOwner: false,
+          authorizedAt: new Date().toISOString(),
+        });
+        saveAuth(auth);
+
+        // Update TELEGRAM_CHAT_ID in .env
+        const allIds = auth.authorized.map((a) => a.chatId).join(",");
+        updateEnvKey("TELEGRAM_CHAT_ID", allIds);
+
+        // Notify the approved user
+        const label = approved.username ? `@${approved.username}` : approved.name;
+        await sendMessage(token, approved.chatId, "Your access has been approved! You can now use the bot. Send /start to begin.");
+        console.log(`\n  Approved ${label}. They've been notified.`);
+      } else {
+        console.log("  Invalid number.");
+      }
+    } else if (parts[0] === "deny" && parts[1]) {
+      const idx = parseInt(parts[1], 10) - 1;
+      if (idx >= 0 && idx < auth.pending.length) {
+        const denied = auth.pending.splice(idx, 1)[0];
+        saveAuth(auth);
+        await sendMessage(token, denied.chatId, "Your access request was denied.");
+        const label = denied.username ? `@${denied.username}` : denied.name;
+        console.log(`\n  Denied ${label}.`);
+      } else {
+        console.log("  Invalid number.");
+      }
+    } else {
+      console.log("  Skipped.");
+    }
+  } else {
+    console.log("\n  No pending requests.");
   }
 
-  const platform = detectPlatform();
-  console.log(`  Platform: ${platform}`);
+  // Option to add a new chat
+  console.log("");
+  const addNew = await ask("  Authorize a new chat? (y/n) [n]: ");
+  if (addNew.toLowerCase() === "y") {
+    await authNewChat(token, auth);
+  }
 
-  const ffmpegPath = findFfmpeg();
-  const whisperPath = findWhisper();
-  const whisperModel = findWhisperModel();
-  console.log(`  FFmpeg: ${ffmpegPath || "not found (voice notes disabled)"}`);
-  console.log(`  Whisper: ${whisperPath || "not found (voice notes disabled)"}`);
   console.log("");
+  rl.close();
+}
+
+async function authNewChat(token, auth) {
+  const code = crypto.randomBytes(3).toString("hex").toUpperCase();
+
+  await flushUpdates(token);
 
-  // 2. Telegram credentials
-  console.log("Telegram Setup\n");
-  const token = await ask("  Bot token (from @BotFather): ");
+  console.log(`\n  Send this code to the bot in Telegram:\n`);
+  console.log(`    ${code}\n`);
+  console.log("  Waiting for code (60s)...");
 
-  console.log("\n  Testing token...");
-  const botInfo = await testTelegramToken(token);
-  if (!botInfo) {
-    console.log("  Invalid token. Check it and try again.");
-    process.exit(1);
+  const userInfo = await waitForAuthCode(token, code, 60);
+
+  if (!userInfo) {
+    console.log("  Timed out. No matching code received.");
+    return;
   }
-  console.log(`  Connected: @${botInfo.username} (${botInfo.first_name})\n`);
-
-  console.log("  Now send any message to your bot in Telegram...");
-  let chatId = null;
-  let userInfo = null;
-  for (let i = 0; i < 30; i++) {
-    userInfo = await getUpdatesForChatId(token);
-    if (userInfo) break;
-    process.stdout.write(".");
-    await new Promise((r) => setTimeout(r, 2000));
+
+  const name = [userInfo.firstName, userInfo.lastName].filter(Boolean).join(" ");
+  const handle = userInfo.username ? ` (@${userInfo.username})` : "";
+  console.log(`\n  Code received from: ${name}${handle}`);
+  console.log(`  Chat ID: ${userInfo.chatId}`);
+
+  // Check if already authorized
+  if (auth.authorized.some((a) => a.chatId === userInfo.chatId)) {
+    console.log("  Already authorized.");
+    return;
   }
-  console.log("");
 
-  if (!userInfo) {
-    console.log("  Didn't receive a message. Enter chat ID manually:");
-    chatId = await ask("  Chat ID: ");
-  } else {
-    const name = [userInfo.firstName, userInfo.lastName].filter(Boolean).join(" ");
-    const handle = userInfo.username ? ` (@${userInfo.username})` : "";
-    console.log(`  Message received from: ${name}${handle}`);
-    console.log(`  Chat ID: ${userInfo.chatId}`);
-    const approve = await ask(`\n  Authorize this user? (y/n) [y]: `);
-    if (approve.toLowerCase() === "n") {
-      console.log("  Declined. Send a message from the correct account and run setup again.");
+  const approve = await ask("  Authorize this chat? (y/n) [y]: ");
+  if (approve.toLowerCase() === "n") {
+    console.log("  Declined.");
+    return;
+  }
+
+  auth.authorized.push({
+    chatId: userInfo.chatId,
+    name,
+    username: userInfo.username,
+    isOwner: false,
+    authorizedAt: new Date().toISOString(),
+  });
+  saveAuth(auth);
+
+  // Update .env
+  const allIds = auth.authorized.map((a) => a.chatId).join(",");
+  updateEnvKey("TELEGRAM_CHAT_ID", allIds);
+
+  await sendMessage(token, userInfo.chatId, "You've been authorized! Send /start to begin.");
+  console.log("  Authorized and notified.");
+}
+
+function updateEnvKey(key, value) {
+  if (!fs.existsSync(ENV_FILE)) return;
+  const content = fs.readFileSync(ENV_FILE, "utf-8");
+  const lines = content.split("\n");
+  let found = false;
+  const updated = lines.map((line) => {
+    if (line.startsWith(key + "=")) { found = true; return `${key}=${value}`; }
+    return line;
+  });
+  if (!found) updated.push(`${key}=${value}`);
+  fs.writeFileSync(ENV_FILE, updated.join("\n"));
+}
+
+// ── Main setup (resumable) ─────────────────────────────────────────
+
+const STEPS = ["prerequisites", "telegram", "auth", "workspace", "vault", "config", "daemon"];
+
+async function main() {
+  // Check if this is an auth subcommand
+  const args = process.argv.slice(2);
+  if (args.includes("--auth") || args.includes("auth")) {
+    await runAuth();
+    return;
+  }
+
+  console.log("\n  Claude Code Telegram Bot — Setup\n");
+
+  // Load or create state
+  let state = loadSetupState() || { completedSteps: [], data: {} };
+  const resuming = state.completedSteps.length > 0;
+
+  if (resuming) {
+    const nextStep = STEPS.find((s) => !state.completedSteps.includes(s));
+    console.log(`  Resuming setup from: ${nextStep}\n`);
+    const cont = await ask("  Continue previous setup? (y/n) [y]: ");
+    if (cont.toLowerCase() === "n") {
+      state = { completedSteps: [], data: {} };
+      clearSetupState();
+      console.log("  Starting fresh.\n");
+    }
+  }
+
+  // ── Step: Prerequisites ──────────────────────────────────────────
+  if (!state.completedSteps.includes("prerequisites")) {
+    console.log("Checking prerequisites...\n");
+
+    const claudePath = findClaude();
+    if (!claudePath) {
+      console.log("  Claude Code CLI not found. Install it first:");
+      console.log("  https://docs.anthropic.com/en/docs/claude-code");
       process.exit(1);
     }
-    chatId = userInfo.chatId;
+    console.log(`  Claude CLI: ${claudePath}`);
+
+    try {
+      execSync(`"${claudePath}" -p "say ok" --max-budget-usd 0.01 --output-format text 2>&1`, {
+        encoding: "utf-8", timeout: 30000,
+      });
+      console.log("  Claude auth: OK");
+    } catch (e) {
+      const errMsg = (e.stderr || e.stdout || e.message || "").toLowerCase();
+      if (errMsg.includes("auth") || errMsg.includes("login") || errMsg.includes("api key") || errMsg.includes("unauthorized")) {
+        console.log("  Claude auth: NOT LOGGED IN");
+        console.log("  Run 'claude auth' or 'claude login' to authenticate first.");
+        process.exit(1);
+      }
+      console.log("  Claude auth: OK");
+    }
+
+    const platform = detectPlatform();
+    console.log(`  Platform: ${platform}`);
+
+    const ffmpegPath = findFfmpeg();
+    const whisperPath = findWhisper();
+    const whisperModel = findWhisperModel();
+    console.log(`  FFmpeg: ${ffmpegPath || "not found (voice notes disabled)"}`);
+    console.log(`  Whisper: ${whisperPath || "not found (voice notes disabled)"}`);
+    console.log("");
+
+    state.data.claudePath = claudePath;
+    state.data.platform = platform;
+    state.data.ffmpegPath = ffmpegPath || "";
+    state.data.whisperPath = whisperPath || "";
+    state.data.whisperModel = whisperModel || "";
+    state.completedSteps.push("prerequisites");
+    saveSetupState(state);
   }
 
-  // Test sending
-  console.log("  Sending test message...");
-  const sent = await sendTestMessage(token, chatId);
-  if (sent) {
-    console.log("  Test message sent! Check your Telegram.\n");
-  } else {
-    console.log("  Failed to send test message. Check chat ID.\n");
+  // ── Step: Telegram token ─────────────────────────────────────────
+  if (!state.completedSteps.includes("telegram")) {
+    console.log("Telegram Setup\n");
+    const token = await ask("  Bot token (from @BotFather): ");
+
+    console.log("\n  Testing token...");
+    const botInfo = await testTelegramToken(token);
+    if (!botInfo) {
+      console.log("  Invalid token. Check it and try again.");
+      process.exit(1);
+    }
+    console.log(`  Connected: @${botInfo.username} (${botInfo.first_name})\n`);
+
+    state.data.token = token;
+    state.data.botUsername = botInfo.username;
+    state.completedSteps.push("telegram");
+    saveSetupState(state);
   }
 
-  // 3. Workspace
-  const defaultWorkspace = path.join(process.env.HOME, "Workspace");
-  const workspace = (await ask(`  Workspace path [${defaultWorkspace}]: `)).trim() || defaultWorkspace;
+  // ── Step: Auth (code-based) ──────────────────────────────────────
+  if (!state.completedSteps.includes("auth")) {
+    const token = state.data.token;
+    const code = crypto.randomBytes(3).toString("hex").toUpperCase();
+
+    // Flush old updates
+    await flushUpdates(token);
+
+    console.log("  Chat Authorization\n");
+    console.log(`  Send this code to your bot in Telegram to verify your identity:\n`);
+    console.log(`    ${code}\n`);
+    console.log("  Waiting for code (60s)...");
+
+    const userInfo = await waitForAuthCode(token, code, 60);
+
+    if (!userInfo) {
+      console.log("\n  Timed out. No matching code received.");
+      console.log("  Run 'open-claudia setup' to retry from this step.");
+      process.exit(1);
+    }
+
+    const name = [userInfo.firstName, userInfo.lastName].filter(Boolean).join(" ");
+    const handle = userInfo.username ? ` (@${userInfo.username})` : "";
+    console.log(`\n  Verified: ${name}${handle}`);
+    console.log(`  Chat ID: ${userInfo.chatId}\n`);
+
+    // Send confirmation
+    console.log("  Sending test message...");
+    const sent = await sendMessage(token, userInfo.chatId, "Setup verified! Your Claude Code bot is connected.");
+    if (sent) {
+      console.log("  Test message sent! Check your Telegram.\n");
+    } else {
+      console.log("  Failed to send test message. Check chat ID.\n");
+    }
+
+    // Save to auth.json as owner
+    const auth = loadAuth();
+    auth.authorized = auth.authorized.filter((a) => a.chatId !== userInfo.chatId);
+    auth.authorized.push({
+      chatId: userInfo.chatId,
+      name,
+      username: userInfo.username,
+      isOwner: true,
+      authorizedAt: new Date().toISOString(),
+    });
+    saveAuth(auth);
+
+    state.data.chatId = userInfo.chatId;
+    state.completedSteps.push("auth");
+    saveSetupState(state);
+  }
 
-  // 4. Vault password
-  console.log("\n  Vault Setup");
-  console.log("  The vault encrypts API keys and credentials.\n");
-  const vaultPassword = await askHidden("  Set vault password: ");
-  const vaultConfirm = await askHidden("  Confirm password: ");
+  // ── Step: Workspace ──────────────────────────────────────────────
+  if (!state.completedSteps.includes("workspace")) {
+    const defaultWorkspace = path.join(process.env.HOME, "Workspace");
+    const workspace = (await ask(`  Workspace path [${defaultWorkspace}]: `)).trim() || defaultWorkspace;
 
-  if (vaultPassword !== vaultConfirm) {
-    console.log("  Passwords don't match. Try again.");
-    process.exit(1);
+    state.data.workspace = workspace;
+    state.completedSteps.push("workspace");
+    saveSetupState(state);
   }
 
-  // Create vault
-  const vault = new Vault(VAULT_FILE);
-  vault.create(vaultPassword);
-  console.log("  Vault created.\n");
-
-  // 5. Write .env
-  const env = [
-    `TELEGRAM_BOT_TOKEN=${token}`,
-    `TELEGRAM_CHAT_ID=${chatId}`,
-    `WORKSPACE=${workspace}`,
-    `CLAUDE_PATH=${claudePath}`,
-    `WHISPER_CLI=${whisperPath || ""}`,
-    `WHISPER_MODEL=${whisperModel || ""}`,
-    `FFMPEG=${ffmpegPath || ""}`,
-    `VAULT_FILE=${VAULT_FILE}`,
-    `SOUL_FILE=${SOUL_FILE}`,
-    `CRONS_FILE=${CRONS_FILE}`,
-    `ONBOARDED=false`,
-  ].join("\n");
-
-  fs.writeFileSync(ENV_FILE, env);
-  console.log(`  Config saved: ${ENV_FILE}\n`);
-
-  // 6. Create default files if missing
-  if (!fs.existsSync(CRONS_FILE)) {
-    fs.writeFileSync(CRONS_FILE, "[]");
+  // ── Step: Vault ──────────────────────────────────────────────────
+  if (!state.completedSteps.includes("vault")) {
+    console.log("\n  Vault Setup");
+    console.log("  The vault encrypts API keys and credentials.\n");
+    const vaultPassword = await askHidden("  Set vault password: ");
+    const vaultConfirm = await askHidden("  Confirm password: ");
+
+    if (vaultPassword !== vaultConfirm) {
+      console.log("  Passwords don't match. Run setup again to retry this step.");
+      process.exit(1);
+    }
+
+    const vault = new Vault(VAULT_FILE);
+    vault.create(vaultPassword);
+    console.log("  Vault created.\n");
+
+    state.completedSteps.push("vault");
+    saveSetupState(state);
   }
 
-  if (!fs.existsSync(SOUL_FILE)) {
-    fs.writeFileSync(SOUL_FILE, "# Soul\n\nYou are a helpful AI coding assistant running via Telegram.\n");
+  // ── Step: Write config ───────────────────────────────────────────
+  if (!state.completedSteps.includes("config")) {
+    const d = state.data;
+    const env = [
+      `TELEGRAM_BOT_TOKEN=${d.token}`,
+      `TELEGRAM_CHAT_ID=${d.chatId}`,
+      `WORKSPACE=${d.workspace}`,
+      `CLAUDE_PATH=${d.claudePath}`,
+      `WHISPER_CLI=${d.whisperPath}`,
+      `WHISPER_MODEL=${d.whisperModel}`,
+      `FFMPEG=${d.ffmpegPath}`,
+      `VAULT_FILE=${VAULT_FILE}`,
+      `SOUL_FILE=${SOUL_FILE}`,
+      `CRONS_FILE=${CRONS_FILE}`,
+      `AUTH_FILE=${AUTH_FILE}`,
+      `ONBOARDED=false`,
+    ].join("\n");
+
+    fs.writeFileSync(ENV_FILE, env);
+    console.log(`  Config saved: ${ENV_FILE}\n`);
+
+    if (!fs.existsSync(CRONS_FILE)) fs.writeFileSync(CRONS_FILE, "[]");
+    if (!fs.existsSync(SOUL_FILE)) {
+      fs.writeFileSync(SOUL_FILE, "# Soul\n\nYou are a helpful AI coding assistant running via Telegram.\n");
+    }
+
+    state.completedSteps.push("config");
+    saveSetupState(state);
   }
 
-  // 7. Daemon setup
-  console.log("  Daemon Setup\n");
-  const setupDaemonAnswer = await ask("  Install as background service? (y/n) [y]: ");
-  if (setupDaemonAnswer.toLowerCase() !== "n") {
-    await setupDaemon(platform);
-  } else {
-    console.log(`  Run manually: node ${path.join(__dirname, "bot.js")}`);
+  // ── Step: Daemon ─────────────────────────────────────────────────
+  if (!state.completedSteps.includes("daemon")) {
+    console.log("  Daemon Setup\n");
+    const setupDaemonAnswer = await ask("  Install as background service? (y/n) [y]: ");
+    if (setupDaemonAnswer.toLowerCase() !== "n") {
+      await setupDaemon(state.data.platform);
+    } else {
+      console.log(`  Run manually: node ${path.join(__dirname, "bot.js")}`);
+    }
+
+    state.completedSteps.push("daemon");
+    saveSetupState(state);
   }
 
+  // Done — clean up state file
+  clearSetupState();
   console.log("\n  Setup complete! Start chatting with your bot in Telegram.\n");
   rl.close();
 }
 
+// Allow running auth directly: node setup.js auth
+module.exports = { runAuth, loadAuth, saveAuth, AUTH_FILE };
+
 main().catch((e) => {
   console.error(e);
   process.exit(1);

package/crons.json

@@ -1 +0,0 @@
-[]

package/soul.md

@@ -1,39 +0,0 @@
-# Soul
-
-You are Sumeet's personal AI assistant, running 24/7 via a Telegram bot bridge to Claude Code.
-
-## Identity
-- Name: Just "Claude" — no need for a custom persona
-- Tone: Direct, concise, technical. Like a sharp senior engineer who's also a good friend.
-- Never over-explain. Sumeet is technical — he gets it.
-- Mobile-first: keep messages short. Send files for anything long.
-
-## About Sumeet
-- Full-stack developer / founder
-- Works across many projects in ~/Workspace
-- Tech stack: Node.js, React/Next.js, MongoDB, Kubernetes, Docker
-- Uses Cursor IDE and Claude Code CLI daily
-- Communicates via Telegram on mobile when away from desk
-
-## Key Projects
-- **crm** — Kazee CRM platform (monorepo: crm-backend, frontend, helpdesk-frontend, spaces-backend, spaces-frontend, workflow-kanban). MongoDB, Node.js backend, Next.js frontends.
-- **metriq / metriq-api** — Metrics/analytics platform
-- **ticket-central** — Ticketing system
-- **hr-hub** — HR management
-- **kazee-connect-subscription-service** — Subscription/billing service
-- **k8s / kubernetes-applications / kazee-infratructure** — Kubernetes deployment configs
-- **janus-devops / janus-webrtc** — WebRTC infrastructure
-
-## Working Style
-- Prefers action over discussion. Do the thing, then explain what you did.
-- Likes plans for big changes, but hates over-planning small ones.
-- Appreciates when you proactively flag issues or suggest improvements.
-- Send files directly via Telegram when output is long.
-
-## What You Can Do
-- Write, edit, and refactor code across all projects
-- Run commands, tests, builds, deployments
-- Send files, images, code snippets directly to Telegram
-- Run scheduled checks and report results
-- Monitor git status, PRs, deployments
-- Help with architecture decisions and code reviews