npm - @inetafrica/open-claudia - Versions diffs - 1.14.2 → 1.14.4 - Mend

@inetafrica/open-claudia 1.14.2 → 1.14.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/bot-agent.js CHANGED Viewed

@@ -724,6 +724,25 @@ function looksLikeClaudeToken(value) {
   return /^sk-ant-[A-Za-z0-9._-]+$/.test(text) || text.length >= 80 && /^[A-Za-z0-9._=-]+$/.test(text);
 }
+function looksLikeClaudeAuthReply(value) {
+  const text = String(value || "").trim();
+  if (!text) return false;
+  if (looksLikeClaudeToken(text)) return true;
+  if (/^https?:\/\//i.test(text) && /claude|anthropic/i.test(text)) return true;
+  // OAuth callback/login codes are usually long, dense strings. Do not consume normal chat.
+  if (text.length >= 24 && !/\s/.test(text) && /^[A-Za-z0-9._~:/?#[\]@!$&'()*+,;=%-]+$/.test(text)) return true;
+  return false;
+}
+function clearPendingClaudeAuth() {
+  if (pendingClaudeAuthProcess && pendingClaudeAuthProcess.kill) {
+    try { pendingClaudeAuthProcess.kill("SIGTERM"); } catch (e) {}
+  }
+  pendingClaudeAuthProcess = null;
+  pendingClaudeAuthLabel = null;
+}
 function getClaudeOAuthToken() {
   if (config[CLAUDE_OAUTH_TOKEN_KEY]) return { value: config[CLAUDE_OAUTH_TOKEN_KEY], source: ".env" };
   if (process.env.CLAUDE_CODE_OAUTH_TOKEN) return { value: process.env.CLAUDE_CODE_OAUTH_TOKEN, source: "process env" };
@@ -1452,7 +1471,7 @@ bot.onText(/\/upgrade$/, async (msg) => {
     await send("Upgrading...");
   }
   try {
-    execSync("npm install -g @inetafrica/open-claudia@latest 2>&1", {
+    execSync(`npm install -g @inetafrica/open-claudia@${latest} 2>&1`, {
       encoding: "utf-8", timeout: 120000,
       cwd: process.env.HOME || require("os").homedir(),
       env: { ...process.env, PATH: FULL_PATH, HOME: process.env.HOME || require("os").homedir() },
@@ -1463,8 +1482,9 @@ bot.onText(/\/upgrade$/, async (msg) => {
     let whatsNew = "";
     try {
       const changelog = fs.readFileSync(path.join(root, "@inetafrica", "open-claudia", "CHANGELOG.md"), "utf-8");
-      const versionHeader = `## v${newPkg.version}`;
-      const start = changelog.indexOf(versionHeader);
+      let versionHeader = `## v${newPkg.version}`;
+      let start = changelog.indexOf(versionHeader);
+      if (start < 0) { versionHeader = `## ${newPkg.version}`; start = changelog.indexOf(versionHeader); }
       if (start >= 0) {
         const afterHeader = changelog.slice(start + versionHeader.length);
         const nextVersion = afterHeader.indexOf("\n## ");
@@ -1691,6 +1711,32 @@ bot.onText(/\/(?:auth_status|auth status)$/, async (msg) => {
   proc.on("error", async (err) => send(`Claude auth status failed: ${redactSensitive(err.message)}`));
 });
+bot.onText(/\/cancel_auth$/, async (msg) => {
+  if (!isAuthorized(msg)) return;
+  if (!pendingClaudeAuthProcess) return send("No Claude auth flow is pending.");
+  clearPendingClaudeAuth();
+  await send("Claude auth flow cancelled. Normal messages will go to the assistant again.");
+});
+bot.onText(/\/auth_code(?:\s+(.+))?$/, async (msg, match) => {
+  if (!isAuthorized(msg)) return;
+  const code = (match[1] || "").trim();
+  await deleteMessage(msg.message_id);
+  if (!pendingClaudeAuthProcess || pendingClaudeAuthLabel === "manual OAuth token save") {
+    return send("No Claude login flow is waiting for an auth code. Start with /login, or use /use_oauth_token for tokens.");
+  }
+  if (!code || !looksLikeClaudeAuthReply(code)) {
+    return send("That does not look like a Claude auth code/callback. Use /cancel_auth to cancel the login flow.");
+  }
+  try {
+    pendingClaudeAuthProcess.stdin.write(code + "\n");
+    await send("Auth code sent to Claude. I’ll confirm with auth status when Claude finishes.");
+  } catch (e) {
+    clearPendingClaudeAuth();
+    await send(`Could not send auth code to Claude: ${redactSensitive(e.message)}`);
+  }
+});
 bot.onText(/\/login$/, async (msg) => {
   if (!isAuthorized(msg)) return;
   await runClaudeAuthCommand(["auth", "login", "--claudeai", "--email", "sumeet@inet.africa"], "Claude login");
@@ -1959,28 +2005,23 @@ bot.on("message", async (msg) => {
   if (msg.voice || msg.audio || msg.photo || msg.document || msg.video || msg.sticker) return;
   if (isDuplicate(msg.message_id)) return;
-  // Handle pending Claude auth/token paste-back
-  if (pendingClaudeAuthProcess) {
+  // Handle pending manual OAuth token paste mode. Login codes must be sent explicitly
+  // with /auth_code so normal chat can never be deleted/consumed accidentally.
+  if (pendingClaudeAuthProcess && pendingClaudeAuthLabel === "manual OAuth token save") {
     const text = msg.text.trim();
-    await deleteMessage(msg.message_id);
-    if (pendingClaudeAuthLabel === "manual OAuth token save") {
-      pendingClaudeAuthProcess = null;
-      pendingClaudeAuthLabel = null;
-      if (!looksLikeClaudeToken(text)) { await send("That doesn't look like a Claude OAuth token. Not saved."); return; }
+    if (looksLikeClaudeToken(text)) {
+      await deleteMessage(msg.message_id);
+      clearPendingClaudeAuth();
       saveClaudeOAuthToken(text);
       await send(`Claude OAuth token stored in .env${vault.isUnlocked() ? " and vault" : ""}. Restart the bot so launchd picks it up, or use /restart.`);
-  await sendClaudeAuthStatusSummary("Stored token. Current Claude auth status:");
+      await sendClaudeAuthStatusSummary("Stored token. Current Claude auth status:");
       return;
     }
-    try {
-      pendingClaudeAuthProcess.stdin.write(text + "\n");
-      await send("Sent to Claude auth process. I’ll confirm when Claude finishes the auth check.");
-    } catch (e) {
-      pendingClaudeAuthProcess = null;
-      pendingClaudeAuthLabel = null;
-      await send(`Could not send to Claude auth process: ${redactSensitive(e.message)}`);
-    }
-    return;
+    await send("Token paste mode is active, but that does not look like a Claude OAuth token. I left your message visible and will handle it normally. Send /cancel_auth to stop token paste mode.");
+  }
+  if (pendingClaudeAuthProcess && pendingClaudeAuthLabel !== "manual OAuth token save") {
+    await send("Claude login is still waiting. I will not delete normal messages. If Claude gave you a code, send it as `/auth_code YOUR_CODE`, or use /cancel_auth.");
   }
   // Handle onboarding

package/bot.js CHANGED Viewed

@@ -786,6 +786,25 @@ function looksLikeClaudeToken(value) {
   return /^sk-ant-[A-Za-z0-9._-]+$/.test(text) || text.length >= 80 && /^[A-Za-z0-9._=-]+$/.test(text);
 }
+function looksLikeClaudeAuthReply(value) {
+  const text = String(value || "").trim();
+  if (!text) return false;
+  if (looksLikeClaudeToken(text)) return true;
+  if (/^https?:\/\//i.test(text) && /claude|anthropic/i.test(text)) return true;
+  // OAuth callback/login codes are usually long, dense strings. Do not consume normal chat.
+  if (text.length >= 24 && !/\s/.test(text) && /^[A-Za-z0-9._~:/?#[\]@!$&'()*+,;=%-]+$/.test(text)) return true;
+  return false;
+}
+function clearPendingClaudeAuth() {
+  if (pendingClaudeAuthProcess && pendingClaudeAuthProcess.kill) {
+    try { pendingClaudeAuthProcess.kill("SIGTERM"); } catch (e) {}
+  }
+  pendingClaudeAuthProcess = null;
+  pendingClaudeAuthLabel = null;
+}
 function getClaudeOAuthToken() {
   if (config[CLAUDE_OAUTH_TOKEN_KEY]) return { value: config[CLAUDE_OAUTH_TOKEN_KEY], source: ".env" };
   if (process.env.CLAUDE_CODE_OAUTH_TOKEN) return { value: process.env.CLAUDE_CODE_OAUTH_TOKEN, source: "process env" };
@@ -1483,7 +1502,7 @@ bot.onText(/\/upgrade$/, async (msg) => {
     await send("Upgrading...");
   }
   try {
-    execSync("npm install -g @inetafrica/open-claudia@latest 2>&1", {
+    execSync(`npm install -g @inetafrica/open-claudia@${latest} 2>&1`, {
       encoding: "utf-8", timeout: 120000,
       cwd: process.env.HOME || require("os").homedir(),
       env: { ...process.env, PATH: FULL_PATH, HOME: process.env.HOME || require("os").homedir() },
@@ -1500,8 +1519,9 @@ bot.onText(/\/upgrade$/, async (msg) => {
     let whatsNew = "";
     try {
       const changelog = fs.readFileSync(path.join(root, "@inetafrica", "open-claudia", "CHANGELOG.md"), "utf-8");
-      const versionHeader = `## v${newPkg.version}`;
-      const start = changelog.indexOf(versionHeader);
+      let versionHeader = `## v${newPkg.version}`;
+      let start = changelog.indexOf(versionHeader);
+      if (start < 0) { versionHeader = `## ${newPkg.version}`; start = changelog.indexOf(versionHeader); }
       if (start >= 0) {
         const afterHeader = changelog.slice(start + versionHeader.length);
         const nextVersion = afterHeader.indexOf("\n## ");
@@ -1722,6 +1742,32 @@ bot.onText(/\/(?:auth_status|auth status)$/, async (msg) => {
   proc.on("error", async (err) => send(`Claude auth status failed: ${redactSensitive(err.message)}`));
 });
+bot.onText(/\/cancel_auth$/, async (msg) => {
+  if (!isAuthorized(msg)) return;
+  if (!pendingClaudeAuthProcess) return send("No Claude auth flow is pending.");
+  clearPendingClaudeAuth();
+  await send("Claude auth flow cancelled. Normal messages will go to the assistant again.");
+});
+bot.onText(/\/auth_code(?:\s+(.+))?$/, async (msg, match) => {
+  if (!isAuthorized(msg)) return;
+  const code = (match[1] || "").trim();
+  await deleteMessage(msg.message_id);
+  if (!pendingClaudeAuthProcess || pendingClaudeAuthLabel === "manual OAuth token save") {
+    return send("No Claude login flow is waiting for an auth code. Start with /login, or use /use_oauth_token for tokens.");
+  }
+  if (!code || !looksLikeClaudeAuthReply(code)) {
+    return send("That does not look like a Claude auth code/callback. Use /cancel_auth to cancel the login flow.");
+  }
+  try {
+    pendingClaudeAuthProcess.stdin.write(code + "\n");
+    await send("Auth code sent to Claude. I’ll confirm with auth status when Claude finishes.");
+  } catch (e) {
+    clearPendingClaudeAuth();
+    await send(`Could not send auth code to Claude: ${redactSensitive(e.message)}`);
+  }
+});
 bot.onText(/\/login$/, async (msg) => {
   if (!isAuthorized(msg)) return;
   await runClaudeAuthCommand(["auth", "login", "--claudeai", "--email", "sumeet@inet.africa"], "Claude login");
@@ -1998,28 +2044,23 @@ bot.on("message", async (msg) => {
   if (msg.voice || msg.audio || msg.photo || msg.document || msg.video || msg.sticker) return;
   if (isDuplicate(msg.message_id)) return;
-  // Handle pending Claude auth/token paste-back
-  if (pendingClaudeAuthProcess) {
+  // Handle pending manual OAuth token paste mode. Login codes must be sent explicitly
+  // with /auth_code so normal chat can never be deleted/consumed accidentally.
+  if (pendingClaudeAuthProcess && pendingClaudeAuthLabel === "manual OAuth token save") {
     const text = msg.text.trim();
-    await deleteMessage(msg.message_id);
-    if (pendingClaudeAuthLabel === "manual OAuth token save") {
-      pendingClaudeAuthProcess = null;
-      pendingClaudeAuthLabel = null;
-      if (!looksLikeClaudeToken(text)) { await send("That doesn't look like a Claude OAuth token. Not saved."); return; }
+    if (looksLikeClaudeToken(text)) {
+      await deleteMessage(msg.message_id);
+      clearPendingClaudeAuth();
       saveClaudeOAuthToken(text);
       await send(`Claude OAuth token stored in .env${vault.isUnlocked() ? " and vault" : ""}. Restart the bot so launchd picks it up, or use /restart.`);
-  await sendClaudeAuthStatusSummary("Stored token. Current Claude auth status:");
+      await sendClaudeAuthStatusSummary("Stored token. Current Claude auth status:");
       return;
     }
-    try {
-      pendingClaudeAuthProcess.stdin.write(text + "\n");
-      await send("Sent to Claude auth process. I’ll confirm when Claude finishes the auth check.");
-    } catch (e) {
-      pendingClaudeAuthProcess = null;
-      pendingClaudeAuthLabel = null;
-      await send(`Could not send to Claude auth process: ${redactSensitive(e.message)}`);
-    }
-    return;
+    await send("Token paste mode is active, but that does not look like a Claude OAuth token. I left your message visible and will handle it normally. Send /cancel_auth to stop token paste mode.");
+  }
+  if (pendingClaudeAuthProcess && pendingClaudeAuthLabel !== "manual OAuth token save") {
+    await send("Claude login is still waiting. I will not delete normal messages. If Claude gave you a code, send it as `/auth_code YOUR_CODE`, or use /cancel_auth.");
   }
   // Handle onboarding

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@inetafrica/open-claudia",
-  "version": "1.14.2",
+  "version": "1.14.4",
   "description": "Your always-on AI coding assistant — Claude Code via Telegram",
   "main": "bot.js",
   "bin": {