npm - @inetafrica/open-claudia - Versions diffs - 1.14.5 → 1.14.6 - Mend

@inetafrica/open-claudia 1.14.5 → 1.14.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/bot-agent.js CHANGED Viewed

@@ -719,6 +719,29 @@ function redactSensitive(value) {
     .replace(/([?&](?:token|access_token|refresh_token)=)[^\s&]+/gi, "$1[REDACTED]");
 }
+function stripTerminalControls(value) {
+  return String(value || "")
+    // OSC 8 hyperlinks and other OSC sequences
+    .replace(/\x1b\][\s\S]*?(?:\x07|\x1b\\)/g, "")
+    // CSI ANSI sequences
+    .replace(/\x1b\[[0-?]*[ -/]*[@-~]/g, "")
+    // remaining non-printing controls except newline/tab
+    .replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, "");
+}
+function isClaudeAuthUrl(url) {
+  try {
+    const u = new URL(url);
+    const host = u.hostname.toLowerCase();
+    return host === "claude.com" || host.endsWith(".claude.com") ||
+      host === "anthropic.com" || host.endsWith(".anthropic.com") ||
+      host === "localhost" || host === "127.0.0.1";
+  } catch (e) {
+    return false;
+  }
+}
 function looksLikeClaudeToken(value) {
   const text = String(value || "").trim();
   return /^sk-ant-[A-Za-z0-9._-]+$/.test(text) || text.length >= 80 && /^[A-Za-z0-9._=-]+$/.test(text);
@@ -786,7 +809,7 @@ function extractClaudeToken(text) {
 }
 function extractUrls(text) {
-  return [...String(text || "").matchAll(/https?:\/\/[^\s)]+/g)].map((m) => m[0]);
+  return [...stripTerminalControls(text).matchAll(/https?:\/\/[^\s)]+/g)].map((m) => m[0]);
 }
@@ -966,14 +989,16 @@ async function runClaudeAuthCommand(args, label, opts = {}) {
       await send(tokenStored ? "Claude OAuth token captured and stored. I did not print it." : "Claude OAuth token appeared, but I could not store it.");
     }
     for (const url of extractUrls(chunk)) {
+      if (!isClaudeAuthUrl(url)) continue;
       if (!sentUrls.has(url)) {
         sentUrls.add(url);
         await send(`${label} URL:\n${redactSensitive(url)}\n\nOpen it, complete the flow, then paste any code Claude asks for here.`);
       }
     }
-    const redacted = redactSensitive(chunk).trim();
+    const redacted = redactSensitive(stripTerminalControls(chunk)).trim();
     const now = Date.now();
-    if (redacted && now - lastSnippetAt > 3000 && !looksLikeClaudeToken(redacted)) {
+    const usefulAuthLine = /opening browser|paste code|enter code|login|auth|token|error|failed/i.test(redacted);
+    if (redacted && usefulAuthLine && now - lastSnippetAt > 3000 && !looksLikeClaudeToken(redacted) && !/github\.com\/vadimdemedes\/ink/i.test(redacted)) {
       lastSnippetAt = now;
       await send(redacted.length > 1200 ? redacted.slice(-1200) : redacted);
     }

package/bot.js CHANGED Viewed

@@ -781,6 +781,29 @@ function redactSensitive(value) {
     .replace(/([?&](?:token|access_token|refresh_token)=)[^\s&]+/gi, "$1[REDACTED]");
 }
+function stripTerminalControls(value) {
+  return String(value || "")
+    // OSC 8 hyperlinks and other OSC sequences
+    .replace(/\x1b\][\s\S]*?(?:\x07|\x1b\\)/g, "")
+    // CSI ANSI sequences
+    .replace(/\x1b\[[0-?]*[ -/]*[@-~]/g, "")
+    // remaining non-printing controls except newline/tab
+    .replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, "");
+}
+function isClaudeAuthUrl(url) {
+  try {
+    const u = new URL(url);
+    const host = u.hostname.toLowerCase();
+    return host === "claude.com" || host.endsWith(".claude.com") ||
+      host === "anthropic.com" || host.endsWith(".anthropic.com") ||
+      host === "localhost" || host === "127.0.0.1";
+  } catch (e) {
+    return false;
+  }
+}
 function looksLikeClaudeToken(value) {
   const text = String(value || "").trim();
   return /^sk-ant-[A-Za-z0-9._-]+$/.test(text) || text.length >= 80 && /^[A-Za-z0-9._=-]+$/.test(text);
@@ -848,7 +871,7 @@ function extractClaudeToken(text) {
 }
 function extractUrls(text) {
-  return [...String(text || "").matchAll(/https?:\/\/[^\s)]+/g)].map((m) => m[0]);
+  return [...stripTerminalControls(text).matchAll(/https?:\/\/[^\s)]+/g)].map((m) => m[0]);
 }
@@ -1028,14 +1051,16 @@ async function runClaudeAuthCommand(args, label, opts = {}) {
       await send(tokenStored ? "Claude OAuth token captured and stored. I did not print it." : "Claude OAuth token appeared, but I could not store it.");
     }
     for (const url of extractUrls(chunk)) {
+      if (!isClaudeAuthUrl(url)) continue;
       if (!sentUrls.has(url)) {
         sentUrls.add(url);
         await send(`${label} URL:\n${redactSensitive(url)}\n\nOpen it, complete the flow, then paste any code Claude asks for here.`);
       }
     }
-    const redacted = redactSensitive(chunk).trim();
+    const redacted = redactSensitive(stripTerminalControls(chunk)).trim();
     const now = Date.now();
-    if (redacted && now - lastSnippetAt > 3000 && !looksLikeClaudeToken(redacted)) {
+    const usefulAuthLine = /opening browser|paste code|enter code|login|auth|token|error|failed/i.test(redacted);
+    if (redacted && usefulAuthLine && now - lastSnippetAt > 3000 && !looksLikeClaudeToken(redacted) && !/github\.com\/vadimdemedes\/ink/i.test(redacted)) {
       lastSnippetAt = now;
       await send(redacted.length > 1200 ? redacted.slice(-1200) : redacted);
     }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@inetafrica/open-claudia",
-  "version": "1.14.5",
+  "version": "1.14.6",
   "description": "Your always-on AI coding assistant — Claude Code via Telegram",
   "main": "bot.js",
   "bin": {