@inetafrica/open-claudia 1.14.5 → 1.14.7

package/bot-agent.js

@@ -719,6 +719,29 @@ function redactSensitive(value) {
     .replace(/([?&](?:token|access_token|refresh_token)=)[^\s&]+/gi, "$1[REDACTED]");
 }
 
+
+function stripTerminalControls(value) {
+  return String(value || "")
+    // OSC 8 hyperlinks and other OSC sequences
+    .replace(/\x1b\][\s\S]*?(?:\x07|\x1b\\)/g, "")
+    // CSI ANSI sequences
+    .replace(/\x1b\[[0-?]*[ -/]*[@-~]/g, "")
+    // remaining non-printing controls except newline/tab
+    .replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, "");
+}
+
+function isClaudeAuthUrl(url) {
+  try {
+    const u = new URL(url);
+    const host = u.hostname.toLowerCase();
+    return host === "claude.com" || host.endsWith(".claude.com") ||
+      host === "anthropic.com" || host.endsWith(".anthropic.com") ||
+      host === "localhost" || host === "127.0.0.1";
+  } catch (e) {
+    return false;
+  }
+}
+
 function looksLikeClaudeToken(value) {
   const text = String(value || "").trim();
   return /^sk-ant-[A-Za-z0-9._-]+$/.test(text) || text.length >= 80 && /^[A-Za-z0-9._=-]+$/.test(text);
@@ -786,7 +809,7 @@ function extractClaudeToken(text) {
 }
 
 function extractUrls(text) {
-  return [...String(text || "").matchAll(/https?:\/\/[^\s)]+/g)].map((m) => m[0]);
+  return [...stripTerminalControls(text).matchAll(/https?:\/\/[^\s)]+/g)].map((m) => m[0]);
 }
 
 
@@ -966,14 +989,16 @@ async function runClaudeAuthCommand(args, label, opts = {}) {
       await send(tokenStored ? "Claude OAuth token captured and stored. I did not print it." : "Claude OAuth token appeared, but I could not store it.");
     }
     for (const url of extractUrls(chunk)) {
+      if (!isClaudeAuthUrl(url)) continue;
       if (!sentUrls.has(url)) {
         sentUrls.add(url);
         await send(`${label} URL:\n${redactSensitive(url)}\n\nOpen it, complete the flow, then paste any code Claude asks for here.`);
       }
     }
-    const redacted = redactSensitive(chunk).trim();
+    const redacted = redactSensitive(stripTerminalControls(chunk)).trim();
     const now = Date.now();
-    if (redacted && now - lastSnippetAt > 3000 && !looksLikeClaudeToken(redacted)) {
+    const usefulAuthLine = /opening browser|paste code|enter code|login|auth|token|error|failed/i.test(redacted);
+    if (redacted && usefulAuthLine && now - lastSnippetAt > 3000 && !looksLikeClaudeToken(redacted) && !/github\.com\/vadimdemedes\/ink/i.test(redacted)) {
       lastSnippetAt = now;
       await send(redacted.length > 1200 ? redacted.slice(-1200) : redacted);
     }
@@ -986,12 +1011,17 @@ async function runClaudeAuthCommand(args, label, opts = {}) {
     pendingClaudeAuthLabel = null;
     const token = opts.captureToken ? extractClaudeToken(output) : null;
     if (token && !tokenStored) tokenStored = saveClaudeOAuthToken(token);
-    const final = redactSensitive(output.trim());
+    const cleaned = redactSensitive(stripTerminalControls(output))
+      .replace(/https?:\/\/github\.com\/vadimdemedes\/ink\S*/gi, "")
+      .trim();
+    const isTtyError = /raw mode is not supported|process\.stdin/i.test(output);
     if (tokenStored) {
       await send(`${label} finished. OAuth token stored for launchd/non-interactive Claude runs.`);
       await sendClaudeAuthStatusSummary("Post-auth check:");
-    } else if (final) {
-      await send(`${label} finished (exit ${code}).\n\n${final.slice(-2500)}`);
+    } else if (isTtyError && opts.captureToken) {
+      await send(`${label} cannot complete from this bot — the Claude CLI needs an interactive terminal for setup-token.\n\nRun this in your Mac terminal:\n  claude setup-token\n\nThen paste the token here with:\n  /use_oauth_token <token>`);
+    } else if (cleaned) {
+      await send(`${label} finished (exit ${code}).\n\n${cleaned.slice(-2500)}`);
       await sendClaudeAuthStatusSummary("Post-auth check:");
     } else {
       await send(`${label} finished (exit ${code}).`);

package/bot.js

@@ -781,6 +781,29 @@ function redactSensitive(value) {
     .replace(/([?&](?:token|access_token|refresh_token)=)[^\s&]+/gi, "$1[REDACTED]");
 }
 
+
+function stripTerminalControls(value) {
+  return String(value || "")
+    // OSC 8 hyperlinks and other OSC sequences
+    .replace(/\x1b\][\s\S]*?(?:\x07|\x1b\\)/g, "")
+    // CSI ANSI sequences
+    .replace(/\x1b\[[0-?]*[ -/]*[@-~]/g, "")
+    // remaining non-printing controls except newline/tab
+    .replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, "");
+}
+
+function isClaudeAuthUrl(url) {
+  try {
+    const u = new URL(url);
+    const host = u.hostname.toLowerCase();
+    return host === "claude.com" || host.endsWith(".claude.com") ||
+      host === "anthropic.com" || host.endsWith(".anthropic.com") ||
+      host === "localhost" || host === "127.0.0.1";
+  } catch (e) {
+    return false;
+  }
+}
+
 function looksLikeClaudeToken(value) {
   const text = String(value || "").trim();
   return /^sk-ant-[A-Za-z0-9._-]+$/.test(text) || text.length >= 80 && /^[A-Za-z0-9._=-]+$/.test(text);
@@ -848,7 +871,7 @@ function extractClaudeToken(text) {
 }
 
 function extractUrls(text) {
-  return [...String(text || "").matchAll(/https?:\/\/[^\s)]+/g)].map((m) => m[0]);
+  return [...stripTerminalControls(text).matchAll(/https?:\/\/[^\s)]+/g)].map((m) => m[0]);
 }
 
 
@@ -1028,14 +1051,16 @@ async function runClaudeAuthCommand(args, label, opts = {}) {
       await send(tokenStored ? "Claude OAuth token captured and stored. I did not print it." : "Claude OAuth token appeared, but I could not store it.");
     }
     for (const url of extractUrls(chunk)) {
+      if (!isClaudeAuthUrl(url)) continue;
       if (!sentUrls.has(url)) {
         sentUrls.add(url);
         await send(`${label} URL:\n${redactSensitive(url)}\n\nOpen it, complete the flow, then paste any code Claude asks for here.`);
       }
     }
-    const redacted = redactSensitive(chunk).trim();
+    const redacted = redactSensitive(stripTerminalControls(chunk)).trim();
     const now = Date.now();
-    if (redacted && now - lastSnippetAt > 3000 && !looksLikeClaudeToken(redacted)) {
+    const usefulAuthLine = /opening browser|paste code|enter code|login|auth|token|error|failed/i.test(redacted);
+    if (redacted && usefulAuthLine && now - lastSnippetAt > 3000 && !looksLikeClaudeToken(redacted) && !/github\.com\/vadimdemedes\/ink/i.test(redacted)) {
       lastSnippetAt = now;
       await send(redacted.length > 1200 ? redacted.slice(-1200) : redacted);
     }
@@ -1048,12 +1073,17 @@ async function runClaudeAuthCommand(args, label, opts = {}) {
     pendingClaudeAuthLabel = null;
     const token = opts.captureToken ? extractClaudeToken(output) : null;
     if (token && !tokenStored) tokenStored = saveClaudeOAuthToken(token);
-    const final = redactSensitive(output.trim());
+    const cleaned = redactSensitive(stripTerminalControls(output))
+      .replace(/https?:\/\/github\.com\/vadimdemedes\/ink\S*/gi, "")
+      .trim();
+    const isTtyError = /raw mode is not supported|process\.stdin/i.test(output);
     if (tokenStored) {
       await send(`${label} finished. OAuth token stored for launchd/non-interactive Claude runs.`);
       await sendClaudeAuthStatusSummary("Post-auth check:");
-    } else if (final) {
-      await send(`${label} finished (exit ${code}).\n\n${final.slice(-2500)}`);
+    } else if (isTtyError && opts.captureToken) {
+      await send(`${label} cannot complete from this bot — the Claude CLI needs an interactive terminal for setup-token.\n\nRun this in your Mac terminal:\n  claude setup-token\n\nThen paste the token here with:\n  /use_oauth_token <token>`);
+    } else if (cleaned) {
+      await send(`${label} finished (exit ${code}).\n\n${cleaned.slice(-2500)}`);
       await sendClaudeAuthStatusSummary("Post-auth check:");
     } else {
       await send(`${label} finished (exit ${code}).`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inetafrica/open-claudia",
-  "version": "1.14.5",
+  "version": "1.14.7",
   "description": "Your always-on AI coding assistant — Claude Code via Telegram",
   "main": "bot.js",
   "bin": {