npm - @inetafrica/open-claudia - Versions diffs - 1.19.0 → 1.19.2 - Mend

@inetafrica/open-claudia 1.19.0 → 1.19.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,12 @@
 # Changelog
+## v1.19.2
+- Docker images now bake in the OpenAI Codex CLI (`@openai/codex`), so `/codex` and Codex auth commands are available in container/Kubernetes deployments after rollout.
+- Documented that direct npm installs still need optional backend CLIs installed on the host, while Docker images include the Codex CLI.
+## v1.19.1
+- `/auth` requests now send the owner Telegram Approve/Deny buttons, while preserving the existing `auth.json` and CLI approval flow.
 ## v1.19.0
 - Added `/doctor` / `/requirements`: mobile-friendly checks for Node.js, Claude/Cursor/Codex CLI versions and auth, optional ffmpeg/Whisper voice stack, workspace writability, and config dir writability
 - `/upgrade` now includes a post-upgrade requirements/auth summary before restarting, so missing CLIs or auth breakage is visible immediately

package/Dockerfile CHANGED Viewed

@@ -11,6 +11,9 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 RUN curl -fsSL https://claude.ai/install.sh | sh || \
     npm install -g @anthropic-ai/claude-code
+# Install OpenAI Codex CLI for the /codex backend
+RUN npm install -g @openai/codex
 # Create non-root user (Claude Code refuses --dangerously-skip-permissions as root)
 # node:20-slim already has uid/gid 1000 (node user). Create claudia with different IDs.
 RUN groupadd -g 1001 claudia && useradd -u 1001 -g 1001 -m -d /data claudia

package/README.md CHANGED Viewed

@@ -66,6 +66,8 @@ codex login               # Opens browser to authenticate
 codex --version           # Verify it works
 ```
+Docker images include the Codex CLI. Direct npm installs still need optional backend CLIs installed on the host.
 > **Important**: Claude Code can use macOS Keychain when you log in interactively, but a launchd/background bot may not be able to read that Keychain session. Open Claudia v1.14.0 adds Telegram auth helpers and supports `CLAUDE_CODE_OAUTH_TOKEN` for non-interactive Claude runs. Prefer `/setup_token` then `/use_oauth_token` if Telegram shows Claude auth/keychain errors.
 ### 2. Install Open Claudia
@@ -249,14 +251,14 @@ Voice notes are transcribed locally — nothing sent to external services.
 The setup owner is automatically authorized. To add more users:
 **From Telegram** (unauthorized users):
-- Send `/auth` to the bot — the owner gets notified
+- Send `/auth` to the bot — the owner gets an Approve/Deny button prompt in Telegram
 **From the terminal** (owner):
 ```bash
 open-claudia auth
 ```
-This shows authorized chats, pending requests, and lets you approve/deny or add new users with code verification.
+This shows authorized chats, pending requests, and lets you approve/deny or add new users with code verification. Telegram button approvals use the same `auth.json` authorization list.
 Authorized chats are separate from identity links. By default each Telegram chat uses `telegram:<chatId>` as its user id. To share one session/history across channels later, link the chat to a canonical id:
@@ -347,6 +349,8 @@ Send `/upgrade` to update. The bot will:
 2. Go offline briefly
 3. Restart and notify you it's back
+For direct npm installs, `/upgrade` updates Open Claudia itself and does not install optional backend CLIs such as Codex or Cursor Agent. Container deployments should roll out a new Docker image when bundled CLI tools change.
 ## Cron Jobs
 Schedule recurring tasks:

package/bot-agent.js CHANGED Viewed

@@ -190,6 +190,7 @@ bot.setMyCommands([
   { command: "cursor", description: "Switch to Cursor Agent backend" },
   { command: "claude", description: "Switch to Claude Code backend" },
   { command: "backend", description: "Show/switch active backend" },
+  { command: "auth", description: "Request access to this bot" },
   { command: "auth_status", description: "Check Claude Code auth" },
   { command: "login", description: "Start Claude Code login" },
   { command: "setup_token", description: "Create Claude OAuth token" },
@@ -321,7 +322,7 @@ function isAuthorized(msg) {
   // Also check auth.json for dynamically added chats
   try {
     const auth = JSON.parse(fs.readFileSync(AUTH_FILE, "utf-8"));
-    return auth.authorized.some((a) => a.chatId === chatId);
+    return Array.isArray(auth.authorized) && auth.authorized.some((a) => String(a.chatId) === chatId);
   } catch (e) {}
   return false;
 }
@@ -330,6 +331,69 @@ function isOwner(msg) {
   return String(msg.chat.id) === CHAT_ID;
 }
+function loadAuth() {
+  try {
+    const auth = JSON.parse(fs.readFileSync(AUTH_FILE, "utf-8"));
+    return {
+      authorized: Array.isArray(auth.authorized) ? auth.authorized : [],
+      pending: Array.isArray(auth.pending) ? auth.pending : [],
+    };
+  } catch (e) {
+    return { authorized: [], pending: [] };
+  }
+}
+function saveAuth(auth) {
+  fs.writeFileSync(AUTH_FILE, JSON.stringify(auth, null, 2));
+}
+function authRequestLabel(request) {
+  return request.username ? `@${request.username}` : request.name || request.chatId;
+}
+function updateAuthorizedChatEnv(auth) {
+  const ids = new Set(CHAT_IDS);
+  for (const user of auth.authorized) {
+    if (user.chatId) ids.add(String(user.chatId));
+  }
+  saveEnvKey("TELEGRAM_CHAT_ID", [...ids].join(","));
+}
+async function approveAuthRequest(chatId) {
+  const auth = loadAuth();
+  if (auth.authorized.some((a) => String(a.chatId) === chatId)) {
+    auth.pending = auth.pending.filter((p) => String(p.chatId) !== chatId);
+    saveAuth(auth);
+    updateAuthorizedChatEnv(auth);
+    return { status: "already_authorized" };
+  }
+  const idx = auth.pending.findIndex((p) => String(p.chatId) === chatId);
+  if (idx < 0) return { status: "not_found" };
+  const approved = auth.pending.splice(idx, 1)[0];
+  auth.authorized.push({
+    chatId: approved.chatId,
+    name: approved.name,
+    username: approved.username,
+    isOwner: false,
+    authorizedAt: new Date().toISOString(),
+  });
+  saveAuth(auth);
+  updateAuthorizedChatEnv(auth);
+  return { status: "approved", request: approved };
+}
+async function denyAuthRequest(chatId) {
+  const auth = loadAuth();
+  const idx = auth.pending.findIndex((p) => String(p.chatId) === chatId);
+  if (idx < 0) return { status: "not_found" };
+  const denied = auth.pending.splice(idx, 1)[0];
+  saveAuth(auth);
+  return { status: "denied", request: denied };
+}
 // ── Auth request handler (for unauthorized users) ──────────────────
 bot.onText(/\/auth$/, async (msg) => {
   if (isAuthorized(msg)) {
@@ -341,15 +405,10 @@ bot.onText(/\/auth$/, async (msg) => {
   const username = msg.from?.username || "";
   // Add to pending in auth.json
-  let auth;
-  try {
-    auth = JSON.parse(fs.readFileSync(AUTH_FILE, "utf-8"));
-  } catch (e) {
-    auth = { authorized: [], pending: [] };
-  }
+  const auth = loadAuth();
   // Check if already pending
-  if (auth.pending.some((p) => p.chatId === chatId)) {
+  if (auth.pending.some((p) => String(p.chatId) === chatId)) {
     bot.sendMessage(msg.chat.id, "Your request is already pending. The bot owner will review it.");
     return;
   }
@@ -360,13 +419,20 @@ bot.onText(/\/auth$/, async (msg) => {
     username,
     requestedAt: new Date().toISOString(),
   });
-  fs.writeFileSync(AUTH_FILE, JSON.stringify(auth, null, 2));
+  saveAuth(auth);
   bot.sendMessage(msg.chat.id, "Access requested! The bot owner will review your request.");
   // Notify owner
-  const label = username ? `@${username}` : name;
-  bot.sendMessage(CHAT_ID, `New auth request from ${label} (${chatId}).\nRun 'open-claudia auth' to approve or deny.`);
+  const label = authRequestLabel({ chatId, name, username });
+  bot.sendMessage(CHAT_ID, `New auth request from ${label} (${chatId}).`, {
+    reply_markup: {
+      inline_keyboard: [[
+        { text: "Approve", callback_data: `auth:approve:${chatId}` },
+        { text: "Deny", callback_data: `auth:deny:${chatId}` },
+      ]],
+    },
+  });
 });
 // ── Onboarding ──────────────────────────────────────────────────────
@@ -1893,6 +1959,58 @@ bot.on("callback_query", async (q) => {
   const d = q.data;
   await bot.answerCallbackQuery(q.id);
+  if (d.startsWith("auth:")) {
+    const callbackFromOwner = String(q.from?.id) === CHAT_ID || String(q.message?.chat?.id) === CHAT_ID;
+    if (!callbackFromOwner) {
+      await send("Owner only — auth approvals are restricted.");
+      return;
+    }
+    const [, action, chatId] = d.split(":");
+    if (!chatId || !["approve", "deny"].includes(action)) return;
+    const result = action === "approve"
+      ? await approveAuthRequest(chatId)
+      : await denyAuthRequest(chatId);
+    if (result.status === "not_found") {
+      await send(`No pending auth request found for ${chatId}.`);
+      return;
+    }
+    if (result.status === "already_authorized") {
+      await send(`Chat ${chatId} is already authorized.`);
+      return;
+    }
+    const label = authRequestLabel(result.request);
+    if (result.status === "approved") {
+      await bot.sendMessage(chatId, "Your access has been approved! You can now use the bot. Send /start to begin.").catch(() => {});
+      let edited = false;
+      if (q.message) {
+        edited = await bot.editMessageText(`Approved auth request from ${label} (${chatId}).`, {
+          chat_id: q.message.chat.id,
+          message_id: q.message.message_id,
+          reply_markup: { inline_keyboard: [] },
+        }).then(() => true).catch(() => false);
+      }
+      if (!edited) await send(`Approved ${label} (${chatId}).`);
+      return;
+    }
+    await bot.sendMessage(chatId, "Your access request was denied.").catch(() => {});
+    let edited = false;
+    if (q.message) {
+      edited = await bot.editMessageText(`Denied auth request from ${label} (${chatId}).`, {
+        chat_id: q.message.chat.id,
+        message_id: q.message.message_id,
+        reply_markup: { inline_keyboard: [] },
+      }).then(() => true).catch(() => false);
+    }
+    if (!edited) await send(`Denied ${label} (${chatId}).`);
+    return;
+  }
   // Onboarding style selection
   if (d.startsWith("ob:")) { finishOnboarding(d.slice(3)); return; }

package/bot.js CHANGED Viewed

@@ -306,6 +306,7 @@ bot.setMyCommands([
   { command: "backend", description: "Show/switch active backend" },
   { command: "doctor", description: "Check CLI requirements" },
   { command: "requirements", description: "Check CLI requirements" },
+  { command: "auth", description: "Request access to this bot" },
   { command: "link", description: "Link this chat to a canonical user id" },
   { command: "whoami", description: "Show your canonical user id" },
   { command: "auth_status", description: "Check Claude Code auth" },
@@ -652,7 +653,7 @@ function isAuthorized(msg) {
   // Also check auth.json for dynamically added chats
   try {
     const auth = JSON.parse(fs.readFileSync(AUTH_FILE, "utf-8"));
-    return auth.authorized.some((a) => a.chatId === chatId);
+    return Array.isArray(auth.authorized) && auth.authorized.some((a) => String(a.chatId) === chatId);
   } catch (e) {}
   return false;
 }
@@ -661,6 +662,69 @@ function isOwner(msg) {
   return String(msg.chat.id) === CHAT_ID;
 }
+function loadAuth() {
+  try {
+    const auth = JSON.parse(fs.readFileSync(AUTH_FILE, "utf-8"));
+    return {
+      authorized: Array.isArray(auth.authorized) ? auth.authorized : [],
+      pending: Array.isArray(auth.pending) ? auth.pending : [],
+    };
+  } catch (e) {
+    return { authorized: [], pending: [] };
+  }
+}
+function saveAuth(auth) {
+  fs.writeFileSync(AUTH_FILE, JSON.stringify(auth, null, 2));
+}
+function authRequestLabel(request) {
+  return request.username ? `@${request.username}` : request.name || request.chatId;
+}
+function updateAuthorizedChatEnv(auth) {
+  const ids = new Set(CHAT_IDS);
+  for (const user of auth.authorized) {
+    if (user.chatId) ids.add(String(user.chatId));
+  }
+  saveEnvKey("TELEGRAM_CHAT_ID", [...ids].join(","));
+}
+async function approveAuthRequest(chatId) {
+  const auth = loadAuth();
+  if (auth.authorized.some((a) => String(a.chatId) === chatId)) {
+    auth.pending = auth.pending.filter((p) => String(p.chatId) !== chatId);
+    saveAuth(auth);
+    updateAuthorizedChatEnv(auth);
+    return { status: "already_authorized" };
+  }
+  const idx = auth.pending.findIndex((p) => String(p.chatId) === chatId);
+  if (idx < 0) return { status: "not_found" };
+  const approved = auth.pending.splice(idx, 1)[0];
+  auth.authorized.push({
+    chatId: approved.chatId,
+    name: approved.name,
+    username: approved.username,
+    isOwner: false,
+    authorizedAt: new Date().toISOString(),
+  });
+  saveAuth(auth);
+  updateAuthorizedChatEnv(auth);
+  return { status: "approved", request: approved };
+}
+async function denyAuthRequest(chatId) {
+  const auth = loadAuth();
+  const idx = auth.pending.findIndex((p) => String(p.chatId) === chatId);
+  if (idx < 0) return { status: "not_found" };
+  const denied = auth.pending.splice(idx, 1)[0];
+  saveAuth(auth);
+  return { status: "denied", request: denied };
+}
 // ── Auth request handler (for unauthorized users) ──────────────────
 bot.onText(/\/auth$/, async (msg) => {
   if (isAuthorized(msg)) {
@@ -672,15 +736,10 @@ bot.onText(/\/auth$/, async (msg) => {
   const username = msg.from?.username || "";
   // Add to pending in auth.json
-  let auth;
-  try {
-    auth = JSON.parse(fs.readFileSync(AUTH_FILE, "utf-8"));
-  } catch (e) {
-    auth = { authorized: [], pending: [] };
-  }
+  const auth = loadAuth();
   // Check if already pending
-  if (auth.pending.some((p) => p.chatId === chatId)) {
+  if (auth.pending.some((p) => String(p.chatId) === chatId)) {
     bot.sendMessage(msg.chat.id, "Your request is already pending. The bot owner will review it.");
     return;
   }
@@ -691,13 +750,20 @@ bot.onText(/\/auth$/, async (msg) => {
     username,
     requestedAt: new Date().toISOString(),
   });
-  fs.writeFileSync(AUTH_FILE, JSON.stringify(auth, null, 2));
+  saveAuth(auth);
   bot.sendMessage(msg.chat.id, "Access requested! The bot owner will review your request.");
   // Notify owner
-  const label = username ? `@${username}` : name;
-  bot.sendMessage(CHAT_ID, `New auth request from ${label} (${chatId}).\nRun 'open-claudia auth' to approve or deny.`);
+  const label = authRequestLabel({ chatId, name, username });
+  bot.sendMessage(CHAT_ID, `New auth request from ${label} (${chatId}).`, {
+    reply_markup: {
+      inline_keyboard: [[
+        { text: "Approve", callback_data: `auth:approve:${chatId}` },
+        { text: "Deny", callback_data: `auth:deny:${chatId}` },
+      ]],
+    },
+  });
 });
 // ── Onboarding ──────────────────────────────────────────────────────
@@ -2919,6 +2985,58 @@ bot.on("callback_query", wrapHandler(async (q) => {
   await bot.answerCallbackQuery(q.id);
   const state = currentState();
+  if (d.startsWith("auth:")) {
+    const callbackFromOwner = String(q.from?.id) === CHAT_ID || String(q.message?.chat?.id) === CHAT_ID;
+    if (!callbackFromOwner) {
+      await send("Owner only — auth approvals are restricted.");
+      return;
+    }
+    const [, action, chatId] = d.split(":");
+    if (!chatId || !["approve", "deny"].includes(action)) return;
+    const result = action === "approve"
+      ? await approveAuthRequest(chatId)
+      : await denyAuthRequest(chatId);
+    if (result.status === "not_found") {
+      await send(`No pending auth request found for ${chatId}.`);
+      return;
+    }
+    if (result.status === "already_authorized") {
+      await send(`Chat ${chatId} is already authorized.`);
+      return;
+    }
+    const label = authRequestLabel(result.request);
+    if (result.status === "approved") {
+      await bot.sendMessage(chatId, "Your access has been approved! You can now use the bot. Send /start to begin.").catch(() => {});
+      let edited = false;
+      if (q.message) {
+        edited = await bot.editMessageText(`Approved auth request from ${label} (${chatId}).`, {
+          chat_id: q.message.chat.id,
+          message_id: q.message.message_id,
+          reply_markup: { inline_keyboard: [] },
+        }).then(() => true).catch(() => false);
+      }
+      if (!edited) await send(`Approved ${label} (${chatId}).`);
+      return;
+    }
+    await bot.sendMessage(chatId, "Your access request was denied.").catch(() => {});
+    let edited = false;
+    if (q.message) {
+      edited = await bot.editMessageText(`Denied auth request from ${label} (${chatId}).`, {
+        chat_id: q.message.chat.id,
+        message_id: q.message.message_id,
+        reply_markup: { inline_keyboard: [] },
+      }).then(() => true).catch(() => false);
+    }
+    if (!edited) await send(`Denied ${label} (${chatId}).`);
+    return;
+  }
   // Onboarding style selection
   if (d.startsWith("ob:")) { finishOnboarding(d.slice(3)); return; }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@inetafrica/open-claudia",
-  "version": "1.19.0",
+  "version": "1.19.2",
   "description": "Your always-on AI coding assistant — Claude Code, Cursor Agent, and OpenAI Codex via Telegram",
   "main": "bot.js",
   "bin": {