@inetafrica/open-claudia 1.7.4 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/bot-agent.js +1 -0
  2. package/bot.js +3 -0
  3. package/package.json +1 -1
  4. package/web.js +15 -6
package/bot-agent.js CHANGED
@@ -1001,6 +1001,7 @@ bot.onText(/\/restart$/, async (msg) => {
1001
1001
 
1002
1002
  bot.onText(/\/upgrade$/, async (msg) => {
1003
1003
  if (!isOwner(msg)) return;
1004
+ try { process.chdir(process.env.HOME || require("os").homedir()); } catch (e) { /* already gone */ }
1004
1005
  // Check if there's actually a newer version
1005
1006
  try {
1006
1007
  const latest = execSync("npm view @inetafrica/open-claudia version", {
package/bot.js CHANGED
@@ -1041,6 +1041,9 @@ bot.onText(/\/restart$/, async (msg) => {
1041
1041
 
1042
1042
  bot.onText(/\/upgrade$/, async (msg) => {
1043
1043
  if (!isOwner(msg)) return;
1044
+ // Change to HOME first — npm install -g replaces the package directory
1045
+ // which can delete the cwd out from under the running process
1046
+ try { process.chdir(process.env.HOME || require("os").homedir()); } catch (e) { /* already gone */ }
1044
1047
  // Check if there's actually a newer version
1045
1048
  try {
1046
1049
  const latest = execSync("npm view @inetafrica/open-claudia version", {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@inetafrica/open-claudia",
3
- "version": "1.7.4",
3
+ "version": "1.8.0",
4
4
  "description": "Your always-on AI coding assistant — Claude Code via Telegram",
5
5
  "main": "bot.js",
6
6
  "bin": {
package/web.js CHANGED
@@ -20,11 +20,13 @@ function getPassword() {
20
20
  if (fs.existsSync(WEB_PASSWORD_FILE)) {
21
21
  return fs.readFileSync(WEB_PASSWORD_FILE, "utf-8").trim();
22
22
  }
23
- // Generate initial password
24
- const initial = crypto.randomBytes(4).toString("hex");
23
+ // Use env-provided password (from K8s secret) or generate random
24
+ const initial = process.env.WEB_PASSWORD || crypto.randomBytes(16).toString("hex");
25
25
  fs.writeFileSync(WEB_PASSWORD_FILE, initial);
26
- console.log(`\n Web UI initial password: ${initial}`);
27
- console.log(` Change it in Settings after first login.\n`);
26
+ if (!process.env.WEB_PASSWORD) {
27
+ console.log(`\n Web UI initial password: ${initial}`);
28
+ console.log(` Change it in Settings after first login.\n`);
29
+ }
28
30
  return initial;
29
31
  }
30
32
 
@@ -208,11 +210,18 @@ async function handleAPI(req, res, body) {
208
210
  return res.end(JSON.stringify(env));
209
211
  }
210
212
 
211
- // Update config
213
+ // Update config (whitelist safe keys only)
212
214
  if (url === "/api/config" && req.method === "POST") {
215
+ const SAFE_KEYS = new Set(["WORKSPACE", "CLAUDE_PATH", "WHISPER_CLI", "FFMPEG", "WHISPER_MODEL"]);
213
216
  const updates = JSON.parse(body);
214
217
  const env = loadEnv();
215
- Object.assign(env, updates);
218
+ for (const [key, value] of Object.entries(updates)) {
219
+ if (!SAFE_KEYS.has(key)) {
220
+ res.writeHead(403, { "Content-Type": "application/json" });
221
+ return res.end(JSON.stringify({ error: `Cannot update key: ${key}` }));
222
+ }
223
+ env[key] = value;
224
+ }
216
225
  saveEnv(env);
217
226
  res.writeHead(200, { "Content-Type": "application/json" });
218
227
  return res.end(JSON.stringify({ ok: true }));