@inetafrica/open-claudia 1.8.1 → 1.9.1

package/bot-agent.js

@@ -830,11 +830,7 @@ async function runClaude(prompt, cwd, replyToMsgId, opts = {}) {
       const chunks = splitMessage(finalText);
       const firstChunk = chunks[0];
 
-      const progressAlreadyHasFinal = statusMessageId && lastUpdate &&
-        firstChunk.length < 4000 && chunks.length === 1 &&
-        lastUpdate.includes(firstChunk.slice(0, 200));
-
-      if (progressAlreadyHasFinal) {
+      if (statusMessageId && chunks.length === 1) {
         await editMessage(statusMessageId, firstChunk);
       } else {
         const sent = await send(firstChunk, { replyTo: replyToMsgId });

package/bot.js

@@ -862,15 +862,11 @@ async function runClaude(prompt, cwd, replyToMsgId, opts = {}) {
       const chunks = splitMessage(finalText);
       const firstChunk = chunks[0];
 
-      // If the progress message already shows the final text, just edit it clean
-      // (no need to send a duplicate). Only send a new message for long tasks
-      // or multi-chunk responses to trigger a notification.
-      const progressAlreadyHasFinal = statusMessageId && lastUpdate &&
-        firstChunk.length < 4000 && chunks.length === 1 &&
-        lastUpdate.includes(firstChunk.slice(0, 200));
-
-      if (progressAlreadyHasFinal) {
-        // Edit the progress message to show clean final text (remove tool steps header)
+      // If there's already a progress message showing, edit it to the final text
+      // instead of sending a duplicate. Only send a NEW message if there was no
+      // progress message or the response is multi-chunk (too long for one edit).
+      if (statusMessageId && chunks.length === 1) {
+        // Edit progress message to clean final text
         await editMessage(statusMessageId, firstChunk);
       } else {
         // Send final result as a new message (triggers notification)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inetafrica/open-claudia",
-  "version": "1.8.1",
+  "version": "1.9.1",
   "description": "Your always-on AI coding assistant — Claude Code via Telegram",
   "main": "bot.js",
   "bin": {

package/web.js

@@ -30,8 +30,24 @@ function getPassword() {
   return initial;
 }
 
+const PASSWORD_CHANGED_FILE = path.join(CONFIG_DIR, ".password-changed");
+
+function isPasswordChanged() {
+  return fs.existsSync(PASSWORD_CHANGED_FILE);
+}
+
+function validatePasswordComplexity(pw) {
+  if (pw.length < 12) return "Password must be at least 12 characters";
+  if (!/[A-Z]/.test(pw)) return "Must contain at least one uppercase letter";
+  if (!/[a-z]/.test(pw)) return "Must contain at least one lowercase letter";
+  if (!/[0-9]/.test(pw)) return "Must contain at least one number";
+  if (!/[^A-Za-z0-9]/.test(pw)) return "Must contain at least one symbol (!@#$%^&*)";
+  return null;
+}
+
 function setPassword(newPassword) {
   fs.writeFileSync(WEB_PASSWORD_FILE, newPassword);
+  fs.writeFileSync(PASSWORD_CHANGED_FILE, new Date().toISOString());
 }
 
 function checkAuth(req) {
@@ -122,7 +138,7 @@ async function handleAPI(req, res, body) {
         "Content-Type": "application/json",
         "Set-Cookie": `oc_session=${authToken()}; Path=/; HttpOnly; SameSite=Strict; Max-Age=86400`,
       });
-      return res.end(JSON.stringify({ ok: true }));
+      return res.end(JSON.stringify({ ok: true, mustChangePassword: !isPasswordChanged() }));
     }
     res.writeHead(401, { "Content-Type": "application/json" });
     return res.end(JSON.stringify({ ok: false, error: "Wrong password" }));
@@ -309,6 +325,11 @@ async function handleAPI(req, res, body) {
       res.writeHead(400, { "Content-Type": "application/json" });
       return res.end(JSON.stringify({ error: "Wrong current password" }));
     }
+    const complexityError = validatePasswordComplexity(newPassword);
+    if (complexityError) {
+      res.writeHead(400, { "Content-Type": "application/json" });
+      return res.end(JSON.stringify({ error: complexityError }));
+    }
     setPassword(newPassword);
     res.writeHead(200, {
       "Content-Type": "application/json",
@@ -409,10 +430,40 @@ function showLogin() {
 async function doLogin() {
   const pw = $("#pw").value;
   const r = await api("/api/login", { method: "POST", body: { password: pw } });
-  if (r?.ok) init();
+  if (r?.ok && r.mustChangePassword) showForceChangePassword(pw);
+  else if (r?.ok) init();
   else $("#login-msg").innerHTML = '<div class="msg err">Wrong password</div>';
 }
 
+function showForceChangePassword(currentPw) {
+  $("#app").innerHTML = \`
+    <div class="login-page"><div class="login-box">
+      <h1>Change Password</h1>
+      <p class="subtitle">You must set a secure password before continuing</p>
+      <div id="change-msg"></div>
+      <div class="card">
+        <div class="form-group">
+          <input type="password" id="new-pw-1" placeholder="New password">
+        </div>
+        <div class="form-group">
+          <input type="password" id="new-pw-2" placeholder="Confirm password" onkeydown="if(event.key==='Enter')doForceChange()">
+        </div>
+        <p style="font-size:11px;color:#888;margin:8px 0">Min 12 chars, uppercase, lowercase, number, and symbol</p>
+        <button onclick="doForceChange()" style="width:100%">Set Password</button>
+      </div>
+    </div></div>\`;
+  window._forceChangePw = currentPw;
+  setTimeout(() => $("#new-pw-1")?.focus(), 100);
+}
+
+async function doForceChange() {
+  const p1 = $("#new-pw-1").value, p2 = $("#new-pw-2").value;
+  if (p1 !== p2) { $("#change-msg").innerHTML = '<div class="msg err">Passwords do not match</div>'; return; }
+  const r = await api("/api/password", { method: "POST", body: { current: window._forceChangePw, newPassword: p1 } });
+  if (r?.ok) { delete window._forceChangePw; init(); }
+  else $("#change-msg").innerHTML = '<div class="msg err">' + (r?.error || "Failed") + '</div>';
+}
+
 function render() {
   const tabs = [
     { id: "dashboard", label: "Dashboard" },