@inetafrica/open-claudia 2.1.1 → 2.2.1

package/core/actions.js

@@ -10,6 +10,9 @@ const { currentState, resetSettings, resetSessionUsage, saveState } = require(".
 const { runClaude, getActiveSessionId } = require("./runner");
 const { listProjects, projectKeyboard, workspacePath } = require("./projects");
 const { isChatOwner, approveAuthRequest, denyAuthRequest, authRequestLabel } = require("./access");
+const accessStore = require("./access");
+const peopleStore = require("./people");
+const { vault } = require("./vault-store");
 const intros = require("./intros");
 const introFlow = require("./intro-flow");
 const { finishOnboarding } = require("./onboarding");
@@ -27,8 +30,53 @@ async function handleAction(envelope) {
   const state = currentState();
 
   if (d.startsWith("auth:")) {
-    if (!isChatOwner(envelope.channelId)) return send("Owner only — auth approvals are restricted.");
-    const [, action, chatId] = d.split(":");
+    if (!isChatOwner(envelope.channelId)) return send("Owner only — auth controls are restricted.");
+    const parts = d.split(":");
+    const action = parts[1];
+
+    if (action === "list") {
+      const raw = accessStore.listAuthorizedRaw();
+      const lines = ["Authorized chats:"];
+      for (const a of raw.authorized) {
+        const person = peopleStore.findByHandle("telegram", a.chatId) || peopleStore.findByHandle("kazee", a.chatId);
+        lines.push(`  ${a.chatId}${a.isOwner ? " (owner)" : ""}  ${a.name || a.username || ""}${person ? "  → " + person.name : "  → (no person)"}`);
+      }
+      if (raw.authorized.length === 0) lines.push("  (none)");
+      if (raw.pending.length > 0) {
+        lines.push("", "Pending:");
+        for (const p of raw.pending) lines.push(`  ${p.chatId}  ${p.name || p.username || ""}`);
+      }
+      return send(lines.join("\n"));
+    }
+
+    if (action === "revoke-pick") {
+      const raw = accessStore.listAuthorizedRaw();
+      const rows = [];
+      for (const a of raw.authorized) {
+        if (a.isOwner) continue;
+        const person = peopleStore.findByHandle("telegram", a.chatId) || peopleStore.findByHandle("kazee", a.chatId);
+        const label = `${a.chatId} ${person ? person.name : (a.name || a.username || "")}`.trim();
+        rows.push([{ text: `Revoke ${label}`.slice(0, 60), callback_data: `auth:revoke:${a.chatId}` }]);
+      }
+      if (rows.length === 0) return send("No revocable chats (only owner is authorized).");
+      return send("Pick a chat to revoke:", { keyboard: { inline_keyboard: rows } });
+    }
+
+    if (action === "revoke") {
+      const chatId = parts.slice(2).join(":");
+      if (!chatId) return;
+      const person = peopleStore.findByHandle("telegram", chatId) || peopleStore.findByHandle("kazee", chatId);
+      if (person && person.isOwner) return send("Refusing to revoke owner chat.");
+      if (person) {
+        const detected = (person.handles || []).find((h) => String(h.channelId) === String(chatId));
+        if (detected) peopleStore.unlinkHandle(person.id, { adapter: detected.adapter, channelId: detected.channelId });
+      }
+      const r = accessStore.revokeChat(chatId);
+      if (!r.ok) return send(`Revoke failed: ${r.reason}`);
+      return send(`Revoked ${chatId}${person ? ` (was ${person.name})` : ""}.`);
+    }
+
+    const chatId = parts[2];
     if (!chatId || !["approve", "deny"].includes(action)) return;
     const result = action === "approve" ? approveAuthRequest(chatId) : denyAuthRequest(chatId);
 
@@ -54,6 +102,76 @@ async function handleAction(envelope) {
     return;
   }
 
+  if (d.startsWith("vault:")) {
+    const action = d.slice("vault:".length);
+    if (action === "lock") {
+      vault.lock();
+      return send("Vault locked.");
+    }
+    if (action === "cancel") {
+      if (!state.pendingVaultUnlock) return send("Nothing to cancel.");
+      state.pendingVaultUnlock = false;
+      state.pendingVaultAction = null;
+      state.pendingVaultUnlockAt = 0;
+      return send("Cancelled.");
+    }
+    if (action === "create") {
+      if (!isChatOwner(envelope.channelId)) return send("Owner only.");
+      if (vault.exists()) return send("Vault already exists.");
+      state.pendingVaultUnlock = true;
+      state.pendingVaultUnlockAt = Date.now();
+      state.pendingVaultAction = { type: "create" };
+      return send("Pick a vault password and send it next.\n(Message will be deleted. Send /vault cancel to abort.)", {
+        keyboard: { inline_keyboard: [[{ text: "Cancel", callback_data: "vault:cancel" }]] },
+      });
+    }
+    if (action === "hint") {
+      return send([
+        "Vault usage:",
+        "  /vault create              — set up the vault (owner, first time)",
+        "  /vault set <name> <value>  — save a credential (your message is deleted)",
+        "  /vault get <name>          — reveal a credential",
+        "  /vault remove <name>       — delete a credential",
+        "  /vault                     — list (unlocks if needed)",
+        "  /vault lock                — lock now",
+        "  /vault cancel              — abort a pending password prompt",
+      ].join("\n"));
+    }
+    return;
+  }
+
+  if (d.startsWith("people:")) {
+    const rest = d.slice("people:".length);
+    if (rest === "hint") {
+      return send([
+        "People usage:",
+        "  /people show <name>                       — details",
+        "  /people note <name> <text>                — add a note",
+        "  /people add <name>                        — owner: add person",
+        "  /people link <name> <adapter> <channel>   — owner: link a chat",
+        "  /people unlink <name> <adapter> <channel> — owner: unlink",
+        "  /people set-primary <name> <adapter> <channel>",
+        "  /people remove <name>                     — owner",
+      ].join("\n"));
+    }
+    if (rest.startsWith("show:")) {
+      const id = rest.slice("show:".length);
+      const person = peopleStore.findById(id);
+      if (!person) return send(`Not found: ${id}`);
+      const handles = (person.handles || []).map((h) => `  ${h.adapter}:${h.channelId}${person.primaryChannel && person.primaryChannel.adapter === h.adapter && String(person.primaryChannel.channelId) === String(h.channelId) ? " (primary)" : ""}`).join("\n");
+      const notes = (person.notes || []).slice(-5).map((n) => `  - [${(n.at || "").slice(0, 10)}] ${n.text}`).join("\n");
+      return send([
+        `${person.name}${person.isOwner ? " (owner)" : ""}  id=${person.id}`,
+        person.bio ? `Bio: ${person.bio}` : null,
+        "Handles:",
+        handles || "  (none)",
+        notes ? "Notes:" : null,
+        notes || null,
+      ].filter((x) => x !== null && x !== "").join("\n"));
+    }
+    return;
+  }
+
   if (d.startsWith("intro:")) {
     if (!isChatOwner(envelope.channelId)) return send("Owner only — intro approvals are restricted.");
     const [, action, introId] = d.split(":");

package/core/handlers.js

@@ -170,8 +170,15 @@ register({
       return send("Usage: /auth | /auth list | /auth revoke <chatId>");
     }
     if (authorized(env)) {
-      send("You're already authorized.");
-      return;
+      if (ownerEnv(env)) {
+        return send("You're already authorized.", {
+          keyboard: { inline_keyboard: [[
+            { text: "List authorized", callback_data: "auth:list" },
+            { text: "Revoke…", callback_data: "auth:revoke-pick" },
+          ]] },
+        });
+      }
+      return send("You're already authorized.");
     }
     if (!hasOwner()) {
       bootstrapOwner({
@@ -870,23 +877,40 @@ register({
 
 // ── Vault ──────────────────────────────────────────────────────────
 
+const PENDING_VAULT_TTL_MS = 90 * 1000;
+const PASSWORD_PROMPT_KB = { inline_keyboard: [[{ text: "Cancel", callback_data: "vault:cancel" }]] };
+
+function armVaultPrompt(state, action) {
+  state.pendingVaultUnlock = true;
+  state.pendingVaultUnlockAt = Date.now();
+  state.pendingVaultAction = action;
+}
+
 register({
-  name: "vault", description: "Manage credentials (password required)", args: "[set|remove|lock] ...",
+  name: "vault", description: "Manage credentials (password required)", args: "[create|get|set|remove|lock|cancel] ...",
   handler: async (env, { tail }) => {
     if (!authorized(env)) return;
     const state = currentState();
 
     if (!tail) {
-      if (!vault.exists()) return send("No vault found. Run setup first: node setup.js");
+      if (!vault.exists()) {
+        if (!ownerEnv(env)) return send("No vault. Ask the owner to run /vault create.");
+        return send("No vault yet. Use /vault create to set one up.", {
+          keyboard: { inline_keyboard: [[{ text: "Create vault", callback_data: "vault:create" }]] },
+        });
+      }
       if (vault.isUnlocked()) {
         const entries = vault.list();
         const keys = Object.keys(entries);
-        if (keys.length === 0) await send("Vault is unlocked but empty.\n\nUse /vault set <name> <value>");
-        else await send("Vault (unlocked):\n\n" + keys.map((k) => `${k}: ${entries[k]}`).join("\n") + "\n\nLocks automatically in 5 min.");
+        const kb = { inline_keyboard: [[
+          { text: "Lock now", callback_data: "vault:lock" },
+          { text: "How to set/get/remove", callback_data: "vault:hint" },
+        ]] };
+        if (keys.length === 0) await send("Vault is unlocked but empty.\n\nUse /vault set <name> <value>", { keyboard: kb });
+        else await send("Vault (unlocked):\n\n" + keys.map((k) => `${k}: ${entries[k]}`).join("\n") + "\n\nLocks automatically in 5 min.", { keyboard: kb });
       } else {
-        state.pendingVaultUnlock = true;
-        state.pendingVaultAction = { type: "list" };
-        await send("Vault is locked. Send your vault password.\n(Message will be deleted after reading)");
+        armVaultPrompt(state, { type: "list" });
+        await send("Vault is locked. Send your vault password.\n(Message will be deleted after reading. Times out in 90s.)", { keyboard: PASSWORD_PROMPT_KB });
       }
       return;
     }
@@ -896,6 +920,21 @@ register({
       return send("Vault locked.");
     }
 
+    if (tail === "cancel") {
+      if (!state.pendingVaultUnlock) return send("Nothing to cancel.");
+      state.pendingVaultUnlock = false;
+      state.pendingVaultAction = null;
+      state.pendingVaultUnlockAt = 0;
+      return send("Cancelled.");
+    }
+
+    if (tail === "create") {
+      if (!ownerEnv(env)) return send("Owner only.");
+      if (vault.exists()) return send("Vault already exists. Use /vault to unlock, or delete the file first.");
+      armVaultPrompt(state, { type: "create" });
+      return send("Pick a vault password and send it next.\n(Message will be deleted. Use the button or send /vault cancel to abort.)", { keyboard: PASSWORD_PROMPT_KB });
+    }
+
     const setMatch = tail.match(/^set\s+(\S+)\s+(.+)$/);
     if (setMatch) {
       await deleteMessage(env.messageId);
@@ -903,9 +942,19 @@ register({
         vault.set(setMatch[1], setMatch[2].trim());
         return send(`Saved: ${setMatch[1]}`);
       }
-      state.pendingVaultUnlock = true;
-      state.pendingVaultAction = { type: "set", key: setMatch[1], value: setMatch[2].trim() };
-      return send("Vault locked. Send password to unlock.");
+      armVaultPrompt(state, { type: "set", key: setMatch[1], value: setMatch[2].trim() });
+      return send("Vault locked. Send password to unlock.", { keyboard: PASSWORD_PROMPT_KB });
+    }
+
+    const getMatch = tail.match(/^get\s+(\S+)$/);
+    if (getMatch) {
+      if (vault.isUnlocked()) {
+        const value = vault.get(getMatch[1]);
+        if (value === null) return send(`No such key: ${getMatch[1]}`);
+        return send(`${getMatch[1]}: ${value}\n\n(Visible to anyone who reads this chat — delete the message when done.)`);
+      }
+      armVaultPrompt(state, { type: "get", key: getMatch[1] });
+      return send("Vault locked. Send password to unlock.", { keyboard: PASSWORD_PROMPT_KB });
     }
 
     const removeMatch = tail.match(/^remove\s+(\S+)$/);
@@ -914,15 +963,16 @@ register({
         vault.remove(removeMatch[1]);
         return send(`Removed: ${removeMatch[1]}`);
       }
-      state.pendingVaultUnlock = true;
-      state.pendingVaultAction = { type: "remove", key: removeMatch[1] };
-      return send("Vault locked. Send password to unlock.");
+      armVaultPrompt(state, { type: "remove", key: removeMatch[1] });
+      return send("Vault locked. Send password to unlock.", { keyboard: PASSWORD_PROMPT_KB });
     }
 
-    send("Usage: /vault | /vault set <name> <value> | /vault remove <name> | /vault lock");
+    send("Usage: /vault | /vault create | /vault set <name> <value> | /vault get <name> | /vault remove <name> | /vault lock | /vault cancel");
   },
 });
 
+module.exports.PENDING_VAULT_TTL_MS = PENDING_VAULT_TTL_MS;
+
 // ── Cron ───────────────────────────────────────────────────────────
 
 register({
@@ -1052,11 +1102,17 @@ register({
     if (!authorized(env)) return;
     if (!tail || tail === "list") {
       const all = peopleStore.list();
-      if (all.length === 0) return send("No people yet.");
+      if (all.length === 0) {
+        return send("No people yet.", ownerEnv(env) ? {
+          keyboard: { inline_keyboard: [[{ text: "How to add/link", callback_data: "people:hint" }]] },
+        } : undefined);
+      }
       const lines = ["Team:"];
       for (const p of all) lines.push(`  ${formatPersonShort(p)}`);
-      lines.push("", "More: /people show <name>, /people note <name> <text>");
-      return send(lines.join("\n"));
+      const rows = [];
+      for (const p of all) rows.push([{ text: `Show ${p.name}`, callback_data: `people:show:${p.id}` }]);
+      if (ownerEnv(env)) rows.push([{ text: "How to note/link/add", callback_data: "people:hint" }]);
+      return send(lines.join("\n"), { keyboard: { inline_keyboard: rows } });
     }
     const showMatch = tail.match(/^show\s+(.+)$/i);
     if (showMatch) {

package/core/router.js

@@ -240,18 +240,34 @@ async function handleText(envelope) {
   }
 
   if (state.pendingVaultUnlock) {
-    const password = envelope.text;
-    await deleteMessage(envelope.messageId);
-    const ok = vault.unlock(password);
-    if (!ok) {
+    const { PENDING_VAULT_TTL_MS } = require("./handlers");
+    const armedAt = state.pendingVaultUnlockAt || 0;
+    if (PENDING_VAULT_TTL_MS && armedAt && Date.now() - armedAt > PENDING_VAULT_TTL_MS) {
       state.pendingVaultUnlock = false;
       state.pendingVaultAction = null;
-      await send("Wrong password.");
+      state.pendingVaultUnlockAt = 0;
+      await send("Vault prompt timed out. Re-run the command.");
       return;
     }
+    const password = envelope.text;
+    await deleteMessage(envelope.messageId);
     const action = state.pendingVaultAction;
     state.pendingVaultUnlock = false;
     state.pendingVaultAction = null;
+    state.pendingVaultUnlockAt = 0;
+
+    if (action && action.type === "create") {
+      if (vault.exists()) { await send("Vault was created in another flow — re-run /vault."); return; }
+      vault.create(password);
+      await send("Vault created and unlocked.\n\nUse /vault set <name> <value>");
+      return;
+    }
+
+    const ok = vault.unlock(password);
+    if (!ok) {
+      await send("Wrong password.");
+      return;
+    }
     if (action.type === "list") {
       const entries = vault.list();
       const keys = Object.keys(entries);
@@ -263,6 +279,10 @@ async function handleText(envelope) {
     } else if (action.type === "remove") {
       vault.remove(action.key);
       await send(`Removed: ${action.key}`);
+    } else if (action.type === "get") {
+      const value = vault.get(action.key);
+      if (value === null) await send(`No such key: ${action.key}`);
+      else await send(`${action.key}: ${value}\n\n(Visible to anyone who reads this chat — delete the message when done.)`);
     }
     return;
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inetafrica/open-claudia",
-  "version": "2.1.1",
+  "version": "2.2.1",
   "description": "Your always-on AI coding assistant — Claude Code, Cursor Agent, and OpenAI Codex via Telegram or Kazee Chat",
   "main": "bot.js",
   "bin": {

package/vault.js

@@ -23,7 +23,9 @@ class Vault {
   // Create a new vault with a password
   create(password) {
     this.data = {};
+    this._password = password;
     this._save(password);
+    this._resetLockTimer();
   }
 
   // Derive key from password + salt
@@ -125,7 +127,7 @@ class Vault {
     const entries = {};
     for (const [k, v] of Object.entries(this.data)) {
       const val = String(v);
-      entries[k] = val.length > 8 ? val.slice(0, 4) + "..." + val.slice(-4) : "****";
+      entries[k] = val.length >= 4 ? "****" + val.slice(-4) : "****";
     }
     return entries;
   }