npm - @inetafrica/open-claudia - Versions diffs - 2.2.0 → 2.2.1 - Mend

@inetafrica/open-claudia 2.2.0 → 2.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/core/actions.js CHANGED Viewed

@@ -108,13 +108,33 @@ async function handleAction(envelope) {
       vault.lock();
       return send("Vault locked.");
     }
+    if (action === "cancel") {
+      if (!state.pendingVaultUnlock) return send("Nothing to cancel.");
+      state.pendingVaultUnlock = false;
+      state.pendingVaultAction = null;
+      state.pendingVaultUnlockAt = 0;
+      return send("Cancelled.");
+    }
+    if (action === "create") {
+      if (!isChatOwner(envelope.channelId)) return send("Owner only.");
+      if (vault.exists()) return send("Vault already exists.");
+      state.pendingVaultUnlock = true;
+      state.pendingVaultUnlockAt = Date.now();
+      state.pendingVaultAction = { type: "create" };
+      return send("Pick a vault password and send it next.\n(Message will be deleted. Send /vault cancel to abort.)", {
+        keyboard: { inline_keyboard: [[{ text: "Cancel", callback_data: "vault:cancel" }]] },
+      });
+    }
     if (action === "hint") {
       return send([
         "Vault usage:",
+        "  /vault create              — set up the vault (owner, first time)",
         "  /vault set <name> <value>  — save a credential (your message is deleted)",
+        "  /vault get <name>          — reveal a credential",
         "  /vault remove <name>       — delete a credential",
         "  /vault                     — list (unlocks if needed)",
         "  /vault lock                — lock now",
+        "  /vault cancel              — abort a pending password prompt",
       ].join("\n"));
     }
     return;

package/core/handlers.js CHANGED Viewed

@@ -877,27 +877,40 @@ register({
 // ── Vault ──────────────────────────────────────────────────────────
+const PENDING_VAULT_TTL_MS = 90 * 1000;
+const PASSWORD_PROMPT_KB = { inline_keyboard: [[{ text: "Cancel", callback_data: "vault:cancel" }]] };
+function armVaultPrompt(state, action) {
+  state.pendingVaultUnlock = true;
+  state.pendingVaultUnlockAt = Date.now();
+  state.pendingVaultAction = action;
+}
 register({
-  name: "vault", description: "Manage credentials (password required)", args: "[set|remove|lock] ...",
+  name: "vault", description: "Manage credentials (password required)", args: "[create|get|set|remove|lock|cancel] ...",
   handler: async (env, { tail }) => {
     if (!authorized(env)) return;
     const state = currentState();
     if (!tail) {
-      if (!vault.exists()) return send("No vault found. Run setup first: node setup.js");
+      if (!vault.exists()) {
+        if (!ownerEnv(env)) return send("No vault. Ask the owner to run /vault create.");
+        return send("No vault yet. Use /vault create to set one up.", {
+          keyboard: { inline_keyboard: [[{ text: "Create vault", callback_data: "vault:create" }]] },
+        });
+      }
       if (vault.isUnlocked()) {
         const entries = vault.list();
         const keys = Object.keys(entries);
         const kb = { inline_keyboard: [[
           { text: "Lock now", callback_data: "vault:lock" },
-          { text: "How to set/remove", callback_data: "vault:hint" },
+          { text: "How to set/get/remove", callback_data: "vault:hint" },
         ]] };
         if (keys.length === 0) await send("Vault is unlocked but empty.\n\nUse /vault set <name> <value>", { keyboard: kb });
         else await send("Vault (unlocked):\n\n" + keys.map((k) => `${k}: ${entries[k]}`).join("\n") + "\n\nLocks automatically in 5 min.", { keyboard: kb });
       } else {
-        state.pendingVaultUnlock = true;
-        state.pendingVaultAction = { type: "list" };
-        await send("Vault is locked. Send your vault password.\n(Message will be deleted after reading)");
+        armVaultPrompt(state, { type: "list" });
+        await send("Vault is locked. Send your vault password.\n(Message will be deleted after reading. Times out in 90s.)", { keyboard: PASSWORD_PROMPT_KB });
       }
       return;
     }
@@ -907,6 +920,21 @@ register({
       return send("Vault locked.");
     }
+    if (tail === "cancel") {
+      if (!state.pendingVaultUnlock) return send("Nothing to cancel.");
+      state.pendingVaultUnlock = false;
+      state.pendingVaultAction = null;
+      state.pendingVaultUnlockAt = 0;
+      return send("Cancelled.");
+    }
+    if (tail === "create") {
+      if (!ownerEnv(env)) return send("Owner only.");
+      if (vault.exists()) return send("Vault already exists. Use /vault to unlock, or delete the file first.");
+      armVaultPrompt(state, { type: "create" });
+      return send("Pick a vault password and send it next.\n(Message will be deleted. Use the button or send /vault cancel to abort.)", { keyboard: PASSWORD_PROMPT_KB });
+    }
     const setMatch = tail.match(/^set\s+(\S+)\s+(.+)$/);
     if (setMatch) {
       await deleteMessage(env.messageId);
@@ -914,9 +942,19 @@ register({
         vault.set(setMatch[1], setMatch[2].trim());
         return send(`Saved: ${setMatch[1]}`);
       }
-      state.pendingVaultUnlock = true;
-      state.pendingVaultAction = { type: "set", key: setMatch[1], value: setMatch[2].trim() };
-      return send("Vault locked. Send password to unlock.");
+      armVaultPrompt(state, { type: "set", key: setMatch[1], value: setMatch[2].trim() });
+      return send("Vault locked. Send password to unlock.", { keyboard: PASSWORD_PROMPT_KB });
+    }
+    const getMatch = tail.match(/^get\s+(\S+)$/);
+    if (getMatch) {
+      if (vault.isUnlocked()) {
+        const value = vault.get(getMatch[1]);
+        if (value === null) return send(`No such key: ${getMatch[1]}`);
+        return send(`${getMatch[1]}: ${value}\n\n(Visible to anyone who reads this chat — delete the message when done.)`);
+      }
+      armVaultPrompt(state, { type: "get", key: getMatch[1] });
+      return send("Vault locked. Send password to unlock.", { keyboard: PASSWORD_PROMPT_KB });
     }
     const removeMatch = tail.match(/^remove\s+(\S+)$/);
@@ -925,15 +963,16 @@ register({
         vault.remove(removeMatch[1]);
         return send(`Removed: ${removeMatch[1]}`);
       }
-      state.pendingVaultUnlock = true;
-      state.pendingVaultAction = { type: "remove", key: removeMatch[1] };
-      return send("Vault locked. Send password to unlock.");
+      armVaultPrompt(state, { type: "remove", key: removeMatch[1] });
+      return send("Vault locked. Send password to unlock.", { keyboard: PASSWORD_PROMPT_KB });
     }
-    send("Usage: /vault | /vault set <name> <value> | /vault remove <name> | /vault lock");
+    send("Usage: /vault | /vault create | /vault set <name> <value> | /vault get <name> | /vault remove <name> | /vault lock | /vault cancel");
   },
 });
+module.exports.PENDING_VAULT_TTL_MS = PENDING_VAULT_TTL_MS;
 // ── Cron ───────────────────────────────────────────────────────────
 register({

package/core/router.js CHANGED Viewed

@@ -240,18 +240,34 @@ async function handleText(envelope) {
   }
   if (state.pendingVaultUnlock) {
-    const password = envelope.text;
-    await deleteMessage(envelope.messageId);
-    const ok = vault.unlock(password);
-    if (!ok) {
+    const { PENDING_VAULT_TTL_MS } = require("./handlers");
+    const armedAt = state.pendingVaultUnlockAt || 0;
+    if (PENDING_VAULT_TTL_MS && armedAt && Date.now() - armedAt > PENDING_VAULT_TTL_MS) {
       state.pendingVaultUnlock = false;
       state.pendingVaultAction = null;
-      await send("Wrong password.");
+      state.pendingVaultUnlockAt = 0;
+      await send("Vault prompt timed out. Re-run the command.");
       return;
     }
+    const password = envelope.text;
+    await deleteMessage(envelope.messageId);
     const action = state.pendingVaultAction;
     state.pendingVaultUnlock = false;
     state.pendingVaultAction = null;
+    state.pendingVaultUnlockAt = 0;
+    if (action && action.type === "create") {
+      if (vault.exists()) { await send("Vault was created in another flow — re-run /vault."); return; }
+      vault.create(password);
+      await send("Vault created and unlocked.\n\nUse /vault set <name> <value>");
+      return;
+    }
+    const ok = vault.unlock(password);
+    if (!ok) {
+      await send("Wrong password.");
+      return;
+    }
     if (action.type === "list") {
       const entries = vault.list();
       const keys = Object.keys(entries);
@@ -263,6 +279,10 @@ async function handleText(envelope) {
     } else if (action.type === "remove") {
       vault.remove(action.key);
       await send(`Removed: ${action.key}`);
+    } else if (action.type === "get") {
+      const value = vault.get(action.key);
+      if (value === null) await send(`No such key: ${action.key}`);
+      else await send(`${action.key}: ${value}\n\n(Visible to anyone who reads this chat — delete the message when done.)`);
     }
     return;
   }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@inetafrica/open-claudia",
-  "version": "2.2.0",
+  "version": "2.2.1",
   "description": "Your always-on AI coding assistant — Claude Code, Cursor Agent, and OpenAI Codex via Telegram or Kazee Chat",
   "main": "bot.js",
   "bin": {

package/vault.js CHANGED Viewed

@@ -23,7 +23,9 @@ class Vault {
   // Create a new vault with a password
   create(password) {
     this.data = {};
+    this._password = password;
     this._save(password);
+    this._resetLockTimer();
   }
   // Derive key from password + salt
@@ -125,7 +127,7 @@ class Vault {
     const entries = {};
     for (const [k, v] of Object.entries(this.data)) {
       const val = String(v);
-      entries[k] = val.length > 8 ? val.slice(0, 4) + "..." + val.slice(-4) : "****";
+      entries[k] = val.length >= 4 ? "****" + val.slice(-4) : "****";
     }
     return entries;
   }