npm - @inetafrica/open-claudia - Versions diffs - 2.2.12 → 2.2.15 - Mend

@inetafrica/open-claudia 2.2.12 → 2.2.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,15 @@
 # Changelog
+## v2.2.15
+- Fix compaction loop: `compactActiveSession` no longer holds `isCompacting=true` for the full duration of its two-step flow. The flag now clears after step 1 (the summarizer) finishes, so step 2 (the seed-the-fresh-session call) runs as a regular long-running task. Previously, the seed step could pick up where the prior conversation left off and do real work — dev servers, package installs — for hours, all while the bot reported "Compacting context, will pick this up next…" to every incoming message. After a `/restart` the in-memory flag reset but `lastSessionId` still pointed to the same huge session, triggering an auto-compact on the next message and looping the same trap. New behaviour: the summarizer-only phase shows the compaction message; once the summary is written the bot returns to its normal "Queued." reply for any messages that arrive while the seed continuation runs.
+- Add `COMPACT_SUMMARY_TIMEOUT` (10 minutes) and thread it through `runClaudeCapture` via `opts.timeoutMs`. The summarizer is a single-shot summarisation call — if it hasn't returned in 10 minutes it's hung, not slow. Previously it could sit on the 6-hour `MAX_PROCESS_TIMEOUT` and lock the bot for a quarter of a day. The seed continuation keeps the full 6-hour budget since it can legitimately be a long-running agent task.
+## v2.2.14
+- Dockerfile: bake `openssh-client` and `rsync` into the image. These were being installed at runtime via `sudo apt-get install` on pods that needed to push code over ssh or rsync to dev servers; baking them in means they survive pod restarts and `/upgrade` overlays. Companion change in the AgentSpace backend flips the bot-pod container `securityContext` to allow privilege escalation + adds `SETUID,SETGID,DAC_OVERRIDE,CHOWN,FOWNER` capabilities so the existing `claudia ALL=(ALL) NOPASSWD: /usr/bin/apt-get` sudoers rule (added in v2.2.7) actually works — without these, kernel `no_new_privs` blocks sudo from elevating. The same backend change also opens 22/TCP egress on the bot's NetworkPolicy so the in-pod ssh actually reaches dev hosts.
+## v2.2.13
+- **Security fix**: `intro-flow.handleInbound` no longer auto-claims ownership on *any* first inbound message. Previously, if `people.json` had no owner record (fresh pod / fresh install), the very first inbound — including a `/start` tap from a t.me deep-link — would register the sender as the bot owner. In AgentSpace pods this meant anyone who guessed or was sent the bot username could take over a pod simply by clicking Start. The bootstrap path now requires either (a) pod mode (`AGENTSPACE_POD_TOKEN` set) with the inbound chat id pre-seeded in `TELEGRAM_CHAT_ID` env, or (b) local mode with the inbound message literally starting with `/auth`. Anything else gets a "no owner configured" reply and an `intro.bootstrap-refused` audit entry. Existing owner records are unaffected. Follow-up work needed in the AgentSpace backend provisioner to seed `TELEGRAM_CHAT_ID` at pod creation time from the provisioning user's Telegram chat id; until that lands, new pods will refuse all inbound until an operator manually seeds the env.
 ## v2.2.12
 - Cross-channel relay (`open-claudia send-to`, and by extension cron/wakeup-fired messages and any other caller of `relay.send`) now passes `parseMode: "Markdown"` when the resolved adapter is Telegram. Previously `relay.send` called `adapter.send(channelId, text)` with no opts, so the Telegram adapter never set `parse_mode` and every relayed message went out as plain text — `*bold*`, backticks, and `_italic_` rendered as literal characters. The main reply path already injected this via `core/runner.js:25-28`; relay was the missing twin. Non-telegram adapters are unaffected.

package/Dockerfile CHANGED Viewed

@@ -11,6 +11,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     python3-pip \
     build-essential \
     sudo \
+    openssh-client \
+    rsync \
     && rm -rf /var/lib/apt/lists/*
 # Install Claude Code CLI

package/core/config.js CHANGED Viewed

@@ -74,6 +74,7 @@ const FILES_DIR = path.join(CONFIG_DIR, "files");
 const MAX_FILE_SIZE = 50 * 1024 * 1024;
 const MAX_VOICE_SIZE = 10 * 1024 * 1024;
 const MAX_PROCESS_TIMEOUT = 360 * 60 * 1000;
+const COMPACT_SUMMARY_TIMEOUT = 10 * 60 * 1000;
 if (!WORKSPACE) { console.error("WORKSPACE not set"); process.exit(1); }
 if (!CLAUDE_PATH) { console.error("CLAUDE_PATH not set"); process.exit(1); }
@@ -200,6 +201,6 @@ module.exports = {
   PEOPLE_FILE, INTROS_FILE, AUDIT_FILE,
   STATE_FILE, SESSIONS_FILE,
   TEMP_DIR, FILES_DIR,
-  MAX_FILE_SIZE, MAX_VOICE_SIZE, MAX_PROCESS_TIMEOUT,
+  MAX_FILE_SIZE, MAX_VOICE_SIZE, MAX_PROCESS_TIMEOUT, COMPACT_SUMMARY_TIMEOUT,
   FULL_PATH,
 };

package/core/intro-flow.js CHANGED Viewed

@@ -112,11 +112,32 @@ async function handleInbound(envelope, sendFn) {
       people.seedOwnerFromLegacy();
     }
     if (!people.hasOwnerRecord()) {
+      // No owner record yet. Two failure modes we are guarding against:
+      //   (a) AgentSpace pods: random Telegram users finding the bot username
+      //       and auto-claiming ownership just by sending /start.
+      //   (b) Local installs: any inbound (button taps, joins, automated
+      //       crawls) claiming ownership before the actual operator messages.
+      // Pod mode: only chat ids pre-seeded into TELEGRAM_CHAT_ID may claim.
+      // Local mode: only an explicit "/auth" message may claim.
+      const podMode = !!process.env.AGENTSPACE_POD_TOKEN;
+      const allowedChatIds = String(process.env.TELEGRAM_CHAT_ID || "")
+        .split(",").map((s) => s.trim()).filter(Boolean);
+      if (podMode) {
+        if (allowedChatIds.length === 0 || !allowedChatIds.includes(String(channelId))) {
+          await sendFn("This bot has no owner configured yet. The AgentSpace operator needs to seed the owner chat id before the bot can be used.");
+          audit.log("intro.bootstrap-refused", { reason: "pod-mode-not-preseeded", adapter, channelId });
+          return true;
+        }
+      } else if (!/^\/auth\b/i.test(text)) {
+        await sendFn("This bot has no owner yet. Send /auth from the operator's chat to claim ownership.");
+        audit.log("intro.bootstrap-refused", { reason: "local-mode-non-auth-message", adapter, channelId });
+        return true;
+      }
       const displayName = displayNameFromEnvelope(envelope) || "Owner";
-      const person = people.add({ name: displayName, isOwner: true, bio: "Auto-registered on first message" });
+      const person = people.add({ name: displayName, isOwner: true, bio: "Auto-registered as bootstrap owner" });
       try { people.linkHandle(person.id, { adapter, channelId, displayName, approvedBy: "bootstrap" }); } catch (e) {}
       try { bootstrapOwner({ chatId: channelId, name: displayName, username: usernameFromEnvelope(envelope) }); } catch (e) {}
-      audit.log("people.bootstrap-owner", { personId: person.id, adapter, channelId });
+      audit.log("people.bootstrap-owner", { personId: person.id, adapter, channelId, mode: podMode ? "pod" : "local" });
       await sendFn(`Welcome, ${displayName}. You're registered as the bot owner. Send /start to begin.`);
       return true;
     }

package/core/runner.js CHANGED Viewed

@@ -6,7 +6,7 @@
 const { spawn } = require("child_process");
 const {
   CLAUDE_PATH, resolvedCursorPath, resolvedCodexPath,
-  AUTO_COMPACT_TOKENS, MIN_COMPACT_INTERVAL_MS, MAX_PROCESS_TIMEOUT, botSubprocessEnv,
+  AUTO_COMPACT_TOKENS, MIN_COMPACT_INTERVAL_MS, MAX_PROCESS_TIMEOUT, COMPACT_SUMMARY_TIMEOUT, botSubprocessEnv,
 } = require("./config");
 const { currentState, saveState, recordSession, userOwnsClaudeSession } = require("./state");
 const { chatContext, currentChannelId, currentAdapter } = require("./context");
@@ -299,7 +299,7 @@ async function runClaudeCapture(prompt, cwd, opts = {}) {
         killProcessTree(proc.pid, "SIGTERM");
         setTimeout(() => killProcessTree(proc.pid, "SIGKILL"), 5000);
       }
-    }, MAX_PROCESS_TIMEOUT);
+    }, opts.timeoutMs || MAX_PROCESS_TIMEOUT);
     proc.stdout.on("data", (data) => {
       streamBuffer += data.toString();
@@ -371,32 +371,33 @@ async function compactActiveSession(cwd, opts = {}) {
   if (state.isCompacting) return { compacted: false, reason: "Compaction already in progress." };
   state.isCompacting = true;
+  let summary;
   try {
     if (opts.notify) await send(opts.message || "Context is getting large, compacting first so this stays fast…");
-    const summaryRun = await runClaudeCapture(compactSummaryPrompt(), cwd, { resumeSessionId: oldSessionId, skipAutoCompact: true, label: "compact-summary" });
-    const summary = summaryRun.text || "No prior context was returned by the summarizer.";
+    const summaryRun = await runClaudeCapture(compactSummaryPrompt(), cwd, { resumeSessionId: oldSessionId, skipAutoCompact: true, label: "compact-summary", timeoutMs: COMPACT_SUMMARY_TIMEOUT });
+    summary = summaryRun.text || "No prior context was returned by the summarizer.";
     state[sessionKey] = null;
     state.sessionUsage = { turns: 0, inputTokens: 0, outputTokens: 0, cacheReadTokens: 0, cacheCreationTokens: 0, costUsd: 0, lastInputTokens: 0 };
     state.isFirstMessage = true;
     saveState();
-    const seedRun = await runClaudeCapture(compactSeedPrompt(summary), cwd, { fresh: true, skipAutoCompact: true, label: "compact-seed" });
-    const newSessionId = seedRun.sessionId || state[sessionKey];
-    if (newSessionId) state[sessionKey] = newSessionId;
-    state.isFirstMessage = false;
-    state.lastCompactedAt = Date.now();
-    state.sessionUsage = { turns: 0, inputTokens: 0, outputTokens: 0, cacheReadTokens: 0, cacheCreationTokens: 0, costUsd: 0, lastInputTokens: 0 };
-    saveState();
-    if (newSessionId && state.currentSession) {
-      const title = `Compacted ${new Date().toLocaleDateString()}`;
-      recordSession(state.userId, state.currentSession.name, newSessionId, title);
-    }
-    return { compacted: true, oldSessionId, newSessionId, summary };
   } finally {
     state.isCompacting = false;
     saveState();
   }
+  const seedRun = await runClaudeCapture(compactSeedPrompt(summary), cwd, { fresh: true, skipAutoCompact: true, label: "compact-seed" });
+  const newSessionId = seedRun.sessionId || state[sessionKey];
+  if (newSessionId) state[sessionKey] = newSessionId;
+  state.isFirstMessage = false;
+  state.lastCompactedAt = Date.now();
+  state.sessionUsage = { turns: 0, inputTokens: 0, outputTokens: 0, cacheReadTokens: 0, cacheCreationTokens: 0, costUsd: 0, lastInputTokens: 0 };
+  saveState();
+  if (newSessionId && state.currentSession) {
+    const title = `Compacted ${new Date().toLocaleDateString()}`;
+    recordSession(state.userId, state.currentSession.name, newSessionId, title);
+  }
+  return { compacted: true, oldSessionId, newSessionId, summary };
 }
 async function runClaude(prompt, cwd, replyToMsgId, opts = {}) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@inetafrica/open-claudia",
-  "version": "2.2.12",
+  "version": "2.2.15",
   "description": "Your always-on AI coding assistant — Claude Code, Cursor Agent, and OpenAI Codex via Telegram or Kazee Chat",
   "main": "bot.js",
   "bin": {