npm - @inetafrica/open-claudia - Versions diffs - 2.2.3 → 2.2.5 - Mend

@inetafrica/open-claudia 2.2.3 → 2.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,14 @@
 # Changelog
+## v2.2.5
+- Fix `/codex` resume crash: `buildCodexArgs` no longer appends `--add-dir <transcripts-dir>`, which the Codex CLI does not accept and which caused every `codex exec resume` invocation to exit 2 with `error: unexpected argument '--add-dir' found`. Transcript pointer is still injected into the prompt via `promptWithTranscriptPointer`.
+- Backend-aware empty-output failure message: when a non-Claude backend exits with no assistant output, the reply now labels it correctly (`Codex` / `Cursor`) and points at the right diagnostic commands (`/codex_auth_status`, `/codex_login`, `/codex_setup_token`, or `agent login`) instead of always saying "Claude exited" and recommending Claude-only commands.
+## v2.2.4
+- Bearer auth on `/api/*`: when `BOT_CONTROL_TOKEN` is set in the env, requests with `Authorization: Bearer <token>` are accepted in addition to the existing cookie session. Behaviour is unchanged when the env var is not set, so local installs are not affected.
+- `/upgrade` detects an AgentSpace-managed pod (both `AGENTSPACE_POD_TOKEN` and `AGENTSPACE_API_URL` set) and delegates to `POST /pods/self/upgrade` on the control plane instead of running `npm install -g` locally. The control plane rolls the deployment with a fresh image pull. Local installs fall through to the existing npm upgrade path.
+- Password change in the web UI fires a fire-and-forget `POST /pods/self/password-changed` callback so the control plane can flag the pod as having a user-set password and refuse to leak the stale initial value.
 ## v2.2.3
 - Queue drain now batches: when multiple messages are received while a task is running, they're delivered as one combined follow-up turn instead of N isolated turns. The model sees them together (numbered, with HH:MM:SS queue timestamps), in context of what it just finished, so it can plan across them. A single queued message still delivers as before — no behavior change for the common case.

package/core/handlers.js CHANGED Viewed

@@ -301,10 +301,55 @@ register({
   },
 });
+async function requestAgentSpaceUpgrade() {
+  const apiUrl = process.env.AGENTSPACE_API_URL;
+  const token = process.env.AGENTSPACE_POD_TOKEN;
+  if (!apiUrl || !token) return null;
+  const u = new URL("/pods/self/upgrade", apiUrl);
+  const lib = u.protocol === "https:" ? require("https") : require("http");
+  return new Promise((resolve) => {
+    const req = lib.request({
+      method: "POST",
+      hostname: u.hostname,
+      port: u.port || (u.protocol === "https:" ? 443 : 80),
+      path: u.pathname + u.search,
+      headers: {
+        "Authorization": `Bearer ${token}`,
+        "Content-Type": "application/json",
+        "Content-Length": "0",
+      },
+    }, (res) => {
+      let data = "";
+      res.on("data", (c) => { data += c; });
+      res.on("end", () => resolve({ status: res.statusCode, body: data }));
+    });
+    req.on("error", (e) => resolve({ status: 0, body: String(e.message || e) }));
+    req.setTimeout(15000, () => { req.destroy(new Error("timeout")); });
+    req.end();
+  });
+}
 register({
   name: "upgrade", description: "Upgrade and restart", ownerOnly: true,
   handler: async (env) => {
     if (!ownerEnv(env)) return;
+    // Container-managed upgrade: if AgentSpace injected pod-self credentials,
+    // delegate to the control plane so the deployment can be rolled with a
+    // fresh image pull. The local npm path can't do that.
+    if (process.env.AGENTSPACE_POD_TOKEN && process.env.AGENTSPACE_API_URL) {
+      try {
+        const result = await requestAgentSpaceUpgrade();
+        if (result && (result.status === 202 || result.status === 200)) {
+          await send("Upgrade requested — AgentSpace will pull latest image and restart, see you in a minute.");
+          return;
+        }
+        await send(`Upgrade request failed (status ${result?.status || "?"}). ${(result?.body || "").slice(0, 300)}`);
+        return;
+      } catch (e) {
+        await send(`Upgrade request error: ${e.message || e}`);
+        return;
+      }
+    }
     try { process.chdir(process.env.HOME || require("os").homedir()); } catch (e) {}
     let latest = null;
     try {

package/core/runner.js CHANGED Viewed

@@ -145,8 +145,6 @@ function buildCodexArgs(prompt, opts = {}) {
   else if (resumeId) args.push("exec", "resume", resumeId);
   else args.push("exec");
   args.push("--json", "--skip-git-repo-check");
-  const transcriptInfo = transcriptProjectInfo(state);
-  if (transcriptInfo) args.push("--add-dir", transcriptInfo.transcriptsDir);
   if (settings.permissionMode === "plan") args.push("--sandbox", "read-only");
   else args.push("--dangerously-bypass-approvals-and-sandbox");
   if (settings.model) args.push("--model", settings.model);
@@ -177,21 +175,35 @@ function preflightClaudeAuthMessage() {
 }
 function claudeEmptyFailureMessage(code, stderrText = "") {
+  const backend = currentState().settings.backend || "claude";
   const stderr = redactSensitive(String(stderrText || "").trim());
-  if (isClaudeUsageLimitText(stderr)) return claudeUsageLimitMessage(stderr.slice(-1200));
-  if (isClaudeAuthErrorText(stderr)) return claudeAuthRecoveryMessage(stderr.slice(-1200));
-  const authStatus = runClaudeAuthStatusDiagnostic();
-  if (isClaudeAuthErrorText(authStatus)) return claudeAuthRecoveryMessage(authStatus.slice(-1200));
-  if (isClaudeUsageLimitText(authStatus)) return claudeUsageLimitMessage(authStatus.slice(-1200));
+  if (backend === "claude") {
+    if (isClaudeUsageLimitText(stderr)) return claudeUsageLimitMessage(stderr.slice(-1200));
+    if (isClaudeAuthErrorText(stderr)) return claudeAuthRecoveryMessage(stderr.slice(-1200));
+    const authStatus = runClaudeAuthStatusDiagnostic();
+    if (isClaudeAuthErrorText(authStatus)) return claudeAuthRecoveryMessage(authStatus.slice(-1200));
+    if (isClaudeUsageLimitText(authStatus)) return claudeUsageLimitMessage(authStatus.slice(-1200));
+    return [
+      `Claude exited with code ${code} but produced no assistant output.`,
+      stderr ? `\nStderr:\n${stderr.slice(-1200)}` : "\nStderr: (empty)",
+      authStatus ? `\nAuth status:\n${redactSensitive(authStatus).slice(-1200)}` : "",
+      "",
+      "Useful next steps:",
+      "• /auth_status — verify Claude auth",
+      "• /model sonnet — switch away from Opus if usage-limited",
+      "• /setup_token — create a launchd-safe OAuth token if Keychain is the issue",
+    ].filter(Boolean).join("\n");
+  }
+  const label = backend === "codex" ? "Codex" : "Cursor";
+  const nextSteps = backend === "codex"
+    ? ["• /codex_auth_status — verify Codex auth", "• /codex_login — device-code login", "• /codex_setup_token — paste an OpenAI API key"]
+    : ["• /backend — confirm Cursor is selected", "• Run `agent login` on the host machine", "• /claude — fall back to Claude if Cursor stays broken"];
   return [
-    `Claude exited with code ${code} but produced no assistant output.`,
+    `${label} exited with code ${code} but produced no assistant output.`,
     stderr ? `\nStderr:\n${stderr.slice(-1200)}` : "\nStderr: (empty)",
-    authStatus ? `\nAuth status:\n${redactSensitive(authStatus).slice(-1200)}` : "",
     "",
     "Useful next steps:",
-    "• /auth_status — verify Claude auth",
-    "• /model sonnet — switch away from Opus if usage-limited",
-    "• /setup_token — create a launchd-safe OAuth token if Keychain is the issue",
+    ...nextSteps,
   ].filter(Boolean).join("\n");
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@inetafrica/open-claudia",
-  "version": "2.2.3",
+  "version": "2.2.5",
   "description": "Your always-on AI coding assistant — Claude Code, Cursor Agent, and OpenAI Codex via Telegram or Kazee Chat",
   "main": "bot.js",
   "bin": {

package/web.js CHANGED Viewed

@@ -48,9 +48,48 @@ function validatePasswordComplexity(pw) {
 function setPassword(newPassword) {
   fs.writeFileSync(WEB_PASSWORD_FILE, newPassword);
   fs.writeFileSync(PASSWORD_CHANGED_FILE, new Date().toISOString());
+  notifyAgentSpacePasswordChanged();
+}
+function notifyAgentSpacePasswordChanged() {
+  const apiUrl = process.env.AGENTSPACE_API_URL;
+  const token = process.env.AGENTSPACE_POD_TOKEN;
+  if (!apiUrl || !token) return;
+  let u;
+  try { u = new URL("/pods/self/password-changed", apiUrl); } catch (e) { return; }
+  const lib = u.protocol === "https:" ? require("https") : require("http");
+  const req = lib.request({
+    method: "POST",
+    hostname: u.hostname,
+    port: u.port || (u.protocol === "https:" ? 443 : 80),
+    path: u.pathname + u.search,
+    headers: {
+      "Authorization": `Bearer ${token}`,
+      "Content-Type": "application/json",
+      "Content-Length": "0",
+    },
+  });
+  req.on("error", () => {});
+  req.setTimeout(5000, () => { try { req.destroy(); } catch (e) {} });
+  req.end();
+}
+function checkBearerAuth(req) {
+  const expected = process.env.BOT_CONTROL_TOKEN;
+  if (!expected) return false;
+  const header = req.headers.authorization || "";
+  if (!header.startsWith("Bearer ")) return false;
+  const presented = header.slice(7).trim();
+  if (presented.length !== expected.length) return false;
+  try {
+    return crypto.timingSafeEqual(Buffer.from(presented), Buffer.from(expected));
+  } catch (e) {
+    return false;
+  }
 }
 function checkAuth(req) {
+  if (checkBearerAuth(req)) return true;
   const cookie = (req.headers.cookie || "").split(";").find((c) => c.trim().startsWith("oc_session="));
   if (!cookie) return false;
   const token = cookie.split("=")[1]?.trim();