npm - @inetafrica/open-claudia - Versions diffs - 2.2.6 → 2.2.8 - Mend

@inetafrica/open-claudia 2.2.6 → 2.2.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,14 @@
 # Changelog
+## v2.2.8
+- `/upgrade` now works on docker containers that run our baked-in `/app` source (the common self-host layout). Previously the handler fell through to `npm install -g`, which hit `EACCES` because the runtime user is uid 1001 and couldn't write the global node_modules — and even when it could, the bot reads from `/app`, not the global root, so the new version was never picked up. The new branch detects the `/app` layout, `npm pack`s the latest tarball, overlays it onto `/app`, runs `npm install --omit=dev`, and exits so the orchestrator restarts the container on the new source. AgentSpace pods (which have `AGENTSPACE_POD_TOKEN` + `AGENTSPACE_API_URL`) still go through the control plane; nothing else changes for them or for npm-global installs.
+- Dockerfile: `chown -R claudia:claudia /app` after the build steps so the runtime user can overlay new source during the in-place `/upgrade` above. Previously `/app` and its `node_modules` were root-owned because the COPY and `npm ci` ran as root before `USER 1001`.
+## v2.2.7
+- Docker image now ships `git`, `jq`, `python3`, `python3-pip`, and `build-essential` so spawned coding agents don't fall back to curling random binaries into userspace when a basic tool is missing.
+- Symlink `/app/bin/cli.js` to `/usr/local/bin/open-claudia` so the CLI (used by agents for `send-file`, `task`, etc.) is on PATH from any cwd. Previously agents had to extract the packaged tgz to find it.
+- Grant the `claudia` user passwordless sudo for `apt-get` / `apt` so the model can install additional packages at runtime via the normal path rather than ad-hoc binary downloads.
 ## v2.2.6
 - Kazee inbound photos: V2 socket emits attachments as `msg.media` (single) or `msg.medias` (array), not `msg.attachments`. The adapter now reads all three so images sent from Kazee web/mobile clients reach the bot instead of being silently dropped as zero-attachment text.
 - Kazee outbound files: rewrote `sendFile` to (a) upload via `POST /chat/media/:chatId` with field `media` (the actual route; the old code POSTed to `/upload` with field `file` and 404'd), then (b) post the message via the V2 socket event `message:send` with `mediaIds: [<uploadedId>]` instead of REST `sendMessage` with `media_url`. The REST path is currently broken upstream — `Chat/send_message` calls `Media.create` without the required `chat`/`bucketName`/`fileName`/`minioPath` fields and 500s with `Failed to create media record`. Going via the socket handler reuses the already-saved Media doc and avoids the duplicate create.

package/Dockerfile CHANGED Viewed

@@ -5,6 +5,12 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     curl \
     ffmpeg \
     ca-certificates \
+    git \
+    jq \
+    python3 \
+    python3-pip \
+    build-essential \
+    sudo \
     && rm -rf /var/lib/apt/lists/*
 # Install Claude Code CLI
@@ -18,6 +24,10 @@ RUN npm install -g @openai/codex
 # node:20-slim already has uid/gid 1000 (node user). Create claudia with different IDs.
 RUN groupadd -g 1001 claudia && useradd -u 1001 -g 1001 -m -d /data claudia
+# Allow claudia to install packages at runtime without a password
+RUN echo "claudia ALL=(ALL) NOPASSWD: /usr/bin/apt-get, /usr/bin/apt" > /etc/sudoers.d/claudia-apt && \
+    chmod 0440 /etc/sudoers.d/claudia-apt
 # Create app directory
 WORKDIR /app
@@ -31,6 +41,12 @@ COPY . .
 # Ensure app files are readable regardless of host file perms
 RUN chmod -R a+rX /app
+# Expose the open-claudia CLI on PATH so spawned agents can send files, manage tasks, etc.
+RUN chmod +x /app/bin/cli.js && ln -s /app/bin/cli.js /usr/local/bin/open-claudia
+# Let the runtime user overlay new source into /app for in-place /upgrade.
+RUN chown -R claudia:claudia /app
 # Entrypoint auto-configures from env vars on first run
 COPY docker-entrypoint.sh /usr/local/bin/
 RUN chmod +x /usr/local/bin/docker-entrypoint.sh

package/core/handlers.js CHANGED Viewed

@@ -329,6 +329,41 @@ async function requestAgentSpaceUpgrade() {
   });
 }
+// True when the running bot's source lives at /app (docker image layout from
+// our Dockerfile). In that case `npm install -g` can't actually upgrade us:
+// the process reads code from /app, not from the global npm root, and uid
+// 1001 can't write to /usr/local/lib/node_modules anyway. Detect this and
+// run an in-place tarball overlay instead.
+function isDockerAppLayout() {
+  try {
+    const pkgPath = path.resolve(path.join(__dirname, "..", "package.json"));
+    return pkgPath === "/app/package.json";
+  } catch (e) {
+    return false;
+  }
+}
+function inPlaceTarballUpgrade(targetVersion) {
+  const tmpDir = `/tmp/oc-upgrade-${process.pid}-${Date.now()}`;
+  fs.mkdirSync(tmpDir, { recursive: true });
+  const env = { ...process.env, PATH: FULL_PATH, HOME: process.env.HOME || require("os").homedir() };
+  const packOutput = execSync(`npm pack @inetafrica/open-claudia@${targetVersion}`, {
+    encoding: "utf-8", cwd: tmpDir, timeout: 120000, env,
+  }).trim();
+  // Last non-empty line of `npm pack` stdout is the tgz filename.
+  const tgzName = packOutput.split("\n").map((s) => s.trim()).filter(Boolean).pop();
+  const tgzPath = path.join(tmpDir, tgzName);
+  execSync(`tar -xzf "${tgzPath}" -C "${tmpDir}"`, { encoding: "utf-8", timeout: 60000 });
+  // npm pack tarballs always extract into a top-level "package/" directory.
+  // cp -a preserves perms and symlinks; the trailing /. copies contents only.
+  execSync(`cp -a "${tmpDir}/package/." /app/`, { encoding: "utf-8", timeout: 60000 });
+  try { fs.chmodSync("/app/bin/cli.js", 0o755); } catch (e) {}
+  execSync(`npm install --omit=dev --no-audit --no-fund`, {
+    encoding: "utf-8", cwd: "/app", timeout: 240000, env,
+  });
+  try { fs.rmSync(tmpDir, { recursive: true, force: true }); } catch (e) {}
+}
 register({
   name: "upgrade", description: "Upgrade and restart", ownerOnly: true,
   handler: async (env) => {
@@ -350,6 +385,55 @@ register({
         return;
       }
     }
+    // Docker /app layout: bot runs from baked-in source, not from the global
+    // npm root, and as a non-root user. Do an in-place tarball overlay and
+    // exit; whatever orchestrates the container (k8s, docker restart=always)
+    // brings us back on the new source.
+    if (isDockerAppLayout()) {
+      try { process.chdir("/tmp"); } catch (e) {}
+      let latest = null;
+      try {
+        latest = execSync("npm view @inetafrica/open-claudia version", {
+          encoding: "utf-8", timeout: 15000,
+          env: { ...process.env, PATH: FULL_PATH, HOME: process.env.HOME || require("os").homedir() },
+        }).trim();
+      } catch (e) {
+        await send(`Upgrade failed: could not query npm registry (${(e.message || String(e)).slice(0, 200)}).`);
+        return;
+      }
+      if (latest === CURRENT_VERSION) {
+        await send(`Already on the latest version (v${CURRENT_VERSION}).`);
+        return;
+      }
+      await send(`Upgrading v${CURRENT_VERSION} → v${latest} (in-place tarball overlay into /app)...`);
+      try {
+        inPlaceTarballUpgrade(latest);
+      } catch (e) {
+        const errOutput = (e.stdout || e.stderr || e.message || String(e)).slice(-700);
+        await send(`Upgrade failed:\n${errOutput}`);
+        return;
+      }
+      let newVersion = latest;
+      let whatsNew = "";
+      try {
+        newVersion = JSON.parse(fs.readFileSync("/app/package.json", "utf-8")).version;
+        const changelog = fs.readFileSync("/app/CHANGELOG.md", "utf-8");
+        let versionHeader = `## v${newVersion}`;
+        let start = changelog.indexOf(versionHeader);
+        if (start < 0) { versionHeader = `## ${newVersion}`; start = changelog.indexOf(versionHeader); }
+        if (start >= 0) {
+          const afterHeader = changelog.slice(start + versionHeader.length);
+          const nextVersion = afterHeader.indexOf("\n## ");
+          const section = nextVersion >= 0 ? afterHeader.slice(0, nextVersion) : afterHeader;
+          whatsNew = section.trim();
+        }
+      } catch (e) {}
+      const tailNote = "Source refreshed in /app. If this release also changed the Dockerfile (apt packages, env, base image), the host still needs a docker pull + recreate for those.";
+      const msg = `Installed v${newVersion}.${whatsNew ? `\n\nWhat's new:\n${whatsNew}` : ""}\n\n${tailNote}\n\nRestarting...`;
+      await send(msg.length > 3900 ? msg.slice(0, 3900) : msg);
+      setTimeout(() => process.exit(0), 2000);
+      return;
+    }
     try { process.chdir(process.env.HOME || require("os").homedir()); } catch (e) {}
     let latest = null;
     try {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@inetafrica/open-claudia",
-  "version": "2.2.6",
+  "version": "2.2.8",
   "description": "Your always-on AI coding assistant — Claude Code, Cursor Agent, and OpenAI Codex via Telegram or Kazee Chat",
   "main": "bot.js",
   "bin": {