@inetafrica/open-claudia 2.2.7 → 2.2.9

package/CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog
 
+## v2.2.9
+- Startup self-heal for grandfathered AgentSpace pods: if `.password-changed` exists on the PVC but AgentSpace was never notified (because the pod changed its password before `AGENTSPACE_API_URL` was injected, or before the `/pods/self/password-changed` callback shipped), the web server fires the callback once on startup and writes a `.password-changed-notified` sentinel so subsequent restarts don't retry. `notifyAgentSpacePasswordChanged` now returns a status so `setPassword` can also drop the sentinel after a successful live notification. Pre-v2.2.x grandfathered pods that never wrote the marker file still need manual `webPasswordUserSet=true` in Mongo.
+
+## v2.2.8
+- `/upgrade` now works on docker containers that run our baked-in `/app` source (the common self-host layout). Previously the handler fell through to `npm install -g`, which hit `EACCES` because the runtime user is uid 1001 and couldn't write the global node_modules — and even when it could, the bot reads from `/app`, not the global root, so the new version was never picked up. The new branch detects the `/app` layout, `npm pack`s the latest tarball, overlays it onto `/app`, runs `npm install --omit=dev`, and exits so the orchestrator restarts the container on the new source. AgentSpace pods (which have `AGENTSPACE_POD_TOKEN` + `AGENTSPACE_API_URL`) still go through the control plane; nothing else changes for them or for npm-global installs.
+- Dockerfile: `chown -R claudia:claudia /app` after the build steps so the runtime user can overlay new source during the in-place `/upgrade` above. Previously `/app` and its `node_modules` were root-owned because the COPY and `npm ci` ran as root before `USER 1001`.
+
 ## v2.2.7
 - Docker image now ships `git`, `jq`, `python3`, `python3-pip`, and `build-essential` so spawned coding agents don't fall back to curling random binaries into userspace when a basic tool is missing.
 - Symlink `/app/bin/cli.js` to `/usr/local/bin/open-claudia` so the CLI (used by agents for `send-file`, `task`, etc.) is on PATH from any cwd. Previously agents had to extract the packaged tgz to find it.

package/Dockerfile

@@ -44,6 +44,9 @@ RUN chmod -R a+rX /app
 # Expose the open-claudia CLI on PATH so spawned agents can send files, manage tasks, etc.
 RUN chmod +x /app/bin/cli.js && ln -s /app/bin/cli.js /usr/local/bin/open-claudia
 
+# Let the runtime user overlay new source into /app for in-place /upgrade.
+RUN chown -R claudia:claudia /app
+
 # Entrypoint auto-configures from env vars on first run
 COPY docker-entrypoint.sh /usr/local/bin/
 RUN chmod +x /usr/local/bin/docker-entrypoint.sh

package/core/handlers.js

@@ -329,6 +329,41 @@ async function requestAgentSpaceUpgrade() {
   });
 }
 
+// True when the running bot's source lives at /app (docker image layout from
+// our Dockerfile). In that case `npm install -g` can't actually upgrade us:
+// the process reads code from /app, not from the global npm root, and uid
+// 1001 can't write to /usr/local/lib/node_modules anyway. Detect this and
+// run an in-place tarball overlay instead.
+function isDockerAppLayout() {
+  try {
+    const pkgPath = path.resolve(path.join(__dirname, "..", "package.json"));
+    return pkgPath === "/app/package.json";
+  } catch (e) {
+    return false;
+  }
+}
+
+function inPlaceTarballUpgrade(targetVersion) {
+  const tmpDir = `/tmp/oc-upgrade-${process.pid}-${Date.now()}`;
+  fs.mkdirSync(tmpDir, { recursive: true });
+  const env = { ...process.env, PATH: FULL_PATH, HOME: process.env.HOME || require("os").homedir() };
+  const packOutput = execSync(`npm pack @inetafrica/open-claudia@${targetVersion}`, {
+    encoding: "utf-8", cwd: tmpDir, timeout: 120000, env,
+  }).trim();
+  // Last non-empty line of `npm pack` stdout is the tgz filename.
+  const tgzName = packOutput.split("\n").map((s) => s.trim()).filter(Boolean).pop();
+  const tgzPath = path.join(tmpDir, tgzName);
+  execSync(`tar -xzf "${tgzPath}" -C "${tmpDir}"`, { encoding: "utf-8", timeout: 60000 });
+  // npm pack tarballs always extract into a top-level "package/" directory.
+  // cp -a preserves perms and symlinks; the trailing /. copies contents only.
+  execSync(`cp -a "${tmpDir}/package/." /app/`, { encoding: "utf-8", timeout: 60000 });
+  try { fs.chmodSync("/app/bin/cli.js", 0o755); } catch (e) {}
+  execSync(`npm install --omit=dev --no-audit --no-fund`, {
+    encoding: "utf-8", cwd: "/app", timeout: 240000, env,
+  });
+  try { fs.rmSync(tmpDir, { recursive: true, force: true }); } catch (e) {}
+}
+
 register({
   name: "upgrade", description: "Upgrade and restart", ownerOnly: true,
   handler: async (env) => {
@@ -350,6 +385,55 @@ register({
         return;
       }
     }
+    // Docker /app layout: bot runs from baked-in source, not from the global
+    // npm root, and as a non-root user. Do an in-place tarball overlay and
+    // exit; whatever orchestrates the container (k8s, docker restart=always)
+    // brings us back on the new source.
+    if (isDockerAppLayout()) {
+      try { process.chdir("/tmp"); } catch (e) {}
+      let latest = null;
+      try {
+        latest = execSync("npm view @inetafrica/open-claudia version", {
+          encoding: "utf-8", timeout: 15000,
+          env: { ...process.env, PATH: FULL_PATH, HOME: process.env.HOME || require("os").homedir() },
+        }).trim();
+      } catch (e) {
+        await send(`Upgrade failed: could not query npm registry (${(e.message || String(e)).slice(0, 200)}).`);
+        return;
+      }
+      if (latest === CURRENT_VERSION) {
+        await send(`Already on the latest version (v${CURRENT_VERSION}).`);
+        return;
+      }
+      await send(`Upgrading v${CURRENT_VERSION} → v${latest} (in-place tarball overlay into /app)...`);
+      try {
+        inPlaceTarballUpgrade(latest);
+      } catch (e) {
+        const errOutput = (e.stdout || e.stderr || e.message || String(e)).slice(-700);
+        await send(`Upgrade failed:\n${errOutput}`);
+        return;
+      }
+      let newVersion = latest;
+      let whatsNew = "";
+      try {
+        newVersion = JSON.parse(fs.readFileSync("/app/package.json", "utf-8")).version;
+        const changelog = fs.readFileSync("/app/CHANGELOG.md", "utf-8");
+        let versionHeader = `## v${newVersion}`;
+        let start = changelog.indexOf(versionHeader);
+        if (start < 0) { versionHeader = `## ${newVersion}`; start = changelog.indexOf(versionHeader); }
+        if (start >= 0) {
+          const afterHeader = changelog.slice(start + versionHeader.length);
+          const nextVersion = afterHeader.indexOf("\n## ");
+          const section = nextVersion >= 0 ? afterHeader.slice(0, nextVersion) : afterHeader;
+          whatsNew = section.trim();
+        }
+      } catch (e) {}
+      const tailNote = "Source refreshed in /app. If this release also changed the Dockerfile (apt packages, env, base image), the host still needs a docker pull + recreate for those.";
+      const msg = `Installed v${newVersion}.${whatsNew ? `\n\nWhat's new:\n${whatsNew}` : ""}\n\n${tailNote}\n\nRestarting...`;
+      await send(msg.length > 3900 ? msg.slice(0, 3900) : msg);
+      setTimeout(() => process.exit(0), 2000);
+      return;
+    }
     try { process.chdir(process.env.HOME || require("os").homedir()); } catch (e) {}
     let latest = null;
     try {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inetafrica/open-claudia",
-  "version": "2.2.7",
+  "version": "2.2.9",
   "description": "Your always-on AI coding assistant — Claude Code, Cursor Agent, and OpenAI Codex via Telegram or Kazee Chat",
   "main": "bot.js",
   "bin": {

package/web.js

@@ -31,6 +31,10 @@ function getPassword() {
 }
 
 const PASSWORD_CHANGED_FILE = path.join(CONFIG_DIR, ".password-changed");
+// Sentinel: written once AgentSpace has been notified about the user-set
+// password. Used to keep the startup self-heal idempotent for grandfathered
+// pods that changed their password before AGENTSPACE_API_URL was injected.
+const PASSWORD_CHANGED_NOTIFIED_FILE = path.join(CONFIG_DIR, ".password-changed-notified");
 
 function isPasswordChanged() {
   return fs.existsSync(PASSWORD_CHANGED_FILE);
@@ -48,30 +52,56 @@ function validatePasswordComplexity(pw) {
 function setPassword(newPassword) {
   fs.writeFileSync(WEB_PASSWORD_FILE, newPassword);
   fs.writeFileSync(PASSWORD_CHANGED_FILE, new Date().toISOString());
-  notifyAgentSpacePasswordChanged();
+  notifyAgentSpacePasswordChanged().then((r) => {
+    if (r && r.ok) {
+      try { fs.writeFileSync(PASSWORD_CHANGED_NOTIFIED_FILE, new Date().toISOString()); } catch (e) {}
+    }
+  }).catch(() => {});
 }
 
 function notifyAgentSpacePasswordChanged() {
-  const apiUrl = process.env.AGENTSPACE_API_URL;
-  const token = process.env.AGENTSPACE_POD_TOKEN;
-  if (!apiUrl || !token) return;
-  let u;
-  try { u = new URL("/pods/self/password-changed", apiUrl); } catch (e) { return; }
-  const lib = u.protocol === "https:" ? require("https") : require("http");
-  const req = lib.request({
-    method: "POST",
-    hostname: u.hostname,
-    port: u.port || (u.protocol === "https:" ? 443 : 80),
-    path: u.pathname + u.search,
-    headers: {
-      "Authorization": `Bearer ${token}`,
-      "Content-Type": "application/json",
-      "Content-Length": "0",
-    },
+  return new Promise((resolve) => {
+    const apiUrl = process.env.AGENTSPACE_API_URL;
+    const token = process.env.AGENTSPACE_POD_TOKEN;
+    if (!apiUrl || !token) return resolve({ ok: false, reason: "missing-env" });
+    let u;
+    try { u = new URL("/pods/self/password-changed", apiUrl); } catch (e) { return resolve({ ok: false, reason: "bad-url" }); }
+    const lib = u.protocol === "https:" ? require("https") : require("http");
+    const req = lib.request({
+      method: "POST",
+      hostname: u.hostname,
+      port: u.port || (u.protocol === "https:" ? 443 : 80),
+      path: u.pathname + u.search,
+      headers: {
+        "Authorization": `Bearer ${token}`,
+        "Content-Type": "application/json",
+        "Content-Length": "0",
+      },
+    }, (res) => {
+      res.on("data", () => {});
+      res.on("end", () => resolve({ ok: res.statusCode >= 200 && res.statusCode < 300, status: res.statusCode }));
+    });
+    req.on("error", (e) => resolve({ ok: false, reason: String(e.message || e) }));
+    req.setTimeout(5000, () => { try { req.destroy(); } catch (e) {} resolve({ ok: false, reason: "timeout" }); });
+    req.end();
   });
-  req.on("error", () => {});
-  req.setTimeout(5000, () => { try { req.destroy(); } catch (e) {} });
-  req.end();
+}
+
+// Startup self-heal for grandfathered pods. If the pod changed its web
+// password before AGENTSPACE_API_URL was injected (or before the callback
+// existed), the marker file is on disk but AgentSpace still thinks the
+// initial password is valid. Fire the callback once on startup; on success
+// write a sentinel so we don't repeat it on every restart.
+function reconcileGrandfatheredPasswordChange() {
+  if (!isPasswordChanged()) return;
+  if (fs.existsSync(PASSWORD_CHANGED_NOTIFIED_FILE)) return;
+  if (!process.env.AGENTSPACE_API_URL || !process.env.AGENTSPACE_POD_TOKEN) return;
+  notifyAgentSpacePasswordChanged().then((r) => {
+    if (r && r.ok) {
+      try { fs.writeFileSync(PASSWORD_CHANGED_NOTIFIED_FILE, new Date().toISOString()); } catch (e) {}
+      console.log("[web] Notified AgentSpace of pre-existing user-set password.");
+    }
+  }).catch(() => {});
 }
 
 function checkBearerAuth(req) {
@@ -741,6 +771,7 @@ function startWebServer() {
   server.listen(PORT, () => {
     console.log(`Web UI running on http://localhost:${PORT}`);
     console.log("Admin password configured.");
+    reconcileGrandfatheredPasswordChange();
   });
 
   return server;