@link-assistant/hive-mind 1.64.2 → 1.64.4

package/src/telegram-bot.mjs

@@ -571,6 +571,7 @@ bot.command('help', async ctx => {
   message += '*/subscribe* / */unsubscribe* - 🔔 Get private DM forward of /solve completion (experimental, #1688)\n';
   message += '*/help* - Show this help message\n';
   message += '*/stop* / */start* - Stop or resume accepting new tasks (owner only)\n';
+  message += '*/stop* `<uuid>` - Send CTRL+C to an isolated solve/hive session (owner only). Also works as a reply to a message containing the UUID.\n';
   message += '*/log* - Fetch isolation session log (owner only). Usage: `/log <uuid>` or reply with `/log`\n';
   message += '*/terminal\\_watch* - Live-update an isolation session log (owner only). Usage: `/terminal_watch <uuid>` or reply with `/terminal_watch`\n\n';
   message += '🔔 *Session Notifications:* Completion notifications are automatic; use /subscribe for private DM forwards.\n';
@@ -1109,6 +1110,46 @@ registerStartStopCommands(bot, sharedCommandOpts);
 await registerLogCommand(bot, sharedCommandOpts);
 await registerTerminalWatchCommand(bot, sharedCommandOpts);
 
+// Issue #1745: hidden /tokens command for chat owners (private DMs only,
+// undocumented, masked output). Lets operators audit which local tokens are
+// live in the bot's environment so they can search for accidental leaks.
+const { registerTokensCommand } = await import('./telegram-tokens-command.lib.mjs');
+registerTokensCommand(bot, { ...sharedCommandOpts, allowedChats });
+
+// Issue #1745: register the leak-warning DM hook. The interactive bridge
+// fires reportInteractiveLeak() whenever it has to mask a known-local token
+// in an outbound PR comment. We DM every operator (chat creator) of every
+// allowlisted chat so at least one of them sees it quickly.
+const { registerLeakNotifier } = await import('./telegram-leak-notifier.lib.mjs');
+registerLeakNotifier(async ({ owner, repo, prNumber, tokenHits = [] }) => {
+  if (!allowedChats || allowedChats.length === 0) return;
+  const where = prNumber ? `${owner}/${repo}#${prNumber}` : `${owner}/${repo}`;
+  const sources = tokenHits.length ? tokenHits.map(h => `${h.name} (${h.source})`).join(', ') : 'unknown';
+  const text = `🚨 *Token-leak event*\n\nA known local token was about to be published in *${where}* and was masked by the sanitizer just in time.\n\nTokens detected: ${sources}\n\nRotate the affected secret(s) now and check public surfaces (GitHub comments, gists, Slack) for any prior copies.`;
+  for (const chatId of allowedChats) {
+    try {
+      const member = await bot.telegram.getChatMember(chatId, chatId).catch(() => null);
+      // For groups, getChatMember(chatId, chatId) returns the chat itself; we
+      // really want the creator. Fall back to getChatAdministrators.
+      let ownerUserId = null;
+      if (member && member.status === 'creator' && member.user?.id) {
+        ownerUserId = member.user.id;
+      } else {
+        const admins = await bot.telegram.getChatAdministrators(chatId).catch(() => []);
+        const creator = (admins || []).find(a => a.status === 'creator');
+        if (creator && creator.user?.id) ownerUserId = creator.user.id;
+      }
+      if (ownerUserId) {
+        await bot.telegram.sendMessage(ownerUserId, text, { parse_mode: 'Markdown' }).catch(err => {
+          console.warn(`[telegram-leak-notifier] DM to user ${ownerUserId} (chat ${chatId}) failed: ${err.message}`);
+        });
+      }
+    } catch (err) {
+      console.warn(`[telegram-leak-notifier] could not notify owner of chat ${chatId}: ${err.message}`);
+    }
+  }
+});
+
 // Add message listener for verbose debugging
 if (VERBOSE) {
   bot.on('message', (ctx, next) => {

package/src/telegram-leak-notifier.lib.mjs

@@ -0,0 +1,79 @@
+#!/usr/bin/env node
+/**
+ * Telegram leak-notifier (Issue #1745)
+ *
+ * The interactive AI bridge calls `reportInteractiveLeak()` whenever it
+ * detects that a comment body it was about to publish contained a
+ * known-local token. The sanitizer masks the token before it goes out, but
+ * we still want the chat owner who started the session to know — quickly,
+ * out-of-band — so they can rotate the token immediately.
+ *
+ * The Telegram bot calls `registerLeakNotifier()` on startup with a callback
+ * that knows how to DM the chat owner. We keep this contract intentionally
+ * small (callback-based, no direct telegraf import) so:
+ *
+ *   1. interactive-mode.lib.mjs doesn't have to depend on telegraf at all
+ *      (avoids a heavy import in the AI subprocess).
+ *   2. Tests can register a no-op (or assertion-collecting) notifier.
+ *   3. solve.mjs running outside the Telegram bot process degrades gracefully
+ *      to a console warning.
+ *
+ * @see docs/case-studies/issue-1745/analysis.md
+ * @module telegram-leak-notifier
+ */
+
+let registeredNotifier = null;
+
+/**
+ * Telegram bot calls this once during startup so the AI bridge has a way
+ * to send out-of-band leak warnings.
+ *
+ * @param {Function} notifier  async ({ owner, repo, prNumber, tokenHits }) => void
+ */
+export const registerLeakNotifier = notifier => {
+  registeredNotifier = typeof notifier === 'function' ? notifier : null;
+};
+
+/** Test hook — clear the registered notifier between tests. */
+export const clearLeakNotifierForTests = () => {
+  registeredNotifier = null;
+};
+
+/**
+ * Issue #1745 — fired by interactive-mode.lib.mjs when it had to mask a
+ * known-local token in an outbound comment.
+ *
+ * Always succeeds. If no notifier is registered (we're running outside the
+ * Telegram bot process) it falls back to a structured console warning.
+ *
+ * @param {Object} params
+ * @param {string} params.owner       repo owner
+ * @param {string} params.repo        repo name
+ * @param {number} [params.prNumber]  pull-request number, when applicable
+ * @param {Array<{name: string, source: string}>} [params.tokenHits]
+ *   list of token identifiers (NEVER the values) that were detected.
+ * @param {Function} [params.log]     async logger from interactive-mode
+ */
+export const reportInteractiveLeak = async ({ owner, repo, prNumber, tokenHits = [], log } = {}) => {
+  const fallbackLog = log || (async msg => console.warn(msg));
+
+  const summary = tokenHits.length ? tokenHits.map(h => `${h.name} (${h.source})`).join(', ') : 'unknown';
+
+  const where = prNumber ? `${owner}/${repo}#${prNumber}` : `${owner}/${repo}`;
+
+  await fallbackLog(`🚨 Token-leak event: ${summary} found in outbound comment for ${where} (sanitizer masked it).`);
+
+  if (registeredNotifier) {
+    try {
+      await registeredNotifier({ owner, repo, prNumber, tokenHits });
+    } catch (err) {
+      await fallbackLog(`⚠️ Telegram leak notifier threw: ${err.message}`);
+    }
+  }
+};
+
+export default {
+  registerLeakNotifier,
+  reportInteractiveLeak,
+  clearLeakNotifierForTests,
+};

package/src/telegram-start-stop-command.lib.mjs

@@ -10,10 +10,17 @@
  * - Graceful stop: existing queue items continue to process
  * - Read-only commands (/help, /limits, /version) remain available when stopped
  * - Write commands (/solve, /hive) are rejected when stopped
+ * - `/stop <UUID>` or reply-to-message-with-UUID forwards CTRL+C to the
+ *   matching isolated solve/hive session via `$ --stop <UUID>` from
+ *   link-foundation/start (issue #524).
  *
  * @see https://github.com/link-assistant/hive-mind/issues/1081
+ * @see https://github.com/link-assistant/hive-mind/issues/524
+ * @see https://github.com/link-foundation/start/issues/112
  */
 
+import { extractSessionIdFromText } from './telegram-log-command.lib.mjs';
+
 // Store stopped chats: Map<chatId, { stoppedAt: Date, stoppedBy: { id, username, firstName }, reason?: string }>
 const stoppedChats = new Map();
 
@@ -86,6 +93,30 @@ export function getStoppedChatRejectMessage(chatId, commandName = 'Command') {
   return `❌ ${commandName} command rejected.\n\n🚫 Reason: ${reason}\n\nUse /start to resume (chat owner only).`;
 }
 
+/**
+ * Extract a session UUID for `/stop`. Priority:
+ *   1. UUID literal anywhere in the `/stop` message text.
+ *   2. UUID in the text/caption of the message being replied to.
+ *
+ * The `text` argument is the raw `/stop ...` command text. `repliedTo`, when
+ * present, is the Telegram message object that the user replied to with `/stop`.
+ *
+ * @param {string} text
+ * @param {Object|null|undefined} repliedTo
+ * @returns {{ sessionId: string|null, source: 'argument'|'reply'|null }}
+ */
+export function extractStopSessionId(text, repliedTo) {
+  // Strip the leading `/stop` (or `/stop@botname`) before looking for a UUID,
+  // so we don't accidentally match digits inside the command name itself.
+  const argText = String(text || '').replace(/^\/stop(?:@\w+)?\s*/i, '');
+  const direct = extractSessionIdFromText(argText);
+  if (direct) return { sessionId: direct, source: 'argument' };
+  const replyText = repliedTo ? `${repliedTo.text || ''}\n${repliedTo.caption || ''}` : '';
+  const fromReply = extractSessionIdFromText(replyText);
+  if (fromReply) return { sessionId: fromReply, source: 'reply' };
+  return { sessionId: null, source: null };
+}
+
 /**
  * Registers the /start and /stop command handlers with the bot
  * @param {Object} bot - The Telegraf bot instance
@@ -95,9 +126,13 @@ export function getStoppedChatRejectMessage(chatId, commandName = 'Command') {
  * @param {Function} options.isForwardedOrReply - Function to check if message is forwarded/reply
  * @param {Function} options.isGroupChat - Function to check if chat is a group
  * @param {Function} options.isChatAuthorized - Function to check if chat is authorized
+ * @param {Function} [options.isTopicAuthorized] - Topic-level authorization fallback
+ * @param {Function} [options.buildAuthErrorMessage] - Builds the chat-not-authorized message
+ * @param {Function} [options.stopIsolatedSession] - Override for tests; calls `$ --stop <uuid>`
  */
 export function registerStartStopCommands(bot, options) {
-  const { VERBOSE = false, isOldMessage, isForwardedOrReply, isGroupChat, isChatAuthorized } = options;
+  const { VERBOSE = false, isOldMessage, isForwardedOrReply, isGroupChat, isChatAuthorized, isTopicAuthorized, buildAuthErrorMessage } = options;
+  const stopIsolatedSessionImpl = options.stopIsolatedSession || (async (...args) => (await import('./isolation-runner.lib.mjs')).stopIsolatedSession(...args));
 
   /**
    * Validate command context: checks old message, forwarded, group chat, authorized, and owner status.
@@ -145,9 +180,110 @@ export function registerStartStopCommands(bot, options) {
     return { valid: true, chatId };
   }
 
-  // /stop command - stop accepting new tasks in this chat
-  // Only accessible by chat owner (creator)
+  // /stop command. Two modes:
+  //   1. `/stop <UUID>` or reply-to-message-with-UUID — forward CTRL+C to the
+  //      matching isolated session via `$ --stop <UUID>` (issue #524).
+  //   2. bare `/stop` (optionally with a free-text reason) — pause new task
+  //      acceptance for the chat (issue #1081).
+  // Only accessible by chat owner (creator) in both modes.
   bot.command('stop', async ctx => {
+    VERBOSE && console.log('[VERBOSE] /stop command received');
+    if (isOldMessage(ctx)) {
+      VERBOSE && console.log('[VERBOSE] /stop ignored: old message');
+      return;
+    }
+
+    // Detect UUID modes BEFORE the forwarded/reply rejection used by the
+    // chat-level stop, because the UUID-from-reply mode is intentionally a
+    // reply (issue #524).
+    const message = ctx.message;
+    const repliedTo = message?.reply_to_message || null;
+    const { sessionId, source } = extractStopSessionId(message?.text || '', repliedTo);
+
+    if (sessionId) {
+      VERBOSE && console.log(`[VERBOSE] /stop: detected UUID ${sessionId} (source=${source})`);
+      // Reuse the same auth model as /log: must be chat owner in groups; in
+      // private DMs the user is implicitly the owner of their own chat.
+      const chatId = ctx.chat?.id;
+      const chatType = ctx.chat?.type;
+      if (chatType !== 'private') {
+        if (!isGroupChat(ctx)) {
+          await ctx.reply('❌ The /stop command only works in group chats or private chats with the bot.', { reply_to_message_id: message.message_id });
+          return;
+        }
+        if (!isChatAuthorized(chatId)) {
+          if (!isTopicAuthorized || !isTopicAuthorized(ctx)) {
+            const errMsg = buildAuthErrorMessage ? buildAuthErrorMessage(ctx) : `❌ This chat (ID: ${chatId}) is not authorized to use this bot.`;
+            await ctx.reply(errMsg, { reply_to_message_id: message.message_id });
+            return;
+          }
+        }
+        try {
+          const member = await ctx.telegram.getChatMember(chatId, ctx.from.id);
+          if (!member || member.status !== 'creator') {
+            VERBOSE && console.log('[VERBOSE] /stop <UUID> ignored: user is not chat owner');
+            await ctx.reply('❌ /stop <UUID> is only available to the chat owner.', { reply_to_message_id: message.message_id });
+            return;
+          }
+        } catch (error) {
+          console.error('[ERROR] /stop <UUID>: getChatMember failed:', error);
+          await ctx.reply('❌ Failed to verify permissions for /stop.', { reply_to_message_id: message.message_id });
+          return;
+        }
+      }
+
+      const ack = await ctx.reply(`⏹️ Asking session \`${sessionId}\` to stop (sending CTRL+C via \`$ --stop\`)…`, {
+        parse_mode: 'Markdown',
+        reply_to_message_id: message.message_id,
+      });
+
+      let result;
+      try {
+        result = await stopIsolatedSessionImpl(sessionId, VERBOSE);
+      } catch (error) {
+        console.error('[ERROR] /stop <UUID>: stopIsolatedSession threw:', error);
+        result = { success: false, output: '', error: error?.message || String(error) };
+      }
+
+      const trimmedOutput = (result.output || '').toString().trim();
+      const trimmedError = (result.error || '').toString().trim();
+      const lines = [];
+      if (result.success) {
+        lines.push(`✅ Stop request sent to session \`${sessionId}\`.`);
+        lines.push('');
+        lines.push('The session should terminate shortly.');
+        if (trimmedOutput) {
+          lines.push('');
+          lines.push('```');
+          lines.push(trimmedOutput.slice(0, 1000));
+          lines.push('```');
+        }
+      } else {
+        lines.push(`❌ Failed to stop session \`${sessionId}\`.`);
+        if (trimmedError) {
+          lines.push('');
+          lines.push('```');
+          lines.push(trimmedError.slice(0, 1000));
+          lines.push('```');
+        }
+      }
+
+      try {
+        await ctx.telegram.editMessageText(ack.chat.id, ack.message_id, undefined, lines.join('\n'), { parse_mode: 'Markdown' });
+      } catch (error) {
+        console.error('[ERROR] /stop <UUID>: editMessageText failed, falling back to reply:', error);
+        await ctx.reply(lines.join('\n'), { parse_mode: 'Markdown', reply_to_message_id: message.message_id });
+      }
+      return;
+    }
+
+    // No UUID — fall through to the chat-level pause flow. That flow rejects
+    // forwards/replies on purpose (#1081) so a stray reply doesn't pause the chat.
+    if (isForwardedOrReply(ctx)) {
+      VERBOSE && console.log('[VERBOSE] /stop ignored: forwarded or reply');
+      return;
+    }
+
     const check = await validateOwnerCommand(ctx, '/stop');
     if (!check.valid) return;
     const chatId = check.chatId;

package/src/telegram-tokens-command.lib.mjs

@@ -0,0 +1,151 @@
+#!/usr/bin/env node
+/**
+ * Telegram /tokens command — hidden, owner-only, private-chat only.
+ *
+ * Lists every known LOCAL token the bot can see (env vars + GitHub CLI
+ * tokens), already masked via `maskToken` (3-char prefix/suffix per
+ * issue #1745). Useful for spot-checking which secrets are live in the
+ * bot's environment so the operator can search for them in public places
+ * before they become a leak.
+ *
+ * Privacy / safety guarantees:
+ *
+ *  - Hidden command. Not advertised in /help. Not part of the BotFather
+ *    command list.
+ *  - Private-chat only. Never echoes tokens (even masked) into a group chat.
+ *  - Authenticated. The user must own (`status === 'creator'`) at least one
+ *    chat that is on the allowlist — i.e. they're an actual operator of
+ *    this bot, not a random DMer.
+ *  - Output is always masked. We never print raw values.
+ *
+ * @see https://github.com/link-assistant/hive-mind/issues/1745
+ * @module telegram-tokens-command
+ */
+
+import { getAllKnownLocalTokens } from './token-sanitization.lib.mjs';
+import { maskToken } from './lib.mjs';
+
+/**
+ * Resolve allowed chat IDs into an array of numeric IDs the user could own.
+ * Accepts:
+ *   - Array<number|string>
+ *   - Function returning Array<number|string>
+ *   - undefined / null  (treated as "any" — useful in private bot deployments)
+ *
+ * @param {Array|Function|null|undefined} allowedChats
+ * @returns {Array<string>}  numeric chat IDs as strings
+ */
+const resolveAllowedChatIds = allowedChats => {
+  if (!allowedChats) return [];
+  const raw = typeof allowedChats === 'function' ? allowedChats() : allowedChats;
+  if (!Array.isArray(raw)) return [];
+  return raw.map(v => String(v)).filter(Boolean);
+};
+
+/**
+ * Returns true if `userId` is the creator of any chat in `allowedChatIds`.
+ * Returns true unconditionally when `allowedChatIds` is empty (private
+ * deployment — no allowlist means any DM is fine).
+ */
+const isOperatorOfAnyAllowedChat = async ({ telegram, userId, allowedChatIds }) => {
+  if (!allowedChatIds || allowedChatIds.length === 0) {
+    return true;
+  }
+  for (const chatId of allowedChatIds) {
+    try {
+      const member = await telegram.getChatMember(chatId, userId);
+      if (member && member.status === 'creator') {
+        return true;
+      }
+    } catch {
+      // Bot may have been removed from the chat; skip and try the next one.
+    }
+  }
+  return false;
+};
+
+/**
+ * Format the token list for display. Each line: `name (source): masked`.
+ * The masked form is `first-3 *** last-3` per maskToken's new default.
+ */
+export const formatTokenList = tokens => {
+  if (!tokens || tokens.length === 0) {
+    return 'No known local tokens found in this bot process.';
+  }
+  const lines = tokens.map(t => {
+    const masked = maskToken(t.value);
+    return `• ${t.name} (${t.source}): \`${masked}\``;
+  });
+  return ['🔐 *Active local tokens (masked):*', '', ...lines, '', '_Use this list to search public places (GitHub, Slack, etc.) for accidentally leaked tokens before they become a problem. Tokens are masked with first 3 + last 3 characters per issue #1745._'].join('\n');
+};
+
+/**
+ * Registers the hidden /tokens command on the bot.
+ *
+ * @param {Object} bot - Telegraf bot
+ * @param {Object} options
+ * @param {boolean} [options.VERBOSE]
+ * @param {Function} [options.isOldMessage]
+ * @param {Array|Function} [options.allowedChats] — used for owner-of-allowed-chat check
+ * @param {Function} [options.fetchTokens] — test override for getAllKnownLocalTokens
+ */
+export const registerTokensCommand = (bot, options = {}) => {
+  const { VERBOSE = false, isOldMessage, allowedChats } = options;
+  const fetchTokens = options.fetchTokens || getAllKnownLocalTokens;
+
+  bot.command('tokens', async ctx => {
+    if (isOldMessage && isOldMessage(ctx)) {
+      VERBOSE && console.log('[VERBOSE] /tokens ignored: old message');
+      return;
+    }
+
+    const chat = ctx.chat;
+    if (!chat || !ctx.from) return;
+
+    // Step 1: private-chat only. Silently no-op in groups so the command stays
+    // truly hidden — a curious group member never gets a hint that it exists.
+    if (chat.type !== 'private') {
+      VERBOSE && console.log(`[VERBOSE] /tokens ignored: chat type ${chat.type} (private only)`);
+      return;
+    }
+
+    // Step 2: authenticate by ownership of an allowlisted chat.
+    const allowedChatIds = resolveAllowedChatIds(allowedChats);
+    let isOperator = false;
+    try {
+      isOperator = await isOperatorOfAnyAllowedChat({
+        telegram: ctx.telegram,
+        userId: ctx.from.id,
+        allowedChatIds,
+      });
+    } catch (err) {
+      VERBOSE && console.error('[VERBOSE] /tokens auth check failed:', err);
+      isOperator = false;
+    }
+
+    if (!isOperator) {
+      VERBOSE && console.log(`[VERBOSE] /tokens denied: user ${ctx.from.id} is not creator of any allowed chat`);
+      // Reply with a generic "unknown command"-shaped message so the command
+      // stays undiscoverable to non-operators.
+      return;
+    }
+
+    // Step 3: gather and emit.
+    let tokens;
+    try {
+      tokens = await fetchTokens();
+    } catch (err) {
+      VERBOSE && console.error('[VERBOSE] /tokens: fetchTokens failed:', err);
+      await ctx.reply('❌ Failed to gather local tokens.');
+      return;
+    }
+
+    const message = formatTokenList(tokens);
+    await ctx.reply(message, { parse_mode: 'Markdown' });
+  });
+};
+
+export default {
+  registerTokensCommand,
+  formatTokenList,
+};