@nordbyte/nordrelay 0.4.0 → 0.5.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nordbyte/nordrelay",
-  "version": "0.4.0",
+  "version": "0.5.0",
   "description": "Remote control plane for coding agents across messaging channels.",
   "type": "module",
   "author": "Ricardo",
@@ -39,9 +39,11 @@
     "docker-compose.yml"
   ],
   "scripts": {
-    "build": "tsc",
-    "check": "node --check plugins/nordrelay/scripts/nordrelay.mjs && tsc --noEmit",
+    "build": "node scripts/clean-dist.mjs && tsc && node scripts/build-web-assets.mjs",
+    "check": "node --check plugins/nordrelay/scripts/nordrelay.mjs && tsc --noEmit && node scripts/build-web-assets.mjs --check && node --import tsx scripts/generate-env-example.mjs --check",
     "dev": "tsx src/index.ts",
+    "env:check": "node --import tsx scripts/generate-env-example.mjs --check",
+    "env:generate": "node --import tsx scripts/generate-env-example.mjs",
     "foreground": "node plugins/nordrelay/scripts/nordrelay.mjs foreground",
     "prepack": "npm run build",
     "prepublishOnly": "npm run check && npm test && npm run build",
@@ -62,6 +64,7 @@
   "devDependencies": {
     "@types/better-sqlite3": "^7.6.0",
     "@types/node": "^25.5.0",
+    "esbuild": "^0.28.0",
     "tsx": "^4.21.0",
     "typescript": "^5.9.3",
     "vitest": "^3.2.4"

package/plugins/nordrelay/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nordrelay",
-  "version": "0.3.1",
+  "version": "0.5.0",
   "description": "Run a remote-control bridge for coding agents. Current adapters connect Codex, Pi, Hermes, and OpenClaw sessions to Telegram with streaming replies, multi-session controls, attachments, voice input, model selection, thread browsing, and handback.",
   "author": {
     "name": "Ricardo",

package/plugins/nordrelay/commands/remote.md

@@ -21,7 +21,7 @@ Codex plugin commands are namespaced by the plugin id in current plugin-aware co
 ## Workflow
 
 1. Locate the plugin root containing `.codex-plugin/plugin.json` with `"name": "nordrelay"`. In a source checkout this is usually `<repo>/plugins/nordrelay`.
-2. Check whether `TELEGRAM_BOT_TOKEN` and `TELEGRAM_ADMIN_USER_IDS` are available from the environment or from the NordRelay env file.
+2. Check whether `TELEGRAM_BOT_TOKEN` is available from the environment or from the NordRelay env file, and whether a NordRelay admin user exists.
 3. Run the connector command from the plugin root:
 
 ```bash

package/plugins/nordrelay/scripts/nordrelay.mjs

@@ -7,7 +7,7 @@ import path from "node:path";
 import process from "node:process";
 import readline from "node:readline/promises";
 import { spawn } from "node:child_process";
-import { fileURLToPath } from "node:url";
+import { fileURLToPath, pathToFileURL } from "node:url";
 
 const FALLBACK_VERSION = "0.3.1";
 const require = createRequire(import.meta.url);
@@ -49,8 +49,8 @@ function parseArgs(argv) {
     home: process.env.NORDRELAY_HOME || DEFAULT_HOME,
     dropPendingUpdates: !envFlag("NORDRELAY_KEEP_PENDING_UPDATES"),
     force: false,
-    host: process.env.NORDRELAY_DASHBOARD_HOST || "127.0.0.1",
-    port: Number.parseInt(process.env.NORDRELAY_DASHBOARD_PORT || "31878", 10),
+    host: undefined,
+    port: undefined,
   };
 
   for (let i = 0; i < copy.length; i += 1) {
@@ -61,7 +61,10 @@ function parseArgs(argv) {
     else if (arg === "--host") options.host = requireValue(copy, ++i, arg);
     else if (arg === "--port") options.port = Number.parseInt(requireValue(copy, ++i, arg), 10);
     else if (arg === "--token") options.telegramBotToken = requireValue(copy, ++i, arg);
-    else if (arg === "--admin-id") options.telegramAdminUserIds = requireValue(copy, ++i, arg);
+    else if (arg === "--admin-email") options.adminEmail = requireValue(copy, ++i, arg);
+    else if (arg === "--admin-name") options.adminName = requireValue(copy, ++i, arg);
+    else if (arg === "--admin-password") options.adminPassword = requireValue(copy, ++i, arg);
+    else if (arg === "--telegram-user-id") options.telegramUserId = requireValue(copy, ++i, arg);
     else if (arg === "--state-backend") options.stateBackend = requireValue(copy, ++i, arg);
     else if (arg === "--enable-pi") options.enablePi = true;
     else if (arg === "--enable-hermes") options.enableHermes = true;
@@ -128,14 +131,6 @@ function loadEnvFile(envPath) {
 }
 
 function normalizeEnvAliases() {
-  if (!process.env.TELEGRAM_ALLOWED_USER_IDS && process.env.TELEGRAM_ALLOWED_CHAT_IDS) {
-    process.env.TELEGRAM_ALLOWED_USER_IDS = process.env.TELEGRAM_ALLOWED_CHAT_IDS;
-  }
-
-  if (!process.env.TELEGRAM_ALLOWED_CHAT_IDS && process.env.TELEGRAM_ALLOWED_USER_IDS) {
-    process.env.TELEGRAM_ALLOWED_CHAT_IDS = process.env.TELEGRAM_ALLOWED_USER_IDS;
-  }
-
   if (!process.env.TOOL_VERBOSITY && envFlag("NORDRELAY_FORWARD_TOOL_OUTPUT")) {
     process.env.TOOL_VERBOSITY = "all";
   }
@@ -175,9 +170,31 @@ async function readPid(pidFile) {
   }
 }
 
-async function commandStart(options) {
+function resolveDashboardEndpoint(options, settings = {}) {
+  const host = options.host || process.env.NORDRELAY_DASHBOARD_HOST || "127.0.0.1";
+  const rawPort = options.port ?? Number.parseInt(process.env.NORDRELAY_DASHBOARD_PORT || "31878", 10);
+  if (!Number.isFinite(rawPort) || rawPort <= 0) {
+    if (settings.strict) {
+      throw new Error("Dashboard port must be a positive number.");
+    }
+    return { host, port: 31878 };
+  }
+  const port = rawPort;
+  return { host, port };
+}
+
+function formatDashboardUrl(endpoint) {
+  const host = endpoint.host || "127.0.0.1";
+  const displayHost = host === "0.0.0.0" || host === "" ? "127.0.0.1" : host === "::" ? "::1" : host;
+  const formattedHost = displayHost.includes(":") && !displayHost.startsWith("[") ? `[${displayHost}]` : displayHost;
+  const bindHint = displayHost === host ? "" : ` (binds ${host || "all interfaces"})`;
+  return `http://${formattedHost}:${endpoint.port}/${bindHint}`;
+}
+
+async function commandStart(options, settings = {}) {
   await mkdirp(options.home);
   loadEnvFiles(options.home);
+  const dashboard = resolveDashboardEndpoint(options);
 
   const currentPid = await readPid(options.pidFile);
   if (isProcessRunning(currentPid)) {
@@ -210,6 +227,9 @@ async function commandStart(options) {
     console.log(`Started ${APP_NAME} ${VERSION} with PID ${child.pid}`);
     console.log(`Workspace: ${state.workspace || "-"}`);
     console.log(`Mode: ${state.sessionMode || "per Telegram context"}`);
+    if (!settings.skipWebHint) {
+      console.log(`WebUI: ${formatDashboardUrl(dashboard)} (run \`nordrelay web\` to start it)`);
+    }
     console.log(`Log: ${options.logFile}`);
     return;
   }
@@ -225,9 +245,27 @@ async function commandStart(options) {
   }
 
   console.log(`Started ${APP_NAME} ${VERSION} with PID ${child.pid}`);
+  if (!settings.skipWebHint) {
+    console.log(`WebUI: ${formatDashboardUrl(dashboard)} (run \`nordrelay web\` to start it)`);
+  }
   console.log(`Startup is still in progress. Log: ${options.logFile}`);
 }
 
+async function ensureConnectorStartedForWeb(options) {
+  const currentPid = await readPid(options.pidFile);
+  if (isProcessRunning(currentPid)) {
+    console.log(`NordRelay connector already running with PID ${currentPid}.`);
+    return;
+  }
+
+  console.log("Starting NordRelay connector...");
+  const previousExitCode = process.exitCode;
+  await commandStart(options, { skipWebHint: true });
+  if (process.exitCode && process.exitCode !== previousExitCode) {
+    throw new Error(`NordRelay connector failed to start. See ${options.logFile}.`);
+  }
+}
+
 async function waitForState(stateFile, pid, timeoutMs) {
   const deadline = Date.now() + timeoutMs;
   while (Date.now() < deadline) {
@@ -268,6 +306,7 @@ async function commandStop(options) {
 
 async function commandStatus(options) {
   loadEnvFiles(options.home);
+  const dashboard = resolveDashboardEndpoint(options);
   const pid = await readPid(options.pidFile);
   const state = await readJson(options.stateFile, {});
   const running = isProcessRunning(pid);
@@ -282,6 +321,7 @@ async function commandStatus(options) {
   console.log(`OpenClaw CLI: ${state.openClawCli || "-"}`);
   console.log(`Claude Code CLI: ${state.claudeCodeCli || "-"}`);
   console.log(`OpenClaw Gateway: ${state.openClawGateway || process.env.OPENCLAW_GATEWAY_URL || "-"}`);
+  console.log(`WebUI: ${formatDashboardUrl(dashboard)}`);
   console.log(`Log: ${options.logFile}`);
   if (state.error) console.log(`Error: ${state.error}`);
 }
@@ -289,85 +329,180 @@ async function commandStatus(options) {
 async function commandInit(options) {
   await mkdirp(options.home);
   const envPath = path.join(options.home, "nordrelay.env");
+  const userStore = await createUserStore(options.home);
   if (fs.existsSync(envPath) && !options.force) {
     console.log(`Config already exists: ${envPath}`);
     console.log("Run with --force to overwrite.");
     return;
   }
 
-  const rl = process.stdin.isTTY
-    ? readline.createInterface({ input: process.stdin, output: process.stdout })
-    : null;
-  try {
-    const telegramBotToken = options.telegramBotToken ||
-      process.env.TELEGRAM_BOT_TOKEN ||
-      await ask(rl, "Telegram bot token", "");
-    const telegramAdminUserIds = options.telegramAdminUserIds ||
-      process.env.TELEGRAM_ADMIN_USER_IDS ||
-      await ask(rl, "Telegram admin user id", "");
-    const enableCodex = options.disableCodex ? "false" : await askChoice(rl, "Enable Codex", "true");
-    const enablePi = options.enablePi ? "true" : await askChoice(rl, "Enable Pi", "false");
-    const enableHermes = options.enableHermes ? "true" : await askChoice(rl, "Enable Hermes", "false");
-    const enableOpenClaw = options.enableOpenClaw ? "true" : await askChoice(rl, "Enable OpenClaw", "false");
-    const enableClaudeCode = options.enableClaudeCode ? "true" : await askChoice(rl, "Enable Claude Code", "false");
-    const stateBackend = options.stateBackend || await askChoice(rl, "State backend (json/sqlite)", "json");
-
-    if (!telegramBotToken) throw new Error("Telegram bot token is required.");
-    if (!telegramAdminUserIds) throw new Error("Telegram admin user id is required.");
-    if (enableCodex !== "true" && enablePi !== "true" && enableHermes !== "true" && enableOpenClaw !== "true" && enableClaudeCode !== "true") throw new Error("At least one agent must be enabled.");
-    const defaultAgent = enableCodex === "true"
-      ? "codex"
-      : enablePi === "true"
-        ? "pi"
-        : enableHermes === "true"
-          ? "hermes"
-          : enableOpenClaw === "true"
-            ? "openclaw"
-            : "claude-code";
-
-    const lines = [
-      "# NordRelay local runtime config.",
-      "# Keep this file private; it contains bot credentials.",
-      `TELEGRAM_BOT_TOKEN=${telegramBotToken}`,
-      `TELEGRAM_ADMIN_USER_IDS=${telegramAdminUserIds}`,
-      "TELEGRAM_ALLOW_ANY_CHAT=false",
-      `NORDRELAY_CODEX_ENABLED=${enableCodex}`,
-      `NORDRELAY_PI_ENABLED=${enablePi}`,
-      `NORDRELAY_HERMES_ENABLED=${enableHermes}`,
-      `NORDRELAY_OPENCLAW_ENABLED=${enableOpenClaw}`,
-      `NORDRELAY_CLAUDE_CODE_ENABLED=${enableClaudeCode}`,
-      `NORDRELAY_DEFAULT_AGENT=${defaultAgent}`,
-      "PI_DEFAULT_PROFILE=default",
-      "HERMES_API_BASE_URL=http://127.0.0.1:8642",
-      "HERMES_DEFAULT_PROFILE=default",
-      "OPENCLAW_GATEWAY_URL=ws://127.0.0.1:18789",
-      "OPENCLAW_AGENT_ID=main",
-      "OPENCLAW_DEFAULT_PROFILE=default",
-      "CLAUDE_CODE_DEFAULT_PROFILE=default",
-      "CLAUDE_CODE_MAX_TURNS=100",
-      `NORDRELAY_STATE_BACKEND=${stateBackend === "sqlite" ? "sqlite" : "json"}`,
-      "TELEGRAM_TRANSPORT=polling",
-      "TELEGRAM_AUTO_SEND_ARTIFACTS=false",
-      "",
-    ];
-
-    await fsp.writeFile(envPath, lines.join("\n"), { mode: 0o600 });
-    await fsp.chmod(envPath, 0o600).catch(() => {});
-    console.log(`Wrote ${envPath}`);
-    console.log("Run `nordrelay doctor` to validate the setup.");
-  } finally {
-    rl?.close();
+  const telegramBotToken = options.telegramBotToken ||
+    process.env.TELEGRAM_BOT_TOKEN ||
+    await ask(null, "Telegram bot token", "");
+  const adminEmail = options.adminEmail || await ask(null, "Admin email", "");
+  const adminName = options.adminName || await ask(null, "Admin name", "Admin");
+  const adminPassword = options.adminPassword || await askSecret(null, "Admin password", "");
+  const telegramUserId = options.telegramUserId || await ask(null, "Optional Telegram user id to link", "");
+  const enableCodex = options.disableCodex ? "false" : await askChoice(null, "Enable Codex", "true");
+  const enablePi = options.enablePi ? "true" : await askChoice(null, "Enable Pi", "false");
+  const enableHermes = options.enableHermes ? "true" : await askChoice(null, "Enable Hermes", "false");
+  const enableOpenClaw = options.enableOpenClaw ? "true" : await askChoice(null, "Enable OpenClaw", "false");
+  const enableClaudeCode = options.enableClaudeCode ? "true" : await askChoice(null, "Enable Claude Code", "false");
+  const stateBackend = options.stateBackend || await askChoice(null, "State backend (json/sqlite)", "json");
+
+  if (!telegramBotToken) throw new Error("Telegram bot token is required.");
+  if (!adminEmail) throw new Error("Admin email is required.");
+  if (!adminPassword) throw new Error("Admin password is required.");
+  if (enableCodex !== "true" && enablePi !== "true" && enableHermes !== "true" && enableOpenClaw !== "true" && enableClaudeCode !== "true") throw new Error("At least one agent must be enabled.");
+  const defaultAgent = enableCodex === "true"
+    ? "codex"
+    : enablePi === "true"
+      ? "pi"
+      : enableHermes === "true"
+        ? "hermes"
+        : enableOpenClaw === "true"
+          ? "openclaw"
+          : "claude-code";
+
+  const lines = [
+    "# NordRelay local runtime config.",
+    "# Keep this file private; it contains bot credentials.",
+    `TELEGRAM_BOT_TOKEN=${telegramBotToken}`,
+    `NORDRELAY_CODEX_ENABLED=${enableCodex}`,
+    `NORDRELAY_PI_ENABLED=${enablePi}`,
+    `NORDRELAY_HERMES_ENABLED=${enableHermes}`,
+    `NORDRELAY_OPENCLAW_ENABLED=${enableOpenClaw}`,
+    `NORDRELAY_CLAUDE_CODE_ENABLED=${enableClaudeCode}`,
+    `NORDRELAY_DEFAULT_AGENT=${defaultAgent}`,
+    "PI_DEFAULT_PROFILE=default",
+    "HERMES_API_BASE_URL=http://127.0.0.1:8642",
+    "HERMES_DEFAULT_PROFILE=default",
+    "OPENCLAW_GATEWAY_URL=ws://127.0.0.1:18789",
+    "OPENCLAW_AGENT_ID=main",
+    "OPENCLAW_DEFAULT_PROFILE=default",
+    "CLAUDE_CODE_DEFAULT_PROFILE=default",
+    "CLAUDE_CODE_MAX_TURNS=100",
+    `NORDRELAY_STATE_BACKEND=${stateBackend === "sqlite" ? "sqlite" : "json"}`,
+    "TELEGRAM_TRANSPORT=polling",
+    "TELEGRAM_AUTO_SEND_ARTIFACTS=false",
+    "",
+  ];
+
+  await fsp.writeFile(envPath, lines.join("\n"), { mode: 0o600 });
+  await fsp.chmod(envPath, 0o600).catch(() => {});
+  userStore.createAdmin({
+    email: adminEmail,
+    displayName: adminName || adminEmail,
+    password: adminPassword,
+    telegramUserId: telegramUserId ? Number(telegramUserId) : undefined,
+  });
+  console.log(`Wrote ${envPath}`);
+  console.log(`Created admin user ${adminEmail}.`);
+  console.log("Run `nordrelay doctor` to validate the setup.");
+}
+
+async function createUserStore(home) {
+  const modulePath = path.join(RUNTIME_ROOT, "dist", "user-management.js");
+  if (!fs.existsSync(modulePath)) {
+    throw new Error(`Missing user management runtime. Run \`npm run build\` in ${RUNTIME_ROOT}.`);
+  }
+  const mod = await import(pathToFileURL(modulePath).href);
+  return new mod.UserStore(home);
+}
+
+function parseUserFlags(argv) {
+  const copy = [...argv];
+  const subcommand = copy[0] && !copy[0].startsWith("-") ? copy.shift() : "list";
+  const flags = { subcommand };
+  for (let i = 0; i < copy.length; i += 1) {
+    const arg = copy[i];
+    if (arg === "--email") flags.email = requireValue(copy, ++i, arg);
+    else if (arg === "--name") flags.name = requireValue(copy, ++i, arg);
+    else if (arg === "--password") flags.password = requireValue(copy, ++i, arg);
+    else if (arg === "--group" || arg === "--groups") flags.groups = requireValue(copy, ++i, arg);
+    else if (arg === "--telegram-user-id") flags.telegramUserId = Number.parseInt(requireValue(copy, ++i, arg), 10);
+    else if (arg === "--user-id") flags.userId = requireValue(copy, ++i, arg);
   }
+  return flags;
+}
+
+async function commandUser(options) {
+  await mkdirp(options.home);
+  loadEnvFiles(options.home);
+  const store = await createUserStore(options.home);
+  const flags = parseUserFlags(options.rawFlags);
+  if (flags.subcommand === "list") {
+    const snapshot = store.snapshot();
+    if (snapshot.users.length === 0) {
+      console.log("No users configured.");
+      console.log("Create the first admin with `nordrelay user create-admin --email you@example.com --name YourName`.");
+      return;
+    }
+    for (const user of snapshot.users) {
+      console.log(`${user.email} (${user.displayName}) ${user.active ? "active" : "disabled"} groups=${user.groups.map((group) => group.id).join(",") || "-"}`);
+    }
+    return;
+  }
+
+  if (flags.subcommand === "create-admin" || flags.subcommand === "create") {
+    const email = flags.email || await ask(null, "Email", "");
+    const name = flags.name || await ask(null, "Display name", email);
+    const password = flags.password || await askSecret(null, "Password", "");
+    const groupIds = flags.subcommand === "create-admin"
+      ? ["admin"]
+      : (flags.groups ? flags.groups.split(",").map((item) => item.trim()).filter(Boolean) : ["user"]);
+    const created = flags.subcommand === "create-admin"
+      ? store.createAdmin({ email, displayName: name, password, telegramUserId: flags.telegramUserId })
+      : store.createUser({ email, displayName: name, password, groupIds, telegramUserId: flags.telegramUserId });
+    console.log(`Created user ${created.user.email} (${created.groups.map((group) => group.name).join(", ")}).`);
+    return;
+  }
+
+  if (flags.subcommand === "reset-password") {
+    const email = flags.email || await ask(null, "Email", "");
+    const password = flags.password || await askSecret(null, "New password", "");
+    const user = store.getUserByEmail(email);
+    if (!user) throw new Error(`User not found: ${email}`);
+    store.setPassword(user.user.id, password);
+    console.log(`Password updated for ${user.user.email}.`);
+    return;
+  }
+
+  if (flags.subcommand === "link-telegram") {
+    const email = flags.email || await ask(null, "Email", "");
+    const telegramUserId = flags.telegramUserId || Number.parseInt(await ask(null, "Telegram user id", ""), 10);
+    const user = store.getUserByEmail(email);
+    if (!user) throw new Error(`User not found: ${email}`);
+    store.linkTelegramUser(user.user.id, { telegramUserId });
+    console.log(`Linked Telegram user ${telegramUserId} to ${user.user.email}.`);
+    return;
+  }
+
+  if (flags.subcommand === "link-code") {
+    const email = flags.email || await ask(null, "Email", "");
+    const user = store.getUserByEmail(email);
+    if (!user) throw new Error(`User not found: ${email}`);
+    const code = store.createTelegramLinkCode(user.user.id);
+    console.log(`Telegram link code for ${user.user.email}: ${code.code}`);
+    console.log(`Expires: ${code.expiresAt}`);
+    return;
+  }
+
+  throw new Error("Usage: nordrelay user [list|create-admin|create|reset-password|link-telegram|link-code]");
 }
 
 async function commandDoctor(options) {
   await mkdirp(options.home);
   loadEnvFiles(options.home);
+  const userStore = await createUserStore(options.home).catch(() => null);
+  const userSnapshot = userStore?.snapshot();
   const checks = [];
   checks.push(check("Node.js >= 22", Number.parseInt(process.versions.node.split(".")[0], 10) >= 22, process.version));
   checks.push(check("Telegram bot token", Boolean(process.env.TELEGRAM_BOT_TOKEN), process.env.TELEGRAM_BOT_TOKEN ? "configured" : "missing"));
-  checks.push(check("Telegram admin ids", Boolean(process.env.TELEGRAM_ADMIN_USER_IDS), process.env.TELEGRAM_ADMIN_USER_IDS ? "configured" : "missing"));
-  checks.push(check("Private by default", process.env.TELEGRAM_ALLOW_ANY_CHAT !== "true", "TELEGRAM_ALLOW_ANY_CHAT is not true"));
+  checks.push(check("User store", Boolean(userStore), userStore ? userStore.filePath : "missing runtime", userStore ? "pass" : "fail"));
+  checks.push(check("Admin user", Boolean(userSnapshot?.adminConfigured), userSnapshot?.adminConfigured ? "configured" : "missing"));
+  checks.push(check("WebUI login", true, "required for every dashboard request"));
+  checks.push(check("Telegram access", true, "requires linked active users and enabled group chats"));
   checks.push(check("Codex enabled flag", process.env.NORDRELAY_CODEX_ENABLED !== "false", `NORDRELAY_CODEX_ENABLED=${process.env.NORDRELAY_CODEX_ENABLED ?? "true"}`));
   checks.push(check("Pi enabled flag", process.env.NORDRELAY_PI_ENABLED === "true" || process.env.NORDRELAY_PI_ENABLED === undefined, `NORDRELAY_PI_ENABLED=${process.env.NORDRELAY_PI_ENABLED ?? "false"}`, process.env.NORDRELAY_PI_ENABLED === "true" ? "pass" : "warn"));
   checks.push(check("Hermes enabled flag", process.env.NORDRELAY_HERMES_ENABLED === "true", `NORDRELAY_HERMES_ENABLED=${process.env.NORDRELAY_HERMES_ENABLED ?? "false"}`, process.env.NORDRELAY_HERMES_ENABLED === "true" ? "pass" : "warn"));
@@ -472,8 +607,8 @@ async function checkOpenClawGateway() {
 async function commandWeb(options) {
   await mkdirp(options.home);
   loadEnvFiles(options.home);
-  const host = options.host || "127.0.0.1";
-  const port = Number.isFinite(options.port) ? options.port : 31878;
+  const { host, port } = resolveDashboardEndpoint(options, { strict: true });
+  await ensureConnectorStartedForWeb(options);
   const entry = await resolveWebRuntimeEntry();
   if (!entry) {
     throw new Error(`Missing dashboard runtime. Run \`npm install\` and \`npm run build\` in ${RUNTIME_ROOT}.`);
@@ -564,21 +699,23 @@ async function commandForeground(options) {
   });
 
   const previousState = await readJson(options.stateFile, {});
+  const stoppedBySignal = exit.signal === "SIGTERM" || exit.signal === "SIGINT";
+  const stopped = exit.code === 0 || stoppedBySignal;
   await writeJsonAtomic(options.stateFile, {
-    status: exit.code === 0 ? "stopped" : "error",
+    status: stopped ? "stopped" : "error",
     pid: process.pid,
     updatedAt: nowIso(),
     exitCode: exit.code,
     signal: exit.signal,
-    error: exit.code === 0 ? undefined : previousState.error,
+    error: stopped ? undefined : previousState.error,
     logFile: options.logFile,
   });
 
-  if (exit.signal) {
+  if (exit.signal && !stoppedBySignal) {
     process.kill(process.pid, exit.signal);
     return;
   }
-  process.exit(exit.code ?? 0);
+  process.exit(stopped ? 0 : exit.code ?? 1);
 }
 
 async function resolveRuntimeEntry() {
@@ -640,10 +777,68 @@ function findRuntimeRoot() {
 }
 
 async function ask(rl, label, defaultValue) {
-  if (!rl) return defaultValue;
   const suffix = defaultValue ? ` [${defaultValue}]` : "";
-  const answer = (await rl.question(`${label}${suffix}: `)).trim();
-  return answer || defaultValue;
+  if (rl) {
+    const answer = (await rl.question(`${label}${suffix}: `)).trim();
+    return answer || defaultValue;
+  }
+  if (!process.stdin.isTTY || !process.stdout.isTTY) return defaultValue;
+  const prompt = readline.createInterface({ input: process.stdin, output: process.stdout });
+  try {
+    const answer = (await prompt.question(`${label}${suffix}: `)).trim();
+    return answer || defaultValue;
+  } finally {
+    prompt.close();
+  }
+}
+
+async function askSecret(rl, label, defaultValue) {
+  void rl;
+  if (!process.stdin.isTTY || !process.stdout.isTTY) return defaultValue;
+  const suffix = defaultValue ? " [hidden default]" : "";
+  return await new Promise((resolve) => {
+    const input = process.stdin;
+    const output = process.stdout;
+    const wasRaw = input.isRaw;
+    let value = "";
+    output.write(`${label}${suffix}: `);
+    input.setRawMode(true);
+    input.resume();
+    const cleanup = () => {
+      input.off("data", onData);
+      input.setRawMode(Boolean(wasRaw));
+      input.pause();
+    };
+    const finish = () => {
+      cleanup();
+      output.write("\n");
+      resolve(value || defaultValue);
+    };
+    const onData = (chunk) => {
+      const text = chunk.toString("utf8");
+      for (const char of text) {
+        if (char === "\u0003") {
+          cleanup();
+          output.write("\n");
+          process.exit(130);
+        }
+        if (char === "\r" || char === "\n") {
+          finish();
+          return;
+        }
+        if (char === "\u007f" || char === "\b") {
+          if (value.length > 0) {
+            value = value.slice(0, -1);
+            output.write("\b \b");
+          }
+          continue;
+        }
+        value += char;
+        output.write("*");
+      }
+    };
+    input.on("data", onData);
+  });
 }
 
 async function askChoice(rl, label, defaultValue) {
@@ -723,6 +918,7 @@ async function main() {
   if (options.command === "stop") return commandStop(options);
   if (options.command === "status") return commandStatus(options);
   if (options.command === "init") return commandInit(options);
+  if (options.command === "user") return commandUser(options);
   if (options.command === "doctor") return commandDoctor(options);
   if (options.command === "web" || options.command === "dashboard") return commandWeb(options);
   if (options.command === "restart") {
@@ -736,7 +932,7 @@ async function main() {
   }
 
   console.error(`Unknown command: ${options.command}`);
-  console.error("Usage: nordrelay [init|doctor|web|start|stop|restart|status|foreground|version]");
+  console.error("Usage: nordrelay [init|user|doctor|web|start|stop|restart|status|foreground|version]");
   process.exitCode = 2;
 }
 

package/plugins/nordrelay/skills/telegram-remote/SKILL.md

@@ -21,6 +21,6 @@ node scripts/nordrelay.mjs status
 node scripts/nordrelay.mjs stop
 ```
 
-The bridge needs `TELEGRAM_BOT_TOKEN` and `TELEGRAM_ADMIN_USER_IDS` by default. Optional non-admin operators can be added with `TELEGRAM_ALLOWED_USER_IDS` or trusted group/topic access can be added with `TELEGRAM_ALLOWED_CHAT_IDS`.
+The bridge needs `TELEGRAM_BOT_TOKEN` and at least one NordRelay admin user. Telegram accounts must be linked to active NordRelay users; group or forum chats must be enabled by an admin before they can control agents.
 
 Prefer `start` for normal use. Use `foreground` only when debugging connection problems, because it keeps the current command running. If the runtime is missing, run `npm install` and `npm run build` in the repository root.