@nordbyte/nordrelay 0.4.1 → 0.5.1

package/dist/zip-writer.js

@@ -0,0 +1,83 @@
+export function createZipBuffer(entries) {
+    const localParts = [];
+    const centralParts = [];
+    let offset = 0;
+    for (const entry of entries) {
+        const name = normalizeZipEntryName(entry.name);
+        const nameBuffer = Buffer.from(name, "utf8");
+        const data = Buffer.isBuffer(entry.data) ? entry.data : Buffer.from(entry.data, "utf8");
+        const crc = crc32(data);
+        const date = entry.date ?? new Date();
+        const { dosTime, dosDate } = dateToDos(date);
+        const localHeader = Buffer.alloc(30);
+        localHeader.writeUInt32LE(0x04034b50, 0);
+        localHeader.writeUInt16LE(20, 4);
+        localHeader.writeUInt16LE(0x0800, 6);
+        localHeader.writeUInt16LE(0, 8);
+        localHeader.writeUInt16LE(dosTime, 10);
+        localHeader.writeUInt16LE(dosDate, 12);
+        localHeader.writeUInt32LE(crc, 14);
+        localHeader.writeUInt32LE(data.byteLength, 18);
+        localHeader.writeUInt32LE(data.byteLength, 22);
+        localHeader.writeUInt16LE(nameBuffer.byteLength, 26);
+        localHeader.writeUInt16LE(0, 28);
+        localParts.push(localHeader, nameBuffer, data);
+        const centralHeader = Buffer.alloc(46);
+        centralHeader.writeUInt32LE(0x02014b50, 0);
+        centralHeader.writeUInt16LE(20, 4);
+        centralHeader.writeUInt16LE(20, 6);
+        centralHeader.writeUInt16LE(0x0800, 8);
+        centralHeader.writeUInt16LE(0, 10);
+        centralHeader.writeUInt16LE(dosTime, 12);
+        centralHeader.writeUInt16LE(dosDate, 14);
+        centralHeader.writeUInt32LE(crc, 16);
+        centralHeader.writeUInt32LE(data.byteLength, 20);
+        centralHeader.writeUInt32LE(data.byteLength, 24);
+        centralHeader.writeUInt16LE(nameBuffer.byteLength, 28);
+        centralHeader.writeUInt16LE(0, 30);
+        centralHeader.writeUInt16LE(0, 32);
+        centralHeader.writeUInt16LE(0, 34);
+        centralHeader.writeUInt16LE(0, 36);
+        centralHeader.writeUInt32LE(0, 38);
+        centralHeader.writeUInt32LE(offset, 42);
+        centralParts.push(centralHeader, nameBuffer);
+        offset += localHeader.byteLength + nameBuffer.byteLength + data.byteLength;
+    }
+    const centralOffset = offset;
+    const centralDirectory = Buffer.concat(centralParts);
+    const end = Buffer.alloc(22);
+    end.writeUInt32LE(0x06054b50, 0);
+    end.writeUInt16LE(0, 4);
+    end.writeUInt16LE(0, 6);
+    end.writeUInt16LE(entries.length, 8);
+    end.writeUInt16LE(entries.length, 10);
+    end.writeUInt32LE(centralDirectory.byteLength, 12);
+    end.writeUInt32LE(centralOffset, 16);
+    end.writeUInt16LE(0, 20);
+    return Buffer.concat([...localParts, centralDirectory, end]);
+}
+function normalizeZipEntryName(name) {
+    return name.replace(/\\/g, "/").replace(/^\/+/, "");
+}
+function dateToDos(date) {
+    const year = Math.max(1980, date.getFullYear());
+    return {
+        dosTime: (date.getHours() << 11) | (date.getMinutes() << 5) | Math.floor(date.getSeconds() / 2),
+        dosDate: ((year - 1980) << 9) | ((date.getMonth() + 1) << 5) | date.getDate(),
+    };
+}
+const CRC32_TABLE = new Uint32Array(256);
+for (let index = 0; index < CRC32_TABLE.length; index += 1) {
+    let value = index;
+    for (let bit = 0; bit < 8; bit += 1) {
+        value = value & 1 ? 0xedb88320 ^ (value >>> 1) : value >>> 1;
+    }
+    CRC32_TABLE[index] = value >>> 0;
+}
+function crc32(data) {
+    let crc = 0xffffffff;
+    for (const byte of data) {
+        crc = CRC32_TABLE[(crc ^ byte) & 0xff] ^ (crc >>> 8);
+    }
+    return (crc ^ 0xffffffff) >>> 0;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nordbyte/nordrelay",
-  "version": "0.4.1",
+  "version": "0.5.1",
   "description": "Remote control plane for coding agents across messaging channels.",
   "type": "module",
   "author": "Ricardo",
@@ -39,9 +39,13 @@
     "docker-compose.yml"
   ],
   "scripts": {
-    "build": "tsc",
-    "check": "node --check plugins/nordrelay/scripts/nordrelay.mjs && tsc --noEmit",
+    "api:check": "node --import tsx scripts/generate-web-api-routes.mjs --check",
+    "api:generate": "node --import tsx scripts/generate-web-api-routes.mjs",
+    "build": "node scripts/clean-dist.mjs && npm run api:generate && tsc && node scripts/build-web-assets.mjs",
+    "check": "node --check plugins/nordrelay/scripts/nordrelay.mjs && npm run api:check && tsc --noEmit && npm run webui:check && node scripts/build-web-assets.mjs --check && node --import tsx scripts/generate-env-example.mjs --check",
     "dev": "tsx src/index.ts",
+    "env:check": "node --import tsx scripts/generate-env-example.mjs --check",
+    "env:generate": "node --import tsx scripts/generate-env-example.mjs",
     "foreground": "node plugins/nordrelay/scripts/nordrelay.mjs foreground",
     "prepack": "npm run build",
     "prepublishOnly": "npm run check && npm test && npm run build",
@@ -50,7 +54,10 @@
     "status": "node plugins/nordrelay/scripts/nordrelay.mjs status",
     "start": "node plugins/nordrelay/scripts/nordrelay.mjs start",
     "stop": "node plugins/nordrelay/scripts/nordrelay.mjs stop",
-    "test": "vitest run"
+    "test": "vitest run",
+    "test:e2e": "playwright test",
+    "test:all": "npm test && npm run test:e2e",
+    "webui:check": "tsc -p tsconfig.webui.json"
   },
   "dependencies": {
     "@anthropic-ai/claude-agent-sdk": "^0.2.140",
@@ -60,8 +67,10 @@
     "zod": "^4.4.3"
   },
   "devDependencies": {
+    "@playwright/test": "^1.60.0",
     "@types/better-sqlite3": "^7.6.0",
     "@types/node": "^25.5.0",
+    "esbuild": "^0.28.0",
     "tsx": "^4.21.0",
     "typescript": "^5.9.3",
     "vitest": "^3.2.4"

package/plugins/nordrelay/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nordrelay",
-  "version": "0.3.1",
+  "version": "0.5.0",
   "description": "Run a remote-control bridge for coding agents. Current adapters connect Codex, Pi, Hermes, and OpenClaw sessions to Telegram with streaming replies, multi-session controls, attachments, voice input, model selection, thread browsing, and handback.",
   "author": {
     "name": "Ricardo",

package/plugins/nordrelay/commands/remote.md

@@ -21,7 +21,7 @@ Codex plugin commands are namespaced by the plugin id in current plugin-aware co
 ## Workflow
 
 1. Locate the plugin root containing `.codex-plugin/plugin.json` with `"name": "nordrelay"`. In a source checkout this is usually `<repo>/plugins/nordrelay`.
-2. Check whether `TELEGRAM_BOT_TOKEN` and `TELEGRAM_ADMIN_USER_IDS` are available from the environment or from the NordRelay env file.
+2. Check whether `TELEGRAM_BOT_TOKEN` is available from the environment or from the NordRelay env file, and whether a NordRelay admin user exists.
 3. Run the connector command from the plugin root:
 
 ```bash

package/plugins/nordrelay/scripts/nordrelay.mjs

@@ -7,7 +7,7 @@ import path from "node:path";
 import process from "node:process";
 import readline from "node:readline/promises";
 import { spawn } from "node:child_process";
-import { fileURLToPath } from "node:url";
+import { fileURLToPath, pathToFileURL } from "node:url";
 
 const FALLBACK_VERSION = "0.3.1";
 const require = createRequire(import.meta.url);
@@ -61,7 +61,10 @@ function parseArgs(argv) {
     else if (arg === "--host") options.host = requireValue(copy, ++i, arg);
     else if (arg === "--port") options.port = Number.parseInt(requireValue(copy, ++i, arg), 10);
     else if (arg === "--token") options.telegramBotToken = requireValue(copy, ++i, arg);
-    else if (arg === "--admin-id") options.telegramAdminUserIds = requireValue(copy, ++i, arg);
+    else if (arg === "--admin-email") options.adminEmail = requireValue(copy, ++i, arg);
+    else if (arg === "--admin-name") options.adminName = requireValue(copy, ++i, arg);
+    else if (arg === "--admin-password") options.adminPassword = requireValue(copy, ++i, arg);
+    else if (arg === "--telegram-user-id") options.telegramUserId = requireValue(copy, ++i, arg);
     else if (arg === "--state-backend") options.stateBackend = requireValue(copy, ++i, arg);
     else if (arg === "--enable-pi") options.enablePi = true;
     else if (arg === "--enable-hermes") options.enableHermes = true;
@@ -128,14 +131,6 @@ function loadEnvFile(envPath) {
 }
 
 function normalizeEnvAliases() {
-  if (!process.env.TELEGRAM_ALLOWED_USER_IDS && process.env.TELEGRAM_ALLOWED_CHAT_IDS) {
-    process.env.TELEGRAM_ALLOWED_USER_IDS = process.env.TELEGRAM_ALLOWED_CHAT_IDS;
-  }
-
-  if (!process.env.TELEGRAM_ALLOWED_CHAT_IDS && process.env.TELEGRAM_ALLOWED_USER_IDS) {
-    process.env.TELEGRAM_ALLOWED_CHAT_IDS = process.env.TELEGRAM_ALLOWED_USER_IDS;
-  }
-
   if (!process.env.TOOL_VERBOSITY && envFlag("NORDRELAY_FORWARD_TOOL_OUTPUT")) {
     process.env.TOOL_VERBOSITY = "all";
   }
@@ -334,85 +329,180 @@ async function commandStatus(options) {
 async function commandInit(options) {
   await mkdirp(options.home);
   const envPath = path.join(options.home, "nordrelay.env");
+  const userStore = await createUserStore(options.home);
   if (fs.existsSync(envPath) && !options.force) {
     console.log(`Config already exists: ${envPath}`);
     console.log("Run with --force to overwrite.");
     return;
   }
 
-  const rl = process.stdin.isTTY
-    ? readline.createInterface({ input: process.stdin, output: process.stdout })
-    : null;
-  try {
-    const telegramBotToken = options.telegramBotToken ||
-      process.env.TELEGRAM_BOT_TOKEN ||
-      await ask(rl, "Telegram bot token", "");
-    const telegramAdminUserIds = options.telegramAdminUserIds ||
-      process.env.TELEGRAM_ADMIN_USER_IDS ||
-      await ask(rl, "Telegram admin user id", "");
-    const enableCodex = options.disableCodex ? "false" : await askChoice(rl, "Enable Codex", "true");
-    const enablePi = options.enablePi ? "true" : await askChoice(rl, "Enable Pi", "false");
-    const enableHermes = options.enableHermes ? "true" : await askChoice(rl, "Enable Hermes", "false");
-    const enableOpenClaw = options.enableOpenClaw ? "true" : await askChoice(rl, "Enable OpenClaw", "false");
-    const enableClaudeCode = options.enableClaudeCode ? "true" : await askChoice(rl, "Enable Claude Code", "false");
-    const stateBackend = options.stateBackend || await askChoice(rl, "State backend (json/sqlite)", "json");
-
-    if (!telegramBotToken) throw new Error("Telegram bot token is required.");
-    if (!telegramAdminUserIds) throw new Error("Telegram admin user id is required.");
-    if (enableCodex !== "true" && enablePi !== "true" && enableHermes !== "true" && enableOpenClaw !== "true" && enableClaudeCode !== "true") throw new Error("At least one agent must be enabled.");
-    const defaultAgent = enableCodex === "true"
-      ? "codex"
-      : enablePi === "true"
-        ? "pi"
-        : enableHermes === "true"
-          ? "hermes"
-          : enableOpenClaw === "true"
-            ? "openclaw"
-            : "claude-code";
-
-    const lines = [
-      "# NordRelay local runtime config.",
-      "# Keep this file private; it contains bot credentials.",
-      `TELEGRAM_BOT_TOKEN=${telegramBotToken}`,
-      `TELEGRAM_ADMIN_USER_IDS=${telegramAdminUserIds}`,
-      "TELEGRAM_ALLOW_ANY_CHAT=false",
-      `NORDRELAY_CODEX_ENABLED=${enableCodex}`,
-      `NORDRELAY_PI_ENABLED=${enablePi}`,
-      `NORDRELAY_HERMES_ENABLED=${enableHermes}`,
-      `NORDRELAY_OPENCLAW_ENABLED=${enableOpenClaw}`,
-      `NORDRELAY_CLAUDE_CODE_ENABLED=${enableClaudeCode}`,
-      `NORDRELAY_DEFAULT_AGENT=${defaultAgent}`,
-      "PI_DEFAULT_PROFILE=default",
-      "HERMES_API_BASE_URL=http://127.0.0.1:8642",
-      "HERMES_DEFAULT_PROFILE=default",
-      "OPENCLAW_GATEWAY_URL=ws://127.0.0.1:18789",
-      "OPENCLAW_AGENT_ID=main",
-      "OPENCLAW_DEFAULT_PROFILE=default",
-      "CLAUDE_CODE_DEFAULT_PROFILE=default",
-      "CLAUDE_CODE_MAX_TURNS=100",
-      `NORDRELAY_STATE_BACKEND=${stateBackend === "sqlite" ? "sqlite" : "json"}`,
-      "TELEGRAM_TRANSPORT=polling",
-      "TELEGRAM_AUTO_SEND_ARTIFACTS=false",
-      "",
-    ];
-
-    await fsp.writeFile(envPath, lines.join("\n"), { mode: 0o600 });
-    await fsp.chmod(envPath, 0o600).catch(() => {});
-    console.log(`Wrote ${envPath}`);
-    console.log("Run `nordrelay doctor` to validate the setup.");
-  } finally {
-    rl?.close();
+  const telegramBotToken = options.telegramBotToken ||
+    process.env.TELEGRAM_BOT_TOKEN ||
+    await ask(null, "Telegram bot token", "");
+  const adminEmail = options.adminEmail || await ask(null, "Admin email", "");
+  const adminName = options.adminName || await ask(null, "Admin name", "Admin");
+  const adminPassword = options.adminPassword || await askSecret(null, "Admin password", "");
+  const telegramUserId = options.telegramUserId || await ask(null, "Optional Telegram user id to link", "");
+  const enableCodex = options.disableCodex ? "false" : await askChoice(null, "Enable Codex", "true");
+  const enablePi = options.enablePi ? "true" : await askChoice(null, "Enable Pi", "false");
+  const enableHermes = options.enableHermes ? "true" : await askChoice(null, "Enable Hermes", "false");
+  const enableOpenClaw = options.enableOpenClaw ? "true" : await askChoice(null, "Enable OpenClaw", "false");
+  const enableClaudeCode = options.enableClaudeCode ? "true" : await askChoice(null, "Enable Claude Code", "false");
+  const stateBackend = options.stateBackend || await askChoice(null, "State backend (json/sqlite)", "json");
+
+  if (!telegramBotToken) throw new Error("Telegram bot token is required.");
+  if (!adminEmail) throw new Error("Admin email is required.");
+  if (!adminPassword) throw new Error("Admin password is required.");
+  if (enableCodex !== "true" && enablePi !== "true" && enableHermes !== "true" && enableOpenClaw !== "true" && enableClaudeCode !== "true") throw new Error("At least one agent must be enabled.");
+  const defaultAgent = enableCodex === "true"
+    ? "codex"
+    : enablePi === "true"
+      ? "pi"
+      : enableHermes === "true"
+        ? "hermes"
+        : enableOpenClaw === "true"
+          ? "openclaw"
+          : "claude-code";
+
+  const lines = [
+    "# NordRelay local runtime config.",
+    "# Keep this file private; it contains bot credentials.",
+    `TELEGRAM_BOT_TOKEN=${telegramBotToken}`,
+    `NORDRELAY_CODEX_ENABLED=${enableCodex}`,
+    `NORDRELAY_PI_ENABLED=${enablePi}`,
+    `NORDRELAY_HERMES_ENABLED=${enableHermes}`,
+    `NORDRELAY_OPENCLAW_ENABLED=${enableOpenClaw}`,
+    `NORDRELAY_CLAUDE_CODE_ENABLED=${enableClaudeCode}`,
+    `NORDRELAY_DEFAULT_AGENT=${defaultAgent}`,
+    "PI_DEFAULT_PROFILE=default",
+    "HERMES_API_BASE_URL=http://127.0.0.1:8642",
+    "HERMES_DEFAULT_PROFILE=default",
+    "OPENCLAW_GATEWAY_URL=ws://127.0.0.1:18789",
+    "OPENCLAW_AGENT_ID=main",
+    "OPENCLAW_DEFAULT_PROFILE=default",
+    "CLAUDE_CODE_DEFAULT_PROFILE=default",
+    "CLAUDE_CODE_MAX_TURNS=100",
+    `NORDRELAY_STATE_BACKEND=${stateBackend === "sqlite" ? "sqlite" : "json"}`,
+    "TELEGRAM_TRANSPORT=polling",
+    "TELEGRAM_AUTO_SEND_ARTIFACTS=false",
+    "",
+  ];
+
+  await fsp.writeFile(envPath, lines.join("\n"), { mode: 0o600 });
+  await fsp.chmod(envPath, 0o600).catch(() => {});
+  userStore.createAdmin({
+    email: adminEmail,
+    displayName: adminName || adminEmail,
+    password: adminPassword,
+    telegramUserId: telegramUserId ? Number(telegramUserId) : undefined,
+  });
+  console.log(`Wrote ${envPath}`);
+  console.log(`Created admin user ${adminEmail}.`);
+  console.log("Run `nordrelay doctor` to validate the setup.");
+}
+
+async function createUserStore(home) {
+  const modulePath = path.join(RUNTIME_ROOT, "dist", "user-management.js");
+  if (!fs.existsSync(modulePath)) {
+    throw new Error(`Missing user management runtime. Run \`npm run build\` in ${RUNTIME_ROOT}.`);
   }
+  const mod = await import(pathToFileURL(modulePath).href);
+  return new mod.UserStore(home);
+}
+
+function parseUserFlags(argv) {
+  const copy = [...argv];
+  const subcommand = copy[0] && !copy[0].startsWith("-") ? copy.shift() : "list";
+  const flags = { subcommand };
+  for (let i = 0; i < copy.length; i += 1) {
+    const arg = copy[i];
+    if (arg === "--email") flags.email = requireValue(copy, ++i, arg);
+    else if (arg === "--name") flags.name = requireValue(copy, ++i, arg);
+    else if (arg === "--password") flags.password = requireValue(copy, ++i, arg);
+    else if (arg === "--group" || arg === "--groups") flags.groups = requireValue(copy, ++i, arg);
+    else if (arg === "--telegram-user-id") flags.telegramUserId = Number.parseInt(requireValue(copy, ++i, arg), 10);
+    else if (arg === "--user-id") flags.userId = requireValue(copy, ++i, arg);
+  }
+  return flags;
+}
+
+async function commandUser(options) {
+  await mkdirp(options.home);
+  loadEnvFiles(options.home);
+  const store = await createUserStore(options.home);
+  const flags = parseUserFlags(options.rawFlags);
+  if (flags.subcommand === "list") {
+    const snapshot = store.snapshot();
+    if (snapshot.users.length === 0) {
+      console.log("No users configured.");
+      console.log("Create the first admin with `nordrelay user create-admin --email you@example.com --name YourName`.");
+      return;
+    }
+    for (const user of snapshot.users) {
+      console.log(`${user.email} (${user.displayName}) ${user.active ? "active" : "disabled"} groups=${user.groups.map((group) => group.id).join(",") || "-"}`);
+    }
+    return;
+  }
+
+  if (flags.subcommand === "create-admin" || flags.subcommand === "create") {
+    const email = flags.email || await ask(null, "Email", "");
+    const name = flags.name || await ask(null, "Display name", email);
+    const password = flags.password || await askSecret(null, "Password", "");
+    const groupIds = flags.subcommand === "create-admin"
+      ? ["admin"]
+      : (flags.groups ? flags.groups.split(",").map((item) => item.trim()).filter(Boolean) : ["user"]);
+    const created = flags.subcommand === "create-admin"
+      ? store.createAdmin({ email, displayName: name, password, telegramUserId: flags.telegramUserId })
+      : store.createUser({ email, displayName: name, password, groupIds, telegramUserId: flags.telegramUserId });
+    console.log(`Created user ${created.user.email} (${created.groups.map((group) => group.name).join(", ")}).`);
+    return;
+  }
+
+  if (flags.subcommand === "reset-password") {
+    const email = flags.email || await ask(null, "Email", "");
+    const password = flags.password || await askSecret(null, "New password", "");
+    const user = store.getUserByEmail(email);
+    if (!user) throw new Error(`User not found: ${email}`);
+    store.setPassword(user.user.id, password);
+    console.log(`Password updated for ${user.user.email}.`);
+    return;
+  }
+
+  if (flags.subcommand === "link-telegram") {
+    const email = flags.email || await ask(null, "Email", "");
+    const telegramUserId = flags.telegramUserId || Number.parseInt(await ask(null, "Telegram user id", ""), 10);
+    const user = store.getUserByEmail(email);
+    if (!user) throw new Error(`User not found: ${email}`);
+    store.linkTelegramUser(user.user.id, { telegramUserId });
+    console.log(`Linked Telegram user ${telegramUserId} to ${user.user.email}.`);
+    return;
+  }
+
+  if (flags.subcommand === "link-code") {
+    const email = flags.email || await ask(null, "Email", "");
+    const user = store.getUserByEmail(email);
+    if (!user) throw new Error(`User not found: ${email}`);
+    const code = store.createTelegramLinkCode(user.user.id);
+    console.log(`Telegram link code for ${user.user.email}: ${code.code}`);
+    console.log(`Expires: ${code.expiresAt}`);
+    return;
+  }
+
+  throw new Error("Usage: nordrelay user [list|create-admin|create|reset-password|link-telegram|link-code]");
 }
 
 async function commandDoctor(options) {
   await mkdirp(options.home);
   loadEnvFiles(options.home);
+  const userStore = await createUserStore(options.home).catch(() => null);
+  const userSnapshot = userStore?.snapshot();
   const checks = [];
   checks.push(check("Node.js >= 22", Number.parseInt(process.versions.node.split(".")[0], 10) >= 22, process.version));
   checks.push(check("Telegram bot token", Boolean(process.env.TELEGRAM_BOT_TOKEN), process.env.TELEGRAM_BOT_TOKEN ? "configured" : "missing"));
-  checks.push(check("Telegram admin ids", Boolean(process.env.TELEGRAM_ADMIN_USER_IDS), process.env.TELEGRAM_ADMIN_USER_IDS ? "configured" : "missing"));
-  checks.push(check("Private by default", process.env.TELEGRAM_ALLOW_ANY_CHAT !== "true", "TELEGRAM_ALLOW_ANY_CHAT is not true"));
+  checks.push(check("User store", Boolean(userStore), userStore ? userStore.filePath : "missing runtime", userStore ? "pass" : "fail"));
+  checks.push(check("Admin user", Boolean(userSnapshot?.adminConfigured), userSnapshot?.adminConfigured ? "configured" : "missing"));
+  checks.push(check("WebUI login", true, "required for every dashboard request"));
+  checks.push(check("Telegram access", true, "requires linked active users and enabled group chats"));
   checks.push(check("Codex enabled flag", process.env.NORDRELAY_CODEX_ENABLED !== "false", `NORDRELAY_CODEX_ENABLED=${process.env.NORDRELAY_CODEX_ENABLED ?? "true"}`));
   checks.push(check("Pi enabled flag", process.env.NORDRELAY_PI_ENABLED === "true" || process.env.NORDRELAY_PI_ENABLED === undefined, `NORDRELAY_PI_ENABLED=${process.env.NORDRELAY_PI_ENABLED ?? "false"}`, process.env.NORDRELAY_PI_ENABLED === "true" ? "pass" : "warn"));
   checks.push(check("Hermes enabled flag", process.env.NORDRELAY_HERMES_ENABLED === "true", `NORDRELAY_HERMES_ENABLED=${process.env.NORDRELAY_HERMES_ENABLED ?? "false"}`, process.env.NORDRELAY_HERMES_ENABLED === "true" ? "pass" : "warn"));
@@ -687,10 +777,68 @@ function findRuntimeRoot() {
 }
 
 async function ask(rl, label, defaultValue) {
-  if (!rl) return defaultValue;
   const suffix = defaultValue ? ` [${defaultValue}]` : "";
-  const answer = (await rl.question(`${label}${suffix}: `)).trim();
-  return answer || defaultValue;
+  if (rl) {
+    const answer = (await rl.question(`${label}${suffix}: `)).trim();
+    return answer || defaultValue;
+  }
+  if (!process.stdin.isTTY || !process.stdout.isTTY) return defaultValue;
+  const prompt = readline.createInterface({ input: process.stdin, output: process.stdout });
+  try {
+    const answer = (await prompt.question(`${label}${suffix}: `)).trim();
+    return answer || defaultValue;
+  } finally {
+    prompt.close();
+  }
+}
+
+async function askSecret(rl, label, defaultValue) {
+  void rl;
+  if (!process.stdin.isTTY || !process.stdout.isTTY) return defaultValue;
+  const suffix = defaultValue ? " [hidden default]" : "";
+  return await new Promise((resolve) => {
+    const input = process.stdin;
+    const output = process.stdout;
+    const wasRaw = input.isRaw;
+    let value = "";
+    output.write(`${label}${suffix}: `);
+    input.setRawMode(true);
+    input.resume();
+    const cleanup = () => {
+      input.off("data", onData);
+      input.setRawMode(Boolean(wasRaw));
+      input.pause();
+    };
+    const finish = () => {
+      cleanup();
+      output.write("\n");
+      resolve(value || defaultValue);
+    };
+    const onData = (chunk) => {
+      const text = chunk.toString("utf8");
+      for (const char of text) {
+        if (char === "\u0003") {
+          cleanup();
+          output.write("\n");
+          process.exit(130);
+        }
+        if (char === "\r" || char === "\n") {
+          finish();
+          return;
+        }
+        if (char === "\u007f" || char === "\b") {
+          if (value.length > 0) {
+            value = value.slice(0, -1);
+            output.write("\b \b");
+          }
+          continue;
+        }
+        value += char;
+        output.write("*");
+      }
+    };
+    input.on("data", onData);
+  });
 }
 
 async function askChoice(rl, label, defaultValue) {
@@ -770,6 +918,7 @@ async function main() {
   if (options.command === "stop") return commandStop(options);
   if (options.command === "status") return commandStatus(options);
   if (options.command === "init") return commandInit(options);
+  if (options.command === "user") return commandUser(options);
   if (options.command === "doctor") return commandDoctor(options);
   if (options.command === "web" || options.command === "dashboard") return commandWeb(options);
   if (options.command === "restart") {
@@ -783,7 +932,7 @@ async function main() {
   }
 
   console.error(`Unknown command: ${options.command}`);
-  console.error("Usage: nordrelay [init|doctor|web|start|stop|restart|status|foreground|version]");
+  console.error("Usage: nordrelay [init|user|doctor|web|start|stop|restart|status|foreground|version]");
   process.exitCode = 2;
 }
 

package/plugins/nordrelay/skills/telegram-remote/SKILL.md

@@ -21,6 +21,6 @@ node scripts/nordrelay.mjs status
 node scripts/nordrelay.mjs stop
 ```
 
-The bridge needs `TELEGRAM_BOT_TOKEN` and `TELEGRAM_ADMIN_USER_IDS` by default. Optional non-admin operators can be added with `TELEGRAM_ALLOWED_USER_IDS` or trusted group/topic access can be added with `TELEGRAM_ALLOWED_CHAT_IDS`.
+The bridge needs `TELEGRAM_BOT_TOKEN` and at least one NordRelay admin user. Telegram accounts must be linked to active NordRelay users; group or forum chats must be enabled by an admin before they can control agents.
 
 Prefer `start` for normal use. Use `foreground` only when debugging connection problems, because it keeps the current command running. If the runtime is missing, run `npm install` and `npm run build` in the repository root.