alvin-bot 4.4.2 → 4.4.4

package/CHANGELOG.md

@@ -2,6 +2,35 @@
 
 All notable changes to Alvin Bot are documented here.
 
+## [4.4.4] — 2026-04-09
+
+### 🔐 Security / Data Layout
+
+**`.env` now lives only in `DATA_DIR`** — The `ENV_FILE` path constant in `src/paths.ts` has been moved from `BOT_ROOT/.env` to `DATA_DIR/.env` (e.g. `~/.alvin-bot/.env`). This fixes a latent drift bug affecting 6 code sites in `web/server.ts`, `web/setup-api.ts`, `web/doctor-api.ts`, and `services/fallback-order.ts`: before this release, the Web UI's Settings tab, the setup wizard, the doctor repair flow, and the `/fallback` sync were all writing to `BOT_ROOT/.env`, while the bot's config loader in `src/config.ts` reads from `DATA_DIR/.env` first. Changes made through any of those tools were silently written to a file the bot never reads (for globally-installed users, `BOT_ROOT` is inside `node_modules/alvin-bot/` and gets wiped on `npm update -g`).
+
+Why this also matters for security: keeping `.env` inside the code repo is defense-in-depth weak. `.gitignore` can be edited, editors create swap files (`.env.swp`, `.env~`), `git add -f` bypasses ignores, backup tools sync whole project folders, and screensharing shows project directories. Secrets belong physically outside the repo.
+
+**Automatic migration for legacy installs** — `src/migrate.ts` now copies a legacy `BOT_ROOT/.env` to `DATA_DIR/.env` on first run (only if the destination doesn't exist) and enforces `0600` mode regardless of the source permissions. `hasLegacyData()` now recognizes a stray `BOT_ROOT/.env` as a migration trigger. No action is required from existing users — the bot migrates itself.
+
+### 📦 Compatibility
+
+No breaking changes. Existing installs upgrade in place and are auto-migrated.
+
+```bash
+npm update -g alvin-bot
+```
+
+## [4.4.3] — 2026-04-09
+
+### 🔐 Security
+- **Sudo password storage** — Fixed a vulnerability where the sudo password was passed to `/usr/bin/security` as a command-line argument, making it briefly visible in `ps aux` output during keychain writes. Password is now piped via stdin using the documented `-w` prompt mode (must be the last option, and the password is supplied twice for the interactive prompt + confirmation). Byte-exact round-trip verified for arbitrary special characters.
+
+### 🛠 Providers
+- **Gemini auto-registration narrowed** — The Google Gemini chat provider is no longer registered automatically just because `GOOGLE_API_KEY` is set. It is now registered only when `google` is referenced as the primary provider or in the fallback chain. The environment variable is still used for other Google-powered features (e.g. `/imagine` image generation) without forcing Gemini onto the chat provider list.
+
+### 🧰 Tooling
+- `package-lock.json` now tracks `package.json` version correctly.
+
 ## [2.2.0] — 2026-02-24
 
 ### 🔐 Security

package/dist/migrate.js

@@ -20,7 +20,7 @@
  */
 import fs from "fs";
 import { resolve } from "path";
-import { BOT_ROOT, MEMORY_DIR, USERS_DIR, BACKUP_DIR, SOUL_FILE, TOOLS_MD, TOOLS_JSON, CRON_FILE, MCP_CONFIG, FALLBACK_FILE, CUSTOM_MODELS, WA_GROUPS, WHATSAPP_AUTH, WA_MEDIA_DIR, ACCESS_FILE, SUDO_ENC_FILE, SUDO_KEY_FILE, MEMORY_FILE, EMBEDDINGS_IDX } from "./paths.js";
+import { BOT_ROOT, MEMORY_DIR, USERS_DIR, BACKUP_DIR, SOUL_FILE, TOOLS_MD, TOOLS_JSON, CRON_FILE, MCP_CONFIG, FALLBACK_FILE, CUSTOM_MODELS, WA_GROUPS, WHATSAPP_AUTH, WA_MEDIA_DIR, ACCESS_FILE, SUDO_ENC_FILE, SUDO_KEY_FILE, MEMORY_FILE, EMBEDDINGS_IDX, ENV_FILE } from "./paths.js";
 /**
  * Check if legacy data exists in the old locations.
  */
@@ -31,7 +31,13 @@ export function hasLegacyData() {
         resolve(BOT_ROOT, "docs", "users"),
         resolve(BOT_ROOT, "data", "access.json"),
         resolve(BOT_ROOT, "SOUL.md"),
-    ];
+        // A BOT_ROOT/.env without a corresponding DATA_DIR/.env is a legacy layout
+        // — the loader prefers DATA_DIR, so keeping .env in BOT_ROOT silently
+        // breaks Settings/Setup/Doctor/fallback-order sync.
+        (fs.existsSync(resolve(BOT_ROOT, ".env")) && !fs.existsSync(ENV_FILE))
+            ? resolve(BOT_ROOT, ".env")
+            : "",
+    ].filter(Boolean);
     return legacyIndicators.some(p => fs.existsSync(p));
 }
 /**
@@ -47,6 +53,21 @@ function copyIfNew(src, dest) {
     }
     return false;
 }
+/**
+ * Copy a file if source exists and destination doesn't, then enforce a specific file mode.
+ * Used for files containing secrets (e.g. .env) where 0600 must be guaranteed
+ * regardless of the source file's permissions or the process umask.
+ */
+function copyIfNewWithMode(src, dest, mode) {
+    const copied = copyIfNew(src, dest);
+    if (copied) {
+        try {
+            fs.chmodSync(dest, mode);
+        }
+        catch { /* best effort */ }
+    }
+    return copied;
+}
 /**
  * Recursively copy a directory if source exists and destination doesn't have the files.
  */
@@ -89,6 +110,8 @@ export function migrateFromLegacy() {
             skipped.push(label);
     }
     // ── Single files ─────────────────────────────────────────
+    // .env → .env  (secrets — enforce 0600 mode regardless of source perms)
+    track(".env → .env", copyIfNewWithMode(resolve(BOT_ROOT, ".env"), ENV_FILE, 0o600));
     // SOUL.md → soul.md
     track("SOUL.md → soul.md", copyIfNew(resolve(BOT_ROOT, "SOUL.md"), SOUL_FILE));
     // TOOLS.md → tools.md

package/dist/paths.js

@@ -23,13 +23,22 @@ export const PLUGINS_DIR = resolve(BOT_ROOT, "plugins");
 export const SKILLS_DIR = resolve(BOT_ROOT, "skills");
 /** User skills directory (custom, outside repo) */
 export const USER_SKILLS_DIR = resolve(DATA_DIR, "skills");
-/** .env — Environment config (stays in BOT_ROOT for dev, or DATA_DIR for packaged) */
-export const ENV_FILE = resolve(BOT_ROOT, ".env");
 /** Example/template files (always in repo) */
 export const SOUL_EXAMPLE = resolve(BOT_ROOT, "SOUL.example.md");
 export const TOOLS_EXAMPLE_MD = resolve(BOT_ROOT, "TOOLS.example.md");
 export const TOOLS_EXAMPLE_JSON = resolve(BOT_ROOT, "docs", "tools.example.json");
 // ── Data paths (DATA_DIR = ~/.alvin-bot) ───────────────────────────
+/**
+ * .env — Environment config with secrets (BOT_TOKEN, API keys, etc.)
+ *
+ * Lives in DATA_DIR (outside the code repo) for three reasons:
+ *   1. Defense in depth against accidental commits — secrets never touch BOT_ROOT
+ *   2. Survives `npm update -g` (BOT_ROOT in global installs = node_modules, gets wiped)
+ *   3. Consistent with the loader priority in src/config.ts (DATA_DIR is Priority 1)
+ *
+ * Legacy installs with BOT_ROOT/.env are auto-migrated on first run (see src/migrate.ts).
+ */
+export const ENV_FILE = resolve(DATA_DIR, ".env");
 /** memory/ — Daily logs and embeddings */
 export const MEMORY_DIR = resolve(DATA_DIR, "memory");
 /** memory/MEMORY.md — Long-term curated memory */

package/dist/providers/registry.js

@@ -185,12 +185,13 @@ export function createRegistry(config) {
             model: "claude-opus-4-6",
         };
     }
-    // Auto-register Google Gemini (single model) if key is available
-    if (config.apiKeys?.google) {
+    // Register Google Gemini only if explicitly referenced as primary/fallback
+    // (GOOGLE_API_KEY is also used for image generation — doesn't mean Gemini should be a chat provider)
+    if (config.primary === "google" || config.fallbacks?.includes("google")) {
         providers["google"] = {
             ...PROVIDER_PRESETS["gemini-2.5-flash"],
             name: "Google Gemini",
-            apiKey: config.apiKeys.google,
+            apiKey: config.apiKeys?.google,
         };
     }
     // Always try to detect local Ollama

package/dist/services/sudo.js

@@ -11,7 +11,7 @@
  * - OS dialog handling (Accessibility, Full Disk Access, etc.)
  * - Status check (is sudo configured? does it work?)
  */
-import { execSync, spawn } from "child_process";
+import { execSync, spawn, spawnSync } from "child_process";
 import os from "os";
 import fs from "fs";
 import crypto from "crypto";
@@ -34,7 +34,33 @@ export function storePassword(password) {
                 execSync(`security delete-generic-password -a "${KEYCHAIN_ACCOUNT}" -s "${KEYCHAIN_SERVICE}" 2>/dev/null`, { stdio: "pipe" });
             }
             catch { /* didn't exist */ }
-            execSync(`security add-generic-password -a "${KEYCHAIN_ACCOUNT}" -s "${KEYCHAIN_SERVICE}" -w "${password.replace(/"/g, '\\"')}" -U`, { stdio: "pipe", timeout: 5000 });
+            // Pipe password via stdin — NEVER pass it as an argv element,
+            // or it leaks into `ps aux` during the lifetime of the child process.
+            //
+            // From `man security`:
+            //   "Use of the -p or -w options is insecure. Specify -w as the last
+            //    option to be prompted."
+            //
+            // Requirements for this to work:
+            //   1. `-w` must be the LAST argument (otherwise security consumes
+            //      the next argv element as the password).
+            //   2. The password must be written to stdin TWICE: once for the
+            //      prompt, once for the "retype password" confirmation.
+            const result = spawnSync("security", [
+                "add-generic-password",
+                "-a", KEYCHAIN_ACCOUNT,
+                "-s", KEYCHAIN_SERVICE,
+                "-U",
+                "-w", // MUST be last — triggers interactive prompt reading from stdin
+            ], {
+                input: password + "\n" + password + "\n", // prompt + confirm
+                stdio: ["pipe", "pipe", "pipe"],
+                timeout: 5000,
+            });
+            if (result.status !== 0) {
+                const stderr = result.stderr?.toString().trim() || `exit ${result.status}`;
+                throw new Error(stderr);
+            }
             return { ok: true, method: "macOS Keychain" };
         }
         else {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "alvin-bot",
-  "version": "4.4.2",
+  "version": "4.4.4",
   "description": "Alvin Bot — Your personal AI agent on Telegram, WhatsApp, Discord, Signal, and Web.",
   "type": "module",
   "main": "dist/index.js",