arisa 2.0.7 → 2.0.9

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "arisa",
-  "version": "2.0.7",
+  "version": "2.0.9",
   "description": "Arisa - dynamic agent runtime with daemon/core architecture that evolves through user interaction",
   "preferGlobal": true,
   "bin": {

package/src/core/onboarding.ts

@@ -72,12 +72,6 @@ export async function getOnboarding(chatId: string): Promise<{ message: string;
 
   const deps = checkDeps();
 
-  // Everything set up — skip onboarding
-  if (deps.claude && deps.codex && deps.openaiKey) {
-    await markOnboarded(chatId);
-    return null;
-  }
-
   // No CLI at all — block
   if (!deps.claude && !deps.codex) {
     const lines = [
@@ -94,23 +88,15 @@ export async function getOnboarding(chatId: string): Promise<{ message: string;
     return { message: lines.join("\n"), blocking: true };
   }
 
-  // At least one CLI — inform and continue
+  // At least one CLI — minimal greeting and continue
   await markOnboarded(chatId);
 
   const using = deps.claude ? "Claude" : "Codex";
   const lines = [`<b>Arisa</b> — using <b>${using}</b>`];
 
-  if (!deps.claude) {
-    lines.push("Claude CLI not installed. Add it with <code>bun add -g @anthropic-ai/claude-code</code>");
-  } else if (!deps.codex) {
-    lines.push("Codex CLI not installed. Add it with <code>bun add -g @openai/codex</code>");
-  } else {
+  if (deps.claude && deps.codex) {
     lines.push("Use /codex or /claude to switch backend.");
   }
 
-  if (!deps.openaiKey) {
-    lines.push("No OpenAI API key — voice and image processing disabled. Add <code>OPENAI_API_KEY</code> to <code>~/.arisa/.env</code> to enable.");
-  }
-
   return { message: lines.join("\n"), blocking: false };
 }

package/src/daemon/auto-install.ts

@@ -0,0 +1,140 @@
+/**
+ * @module daemon/auto-install
+ * @role Auto-install missing AI CLIs at daemon startup.
+ * @responsibilities
+ *   - Check which CLIs (claude, codex) are missing
+ *   - Attempt `bun add -g <package>` for each missing CLI
+ *   - Log results, notify chats on success
+ * @dependencies shared/ai-cli
+ * @effects Spawns bun install processes, modifies global packages
+ */
+
+import { createLogger } from "../shared/logger";
+import { isAgentCliInstalled, buildBunWrappedAgentCliCommand, type AgentCliName } from "../shared/ai-cli";
+
+const log = createLogger("daemon");
+
+const CLI_PACKAGES: Record<AgentCliName, string> = {
+  claude: "@anthropic-ai/claude-code",
+  codex: "@openai/codex",
+};
+
+const INSTALL_TIMEOUT = 120_000; // 2min
+
+type NotifyFn = (text: string) => Promise<void>;
+let notifyFn: NotifyFn | null = null;
+
+export function setAutoInstallNotify(fn: NotifyFn) {
+  notifyFn = fn;
+}
+
+async function installCli(cli: AgentCliName): Promise<boolean> {
+  const pkg = CLI_PACKAGES[cli];
+  log.info(`Auto-install: installing ${cli} (${pkg})...`);
+
+  try {
+    const proc = Bun.spawn(["bun", "add", "-g", pkg], {
+      stdout: "pipe",
+      stderr: "pipe",
+      env: { ...process.env },
+    });
+
+    const timeout = setTimeout(() => proc.kill(), INSTALL_TIMEOUT);
+    const exitCode = await proc.exited;
+    clearTimeout(timeout);
+
+    if (exitCode === 0) {
+      log.info(`Auto-install: ${cli} installed successfully`);
+      return true;
+    } else {
+      const stderr = await new Response(proc.stderr).text();
+      log.error(`Auto-install: ${cli} install failed (exit ${exitCode}): ${stderr.slice(0, 300)}`);
+      return false;
+    }
+  } catch (error) {
+    log.error(`Auto-install: ${cli} install error: ${error}`);
+    return false;
+  }
+}
+
+export async function autoInstallMissingClis(): Promise<void> {
+  const missing: AgentCliName[] = [];
+
+  for (const cli of Object.keys(CLI_PACKAGES) as AgentCliName[]) {
+    if (!isAgentCliInstalled(cli)) {
+      missing.push(cli);
+    }
+  }
+
+  if (missing.length === 0) {
+    log.info("Auto-install: all CLIs already installed");
+    return;
+  }
+
+  log.info(`Auto-install: missing CLIs: ${missing.join(", ")}`);
+
+  const installed: string[] = [];
+  for (const cli of missing) {
+    const ok = await installCli(cli);
+    if (ok) installed.push(cli);
+  }
+
+  if (installed.length > 0) {
+    const msg = `Auto-installed: <b>${installed.join(", ")}</b>`;
+    log.info(msg);
+    await notifyFn?.(msg).catch((e) => log.error(`Auto-install notify failed: ${e}`));
+  }
+
+  // After install, probe auth for all installed CLIs
+  await probeCliAuth();
+}
+
+type AuthProbeFn = (cli: AgentCliName, errorText: string) => void;
+let authProbeFn: AuthProbeFn | null = null;
+
+export function setAuthProbeCallback(fn: AuthProbeFn) {
+  authProbeFn = fn;
+}
+
+const PROBE_TIMEOUT = 15_000;
+
+/**
+ * Run a minimal command with each installed CLI to detect auth errors early.
+ * Uses a real API call (cheap haiku / short exec) so auth errors surface.
+ * When an auth error is found, the callback triggers the appropriate login flow.
+ */
+export async function probeCliAuth(): Promise<void> {
+  for (const cli of ["claude", "codex"] as AgentCliName[]) {
+    if (!isAgentCliInstalled(cli)) continue;
+
+    log.info(`Auth probe: testing ${cli}...`);
+    try {
+      const args = cli === "claude"
+        ? ["-p", "say ok", "--model", "haiku", "--dangerously-skip-permissions"]
+        : ["exec", "--dangerously-bypass-approvals-and-sandbox", "echo ok"];
+
+      const proc = Bun.spawn(buildBunWrappedAgentCliCommand(cli, args), {
+        stdout: "pipe",
+        stderr: "pipe",
+        env: { ...process.env },
+      });
+
+      const timeout = setTimeout(() => proc.kill(), PROBE_TIMEOUT);
+      const exitCode = await proc.exited;
+      clearTimeout(timeout);
+
+      const stdout = await new Response(proc.stdout).text();
+      const stderr = await new Response(proc.stderr).text();
+
+      if (exitCode === 0) {
+        log.info(`Auth probe: ${cli} authenticated OK`);
+      } else {
+        const combined = stdout + "\n" + stderr;
+        log.warn(`Auth probe: ${cli} failed (exit ${exitCode}): ${combined.slice(0, 200)}`);
+        authProbeFn?.(cli, combined);
+      }
+    } catch (e) {
+      log.error(`Auth probe: ${cli} error: ${e}`);
+    }
+  }
+}

package/src/daemon/claude-login.ts

@@ -0,0 +1,213 @@
+/**
+ * @module daemon/claude-login
+ * @role Trigger Claude setup-token (OAuth) flow from Daemon when auth errors are detected.
+ * @responsibilities
+ *   - Detect Claude auth-required signals in Core responses
+ *   - Run `claude setup-token` with piped I/O
+ *   - Parse OAuth URL from output, send to pending Telegram chats
+ *   - Accept OAuth code from user message and pipe it to the waiting process stdin
+ * @effects Spawns claude CLI process, writes to daemon logs/terminal
+ */
+
+import { config } from "../shared/config";
+import { createLogger } from "../shared/logger";
+import { buildBunWrappedAgentCliCommand } from "../shared/ai-cli";
+
+const log = createLogger("daemon");
+
+const AUTH_HINT_PATTERNS = [
+  /invalid.*api.?key/i,
+  /authentication.*failed/i,
+  /not authenticated/i,
+  /ANTHROPIC_API_KEY/,
+  /api key not found/i,
+  /invalid x-api-key/i,
+];
+
+const RETRY_COOLDOWN_MS = 30_000;
+
+let loginInProgress = false;
+let lastLoginAttemptAt = 0;
+const pendingChatIds = new Set<string>();
+
+// The running setup-token process, so we can pipe the code to stdin
+let pendingProc: ReturnType<typeof Bun.spawn> | null = null;
+let urlSent = false;
+
+type NotifyFn = (chatId: string, text: string) => Promise<void>;
+let notifyFn: NotifyFn | null = null;
+
+export function setClaudeLoginNotify(fn: NotifyFn) {
+  notifyFn = fn;
+}
+
+function needsClaudeLogin(text: string): boolean {
+  return AUTH_HINT_PATTERNS.some((pattern) => pattern.test(text));
+}
+
+export function maybeStartClaudeSetupToken(rawCoreText: string, chatId?: string): void {
+  if (!rawCoreText || !needsClaudeLogin(rawCoreText)) return;
+  if (chatId) pendingChatIds.add(chatId);
+
+  if (loginInProgress) {
+    log.info("Claude setup-token already in progress; skipping duplicate trigger");
+    return;
+  }
+
+  const now = Date.now();
+  if (now - lastLoginAttemptAt < RETRY_COOLDOWN_MS) {
+    log.info("Claude setup-token trigger ignored (cooldown active)");
+    return;
+  }
+
+  lastLoginAttemptAt = now;
+  loginInProgress = true;
+  void runClaudeSetupToken().finally(() => {
+    loginInProgress = false;
+    pendingProc = null;
+  });
+}
+
+/**
+ * Start Claude setup-token proactively (e.g. during onboarding).
+ */
+export function startClaudeSetupToken(chatId: string): void {
+  pendingChatIds.add(chatId);
+
+  if (loginInProgress) {
+    log.info("Claude setup-token already in progress");
+    return;
+  }
+
+  loginInProgress = true;
+  lastLoginAttemptAt = Date.now();
+  void runClaudeSetupToken().finally(() => {
+    loginInProgress = false;
+    pendingProc = null;
+  });
+}
+
+/**
+ * Check if we're waiting for an OAuth code from this chat.
+ * If the message looks like a code, pipe it to the waiting setup-token process.
+ * Returns true if the message was consumed as a code.
+ */
+export function maybeFeedClaudeCode(chatId: string, text: string): boolean {
+  if (!pendingProc || !pendingChatIds.has(chatId)) return false;
+
+  const trimmed = text.trim();
+  // OAuth codes are typically short alphanumeric strings or URL params
+  // Reject obvious non-codes (long messages, commands, etc.)
+  if (trimmed.length > 200 || trimmed.startsWith("/") || trimmed.includes(" ")) return false;
+
+  log.info("Feeding OAuth code to claude setup-token process");
+  try {
+    const writer = pendingProc.stdin as WritableStream<Uint8Array>;
+    const w = writer.getWriter();
+    void w.write(new TextEncoder().encode(trimmed + "\n")).then(() => w.releaseLock());
+  } catch (e) {
+    log.error(`Failed to write to claude setup-token stdin: ${e}`);
+  }
+  return true;
+}
+
+async function notifyPending(text: string): Promise<void> {
+  if (!notifyFn || pendingChatIds.size === 0) return;
+  const chats = Array.from(pendingChatIds);
+  await Promise.all(
+    chats.map(async (chatId) => {
+      try { await notifyFn?.(chatId, text); } catch (e) {
+        log.error(`Failed to notify ${chatId}: ${e}`);
+      }
+    }),
+  );
+}
+
+async function runClaudeSetupToken(): Promise<void> {
+  log.warn("Claude auth required. Starting `claude setup-token`.");
+  urlSent = false;
+
+  let proc: ReturnType<typeof Bun.spawn>;
+  try {
+    proc = Bun.spawn(buildBunWrappedAgentCliCommand("claude", ["setup-token"]), {
+      cwd: config.projectDir,
+      stdin: "pipe",
+      stdout: "pipe",
+      stderr: "pipe",
+      env: { ...process.env, BROWSER: "echo" }, // Prevent browser auto-open on headless servers
+    });
+    pendingProc = proc;
+  } catch (error) {
+    log.error(`Failed to start claude setup-token: ${error}`);
+    return;
+  }
+
+  // Read stdout incrementally to detect URL early and send to Telegram
+  const readAndNotify = async (stream: ReadableStream<Uint8Array> | null, target: NodeJS.WriteStream): Promise<string> => {
+    if (!stream) return "";
+    const chunks: string[] = [];
+    const reader = stream.getReader();
+    const decoder = new TextDecoder();
+    try {
+      while (true) {
+        const { done, value } = await reader.read();
+        if (done) break;
+        const text = decoder.decode(value, { stream: true });
+        chunks.push(text);
+        target.write(text);
+
+        // Try to parse and send URL as soon as we see it
+        if (!urlSent) {
+          const allText = chunks.join("");
+          const urlMatch = allText.match(/(https:\/\/claude\.ai\/oauth\/authorize\S+)/);
+          if (urlMatch) {
+            urlSent = true;
+            const msg = [
+              "<b>Claude login required</b>\n",
+              `1. Open this link:\n${urlMatch[1]}\n`,
+              "2. Authorize and copy the code",
+              "3. Reply here with the code",
+            ].join("\n");
+            await notifyPending(msg);
+          }
+        }
+      }
+    } finally {
+      reader.releaseLock();
+    }
+    return chunks.join("");
+  };
+
+  await Promise.all([
+    readAndNotify(proc.stdout, process.stdout),
+    readAndNotify(proc.stderr, process.stderr),
+  ]);
+
+  const exitCode = await proc.exited;
+  if (exitCode === 0) {
+    log.info("Claude setup-token completed successfully.");
+    await notifySuccess();
+  } else {
+    log.error(`Claude setup-token finished with exit code ${exitCode}`);
+  }
+}
+
+async function notifySuccess(): Promise<void> {
+  if (!notifyFn || pendingChatIds.size === 0) return;
+
+  const text = "<b>Claude login completed.</b>\nTry again.";
+  const chats = Array.from(pendingChatIds);
+  pendingChatIds.clear();
+
+  await Promise.all(
+    chats.map(async (chatId) => {
+      try { await notifyFn?.(chatId, text); } catch (e) {
+        log.error(`Failed to send Claude login success notice to ${chatId}: ${e}`);
+      }
+    }),
+  );
+}
+
+export function isClaudeLoginPending(): boolean {
+  return loginInProgress;
+}

package/src/daemon/codex-login.ts

@@ -15,6 +15,7 @@ import { buildBunWrappedAgentCliCommand } from "../shared/ai-cli";
 const log = createLogger("daemon");
 
 const AUTH_HINT_PATTERNS = [
+  /codex login is required/i,
   /codex.*login --device-auth/i,
   /codex is not authenticated on this server/i,
   /missing bearer authentication in header/i,
@@ -59,17 +60,57 @@ export function maybeStartCodexDeviceAuth(rawCoreText: string, chatId?: string):
   });
 }
 
+async function readStreamAndEcho(stream: ReadableStream<Uint8Array> | null, target: NodeJS.WriteStream): Promise<string> {
+  if (!stream) return "";
+  const chunks: string[] = [];
+  const reader = stream.getReader();
+  const decoder = new TextDecoder();
+  try {
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) break;
+      const text = decoder.decode(value, { stream: true });
+      chunks.push(text);
+      target.write(text); // Echo to console for server admins
+    }
+  } finally {
+    reader.releaseLock();
+  }
+  return chunks.join("");
+}
+
+function parseAuthInfo(output: string): { url: string; code: string } | null {
+  const urlMatch = output.match(/(https:\/\/auth\.openai\.com\/\S+)/);
+  const codeMatch = output.match(/([A-Z0-9]{4}-[A-Z0-9]{5})/);
+  if (urlMatch && codeMatch) return { url: urlMatch[1], code: codeMatch[1] };
+  return null;
+}
+
+async function notifyPending(text: string): Promise<void> {
+  if (!notifyFn || pendingChatIds.size === 0) return;
+  const chats = Array.from(pendingChatIds);
+  await Promise.all(
+    chats.map(async (chatId) => {
+      try { await notifyFn?.(chatId, text); } catch (e) {
+        log.error(`Failed to notify ${chatId}: ${e}`);
+      }
+    }),
+  );
+}
+
+let authInfoSent = false;
+
 async function runCodexDeviceAuth(): Promise<void> {
   log.warn("Codex auth required. Starting `bun --bun <path-to-codex> login --device-auth` now.");
-  log.warn("Complete device auth using the URL/code printed below in this Arisa terminal.");
+  authInfoSent = false;
 
   let proc: ReturnType<typeof Bun.spawn>;
   try {
     proc = Bun.spawn(buildBunWrappedAgentCliCommand("codex", ["login", "--device-auth"]), {
       cwd: config.projectDir,
       stdin: "inherit",
-      stdout: "inherit",
-      stderr: "inherit",
+      stdout: "pipe",
+      stderr: "pipe",
       env: { ...process.env },
     });
   } catch (error) {
@@ -77,9 +118,30 @@ async function runCodexDeviceAuth(): Promise<void> {
     return;
   }
 
+  // Read stdout and stderr in parallel, echoing to console
+  const [stdoutText, stderrText] = await Promise.all([
+    readStreamAndEcho(proc.stdout, process.stdout),
+    readStreamAndEcho(proc.stderr, process.stderr),
+  ]);
+
+  // Parse auth info from combined output and send to Telegram
+  const combined = stdoutText + "\n" + stderrText;
+  if (!authInfoSent) {
+    const auth = parseAuthInfo(combined);
+    if (auth) {
+      authInfoSent = true;
+      const msg = [
+        "<b>Codex login required</b>\n",
+        `1. Open: ${auth.url}`,
+        `2. Enter code: <code>${auth.code}</code>`,
+      ].join("\n");
+      await notifyPending(msg);
+    }
+  }
+
   const exitCode = await proc.exited;
   if (exitCode === 0) {
-    log.info("Codex device auth finished successfully. You can retry your message.");
+    log.info("Codex device auth finished successfully.");
     await notifySuccess();
   } else {
     log.error(`Codex device auth finished with exit code ${exitCode}`);

package/src/daemon/index.ts

@@ -29,6 +29,8 @@ const { sendToCore } = await import("./bridge");
 const { startCore, stopCore, setLifecycleNotify } = await import("./lifecycle");
 const { setAutoFixNotify } = await import("./autofix");
 const { maybeStartCodexDeviceAuth, setCodexLoginNotify } = await import("./codex-login");
+const { maybeStartClaudeSetupToken, maybeFeedClaudeCode, setClaudeLoginNotify, isClaudeLoginPending } = await import("./claude-login");
+const { autoInstallMissingClis, setAutoInstallNotify, setAuthProbeCallback } = await import("./auto-install");
 const { chunkMessage, markdownToTelegramHtml } = await import("../core/format");
 const { saveMessageRecord } = await import("../shared/db");
 
@@ -61,12 +63,36 @@ const sendToAllChats = async (text: string) => {
 
 setLifecycleNotify(sendToAllChats);
 setAutoFixNotify(sendToAllChats);
+setAutoInstallNotify(sendToAllChats);
+setAuthProbeCallback((cli, errorText) => {
+  if (cli === "claude") {
+    // Start Claude setup-token for all known chats
+    for (const chatId of knownChatIds) {
+      maybeStartClaudeSetupToken(errorText, chatId);
+    }
+  } else if (cli === "codex") {
+    // Start Codex device-auth for all known chats
+    for (const chatId of knownChatIds) {
+      maybeStartCodexDeviceAuth(errorText, chatId);
+    }
+  }
+});
 setCodexLoginNotify(async (chatId, text) => {
   await telegram.send(chatId, text);
 });
+setClaudeLoginNotify(async (chatId, text) => {
+  await telegram.send(chatId, text);
+});
 
 telegram.onMessage(async (msg) => {
   knownChatIds.add(msg.chatId);
+
+  // If Claude login is pending and user sends what looks like an OAuth code, feed it
+  if (isClaudeLoginPending() && msg.text && maybeFeedClaudeCode(msg.chatId, msg.text)) {
+    await telegram.send(msg.chatId, "Code received, authenticating...");
+    return;
+  }
+
   // Keep typing indicator alive while Core processes (expires every ~5s)
   const typingInterval = setInterval(() => telegram.sendTyping(msg.chatId), 4000);
 
@@ -82,6 +108,7 @@ telegram.onMessage(async (msg) => {
 
     const raw = response.text || "";
     maybeStartCodexDeviceAuth(raw, msg.chatId);
+    maybeStartClaudeSetupToken(raw, msg.chatId);
     const messageParts = raw.split(/\n---CHUNK---\n/g);
     let sentText = false;
 
@@ -195,6 +222,9 @@ const pushServer = await serveWithRetry({
 
 log.info(`Daemon push server listening on port ${config.daemonPort}`);
 
+// --- Auto-install missing CLIs (non-blocking) ---
+void autoInstallMissingClis();
+
 // --- Start Core process ---
 startCore();
 

package/src/daemon/setup.ts

@@ -12,7 +12,7 @@
 import { existsSync, readFileSync, writeFileSync, mkdirSync } from "fs";
 import { dirname, join } from "path";
 import { dataDir } from "../shared/paths";
-import { secrets } from "../shared/secrets";
+import { secrets, setSecret } from "../shared/secrets";
 
 const ENV_PATH = join(dataDir, ".env");
 const SETUP_DONE_KEY = "ARISA_SETUP_COMPLETE";
@@ -61,7 +61,14 @@ export async function runSetup(): Promise<boolean> {
       return false;
     }
     vars.TELEGRAM_BOT_TOKEN = token;
+    await setSecret("TELEGRAM_BOT_TOKEN", token).catch((e) =>
+      console.warn(`[setup] Could not persist TELEGRAM_BOT_TOKEN to encrypted DB: ${e}`)
+    );
+    console.log("[setup] TELEGRAM_BOT_TOKEN saved to .env + encrypted DB");
     changed = true;
+  } else {
+    const src = telegramSecret ? "encrypted DB" : vars.TELEGRAM_BOT_TOKEN ? ".env" : "env var";
+    console.log(`[setup] TELEGRAM_BOT_TOKEN found in ${src}`);
   }
 
   // Optional: OPENAI_API_KEY
@@ -71,8 +78,15 @@ export async function runSetup(): Promise<boolean> {
     const key = await prompt("OPENAI_API_KEY (enter to skip): ");
     if (key) {
       vars.OPENAI_API_KEY = key;
+      await setSecret("OPENAI_API_KEY", key).catch((e) =>
+        console.warn(`[setup] Could not persist OPENAI_API_KEY to encrypted DB: ${e}`)
+      );
+      console.log("[setup] OPENAI_API_KEY saved to .env + encrypted DB");
       changed = true;
     }
+  } else if (vars.OPENAI_API_KEY || process.env.OPENAI_API_KEY || openaiSecret) {
+    const src = openaiSecret ? "encrypted DB" : vars.OPENAI_API_KEY ? ".env" : "env var";
+    console.log(`[setup] OPENAI_API_KEY found in ${src}`);
   }
 
   if (!setupDone) {