codeharbor 0.1.15 → 0.1.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/.env.example +3 -0
  2. package/README.md +17 -0
  3. package/dist/cli.js +2649 -2264
  4. package/package.json +8 -6
package/.env.example CHANGED
@@ -38,6 +38,7 @@ MATRIX_TYPING_TIMEOUT_MS=10000
38
38
  SESSION_ACTIVE_WINDOW_MINUTES=20
39
39
 
40
40
  # Group trigger defaults.
41
+ GROUP_DIRECT_MODE_ENABLED=false
41
42
  GROUP_TRIGGER_ALLOW_MENTION=true
42
43
  GROUP_TRIGGER_ALLOW_REPLY=true
43
44
  GROUP_TRIGGER_ALLOW_ACTIVE_WINDOW=true
@@ -78,6 +79,8 @@ ADMIN_TOKEN=
78
79
  # Each item: {"token":"...","role":"admin|viewer","actor":"ops-name"}
79
80
  # Example:
80
81
  # ADMIN_TOKENS_JSON=[{"token":"admin-secret","role":"admin","actor":"ops-admin"},{"token":"viewer-secret","role":"viewer","actor":"ops-audit"}]
82
+ # Rotate helper:
83
+ # ./scripts/rotate-admin-token.sh --target rbac --role admin --actor ops-admin
81
84
  ADMIN_TOKENS_JSON=
82
85
  # Optional IP allowlist (comma-separated, for example: 127.0.0.1,192.168.1.10).
83
86
  ADMIN_IP_ALLOWLIST=
package/README.md CHANGED
@@ -327,6 +327,7 @@ Open these UI routes in browser:
327
327
 
328
328
  Main endpoints:
329
329
 
330
+ - `GET /api/admin/auth/status`
330
331
  - `GET /api/admin/config/global`
331
332
  - `PUT /api/admin/config/global`
332
333
  - `GET /api/admin/config/rooms`
@@ -354,6 +355,14 @@ RBAC behavior:
354
355
  - `viewer` tokens can call read endpoints (`GET /api/admin/*`)
355
356
  - `admin` tokens can call read + write endpoints (`PUT/POST/DELETE /api/admin/*`)
356
357
  - for `ADMIN_TOKENS_JSON`, audit actor is derived from token identity (`actor` field), not `x-admin-actor`
358
+ - Admin UI shows current permission status (role/source) after saving auth
359
+
360
+ Rotate tokens quickly (repository script):
361
+
362
+ ```bash
363
+ ./scripts/rotate-admin-token.sh --target rbac --role admin --actor ops-admin
364
+ ./scripts/rotate-admin-token.sh --target rbac --role viewer --actor ops-audit
365
+ ```
357
366
 
358
367
  Note: `PUT /api/admin/config/global` writes to `.env` and marks changes as restart-required.
359
368
 
@@ -393,12 +402,14 @@ If any check fails, it prints actionable fix commands (for example `codeharbor i
393
402
  - Direct Message (DM)
394
403
  - all text messages are processed by default (no prefix required)
395
404
  - Group Room
405
+ - when `GROUP_DIRECT_MODE_ENABLED=true`, all non-empty messages are processed directly (no prefix/mention/reply required)
396
406
  - processed when **any allowed trigger** matches:
397
407
  - message mentions bot user id
398
408
  - message replies to a bot message
399
409
  - sender has an active conversation window
400
410
  - optional explicit prefix match (`MATRIX_COMMAND_PREFIX`)
401
411
  - Trigger Policy
412
+ - `GROUP_DIRECT_MODE_ENABLED` controls whether groups bypass trigger matching entirely
402
413
  - global defaults via `GROUP_TRIGGER_ALLOW_*`
403
414
  - per-room overrides via `ROOM_TRIGGER_POLICY_JSON`
404
415
  - Active Conversation Window
@@ -527,6 +538,12 @@ npm run build
527
538
  npm run test:legacy
528
539
  ```
529
540
 
541
+ If Python legacy dependencies are missing, install them first:
542
+
543
+ ```bash
544
+ python3 -m pip install -r requirements.txt
545
+ ```
546
+
530
547
  ## Legacy Runtime
531
548
 
532
549
  - Legacy Python runtime exists in `app/` and `tests/`.