ctb 1.0.0

package/src/cli.ts

@@ -0,0 +1,278 @@
+#!/usr/bin/env bun
+/**
+ * CLI entry point for ctb (Claude Telegram Bot)
+ *
+ * Usage:
+ *   ctb              # Start bot using .env in current directory
+ *   ctb --help       # Show usage
+ *   ctb --version    # Show version
+ *   ctb --token=xxx  # Override TELEGRAM_BOT_TOKEN
+ *   ctb --users=123  # Override TELEGRAM_ALLOWED_USERS
+ *   ctb --dir=/path  # Override working directory
+ */
+
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { resolve } from "node:path";
+import { createInterface } from "node:readline";
+
+const VERSION = "1.0.0";
+
+interface CliOptions {
+	token?: string;
+	users?: string;
+	dir?: string;
+	help?: boolean;
+	version?: boolean;
+}
+
+function parseArgs(args: string[]): CliOptions {
+	const options: CliOptions = {};
+
+	for (const arg of args) {
+		if (arg === "--help" || arg === "-h") {
+			options.help = true;
+		} else if (arg === "--version" || arg === "-v") {
+			options.version = true;
+		} else if (arg.startsWith("--token=")) {
+			options.token = arg.slice(8);
+		} else if (arg.startsWith("--users=")) {
+			options.users = arg.slice(8);
+		} else if (arg.startsWith("--dir=")) {
+			options.dir = arg.slice(6);
+		}
+	}
+
+	return options;
+}
+
+function showHelp(): void {
+	console.log(`
+ctb - Claude Telegram Bot
+
+Run a Telegram bot that controls Claude Code in your project directory.
+
+USAGE:
+  ctb [options]
+
+OPTIONS:
+  --help, -h       Show this help message
+  --version, -v    Show version
+  --token=TOKEN    Override TELEGRAM_BOT_TOKEN from .env
+  --users=IDS      Override TELEGRAM_ALLOWED_USERS (comma-separated)
+  --dir=PATH       Override working directory (default: current directory)
+
+ENVIRONMENT:
+  Reads .env from current directory. Required variables:
+    TELEGRAM_BOT_TOKEN      - Bot token from @BotFather
+    TELEGRAM_ALLOWED_USERS  - Comma-separated Telegram user IDs
+
+EXAMPLES:
+  cd ~/my-project && ctb           # Start bot for this project
+  ctb --dir=/path/to/project       # Start bot for specific directory
+  ctb --token=xxx --users=123,456  # Override env vars
+
+Multiple instances can run simultaneously in different directories.
+`);
+}
+
+async function prompt(question: string): Promise<string> {
+	const rl = createInterface({
+		input: process.stdin,
+		output: process.stdout,
+	});
+
+	return new Promise((resolve) => {
+		rl.question(question, (answer) => {
+			rl.close();
+			resolve(answer.trim());
+		});
+	});
+}
+
+function loadEnvFile(dir: string): Record<string, string> {
+	const envPath = resolve(dir, ".env");
+	const env: Record<string, string> = {};
+
+	if (!existsSync(envPath)) {
+		return env;
+	}
+
+	const content = readFileSync(envPath, "utf-8");
+	for (const line of content.split("\n")) {
+		const trimmed = line.trim();
+		if (!trimmed || trimmed.startsWith("#")) continue;
+
+		const eqIndex = trimmed.indexOf("=");
+		if (eqIndex === -1) continue;
+
+		const key = trimmed.slice(0, eqIndex).trim();
+		let value = trimmed.slice(eqIndex + 1).trim();
+
+		// Remove quotes if present
+		if (
+			(value.startsWith('"') && value.endsWith('"')) ||
+			(value.startsWith("'") && value.endsWith("'"))
+		) {
+			value = value.slice(1, -1);
+		}
+
+		env[key] = value;
+	}
+
+	return env;
+}
+
+function saveEnvFile(dir: string, env: Record<string, string>): void {
+	const envPath = resolve(dir, ".env");
+	const lines: string[] = [];
+
+	// Preserve existing content
+	if (existsSync(envPath)) {
+		const existing = readFileSync(envPath, "utf-8");
+		const existingKeys = new Set<string>();
+
+		for (const line of existing.split("\n")) {
+			const trimmed = line.trim();
+			if (!trimmed || trimmed.startsWith("#")) {
+				lines.push(line);
+				continue;
+			}
+
+			const eqIndex = trimmed.indexOf("=");
+			if (eqIndex !== -1) {
+				const key = trimmed.slice(0, eqIndex).trim();
+				existingKeys.add(key);
+				// Use new value if provided, otherwise keep original
+				if (key in env) {
+					lines.push(`${key}=${env[key]}`);
+				} else {
+					lines.push(line);
+				}
+			} else {
+				lines.push(line);
+			}
+		}
+
+		// Add new keys not in existing file
+		for (const [key, value] of Object.entries(env)) {
+			if (!existingKeys.has(key)) {
+				lines.push(`${key}=${value}`);
+			}
+		}
+	} else {
+		// New file
+		for (const [key, value] of Object.entries(env)) {
+			lines.push(`${key}=${value}`);
+		}
+	}
+
+	writeFileSync(envPath, `${lines.join("\n")}\n`);
+}
+
+async function interactiveSetup(
+	dir: string,
+	existingEnv: Record<string, string>,
+): Promise<{ token: string; users: string }> {
+	console.log(`\nNo .env found or missing required variables in ${dir}\n`);
+
+	let token = existingEnv.TELEGRAM_BOT_TOKEN || "";
+	let users = existingEnv.TELEGRAM_ALLOWED_USERS || "";
+
+	if (!token) {
+		console.log("Get a bot token from @BotFather on Telegram");
+		token = await prompt("Enter TELEGRAM_BOT_TOKEN: ");
+		if (!token) {
+			console.error("Token is required");
+			process.exit(1);
+		}
+	}
+
+	if (!users) {
+		console.log(
+			"\nEnter your Telegram user ID(s). Find yours by messaging @userinfobot",
+		);
+		users = await prompt("Enter TELEGRAM_ALLOWED_USERS (comma-separated): ");
+		if (!users) {
+			console.error("At least one user ID is required");
+			process.exit(1);
+		}
+	}
+
+	// Ask to save
+	const save = await prompt("\nSave to .env? (Y/n): ");
+	if (save.toLowerCase() !== "n") {
+		saveEnvFile(dir, {
+			...existingEnv,
+			TELEGRAM_BOT_TOKEN: token,
+			TELEGRAM_ALLOWED_USERS: users,
+		});
+		console.log(`Saved to ${resolve(dir, ".env")}\n`);
+	}
+
+	return { token, users };
+}
+
+async function main(): Promise<void> {
+	const args = process.argv.slice(2);
+	const options = parseArgs(args);
+
+	if (options.help) {
+		showHelp();
+		process.exit(0);
+	}
+
+	if (options.version) {
+		console.log(`ctb version ${VERSION}`);
+		process.exit(0);
+	}
+
+	// Determine working directory
+	const workingDir = options.dir ? resolve(options.dir) : process.cwd();
+
+	// Load .env from working directory
+	const envFile = loadEnvFile(workingDir);
+
+	// Merge: CLI args > .env file > process.env
+	let token =
+		options.token ||
+		envFile.TELEGRAM_BOT_TOKEN ||
+		process.env.TELEGRAM_BOT_TOKEN ||
+		"";
+	let users =
+		options.users ||
+		envFile.TELEGRAM_ALLOWED_USERS ||
+		process.env.TELEGRAM_ALLOWED_USERS ||
+		"";
+
+	// Interactive setup if missing required vars
+	if (!token || !users) {
+		const setup = await interactiveSetup(workingDir, envFile);
+		token = token || setup.token;
+		users = users || setup.users;
+	}
+
+	// Set environment variables for the bot
+	process.env.TELEGRAM_BOT_TOKEN = token;
+	process.env.TELEGRAM_ALLOWED_USERS = users;
+	process.env.CLAUDE_WORKING_DIR = workingDir;
+
+	// Pass through other env vars from .env file
+	for (const [key, value] of Object.entries(envFile)) {
+		if (!(key in process.env)) {
+			process.env[key] = value;
+		}
+	}
+
+	// Set CTB_INSTANCE_DIR for session isolation
+	process.env.CTB_INSTANCE_DIR = workingDir;
+
+	console.log(`\nStarting ctb in ${workingDir}...\n`);
+
+	// Import and start the bot
+	await import("./bot.js");
+}
+
+main().catch((error) => {
+	console.error("Fatal error:", error);
+	process.exit(1);
+});

package/src/config.ts

@@ -0,0 +1,254 @@
+/**
+ * Configuration for Claude Telegram Bot.
+ *
+ * All environment variables, paths, constants, and safety settings.
+ */
+
+import { homedir } from "node:os";
+import { dirname, resolve } from "node:path";
+import type { McpServerConfig } from "./types";
+
+// ============== Environment Setup ==============
+
+const HOME = homedir();
+
+// Ensure necessary paths are available for Claude's bash commands
+// LaunchAgents don't inherit the full shell environment
+const EXTRA_PATHS = [
+	`${HOME}/.local/bin`,
+	`${HOME}/.bun/bin`,
+	"/opt/homebrew/bin",
+	"/opt/homebrew/sbin",
+	"/usr/local/bin",
+];
+
+const currentPath = process.env.PATH || "";
+const pathParts = currentPath.split(":");
+for (const extraPath of EXTRA_PATHS) {
+	if (!pathParts.includes(extraPath)) {
+		pathParts.unshift(extraPath);
+	}
+}
+process.env.PATH = pathParts.join(":");
+
+// ============== Core Configuration ==============
+
+export const TELEGRAM_TOKEN = process.env.TELEGRAM_BOT_TOKEN || "";
+export const ALLOWED_USERS: number[] = (
+	process.env.TELEGRAM_ALLOWED_USERS || ""
+)
+	.split(",")
+	.filter((x) => x.trim())
+	.map((x) => parseInt(x.trim(), 10))
+	.filter((x) => !Number.isNaN(x));
+
+export const WORKING_DIR = process.env.CLAUDE_WORKING_DIR || HOME;
+export const OPENAI_API_KEY = process.env.OPENAI_API_KEY || "";
+
+// ============== Claude CLI Path ==============
+
+// Auto-detect from PATH, or use environment override
+function findClaudeCli(): string {
+	const envPath = process.env.CLAUDE_CLI_PATH;
+	if (envPath) return envPath;
+
+	// Try to find claude in PATH using Bun.which
+	const whichResult = Bun.which("claude");
+	if (whichResult) return whichResult;
+
+	// Final fallback
+	return "/usr/local/bin/claude";
+}
+
+export const CLAUDE_CLI_PATH = findClaudeCli();
+
+// ============== MCP Configuration ==============
+
+// MCP servers loaded from mcp-config.ts
+let MCP_SERVERS: Record<string, McpServerConfig> = {};
+
+try {
+	// Dynamic import of MCP config
+	const mcpConfigPath = resolve(dirname(import.meta.dir), "mcp-config.ts");
+	const mcpModule = await import(mcpConfigPath).catch(() => null);
+	if (mcpModule?.MCP_SERVERS) {
+		MCP_SERVERS = mcpModule.MCP_SERVERS;
+		console.log(
+			`Loaded ${Object.keys(MCP_SERVERS).length} MCP servers from mcp-config.ts`,
+		);
+	}
+} catch {
+	console.log("No mcp-config.ts found - running without MCPs");
+}
+
+export { MCP_SERVERS };
+
+// ============== Security Configuration ==============
+
+// Allowed directories for file operations
+const defaultAllowedPaths = [
+	WORKING_DIR,
+	`${HOME}/Documents`,
+	`${HOME}/Downloads`,
+	`${HOME}/Desktop`,
+	`${HOME}/.claude`, // Claude Code data (plans, settings)
+];
+
+const allowedPathsStr = process.env.ALLOWED_PATHS || "";
+export const ALLOWED_PATHS: string[] = allowedPathsStr
+	? allowedPathsStr
+			.split(",")
+			.map((p) => p.trim())
+			.filter(Boolean)
+	: defaultAllowedPaths;
+
+// Build safety prompt dynamically from ALLOWED_PATHS
+function buildSafetyPrompt(allowedPaths: string[]): string {
+	const pathsList = allowedPaths
+		.map((p) => `   - ${p} (and subdirectories)`)
+		.join("\n");
+
+	return `
+CRITICAL SAFETY RULES FOR TELEGRAM BOT:
+
+1. NEVER delete, remove, or overwrite files without EXPLICIT confirmation from the user.
+   - If user asks to delete something, respond: "Are you sure you want to delete [file]? Reply 'yes delete it' to confirm."
+   - Only proceed with deletion if user replies with explicit confirmation like "yes delete it", "confirm delete"
+   - This applies to: rm, trash, unlink, shred, or any file deletion
+
+2. You can ONLY access files in these directories:
+${pathsList}
+   - REFUSE any file operations outside these paths
+
+3. NEVER run dangerous commands like:
+   - rm -rf (recursive force delete)
+   - Any command that affects files outside allowed directories
+   - Commands that could damage the system
+
+4. For any destructive or irreversible action, ALWAYS ask for confirmation first.
+
+You are running via Telegram, so the user cannot easily undo mistakes. Be extra careful!
+`;
+}
+
+export const SAFETY_PROMPT = buildSafetyPrompt(ALLOWED_PATHS);
+
+// Dangerous command patterns to block
+export const BLOCKED_PATTERNS = [
+	"rm -rf /",
+	"rm -rf ~",
+	"rm -rf $HOME",
+	"sudo rm",
+	":(){ :|:& };:", // Fork bomb
+	"> /dev/sd",
+	"mkfs.",
+	"dd if=",
+];
+
+// Query timeout (3 minutes)
+export const QUERY_TIMEOUT_MS = 180_000;
+
+// ============== Voice Transcription ==============
+
+const BASE_TRANSCRIPTION_PROMPT = `Transcribe this voice message accurately.
+The speaker may use multiple languages (English, and possibly others).
+Focus on accuracy for proper nouns, technical terms, and commands.`;
+
+const TRANSCRIPTION_CONTEXT = process.env.TRANSCRIPTION_CONTEXT || "";
+
+export const TRANSCRIPTION_PROMPT = TRANSCRIPTION_CONTEXT
+	? `${BASE_TRANSCRIPTION_PROMPT}\n\nAdditional context:\n${TRANSCRIPTION_CONTEXT}`
+	: BASE_TRANSCRIPTION_PROMPT;
+
+export const TRANSCRIPTION_AVAILABLE = !!OPENAI_API_KEY;
+
+// ============== Thinking Keywords ==============
+
+const thinkingKeywordsStr =
+	process.env.THINKING_KEYWORDS || "think,pensa,ragiona";
+const thinkingDeepKeywordsStr =
+	process.env.THINKING_DEEP_KEYWORDS || "ultrathink,think hard,pensa bene";
+
+export const THINKING_KEYWORDS = thinkingKeywordsStr
+	.split(",")
+	.map((k) => k.trim().toLowerCase());
+export const THINKING_DEEP_KEYWORDS = thinkingDeepKeywordsStr
+	.split(",")
+	.map((k) => k.trim().toLowerCase());
+
+// ============== Media Group Settings ==============
+
+export const MEDIA_GROUP_TIMEOUT = 1000; // ms to wait for more photos in a group
+
+// ============== Telegram Message Limits ==============
+
+export const TELEGRAM_MESSAGE_LIMIT = 4096; // Max characters per message
+export const TELEGRAM_SAFE_LIMIT = 4000; // Safe limit with buffer for formatting
+export const STREAMING_THROTTLE_MS = 500; // Throttle streaming updates
+export const BUTTON_LABEL_MAX_LENGTH = 30; // Max chars for inline button labels
+
+// ============== Audit Logging ==============
+
+export const AUDIT_LOG_PATH =
+	process.env.AUDIT_LOG_PATH || "/tmp/claude-telegram-audit.log";
+export const AUDIT_LOG_JSON =
+	(process.env.AUDIT_LOG_JSON || "false").toLowerCase() === "true";
+
+// ============== Rate Limiting ==============
+
+export const RATE_LIMIT_ENABLED =
+	(process.env.RATE_LIMIT_ENABLED || "true").toLowerCase() === "true";
+export const RATE_LIMIT_REQUESTS = parseInt(
+	process.env.RATE_LIMIT_REQUESTS || "20",
+	10,
+);
+export const RATE_LIMIT_WINDOW = parseInt(
+	process.env.RATE_LIMIT_WINDOW || "60",
+	10,
+);
+
+// ============== File Paths ==============
+
+// Generate a short hash for instance isolation
+function hashDir(dir: string): string {
+	let hash = 0;
+	for (let i = 0; i < dir.length; i++) {
+		const char = dir.charCodeAt(i);
+		hash = ((hash << 5) - hash + char) | 0;
+	}
+	return Math.abs(hash).toString(36).slice(0, 8);
+}
+
+// Instance directory for session isolation (set by CLI or defaults to working dir)
+const INSTANCE_DIR = process.env.CTB_INSTANCE_DIR || WORKING_DIR;
+const INSTANCE_HASH = hashDir(INSTANCE_DIR);
+const INSTANCE_TEMP_DIR = `/tmp/ctb-${INSTANCE_HASH}`;
+
+export const SESSION_FILE = `${INSTANCE_TEMP_DIR}/session.json`;
+export const RESTART_FILE = `${INSTANCE_TEMP_DIR}/restart.json`;
+export const TEMP_DIR = `${INSTANCE_TEMP_DIR}/downloads`;
+
+// Temp paths that are always allowed for bot operations
+export const TEMP_PATHS = ["/tmp/", "/private/tmp/", "/var/folders/"];
+
+// Ensure temp directories exist
+await Bun.write(`${INSTANCE_TEMP_DIR}/.keep`, "");
+await Bun.write(`${TEMP_DIR}/.keep`, "");
+
+// ============== Validation ==============
+
+if (!TELEGRAM_TOKEN) {
+	console.error("ERROR: TELEGRAM_BOT_TOKEN environment variable is required");
+	process.exit(1);
+}
+
+if (ALLOWED_USERS.length === 0) {
+	console.error(
+		"ERROR: TELEGRAM_ALLOWED_USERS environment variable is required",
+	);
+	process.exit(1);
+}
+
+console.log(
+	`Config loaded: ${ALLOWED_USERS.length} allowed users, working dir: ${WORKING_DIR}`,
+);