kiro-telegram-bot 1.5.1 → 1.7.1

package/src/acp/client.ts

@@ -50,6 +50,23 @@ export function isTransientAcpError(err: Error): boolean {
   return TRANSIENT_RE.test(err.message);
 }
 
+/** Patterns that specifically indicate the request exceeded the model's context
+ *  window (as opposed to a generic rate-limit/backend hiccup). */
+const CONTEXT_EXHAUSTED_RE =
+  /context (?:length|window|limit|size|overflow)|maximum context|input (?:is )?too long|prompt (?:is )?too long|too many (?:input )?tokens|token limit|exceeds? (?:the )?(?:maximum|context|token)|reduce the (?:length|size)|context.{0,24}exhaust/i;
+
+/**
+ * Heuristic: did this failure come from an exhausted context window? Unlike a
+ * generic transient error, this will NOT clear by retrying the same oversized
+ * prompt — the session must be compacted/forked into a fresh, smaller context.
+ * Note: throttling on a near-full session often surfaces as a plain "-32603 …
+ * throttled" with no context keywords, so callers should *also* consult the
+ * session's tracked context-usage % (see SessionRuntime.isContextRelatedFailure).
+ */
+export function isContextExhaustedError(err: Error): boolean {
+  return CONTEXT_EXHAUSTED_RE.test(err.message);
+}
+
 /** Compact, log/Telegram-safe stringification of an error's data payload. */
 function shortJson(v: unknown): string {
   try {
@@ -142,24 +159,31 @@ export class AcpClient extends EventEmitter {
     if (this.opts.agent) args.push("--agent", this.opts.agent);
 
     log.info(`spawning: ${this.opts.kiroCliPath} ${args.join(" ")}`);
-    this.proc = spawn(this.opts.kiroCliPath, args, {
+    const proc = spawn(this.opts.kiroCliPath, args, {
       stdio: ["pipe", "pipe", "pipe"],
       cwd: this.opts.workspace,
       env: { ...process.env, KIRO_LOG_LEVEL: process.env.KIRO_LOG_LEVEL || "error" },
     }) as ChildProcessWithoutNullStreams;
-
-    this.proc.on("exit", (code) => {
+    this.proc = proc;
+
+    proc.on("exit", (code) => {
+      // Ignore the exit of a process we've already replaced (a deliberate
+      // restart/stop). Its teardown must NOT fail the new process's pending
+      // requests nor trigger a competing auto-restart — that race was the cause
+      // of "/reauth → agent restart failed: kiro-cli acp exited (code null)".
+      if (this.proc !== proc) return;
       log.warn(`kiro-cli acp exited (code ${code})`);
       this.failAllPending(new Error(`kiro-cli acp exited (code ${code})`));
       this.emit("exit", code);
       this.maybeRestart();
     });
-    this.proc.on("error", (err) => {
+    proc.on("error", (err) => {
+      if (this.proc !== proc) return;
       log.error("failed to spawn kiro-cli:", err.message);
       this.failAllPending(err);
     });
 
-    this.transport = new JsonRpcTransport(this.proc);
+    this.transport = new JsonRpcTransport(proc);
     this.transport.on("message", (m: JsonRpcMessage) => this.onMessage(m));
 
     const init = (await this.request("initialize", {
@@ -202,6 +226,13 @@ export class AcpClient extends EventEmitter {
     return Boolean(this.capabilities?.loadSession);
   }
 
+  /** True while any prompt (a chat turn or a scheduled task) awaits a response —
+   *  i.e. the agent is actively working. Used to gate idle-only auto-updates. */
+  hasInflightPrompt(): boolean {
+    for (const p of this.pending.values()) if (p.method === "session/prompt") return true;
+    return false;
+  }
+
   /** PID of the bot's own kiro-cli acp process (to avoid killing ourselves). */
   get pid(): number | undefined {
     return this.proc?.pid;
@@ -305,22 +336,87 @@ export class AcpClient extends EventEmitter {
 
   stop(): void {
     this.stopped = true;
-    if (this.restartTimer) clearTimeout(this.restartTimer);
-    this.proc?.kill();
-    this.proc = undefined;
+    if (this.restartTimer) {
+      clearTimeout(this.restartTimer);
+      this.restartTimer = undefined;
+    }
+    void this.killCurrent();
   }
 
-  /** Manually restart the agent (used by the /restart command). */
-  async restart(): Promise<void> {
+  /**
+   * Stop the agent and WAIT for the process to fully exit, leaving it stopped
+   * (no auto-restart until start()/restart()). Used by /reauth to release the
+   * held session BEFORE logging out — otherwise the live agent keeps refreshing
+   * and re-persisting the old token, silently restoring the previous identity.
+   */
+  async stopAndWait(): Promise<void> {
     this.stopped = true;
-    if (this.restartTimer) clearTimeout(this.restartTimer);
-    this.proc?.kill();
-    this.proc = undefined;
+    if (this.restartTimer) {
+      clearTimeout(this.restartTimer);
+      this.restartTimer = undefined;
+    }
+    await this.killCurrent();
+  }
+
+  /**
+   * Manually restart the agent (used by /restart, /reauth and the MCP toggle).
+   * The old process is fully torn down BEFORE a fresh one is spawned, so its
+   * exit can't fail the new connection's `initialize` — which previously
+   * surfaced as "agent restart failed: kiro-cli acp exited (code null)".
+   */
+  async restart(): Promise<void> {
+    if (this.restartTimer) {
+      clearTimeout(this.restartTimer);
+      this.restartTimer = undefined;
+    }
+    this.stopped = true; // suppress auto-restart while we swap processes
+    this.restartAttempts = 0;
+    await this.killCurrent();
     this.stopped = false;
     await this.connect();
     this.emit("restarted");
   }
 
+  /**
+   * Terminate the current process and wait for it to fully exit. Clearing
+   * `this.proc` first makes the connect()-registered exit/error handlers
+   * short-circuit, so a deliberate teardown is silent (no `exit` event, no
+   * auto-restart). In-flight requests are rejected here (the handler no longer
+   * will). Escalates to SIGKILL if the process lingers, and never hangs.
+   */
+  private killCurrent(): Promise<void> {
+    const proc = this.proc;
+    this.proc = undefined;
+    this.transport = undefined;
+    this.failAllPending(new Error("kiro-cli acp is restarting"));
+    if (!proc || proc.exitCode !== null || proc.signalCode !== null) {
+      return Promise.resolve();
+    }
+    return new Promise<void>((resolve) => {
+      let settled = false;
+      const done = (): void => {
+        if (settled) return;
+        settled = true;
+        clearTimeout(hard);
+        resolve();
+      };
+      const hard = setTimeout(() => {
+        try {
+          proc.kill("SIGKILL");
+        } catch {
+          /* ignore */
+        }
+        setTimeout(done, 500); // give the OS a beat, then proceed regardless
+      }, 4000);
+      proc.once("exit", done);
+      try {
+        proc.kill();
+      } catch {
+        done();
+      }
+    });
+  }
+
   // ── JSON-RPC plumbing ──────────────────────────────────────────────────────
 
   private request(method: string, params: unknown): Promise<unknown> {

package/src/app/auth-service.ts

@@ -0,0 +1,325 @@
+/**
+ * Kiro authentication control for /reauth: `kiro-cli logout` then an interactive
+ * `kiro-cli login --use-device-flow`. The device flow prints a verification URL
+ * + code to stdout (no browser redirect on the bot host), which we stream back
+ * to Telegram so the user can complete it on their own device.
+ */
+import { execFile, spawn } from "node:child_process";
+import { rm } from "node:fs/promises";
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { promisify } from "node:util";
+import { createLogger } from "../logger.js";
+
+const run = promisify(execFile);
+const log = createLogger("auth");
+
+// Strip ANSI colour/cursor escapes so the Telegram transcript stays readable.
+// eslint-disable-next-line no-control-regex
+const ANSI_RE = /\x1b\[[0-9;?]*[ -/]*[@-~]/g;
+
+export interface LoginResult {
+  ok: boolean;
+  code: number | null;
+  /** True when the login was aborted via the supplied AbortSignal. */
+  cancelled?: boolean;
+  /** Human-readable failure reason, when known (shown in the chat). */
+  error?: string;
+}
+
+export interface LoginOptions {
+  /** Extra CLI flags (e.g. `--license pro`). `--use-device-flow` is added if absent. */
+  extraArgs?: string[];
+  /** Receives decoded stdout/stderr chunks as they arrive. */
+  onOutput: (text: string) => void;
+  /** Overall timeout before the login process is killed (default 5 min). */
+  timeoutMs?: number;
+  /** Abort to cancel the in-flight login — kills the process (Cancel button). */
+  signal?: AbortSignal;
+}
+
+export interface IdcLoginOptions {
+  /** IAM Identity Center start URL (e.g. https://my-org.awsapps.com/start). */
+  startUrl: string;
+  /** AWS region of the Identity Center (e.g. us-east-1). */
+  region: string;
+  /** Receives decoded output chunks as they arrive. */
+  onOutput: (text: string) => void;
+  /** Overall timeout before the login process is killed (default 5 min). */
+  timeoutMs?: number;
+  /** Abort to cancel the in-flight login — kills the process (Cancel button). */
+  signal?: AbortSignal;
+}
+
+/** Minimal shape of the optional `node-pty` module we rely on. */
+interface IPty {
+  onData(cb: (data: string) => void): void;
+  onExit(cb: (e: { exitCode: number; signal?: number }) => void): void;
+  write(data: string): void;
+  kill(signal?: string): void;
+}
+interface PtyModule {
+  spawn(
+    file: string,
+    args: string[],
+    options: { name?: string; cols?: number; rows?: number; cwd?: string; env?: NodeJS.ProcessEnv },
+  ): IPty;
+}
+
+export class AuthService {
+  constructor(private readonly kiroCliPath: string) {}
+
+  /** Run `kiro-cli logout` (non-interactive). */
+  async logout(): Promise<{ ok: boolean; out: string }> {
+    try {
+      const { stdout, stderr } = await run(this.kiroCliPath, ["logout"], {
+        timeout: 30_000,
+        encoding: "utf-8",
+      });
+      return { ok: true, out: clean(`${stdout}${stderr}`) };
+    } catch (e) {
+      const err = e as { stdout?: string; stderr?: string; message?: string };
+      const out = clean(`${err.stdout ?? ""}${err.stderr ?? ""}`) || err.message || "logout failed";
+      return { ok: false, out };
+    }
+  }
+
+  /**
+   * Best-effort removal of Kiro's cached auth token (`~/.aws/sso/cache/
+   * kiro-auth-token.json`) — the file that carries the logged-in identity
+   * (accessToken + refreshToken). Removing it after `logout` guarantees the
+   * next `login` performs a genuine device-flow authentication instead of
+   * silently reusing the previous account's cached/refreshable token.
+   *
+   * Surgical and safe: it touches ONLY Kiro's own token file, never the shared,
+   * account-agnostic OIDC client registrations, and is a no-op if absent.
+   */
+  async clearTokenCache(): Promise<boolean> {
+    const path = join(homedir(), ".aws", "sso", "cache", "kiro-auth-token.json");
+    try {
+      await rm(path, { force: true });
+      log.info(`cleared cached auth token (${path})`);
+      return true;
+    } catch (e) {
+      log.debug("clearTokenCache failed:", (e as Error).message);
+      return false;
+    }
+  }
+
+  /**
+   * to `onOutput` as it arrives (so the device code/URL reaches the user fast).
+   * Resolves when the process exits, the timeout fires, or the signal aborts.
+   */
+  login(opts: LoginOptions): Promise<LoginResult> {
+    const { extraArgs = [], onOutput, timeoutMs = 300_000, signal } = opts;
+    return new Promise<LoginResult>((resolve) => {
+      if (signal?.aborted) {
+        resolve({ ok: false, code: null, cancelled: true });
+        return;
+      }
+      const args = ["login"];
+      if (!extraArgs.includes("--use-device-flow")) args.push("--use-device-flow");
+      args.push(...extraArgs);
+      log.info(`spawning login: ${this.kiroCliPath} ${args.join(" ")}`);
+
+      let proc;
+      try {
+        // stdin ignored: any interactive prompt gets EOF rather than hanging.
+        proc = spawn(this.kiroCliPath, args, { stdio: ["ignore", "pipe", "pipe"] });
+      } catch (e) {
+        onOutput(`error: ${(e as Error).message}`);
+        resolve({ ok: false, code: null });
+        return;
+      }
+
+      let cancelled = false;
+      let settled = false;
+      let hardKill: NodeJS.Timeout | undefined;
+
+      const onAbort = (): void => {
+        cancelled = true;
+        try {
+          proc.kill();
+        } catch {
+          /* ignore */
+        }
+        // Escalate if the CLI ignores the polite signal.
+        hardKill = setTimeout(() => {
+          try {
+            proc.kill("SIGKILL");
+          } catch {
+            /* ignore */
+          }
+        }, 2000);
+      };
+
+      const finish = (r: LoginResult): void => {
+        if (settled) return;
+        settled = true;
+        clearTimeout(timer);
+        if (hardKill) clearTimeout(hardKill);
+        signal?.removeEventListener("abort", onAbort);
+        resolve(r);
+      };
+
+      const feed = (b: Buffer): void => {
+        const t = clean(b.toString("utf-8"));
+        if (t) onOutput(t);
+      };
+      proc.stdout.on("data", feed);
+      proc.stderr.on("data", feed);
+
+      const timer = setTimeout(() => {
+        onOutput("\n\u23F1\uFE0F Timed out waiting for login to complete.");
+        try {
+          proc.kill();
+        } catch {
+          /* ignore */
+        }
+      }, timeoutMs);
+
+      signal?.addEventListener("abort", onAbort, { once: true });
+
+      proc.on("error", (e: Error) => {
+        onOutput(`error: ${e.message}`);
+        finish({ ok: false, code: null, cancelled });
+      });
+      proc.on("exit", (code: number | null) => {
+        finish({ ok: code === 0 && !cancelled, code, cancelled });
+      });
+    });
+  }
+
+  /**
+   * IAM Identity Center (Pro) login. Unlike the Builder ID device flow, this
+   * CLI path is *interactive*: it always prompts ("Enter Start URL", "Enter
+   * Region", and — when the account has several — an Identity Center profile
+   * picker) and refuses to run without a real terminal. So we drive it inside a
+   * pseudo-terminal (the optional `node-pty` module), answering each prompt with
+   * the start URL / region the user supplied and accepting the default profile.
+   * The device verification URL + code still stream out via `onOutput`.
+   */
+  loginIdc(opts: IdcLoginOptions): Promise<LoginResult> {
+    const { startUrl, region, onOutput, timeoutMs = 300_000, signal } = opts;
+    return new Promise<LoginResult>((resolve) => {
+      if (signal?.aborted) {
+        resolve({ ok: false, code: null, cancelled: true });
+        return;
+      }
+      void (async () => {
+        // Load the optional native PTY lazily via a variable specifier so a
+        // missing module is a graceful runtime error, not an install/type break.
+        let pty: PtyModule;
+        try {
+          const specifier = "@homebridge/node-pty-prebuilt-multiarch";
+          const mod = (await import(specifier)) as unknown as PtyModule & { default?: PtyModule };
+          pty = typeof mod.spawn === "function" ? mod : (mod.default as PtyModule);
+          if (!pty || typeof pty.spawn !== "function") throw new Error("invalid pty module");
+        } catch {
+          resolve({
+            ok: false,
+            code: null,
+            error:
+              "IAM Identity Center login needs the PTY module. Run `npm install` in the bot folder, then try again.",
+          });
+          return;
+        }
+
+        // Pass the start URL + region as flags so the interactive prompts come
+        // PREFILLED — we then just press Enter to accept them. Typing the values
+        // ourselves makes the terminal echo them, which doubles the captured
+        // input (e.g. "us-east-1us-east-1" → bad OIDC endpoint). Q_FAKE_IS_REMOTE
+        // forces the CLI to PRINT the verification URL instead of opening a
+        // browser on the bot host, so it streams to Telegram.
+        const args = [
+          "login",
+          "--license",
+          "pro",
+          "--identity-provider",
+          startUrl,
+          "--region",
+          region,
+          "--use-device-flow",
+        ];
+        log.info(`spawning IDC login (pty): ${this.kiroCliPath} ${args.join(" ")}`);
+
+        let term: IPty;
+        try {
+          term = pty.spawn(this.kiroCliPath, args, {
+            name: "xterm-color",
+            cols: 120,
+            rows: 30,
+            env: { ...process.env, Q_FAKE_IS_REMOTE: "1" },
+          });
+        } catch (e) {
+          resolve({ ok: false, code: null, error: (e as Error).message });
+          return;
+        }
+
+        let buf = "";
+        let sentUrl = false;
+        let sentRegion = false;
+        let sentProfile = false;
+        let cancelled = false;
+        let settled = false;
+
+        const onAbort = (): void => {
+          cancelled = true;
+          try {
+            term.kill();
+          } catch {
+            /* ignore */
+          }
+        };
+
+        const finish = (r: LoginResult): void => {
+          if (settled) return;
+          settled = true;
+          clearTimeout(timer);
+          signal?.removeEventListener("abort", onAbort);
+          try {
+            term.kill();
+          } catch {
+            /* ignore */
+          }
+          resolve(r);
+        };
+
+        const timer = setTimeout(() => {
+          onOutput("\n\u23F1\uFE0F Timed out waiting for login to complete.");
+          try {
+            term.kill();
+          } catch {
+            /* ignore */
+          }
+        }, timeoutMs);
+
+        signal?.addEventListener("abort", onAbort, { once: true });
+
+        term.onData((d: string) => {
+          const t = clean(d);
+          if (t) onOutput(t);
+          buf += t;
+          // Each prompt is PREFILLED (from the flags); just press Enter to accept
+          // it. We answer each exactly once, in order.
+          if (!sentUrl && /start url/i.test(buf)) {
+            sentUrl = true;
+            term.write("\r");
+          } else if (sentUrl && !sentRegion && /enter region/i.test(buf)) {
+            sentRegion = true;
+            term.write("\r");
+          } else if (sentRegion && !sentProfile && /select an iam identity center profile/i.test(buf)) {
+            sentProfile = true;
+            term.write("\r"); // accept the default (first) profile
+          }
+        });
+
+        term.onExit(({ exitCode }) => finish({ ok: exitCode === 0 && !cancelled, code: exitCode, cancelled }));
+      })();
+    });
+  }
+}
+
+function clean(s: string): string {
+  return s.replace(ANSI_RE, "").replace(/\r/g, "");
+}

package/src/app/settings-store.ts

@@ -28,4 +28,11 @@ export class SettingsStore {
     });
     return next;
   }
+
+  /** All chat ids that have interacted (for broadcast announcements). */
+  chatIds(): number[] {
+    return Object.keys(this.store.get())
+      .map(Number)
+      .filter((n) => Number.isFinite(n));
+  }
 }

package/src/app/types.ts

@@ -41,8 +41,10 @@ export interface PromptImage {
 export interface PromptInput {
   text: string;
   images: PromptImage[];
+  /** Telegram message id of the prompt, so the reply threads to it. */
+  replyTo?: number;
 }
 
-export function textPrompt(text: string): PromptInput {
-  return { text, images: [] };
+export function textPrompt(text: string, replyTo?: number): PromptInput {
+  return { text, images: [], replyTo };
 }