npm - obol-ai - Versions diffs - 0.2.8 → 0.2.9 - Mend

obol-ai 0.2.8 → 0.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "obol-ai",
-  "version": "0.2.8",
+  "version": "0.2.9",
   "description": "Self-evolving AI assistant that learns, remembers, and acts on its own. Persistent vector memory, self-rewriting personality, proactive heartbeats.",
   "main": "src/index.js",
   "bin": {

package/src/claude.js CHANGED Viewed

@@ -578,6 +578,7 @@ You communicate via Telegram. Format responses for mobile readability.
 - Store important info in memory proactively
 - Search memory before claiming you don't know something
 - Use \`store_secret\`/\`read_secret\` for all credential operations
+- If a user sends what appears to be an API key, token, or credential in conversation, immediately warn them that it's visible in chat history, tell them to revoke/rotate it, and direct them to use \`/secret set <key> <value>\` instead
 `);
   return parts.join('\n');

package/src/config.js CHANGED Viewed

@@ -1,7 +1,7 @@
 const fs = require('fs');
 const path = require('path');
-const crypto = require('crypto');
 const os = require('os');
+const { deriveKey, encrypt, decrypt } = require('./encrypt');
 const OBOL_DIR = path.join(os.homedir(), '.obol');
 const USERS_DIR = path.join(OBOL_DIR, 'users');
@@ -34,6 +34,71 @@ function resolvePassValues(obj) {
   return result;
 }
+const SENSITIVE_PATHS = [
+  'anthropic.apiKey',
+  'anthropic.oauth.accessToken',
+  'anthropic.oauth.refreshToken',
+  'telegram.token',
+  'supabase.serviceKey',
+  'supabase.accessToken',
+  'github.token',
+  'vercel.token',
+];
+function configKey() {
+  return deriveKey('obol-config');
+}
+function getPath(obj, dotPath) {
+  return dotPath.split('.').reduce((o, k) => o?.[k], obj);
+}
+function setPath(obj, dotPath, value) {
+  const parts = dotPath.split('.');
+  let cur = obj;
+  for (let i = 0; i < parts.length - 1; i++) {
+    if (!cur[parts[i]] || typeof cur[parts[i]] !== 'object') return;
+    cur = cur[parts[i]];
+  }
+  cur[parts[parts.length - 1]] = value;
+}
+function encryptSensitiveFields(config) {
+  const key = configKey();
+  const copy = JSON.parse(JSON.stringify(config));
+  for (const p of SENSITIVE_PATHS) {
+    const val = getPath(copy, p);
+    if (typeof val === 'string' && val && !val.startsWith('pass:')) {
+      setPath(copy, p, encrypt(val, key));
+    }
+  }
+  return copy;
+}
+const ENCRYPTED_RE = /^[0-9a-f]{32}:[0-9a-f]{32}:[0-9a-f]+$/;
+function decryptSensitiveFields(config) {
+  const key = configKey();
+  let hadPlaintext = false;
+  for (const p of SENSITIVE_PATHS) {
+    const val = getPath(config, p);
+    if (typeof val === 'string' && val && !val.startsWith('pass:')) {
+      if (ENCRYPTED_RE.test(val)) {
+        try {
+          setPath(config, p, decrypt(val, key));
+        } catch {}
+      } else {
+        hadPlaintext = true;
+      }
+    }
+  }
+  if (hadPlaintext) {
+    const encrypted = encryptSensitiveFields(config);
+    fs.writeFileSync(CONFIG_FILE, JSON.stringify(encrypted, null, 2), { mode: 0o600 });
+  }
+  return config;
+}
 function loadConfig({ resolve = true } = {}) {
   if (!fs.existsSync(CONFIG_FILE)) return null;
   let raw;
@@ -51,6 +116,7 @@ function loadConfig({ resolve = true } = {}) {
     console.error('[config] Fix the file manually or run: obol init --reset');
     return null;
   }
+  decryptSensitiveFields(config);
   const warnings = validateConfigSchema(config);
   if (warnings.length > 0) {
     for (const w of warnings) console.warn(`[config] ${w}`);
@@ -74,7 +140,8 @@ function validateConfigSchema(config) {
 function saveConfig(config) {
   fs.mkdirSync(OBOL_DIR, { recursive: true });
-  fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2), { mode: 0o600 });
+  const encrypted = encryptSensitiveFields(config);
+  fs.writeFileSync(CONFIG_FILE, JSON.stringify(encrypted, null, 2), { mode: 0o600 });
 }
 function getUserDir(userId) {

package/src/credentials.js CHANGED Viewed

@@ -2,6 +2,7 @@ const { execFileSync } = require('child_process');
 const fs = require('fs');
 const path = require('path');
 const { getUserDir } = require('./config');
+const { deriveKey, encrypt, decrypt } = require('./encrypt');
 const KEY_PATTERN = /^[a-zA-Z0-9][a-zA-Z0-9_.-]{0,63}$/;
@@ -25,6 +26,10 @@ function passPrefix(userId) {
   return `obol/users/${userId}`;
 }
+function secretsKey(userId) {
+  return deriveKey(`obol-secrets-${userId}`);
+}
 function secretsJsonPath(userId) {
   const dir = getUserDir(userId);
   return path.join(dir, 'secrets.json');
@@ -34,7 +39,13 @@ function loadSecretsJson(userId) {
   const p = secretsJsonPath(userId);
   if (!fs.existsSync(p)) return {};
   try {
-    return JSON.parse(fs.readFileSync(p, 'utf-8'));
+    const raw = JSON.parse(fs.readFileSync(p, 'utf-8'));
+    const key = secretsKey(userId);
+    const decrypted = {};
+    for (const [k, v] of Object.entries(raw)) {
+      decrypted[k] = decrypt(v, key);
+    }
+    return decrypted;
   } catch {
     return {};
   }
@@ -43,7 +54,12 @@ function loadSecretsJson(userId) {
 function saveSecretsJson(userId, data) {
   const p = secretsJsonPath(userId);
   fs.mkdirSync(path.dirname(p), { recursive: true });
-  fs.writeFileSync(p, JSON.stringify(data, null, 2), { mode: 0o600 });
+  const key = secretsKey(userId);
+  const encrypted = {};
+  for (const [k, v] of Object.entries(data)) {
+    encrypted[k] = encrypt(v, key);
+  }
+  fs.writeFileSync(p, JSON.stringify(encrypted, null, 2), { mode: 0o600 });
 }
 function storeSecret(userId, key, value) {
@@ -119,8 +135,13 @@ function listSecrets(userId) {
     }
   }
-  const secrets = loadSecretsJson(userId);
-  return Object.keys(secrets);
+  const p = secretsJsonPath(userId);
+  if (!fs.existsSync(p)) return [];
+  try {
+    return Object.keys(JSON.parse(fs.readFileSync(p, 'utf-8')));
+  } catch {
+    return [];
+  }
 }
 module.exports = { storeSecret, readSecret, removeSecret, listSecrets, hasPassStore, validateKey };

package/src/defaults/AGENTS.md CHANGED Viewed

@@ -60,7 +60,11 @@ Pattern: acknowledge immediately ("On it"), spawn the task, let it work in the b
 - Match the owner's energy and tone
 - Don't over-explain unless asked
 - Use tools proactively — don't describe what you could do, just do it
-- When unsure, ask one clear question rather than guessing
+- Never ask more than one question per message
+- If a reasonable default exists, use it — the user can correct you after
+- Don't list numbered options unless the user asks "what are my options"
+- Avoid emoji in responses — use plain text
+- When a user asks you to build something, build it first, explain after
 ## Evolution

package/src/encrypt.js ADDED Viewed

@@ -0,0 +1,27 @@
+const crypto = require('crypto');
+const os = require('os');
+/** @param {string} salt @returns {Buffer} */
+function deriveKey(salt) {
+  const material = `${os.hostname()}:${process.getuid()}`;
+  return crypto.pbkdf2Sync(material, salt, 100_000, 32, 'sha256');
+}
+/** @param {string} text @param {Buffer} key @returns {string} */
+function encrypt(text, key) {
+  const iv = crypto.randomBytes(16);
+  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
+  const encrypted = Buffer.concat([cipher.update(text, 'utf8'), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+  return `${iv.toString('hex')}:${authTag.toString('hex')}:${encrypted.toString('hex')}`;
+}
+/** @param {string} encrypted @param {Buffer} key @returns {string} */
+function decrypt(encrypted, key) {
+  const [ivHex, authTagHex, cipherHex] = encrypted.split(':');
+  const decipher = crypto.createDecipheriv('aes-256-gcm', key, Buffer.from(ivHex, 'hex'));
+  decipher.setAuthTag(Buffer.from(authTagHex, 'hex'));
+  return Buffer.concat([decipher.update(Buffer.from(cipherHex, 'hex')), decipher.final()]).toString('utf8');
+}
+module.exports = { deriveKey, encrypt, decrypt };

package/src/telegram.js CHANGED Viewed

@@ -491,6 +491,24 @@ Your message is deleted immediately when using /secret set to keep credentials o
     return null;
   }
+  const API_KEY_PATTERNS = [
+    /sk-[a-zA-Z0-9]{20,}/,
+    /ghp_[a-zA-Z0-9]{36,}/,
+    /gho_[a-zA-Z0-9]{36,}/,
+    /ghu_[a-zA-Z0-9]{36,}/,
+    /ghs_[a-zA-Z0-9]{36,}/,
+    /github_pat_[a-zA-Z0-9_]{20,}/,
+    /xoxb-[a-zA-Z0-9\-]{20,}/,
+    /xoxp-[a-zA-Z0-9\-]{20,}/,
+    /xoxs-[a-zA-Z0-9\-]{20,}/,
+    /AKIA[A-Z0-9]{16}/,
+    /eyJ[a-zA-Z0-9_-]{50,}/,
+  ];
+  function containsApiKey(text) {
+    return API_KEY_PATTERNS.some(pattern => pattern.test(text));
+  }
   bot.on('message:text', async (ctx) => {
     if (!ctx.from) return;
     const userMessage = ctx.message.text;
@@ -503,6 +521,14 @@ Your message is deleted immediately when using /secret set to keep credentials o
       if (!userMessage.includes(`@${me.username}`)) return;
     }
+    if (!userMessage.startsWith('/secret') && containsApiKey(userMessage)) {
+      ctx.api.deleteMessage(ctx.chat.id, ctx.message.message_id).catch(() => {});
+      await ctx.reply(
+        '⚠️ That message contained what looks like an API key or token. I deleted it, but it may have been seen already — consider rotating it.\n\nUse `/secret set <name> <value>` to store credentials safely.'
+      ).catch(() => {});
+      return;
+    }
     const rateResult = checkRateLimit(userId);
     if (rateResult === 'cooldown' || rateResult === 'skip') return;
     if (rateResult === 'spam') {