sanook-cli 0.5.1 → 0.5.5

package/dist/gateway/telegram.js

@@ -1,5 +1,5 @@
-import { runAgent } from '../loop.js';
 import { redactKey } from '../providers/keys.js';
+import { runGatewayAgent } from './session.js';
 // Telegram channel adapter — long-polling (ไม่ต้อง public URL, เหมาะ local 24/7 แบบ Hermes)
 // ⚠ remote surface ที่รัน agent ได้ → security: REQUIRED allowlist (fail-closed) + private chat only +
 // per-chat rate-limit + error ไม่ leak internal. ทุกอย่าง fail-closed (ค่า default = ปฏิเสธ)
@@ -13,12 +13,20 @@ async function getUpdates(token, offset, signal) {
     const j = (await r.json());
     return j.result ?? [];
 }
-async function sendMessage(token, chatId, text) {
-    await fetch(api(token, 'sendMessage'), {
+export async function sendTelegramMessage(token, chatId, text, threadId) {
+    const r = await fetch(api(token, 'sendMessage'), {
         method: 'POST',
         headers: { 'content-type': 'application/json' },
-        body: JSON.stringify({ chat_id: chatId, text: text.slice(0, 4096) }),
-    }).catch(() => { });
+        body: JSON.stringify({
+            chat_id: chatId,
+            text: text.slice(0, 4096),
+            ...(threadId == null ? {} : { message_thread_id: threadId }),
+        }),
+    });
+    if (!r.ok)
+        throw new Error(`Telegram sendMessage ${r.status}`);
+    const body = (await r.json().catch(() => ({})));
+    return { chatId, messageId: body.result?.message_id };
 }
 /** allowlist — fail-closed: ว่าง = ปฏิเสธทุกคน (ต้องตั้ง TELEGRAM_ALLOWED_CHATS ชัดเจน) */
 export function isAllowed(chatId, allowed) {
@@ -32,8 +40,10 @@ export function parseAllowedChats(raw) {
         return [];
     return raw
         .split(',')
-        .map((s) => parseInt(s.trim(), 10))
-        .filter((n) => Number.isInteger(n));
+        .map((s) => s.trim())
+        .filter((s) => /^-?\d+$/.test(s))
+        .map(Number)
+        .filter((n) => Number.isSafeInteger(n));
 }
 /** start long-polling — คืน stop(). ไม่ start ถ้าไม่มี allowlist (fail-closed) */
 export function startTelegram(opts) {
@@ -47,6 +57,16 @@ export function startTelegram(opts) {
     const running = new Set(); // กัน flood: 1 chat = 1 งานพร้อมกัน
     async function loop() {
         let offset = 0;
+        // ข้าม backlog ตอนเริ่ม — ไม่งั้น bot replay คำสั่งเก่าที่ค้างไว้ (Telegram เก็บ update ~24h) ตอน start
+        // = รัน bash/แก้ไฟล์ตามคำสั่งเก่าโดยไม่ได้ตั้งใจ. offset=-1 → คืน update ล่าสุดตัวเดียว แล้วเลื่อน offset ข้ามไป
+        try {
+            const initial = await getUpdates(opts.token, -1, ctrl.signal);
+            if (initial.length)
+                offset = initial[initial.length - 1].update_id + 1;
+        }
+        catch {
+            /* ดึง backlog ไม่ได้ → เริ่มที่ 0 (ดีกว่าไม่เริ่มเลย) */
+        }
         while (!stopped) {
             try {
                 const updates = await getUpdates(opts.token, offset, ctrl.signal);
@@ -63,33 +83,36 @@ export function startTelegram(opts) {
                     }
                     if (!isAllowed(chat.id, opts.allowedChatIds)) {
                         opts.onLog?.(`Telegram: ปฏิเสธ chat ${chat.id} (ไม่อยู่ใน allowlist)`);
-                        await sendMessage(opts.token, chat.id, '⛔ ไม่ได้รับอนุญาตให้ใช้ bot นี้');
+                        await sendTelegramMessage(opts.token, chat.id, '⛔ ไม่ได้รับอนุญาตให้ใช้ bot นี้');
                         continue;
                     }
                     if (running.has(chat.id)) {
-                        await sendMessage(opts.token, chat.id, '⏳ กำลังทำงานก่อนหน้าอยู่ รอสักครู่');
+                        await sendTelegramMessage(opts.token, chat.id, '⏳ กำลังทำงานก่อนหน้าอยู่ รอสักครู่');
                         continue;
                     }
                     running.add(chat.id);
                     opts.onLog?.(`Telegram ${chat.id}: ${text.slice(0, 50)}`);
                     void (async () => {
                         try {
-                            await sendMessage(opts.token, chat.id, '⏳ กำลังคิด…');
-                            const { text: out } = await runAgent({
+                            await sendTelegramMessage(opts.token, chat.id, '⏳ กำลังคิด…');
+                            const out = await runGatewayAgent({
+                                platform: 'telegram',
+                                target: String(chat.id),
                                 model: opts.model,
                                 prompt: text,
-                                maxSteps: 20,
+                                userText: text,
                                 budgetUsd: opts.budgetUsd,
                                 // remote surface: default ask-mode + ไม่มี approve fn → mutate tools (bash/write/edit/MCP-write)
                                 // ถูกปฏิเสธอัตโนมัติ (single-factor chat-id ไม่พอจะให้ RCE). opt-in: TELEGRAM_ALLOW_WRITE=1
-                                permissionMode: process.env.TELEGRAM_ALLOW_WRITE === '1' ? 'auto' : 'ask',
+                                permissionMode: opts.allowWrite === true ? 'auto' : 'ask',
                             });
-                            await sendMessage(opts.token, chat.id, out || '(ไม่มีผลลัพธ์)');
+                            if (!out.suppressDelivery)
+                                await sendTelegramMessage(opts.token, chat.id, out.text || '(ไม่มีผลลัพธ์)');
                         }
                         catch (e) {
                             // ไม่ส่ง internal detail ให้ remote — log ฝั่ง server เท่านั้น
                             opts.onLog?.(`Telegram run error (${chat.id}): ${redactKey(e.message)}`);
-                            await sendMessage(opts.token, chat.id, 'เกิดข้อผิดพลาดภายใน');
+                            await sendTelegramMessage(opts.token, chat.id, 'เกิดข้อผิดพลาดภายใน');
                         }
                         finally {
                             running.delete(chat.id);

package/dist/gateway/webhooks.js

@@ -0,0 +1,220 @@
+import { createHmac, randomBytes, timingSafeEqual } from 'node:crypto';
+import { redactKey } from '../providers/keys.js';
+import { deliverToTarget } from './deliver.js';
+import { runGatewayAgent } from './session.js';
+const INSECURE_NO_AUTH = 'INSECURE_NO_AUTH';
+const RAW_LIMIT = 4000;
+const VALUE_LIMIT = 2000;
+const seenDeliveries = new Map();
+const rateWindows = new Map();
+export function isValidWebhookRouteName(name) {
+    return /^[a-zA-Z0-9][a-zA-Z0-9_-]{0,63}$/.test(name);
+}
+export function generateWebhookSecret() {
+    return randomBytes(24).toString('hex');
+}
+function firstHeader(headers, name) {
+    const value = headers[name.toLowerCase()];
+    return Array.isArray(value) ? value[0] : value;
+}
+function safeCompare(a, b) {
+    const left = Buffer.from(a);
+    const right = Buffer.from(b);
+    return left.length === right.length && timingSafeEqual(left, right);
+}
+function hmacHex(secret, rawBody) {
+    return createHmac('sha256', secret).update(rawBody).digest('hex');
+}
+export function verifyWebhookSignature(secret, rawBody, headers) {
+    if (!secret)
+        return { ok: false, kind: 'none' };
+    if (secret === INSECURE_NO_AUTH)
+        return { ok: true, kind: 'insecure' };
+    const github = firstHeader(headers, 'x-hub-signature-256');
+    if (github?.startsWith('sha256=')) {
+        return { ok: safeCompare(github, `sha256=${hmacHex(secret, rawBody)}`), kind: 'github' };
+    }
+    const gitlab = firstHeader(headers, 'x-gitlab-token');
+    if (gitlab)
+        return { ok: safeCompare(gitlab, secret), kind: 'gitlab' };
+    const generic = firstHeader(headers, 'x-webhook-signature') ?? firstHeader(headers, 'x-sanook-signature');
+    if (generic) {
+        const expected = hmacHex(secret, rawBody);
+        const cleaned = generic.startsWith('sha256=') ? generic.slice('sha256='.length) : generic;
+        return { ok: safeCompare(cleaned, expected), kind: 'generic' };
+    }
+    return { ok: false, kind: 'none' };
+}
+function truncate(text, limit) {
+    return text.length > limit ? `${text.slice(0, limit - 1)}…` : text;
+}
+function getPath(payload, path) {
+    return path.split('.').reduce((cur, part) => {
+        if (cur && typeof cur === 'object' && part in cur)
+            return cur[part];
+        return undefined;
+    }, payload);
+}
+function stringifyTemplateValue(value) {
+    if (value === undefined)
+        return '';
+    if (value === null)
+        return 'null';
+    if (typeof value === 'string')
+        return truncate(value, VALUE_LIMIT);
+    if (typeof value === 'number' || typeof value === 'boolean')
+        return String(value);
+    return truncate(JSON.stringify(value, null, 2), VALUE_LIMIT);
+}
+export function renderWebhookTemplate(template, payload) {
+    const fallback = `Webhook event:\n${truncate(JSON.stringify(payload, null, 2), RAW_LIMIT)}`;
+    const source = template?.trim() ? template : fallback;
+    return source.replace(/\{([A-Za-z0-9_.-]+|__raw__)\}/g, (match, key) => {
+        if (key === '__raw__')
+            return truncate(JSON.stringify(payload, null, 2), RAW_LIMIT);
+        const value = getPath(payload, key);
+        return value === undefined ? match : stringifyTemplateValue(value);
+    });
+}
+export function webhookEventType(headers, payload) {
+    const fromHeader = firstHeader(headers, 'x-github-event') ?? firstHeader(headers, 'x-gitlab-event') ?? firstHeader(headers, 'x-event-type');
+    if (fromHeader?.trim())
+        return fromHeader.trim();
+    if (payload && typeof payload === 'object') {
+        const record = payload;
+        if (typeof record.event_type === 'string')
+            return record.event_type;
+        if (typeof record.object_kind === 'string')
+            return record.object_kind;
+        if (typeof record.type === 'string')
+            return record.type;
+    }
+    return undefined;
+}
+function deliveryId(routeName, headers) {
+    const id = firstHeader(headers, 'x-github-delivery') ?? firstHeader(headers, 'x-request-id') ?? firstHeader(headers, 'x-webhook-delivery');
+    return id ? `${routeName}:${id}` : undefined;
+}
+function pruneSeenDeliveries(now) {
+    for (const [key, seenAt] of seenDeliveries) {
+        if (now - seenAt > 60 * 60 * 1000)
+            seenDeliveries.delete(key);
+    }
+}
+function hasSeenDelivery(routeName, headers, now = Date.now()) {
+    const id = deliveryId(routeName, headers);
+    if (!id)
+        return false;
+    pruneSeenDeliveries(now);
+    return seenDeliveries.has(id);
+}
+function beginDelivery(routeName, headers, now = Date.now()) {
+    const id = deliveryId(routeName, headers);
+    if (!id)
+        return undefined;
+    pruneSeenDeliveries(now);
+    seenDeliveries.set(id, now);
+    return id;
+}
+function completeDelivery(id, now = Date.now()) {
+    if (!id)
+        return;
+    pruneSeenDeliveries(now);
+    seenDeliveries.set(id, now);
+}
+function forgetDelivery(id) {
+    if (id)
+        seenDeliveries.delete(id);
+}
+function checkRateLimit(route, config, now = Date.now()) {
+    const limit = route.rateLimitPerMinute ?? config.rateLimitPerMinute;
+    if (!Number.isInteger(limit) || limit <= 0)
+        return true;
+    const key = route.name;
+    const current = rateWindows.get(key);
+    if (!current || now - current.start >= 60_000) {
+        rateWindows.set(key, { start: now, count: 1 });
+        return true;
+    }
+    current.count += 1;
+    return current.count <= limit;
+}
+export function routeToConfig(name, route) {
+    return {
+        name,
+        events: route.events ?? [],
+        secret: route.secret,
+        prompt: route.prompt,
+        deliver: route.deliver?.trim() || 'log',
+        deliverOnly: route.deliverOnly === true,
+        description: route.description,
+        rateLimitPerMinute: route.rateLimitPerMinute,
+    };
+}
+export async function handleWebhookRequest(opts) {
+    if (!opts.config.enabled)
+        return { status: 503, body: { error: 'webhooks_disabled' } };
+    const route = opts.config.routes[opts.routeName];
+    if (!route)
+        return { status: 404, body: { error: 'unknown_route' } };
+    const secret = route.secret || opts.config.secret;
+    const sig = verifyWebhookSignature(secret, opts.rawBody, opts.headers);
+    if (!sig.ok)
+        return { status: 401, body: { error: 'invalid_signature', route: route.name } };
+    let payload;
+    try {
+        payload = opts.rawBody.trim() ? JSON.parse(opts.rawBody) : {};
+    }
+    catch {
+        return { status: 400, body: { error: 'invalid_json', route: route.name } };
+    }
+    const event = webhookEventType(opts.headers, payload);
+    if (route.events.length && (!event || !route.events.includes(event))) {
+        return { status: 200, body: { status: 'ignored', route: route.name, event: event ?? null } };
+    }
+    if (route.deliverOnly && route.deliver === 'log') {
+        return { status: 400, body: { error: 'deliver_only_requires_target', route: route.name } };
+    }
+    if (hasSeenDelivery(route.name, opts.headers))
+        return { status: 200, body: { status: 'duplicate', route: route.name } };
+    if (!checkRateLimit(route, opts.config))
+        return { status: 429, body: { error: 'rate_limited', route: route.name } };
+    const trackedDeliveryId = beginDelivery(route.name, opts.headers);
+    const rendered = renderWebhookTemplate(route.prompt, payload);
+    if (route.deliverOnly) {
+        try {
+            const delivery = await deliverToTarget(route.deliver, rendered, { subject: `Webhook ${route.name}` });
+            completeDelivery(trackedDeliveryId);
+            return { status: 200, body: { status: 'delivered', route: route.name, target: delivery.target } };
+        }
+        catch (e) {
+            forgetDelivery(trackedDeliveryId);
+            opts.onLog?.(`Webhook delivery error (${route.name}): ${redactKey(e.message)}`);
+            return { status: 502, body: { error: 'delivery_failed', route: route.name } };
+        }
+    }
+    try {
+        const out = await runGatewayAgent({
+            platform: 'webhook',
+            target: route.name,
+            model: opts.model,
+            prompt: rendered,
+            userText: rendered,
+            budgetUsd: opts.budgetUsd,
+            permissionMode: opts.permissionMode ?? 'ask',
+        });
+        if (out.suppressDelivery || route.deliver === 'log') {
+            opts.onLog?.(`Webhook ${route.name}: ${truncate(out.text || '(ไม่มีผลลัพธ์)', 500)}`);
+            completeDelivery(trackedDeliveryId);
+            return { status: 200, body: { status: 'processed', route: route.name, delivered: false } };
+        }
+        const delivery = await deliverToTarget(route.deliver, out.text || '(ไม่มีผลลัพธ์)', { subject: `Webhook ${route.name}` });
+        completeDelivery(trackedDeliveryId);
+        return { status: 200, body: { status: 'delivered', route: route.name, target: delivery.target } };
+    }
+    catch (e) {
+        forgetDelivery(trackedDeliveryId);
+        opts.onLog?.(`Webhook run error (${route.name}): ${redactKey(e.message)}`);
+        return { status: 500, body: { error: 'agent_failed', route: route.name } };
+    }
+}

package/dist/gateway/whatsapp.js

@@ -0,0 +1,230 @@
+import { createHmac, timingSafeEqual } from 'node:crypto';
+import { redactKey } from '../providers/keys.js';
+import { runGatewayAgent } from './session.js';
+const WHATSAPP_GRAPH_BASE = 'https://graph.facebook.com';
+const WHATSAPP_TEXT_LIMIT = 4096;
+const seenMessageIds = new Set();
+const runningTargets = new Set();
+export function normalizeWhatsAppId(raw) {
+    const trimmed = raw?.trim();
+    if (!trimmed)
+        return undefined;
+    const compact = trimmed.replace(/[\s()+.-]+/g, '');
+    return /^\d+$/.test(compact) ? compact : undefined;
+}
+export function redactWhatsAppId(raw) {
+    const normalized = normalizeWhatsAppId(raw);
+    if (!normalized)
+        return '(not set)';
+    if (normalized.length <= 6)
+        return '<redacted>';
+    return `${normalized.slice(0, 4)}…${normalized.slice(-4)}`;
+}
+export function whatsAppMessagesUrl(config) {
+    const apiVersion = (config.apiVersion || 'v20.0').replace(/^\/+|\/+$/g, '');
+    const phoneNumberId = config.phoneNumberId?.trim();
+    if (!phoneNumberId)
+        throw new Error('WhatsApp Cloud phone number id ว่าง');
+    return `${WHATSAPP_GRAPH_BASE}/${apiVersion}/${encodeURIComponent(phoneNumberId)}/messages`;
+}
+export function whatsAppPlainText(raw) {
+    return raw
+        .replace(/\r\n/g, '\n')
+        .replace(/```[a-zA-Z0-9_-]*\n?/g, '')
+        .replace(/```/g, '')
+        .replace(/\[([^\]]+)]\(([^)]+)\)/g, '$1 ($2)')
+        .replace(/^#{1,6}\s+(.+)$/gm, '*$1*')
+        .replace(/\*\*([^*]+)\*\*/g, '*$1*')
+        .replace(/__([^_]+)__/g, '_$1_')
+        .replace(/~~([^~]+)~~/g, '~$1~')
+        .replace(/`([^`]+)`/g, '$1')
+        .trim();
+}
+export function splitWhatsAppText(raw, limit = WHATSAPP_TEXT_LIMIT) {
+    let remaining = whatsAppPlainText(raw) || '(ไม่มีผลลัพธ์)';
+    const chunks = [];
+    while (remaining.length > limit) {
+        const window = remaining.slice(0, limit + 1);
+        let cut = window.lastIndexOf('\n');
+        if (cut < Math.floor(limit * 0.4))
+            cut = window.lastIndexOf(' ');
+        if (cut < Math.floor(limit * 0.4))
+            cut = limit;
+        chunks.push(remaining.slice(0, cut).trim());
+        remaining = remaining.slice(cut).trimStart();
+    }
+    if (remaining)
+        chunks.push(remaining);
+    return chunks.length ? chunks : ['(ไม่มีผลลัพธ์)'];
+}
+export async function sendWhatsAppMessage(config, to, text) {
+    const phoneNumberId = config.phoneNumberId?.trim();
+    const accessToken = config.accessToken?.trim();
+    const recipient = normalizeWhatsAppId(to);
+    if (!phoneNumberId || !accessToken)
+        throw new Error('WhatsApp Cloud config ต้องมี phoneNumberId และ accessToken');
+    if (!recipient)
+        throw new Error('WhatsApp recipient ว่าง');
+    const chunks = splitWhatsAppText(text);
+    const messageIds = [];
+    for (const body of chunks) {
+        const r = await fetch(whatsAppMessagesUrl(config), {
+            method: 'POST',
+            headers: {
+                authorization: `Bearer ${accessToken}`,
+                'content-type': 'application/json',
+            },
+            body: JSON.stringify({
+                messaging_product: 'whatsapp',
+                recipient_type: 'individual',
+                to: recipient,
+                type: 'text',
+                text: { preview_url: false, body },
+            }),
+        });
+        if (!r.ok) {
+            const detail = await r.text().catch(() => '');
+            throw new Error(`WhatsApp Cloud send ${r.status}${detail ? `: ${redactKey(detail).slice(0, 200)}` : ''}`);
+        }
+        const parsed = (await r.json().catch(() => ({})));
+        for (const message of parsed.messages ?? []) {
+            if (message.id)
+                messageIds.push(message.id);
+        }
+    }
+    return { to: recipient, messageCount: chunks.length, messageIds };
+}
+export function verifyWhatsAppSignature(appSecret, rawBody, signature) {
+    const secret = appSecret?.trim();
+    const header = signature?.trim();
+    if (!secret || !header?.startsWith('sha256='))
+        return false;
+    const expected = `sha256=${createHmac('sha256', secret).update(rawBody).digest('hex')}`;
+    const a = Buffer.from(header);
+    const b = Buffer.from(expected);
+    return a.length === b.length && timingSafeEqual(a, b);
+}
+export function handleWhatsAppChallenge(config, params) {
+    const mode = params.get('hub.mode');
+    const token = params.get('hub.verify_token');
+    const challenge = params.get('hub.challenge') ?? '';
+    if (mode !== 'subscribe' || !config.verifyToken || token !== config.verifyToken) {
+        return { status: 403, body: 'forbidden', contentType: 'text/plain; charset=utf-8' };
+    }
+    return { status: 200, body: challenge, contentType: 'text/plain; charset=utf-8' };
+}
+function parseWhatsAppPayload(rawBody) {
+    const parsed = JSON.parse(rawBody);
+    return parsed && typeof parsed === 'object' ? parsed : {};
+}
+export function extractWhatsAppTextEvents(payload) {
+    const out = [];
+    for (const entry of payload.entry ?? []) {
+        for (const change of entry.changes ?? []) {
+            const contacts = new Map();
+            for (const contact of change.value?.contacts ?? []) {
+                if (contact.wa_id)
+                    contacts.set(contact.wa_id, contact.profile?.name ?? '');
+            }
+            for (const message of change.value?.messages ?? []) {
+                const from = normalizeWhatsAppId(message.from);
+                const text = message.type === 'text' ? message.text?.body?.trim() : undefined;
+                if (!from || !text)
+                    continue;
+                out.push({
+                    from,
+                    text,
+                    messageId: message.id,
+                    timestamp: message.timestamp,
+                    profileName: contacts.get(from),
+                });
+            }
+        }
+    }
+    return out;
+}
+export function isAllowedWhatsAppSender(config, from) {
+    if (config.allowAllUsers)
+        return true;
+    const sender = normalizeWhatsAppId(from);
+    if (!sender)
+        return false;
+    if (sender === normalizeWhatsAppId(config.homeChannel))
+        return true;
+    return config.allowedUsers.map(normalizeWhatsAppId).includes(sender);
+}
+function rememberMessageId(id) {
+    if (!id)
+        return true;
+    if (seenMessageIds.has(id))
+        return false;
+    seenMessageIds.add(id);
+    if (seenMessageIds.size > 5000) {
+        const first = seenMessageIds.values().next().value;
+        if (first)
+            seenMessageIds.delete(first);
+    }
+    return true;
+}
+function whatsAppPrompt(event) {
+    const name = event.profileName?.trim();
+    return [`WhatsApp from ${name ? `${name} ` : ''}${redactWhatsAppId(event.from)}:`, event.text].join('\n');
+}
+export async function handleWhatsAppWebhook(opts) {
+    if (!opts.config.phoneNumberId || !opts.config.accessToken)
+        return { status: 503, body: { error: 'whatsapp_not_configured' } };
+    if (!opts.config.appSecret)
+        return { status: 503, body: { error: 'whatsapp_app_secret_required' } };
+    if (!verifyWhatsAppSignature(opts.config.appSecret, opts.rawBody, opts.signature)) {
+        return { status: 401, body: { error: 'invalid_signature' } };
+    }
+    let payload;
+    try {
+        payload = parseWhatsAppPayload(opts.rawBody);
+    }
+    catch {
+        return { status: 400, body: { error: 'invalid_json' } };
+    }
+    let accepted = 0;
+    let ignored = 0;
+    const running = opts.runningTargets ?? runningTargets;
+    for (const event of extractWhatsAppTextEvents(payload)) {
+        if (!rememberMessageId(event.messageId)) {
+            ignored += 1;
+            continue;
+        }
+        if (!isAllowedWhatsAppSender(opts.config, event.from)) {
+            ignored += 1;
+            opts.onLog?.(`WhatsApp: ปฏิเสธ sender ${redactWhatsAppId(event.from)} (ไม่อยู่ใน allowlist)`);
+            continue;
+        }
+        if (running.has(event.from)) {
+            ignored += 1;
+            await sendWhatsAppMessage(opts.config, event.from, 'กำลังทำงานก่อนหน้าอยู่ รอสักครู่').catch(() => { });
+            continue;
+        }
+        accepted += 1;
+        running.add(event.from);
+        try {
+            const result = await runGatewayAgent({
+                platform: 'whatsapp',
+                target: event.from,
+                model: opts.model,
+                prompt: whatsAppPrompt(event),
+                userText: event.text,
+                budgetUsd: opts.budgetUsd,
+                permissionMode: opts.permissionMode ?? 'ask',
+            });
+            if (!result.suppressDelivery)
+                await sendWhatsAppMessage(opts.config, event.from, result.text || '(ไม่มีผลลัพธ์)');
+        }
+        catch (e) {
+            opts.onLog?.(`WhatsApp run error (${redactWhatsAppId(event.from)}): ${redactKey(e.message)}`);
+            await sendWhatsAppMessage(opts.config, event.from, 'เกิดข้อผิดพลาดภายใน').catch(() => { });
+        }
+        finally {
+            running.delete(event.from);
+        }
+    }
+    return { status: 200, body: { ok: true, accepted, ignored } };
+}

package/dist/hooks.js

@@ -2,7 +2,12 @@ import { readFile } from 'node:fs/promises';
 import { spawn } from 'node:child_process';
 import { appHomePath, BRAND_ENV, envFlag } from './brand.js';
 import { hasUntrustedProjectConfig, projectConfigPathIfTrusted, projectRoot } from './trust.js';
-const SAFE_ENV_KEYS = ['PATH', 'HOME', 'TMPDIR', 'TEMP', 'LANG', 'LC_ALL', 'USER', 'SHELL', 'TERM', 'NODE_PATH', 'NVM_DIR', 'APPDATA'];
+// รวม Windows-critical — hooks รันด้วย shell:true (cmd.exe ผ่าน ComSpec); ขาด SystemRoot/ComSpec/PATHEXT
+// = cmd.exe spawn ไม่ขึ้น/หา .cmd ไม่เจอ → hooks พังทั้งหมดบน Windows
+const SAFE_ENV_KEYS = [
+    'PATH', 'HOME', 'TMPDIR', 'TEMP', 'TMP', 'LANG', 'LC_ALL', 'USER', 'SHELL', 'TERM', 'NODE_PATH', 'NVM_DIR',
+    'APPDATA', 'LOCALAPPDATA', 'USERPROFILE', 'SystemRoot', 'SystemDrive', 'windir', 'PATHEXT', 'ComSpec',
+];
 function safeEnv() {
     const out = {};
     for (const k of SAFE_ENV_KEYS) {
@@ -13,7 +18,13 @@ function safeEnv() {
     return out;
 }
 async function readHooksFile(path, merged) {
-    const cfg = JSON.parse(await readFile(path, 'utf8'));
+    let cfg;
+    try {
+        cfg = JSON.parse(await readFile(path, 'utf8'));
+    }
+    catch {
+        return; // ไม่มีไฟล์ หรือ JSON พัง → ข้าม (ไม่งั้น hooks.json เสียใน trusted project ทำ agent run crash ทั้งรอบ)
+    }
     const valid = (h) => Boolean(h &&
         typeof h === 'object' &&
         typeof h.matcher === 'string' &&

package/dist/hotkeys.js

@@ -0,0 +1,21 @@
+export const HOTKEYS = [
+    ['Ctrl+C', 'clear draft / interrupt running turn / exit when input is empty'],
+    ['Esc', 'stop running turn and clear queued prompts'],
+    ['↑/↓', 'prompt history'],
+    ['Ctrl+A/E', 'start / end of line'],
+    ['Ctrl+U/K', 'delete to start / end'],
+    ['Ctrl+W', 'delete previous word'],
+    ['Alt+Enter', 'insert newline'],
+    ['\\+Enter', 'multi-line continuation fallback'],
+    ['paste 5+ lines', 'collapse into a readable token, expand before submit'],
+    ['type while busy + Enter', 'queue the next prompt'],
+    ['busy ↑/↓ + Ctrl+X', 'select and delete queued prompts'],
+    ['Ctrl+T', 'toggle tool trail compact / expanded'],
+    ['@file', 'inline a file or attach an image'],
+    ['/model <spec>', 'switch model'],
+    ['/diff /undo /rewind', 'inspect, stash, or rewind file changes'],
+];
+export function formatHotkeys() {
+    const width = HOTKEYS.reduce((max, [key]) => Math.max(max, key.length), 0);
+    return ['hotkeys:', ...HOTKEYS.map(([key, help]) => `  ${key.padEnd(width)}  ${help}`)].join('\n');
+}