seclaw 0.1.1 → 0.1.3

package/dist/cli.js

@@ -61,14 +61,12 @@ async function fetchTunnelUrlFromLogs(cwd) {
   try {
     const result = await execa(
       "docker",
-      ["compose", "logs", "cloudflared", "--no-log-prefix"],
-      { cwd, env: { ...process.env, COMPOSE_PROJECT_NAME: "seclaw" } }
+      ["compose", "logs", "cloudflared", "--no-log-prefix", "--tail", "50"],
+      { cwd }
     );
     const combined = result.stdout + "\n" + result.stderr;
-    const match = combined.match(
-      /https:\/\/[a-z0-9-]+\.trycloudflare\.com/
-    );
-    return match ? match[0] : null;
+    const matches = [...combined.matchAll(/https:\/\/[a-z0-9-]+\.trycloudflare\.com/g)];
+    return matches.length > 0 ? matches[matches.length - 1][0] : null;
   } catch {
     return null;
   }
@@ -242,6 +240,17 @@ async function collectSetupAnswers(targetDir) {
       composioApiKey = composioKey || "";
     }
   }
+  const defaultWorkspace = "./shared";
+  const workspaceInput = await p.text({
+    message: "Workspace directory (where agent stores files)",
+    placeholder: defaultWorkspace,
+    defaultValue: defaultWorkspace,
+    validate: (v) => {
+      if (!v) return "Workspace path cannot be empty";
+    }
+  });
+  if (p.isCancel(workspaceInput)) process.exit(0);
+  const workspacePath = workspaceInput || defaultWorkspace;
   const templateOptions = [
     {
       value: "productivity-agent",
@@ -278,7 +287,8 @@ async function collectSetupAnswers(targetDir) {
     composioApiKey,
     composioUserId: "",
     template,
-    timezone: tz
+    timezone: tz,
+    workspacePath
   };
 }
 async function composioFromBrowser() {
@@ -347,28 +357,23 @@ import { mkdir, writeFile as writeFile2, cp, rm, readFile as readFile2 } from "f
 import { existsSync as existsSync3 } from "fs";
 import { join as join2, resolve as resolve3 } from "path";
 async function scaffoldProject(targetDir, answers) {
-  const dirs = [
-    "shared/tasks",
-    "shared/reports",
-    "shared/notes",
-    "shared/drafts",
-    "shared/memory",
-    "shared/config",
-    "templates",
-    "commander",
-    "agent"
-  ];
-  for (const dir of dirs) {
+  const ws = answers.workspacePath || "./shared";
+  const wsSubdirs = ["tasks", "reports", "notes", "drafts", "memory", "config"];
+  for (const sub of wsSubdirs) {
+    await mkdir(resolve3(targetDir, ws, sub), { recursive: true });
+  }
+  for (const dir of ["templates", "commander", "agent"]) {
     await mkdir(join2(targetDir, dir), { recursive: true });
   }
   await writeEnv(targetDir, answers);
-  await writeDockerCompose(targetDir);
+  await writeDockerCompose(targetDir, ws);
+  await writeTunnelScript(targetDir, ws);
   await writePermissions(targetDir);
   await writeGitignore(targetDir);
   await writeDockerignore(targetDir);
   await copyAgentFiles(targetDir);
   await copyCommanderFiles(targetDir);
-  await writeSeedFiles(targetDir, answers);
+  await writeSeedFiles(targetDir, answers, ws);
 }
 async function writeEnv(dir, answers) {
   const config = getProviderConfig(answers.llmProvider);
@@ -386,6 +391,9 @@ async function writeEnv(dir, answers) {
     lines.push(`COMPOSIO_API_KEY=${answers.composioApiKey}`);
     lines.push(`COMPOSIO_USER_ID=${existing.COMPOSIO_USER_ID || answers.composioUserId || generateUserId()}`);
   }
+  if (answers.workspacePath && answers.workspacePath !== "./shared") {
+    lines.push(`WORKSPACE_HOST_PATH=${answers.workspacePath}`);
+  }
   if (existing.INNGEST_DEV) {
     lines.push(`INNGEST_DEV=${existing.INNGEST_DEV}`);
   }
@@ -415,7 +423,7 @@ function generateUserId() {
   }
   return id;
 }
-async function writeDockerCompose(dir) {
+async function writeDockerCompose(dir, workspacePath = "./shared") {
   const content = `services:
   inngest:
     image: inngest/inngest:latest
@@ -433,7 +441,7 @@ async function writeDockerCompose(dir) {
     image: seclaw/agent:latest
     restart: unless-stopped
     volumes:
-      - ./shared:/workspace:rw
+      - ${workspacePath}:/workspace:rw
       - ./templates:/templates:ro
     env_file:
       - .env
@@ -458,7 +466,12 @@ async function writeDockerCompose(dir) {
   cloudflared:
     image: cloudflare/cloudflared:latest
     restart: unless-stopped
-    command: tunnel --no-autoupdate --url http://agent:3000
+    entrypoint: ["/bin/sh", "/tunnel-start.sh"]
+    volumes:
+      - ${workspacePath}:/workspace:rw
+      - ./tunnel-start.sh:/tunnel-start.sh:ro
+    env_file:
+      - .env
     networks:
       - agent-net
     depends_on:
@@ -478,7 +491,7 @@ async function writeDockerCompose(dir) {
     image: seclaw/desktop-commander:latest
     restart: unless-stopped
     volumes:
-      - ./shared:/workspace:rw
+      - ${workspacePath}:/workspace:rw
       - ./permissions.yml:/permissions.yml:ro
     security_opt:
       - no-new-privileges:true
@@ -501,6 +514,40 @@ networks:
 `;
   await writeFile2(join2(dir, "docker-compose.yml"), content);
 }
+async function writeTunnelScript(dir, _workspacePath = "./shared") {
+  const script = `#!/bin/sh
+# Runs cloudflared and auto-updates Telegram webhook when tunnel URL changes.
+# This solves the "webhook points to old tunnel" problem on container restart.
+
+cloudflared tunnel --no-autoupdate --url http://agent:3000 2>&1 | while IFS= read -r line; do
+  # Forward all output to stderr so docker logs still works
+  printf '%s\\n' "$line" >&2
+
+  # Detect tunnel URL in log output
+  case "$line" in
+    *https://*trycloudflare.com*)
+      # Extract URL using shell-only (no grep dependency)
+      URL=$(echo "$line" | sed -n 's|.*\\(https://[a-z0-9-]*\\.trycloudflare\\.com\\).*|\\1|p')
+      if [ -z "$URL" ]; then continue; fi
+
+      # Write to shared volume so agent/CLI can read it
+      echo "$URL" > /workspace/.tunnel-url
+
+      # Auto-update Telegram webhook if bot token is available
+      if [ -n "$TELEGRAM_BOT_TOKEN" ]; then
+        wget -q -O /dev/null \\
+          --post-data='{"url":"'"$URL"'/webhook","allowed_updates":["message","callback_query"]}' \\
+          --header='Content-Type: application/json' \\
+          "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/setWebhook" 2>/dev/null && \\
+          printf '[tunnel] Webhook updated: %s\\n' "$URL" >&2 || \\
+          printf '[tunnel] Webhook update failed\\n' >&2
+      fi
+      ;;
+  esac
+done
+`;
+  await writeFile2(join2(dir, "tunnel-start.sh"), script, { mode: 493 });
+}
 async function copyAgentFiles(dir) {
   const agentTemplateSrc = resolve3(import.meta.dirname, "runtime");
   const agentDest = join2(dir, "agent");
@@ -825,10 +872,11 @@ async function writeIfMissing(path, content) {
     await writeFile2(path, content);
   }
 }
-async function writeSeedFiles(dir, answers) {
+async function writeSeedFiles(dir, answers, ws = "./shared") {
   const today = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
+  const wsDir = resolve3(dir, ws);
   await writeIfMissing(
-    join2(dir, "shared/memory/learnings.md"),
+    join2(wsDir, "memory/learnings.md"),
     `# Agent Memory
 
 ## User Profile
@@ -844,7 +892,7 @@ async function writeSeedFiles(dir, answers) {
 `
   );
   await writeIfMissing(
-    join2(dir, "shared/tasks/welcome.md"),
+    join2(wsDir, "tasks/welcome.md"),
     `# Welcome Task
 - [ ] Introduce yourself to the user on Telegram
 - [ ] Explain what you can do (file management, email, task tracking)
@@ -853,7 +901,7 @@ async function writeSeedFiles(dir, answers) {
 `
   );
   await writeIfMissing(
-    join2(dir, "shared/config/agent.md"),
+    join2(wsDir, "config/agent.md"),
     `# Agent Configuration
 
 ## Workspace Structure
@@ -892,11 +940,11 @@ async function writeSeedFiles(dir, answers) {
     ``
   );
   await writeIfMissing(
-    join2(dir, "shared/config/integrations.md"),
+    join2(wsDir, "config/integrations.md"),
     integrations2.join("\n")
   );
   await writeIfMissing(
-    join2(dir, `shared/reports/${today}.md`),
+    join2(wsDir, `reports/${today}.md`),
     `# Daily Report \u2014 ${today}
 
 ## Status
@@ -1167,13 +1215,14 @@ async function create(directory) {
         if (resolve5(templateSrc) !== resolve5(templateDest)) {
           await cp2(templateSrc, templateDest, { recursive: true });
         }
+        const wsDir = resolve5(targetDir, answers.workspacePath || "./shared");
         const promptSrc = resolve5(templateSrc, "system-prompt.md");
         if (existsSync5(promptSrc)) {
-          await cp2(promptSrc, resolve5(targetDir, "shared", "config", "system-prompt.md"));
+          await cp2(promptSrc, resolve5(wsDir, "config", "system-prompt.md"));
         }
         const schedulesSrc = resolve5(templateSrc, "schedules.json");
         if (existsSync5(schedulesSrc)) {
-          await cp2(schedulesSrc, resolve5(targetDir, "shared", "config", "schedules.json"));
+          await cp2(schedulesSrc, resolve5(wsDir, "config", "schedules.json"));
         }
         s.stop(`Template ready.`);
       } else {
@@ -1212,7 +1261,7 @@ async function create(directory) {
       s.stop(`Webhook URL: ${pc2.cyan(webhookUrl)}`);
     }
   }
-  showSuccess(targetDir, tunnelUrl, answers.telegramBotName, answers.llmProvider, answers.composioApiKey);
+  showSuccess(targetDir, tunnelUrl, answers.telegramBotName, answers.llmProvider, answers.composioApiKey, answers.workspacePath);
 }
 async function waitForAgent(targetDir, maxRetries = 30, intervalMs = 2e3) {
   for (let i = 0; i < maxRetries; i++) {
@@ -1279,7 +1328,7 @@ var PROVIDER_LABELS = {
   openai: { model: "GPT-4o", cost: "~$10-25/mo" },
   gemini: { model: "Gemini 2.5 Pro", cost: "~$7-20/mo" }
 };
-function showSuccess(targetDir, tunnelUrl, botName, provider, composioKey) {
+function showSuccess(targetDir, tunnelUrl, botName, provider, composioKey, workspacePath) {
   const label = (s) => pc2.white(pc2.bold(s));
   const lines = [
     `${pc2.green(pc2.bold("Your AI agent is live!"))}`,
@@ -1291,7 +1340,9 @@ function showSuccess(targetDir, tunnelUrl, botName, provider, composioKey) {
   if (botName) {
     lines.push(`${label("Telegram:")}   Open ${pc2.green(botName)} and send a message`);
   }
-  lines.push(`${label("Workspace:")}  ${pc2.white(targetDir + "/shared/")}`);
+  const ws = workspacePath || "./shared";
+  const wsAbsolute = resolve5(targetDir, ws);
+  lines.push(`${label("Workspace:")}  ${pc2.white(wsAbsolute + "/")}`);
   if (provider) {
     const info = PROVIDER_LABELS[provider];
     if (info) {
@@ -1420,7 +1471,14 @@ async function add(template, options) {
       return;
     }
   }
-  const configDir = resolve6(process.cwd(), "shared", "config");
+  let wsHostPath = "shared";
+  try {
+    const envContent = await readFile3(resolve6(process.cwd(), ".env"), "utf-8");
+    const wsMatch = envContent.match(/WORKSPACE_HOST_PATH=(.+)/);
+    if (wsMatch?.[1]?.trim()) wsHostPath = wsMatch[1].trim();
+  } catch {
+  }
+  const configDir = resolve6(process.cwd(), wsHostPath, "config");
   if (existsSync6(configDir)) {
     const capDir = resolve6(configDir, "capabilities", template);
     await mkdir3(capDir, { recursive: true });
@@ -2042,7 +2100,14 @@ async function status() {
       }
     } catch {
     }
-    infoLines.push(`${pc6.white(pc6.bold("Workspace:"))}  ${resolve9(projectDir, "shared")}`);
+    let wsPath = "shared";
+    try {
+      const envContent = await readFile6(resolve9(projectDir, ".env"), "utf-8");
+      const wsMatch = envContent.match(/WORKSPACE_HOST_PATH=(.+)/);
+      if (wsMatch?.[1]?.trim()) wsPath = wsMatch[1].trim();
+    } catch {
+    }
+    infoLines.push(`${pc6.white(pc6.bold("Workspace:"))}  ${resolve9(projectDir, wsPath)}`);
     infoLines.push(`${pc6.white(pc6.bold("Project:"))}   ${projectDir}`);
     p6.note(infoLines.join("\n"), "seclaw");
   } catch {
@@ -2205,9 +2270,6 @@ async function doctor() {
       p9.outro("Run again after fixing manually.");
       return;
     }
-    s.start("Stopping conflicting containers...");
-    await stopExistingSeclaw();
-    s.stop(`${FIX} Cleared conflicting containers`);
     for (const check of fixable) {
       s.start(`Fixing: ${check.name}...`);
       try {
@@ -2356,12 +2418,12 @@ async function checkTunnel(projectDir) {
   try {
     const result = await execa8(
       "docker",
-      ["compose", "logs", "cloudflared", "--no-log-prefix"],
+      ["compose", "logs", "cloudflared", "--no-log-prefix", "--tail", "50"],
       { cwd: projectDir, env: { ...process.env, COMPOSE_PROJECT_NAME: getProjectName(projectDir) } }
     );
     const combined = result.stdout + "\n" + result.stderr;
-    const match = combined.match(/https:\/\/[a-z0-9-]+\.trycloudflare\.com/);
-    if (!match) {
+    const matches = [...combined.matchAll(/https:\/\/[a-z0-9-]+\.trycloudflare\.com/g)];
+    if (matches.length === 0) {
       return {
         name: "Tunnel",
         ok: false,
@@ -2375,7 +2437,7 @@ async function checkTunnel(projectDir) {
         }
       };
     }
-    const tunnelUrl = match[0];
+    const tunnelUrl = matches[matches.length - 1][0];
     try {
       const res = await fetch(`${tunnelUrl}/health`, {
         signal: AbortSignal.timeout(1e4)
@@ -2394,7 +2456,14 @@ async function checkTunnel(projectDir) {
         name: "Tunnel",
         ok: false,
         message: `URL found (${pc9.dim(tunnelUrl)}) but not reachable`,
-        tunnelUrl
+        tunnelUrl,
+        fix: async () => {
+          await clearTunnelCache(projectDir);
+          const env = { ...process.env, COMPOSE_PROJECT_NAME: getProjectName(projectDir) };
+          await execa8("docker", ["compose", "restart", "cloudflared"], { cwd: projectDir, env });
+          const newUrl = await getTunnelUrl(projectDir, 20);
+          return newUrl ? `New tunnel: ${newUrl}` : "Restarted cloudflared \u2014 run doctor again";
+        }
       };
     }
   } catch {
@@ -2431,15 +2500,18 @@ async function checkTelegram(projectDir, tunnelCheck) {
     }
     const wh = whData.result;
     const tunnelUrl = tunnelCheck.tunnelUrl || "";
+    const webhookFix = async () => {
+      const freshUrl = await getTunnelUrl(projectDir, 5);
+      if (!freshUrl) return "No tunnel URL available \u2014 fix tunnel first";
+      const ok = await setTelegramWebhook(botToken, freshUrl);
+      return ok ? `Webhook set to ${freshUrl}` : "Could not set webhook";
+    };
     if (!wh.url) {
       return {
         name: `Telegram (${botName})`,
         ok: false,
         message: "Webhook not set",
-        fix: tunnelUrl ? async () => {
-          const ok = await setTelegramWebhook(botToken, tunnelUrl);
-          return ok ? "Webhook set" : "Could not set webhook";
-        } : void 0
+        fix: webhookFix
       };
     }
     if (tunnelUrl && !wh.url.includes(tunnelUrl.replace("https://", ""))) {
@@ -2447,10 +2519,7 @@ async function checkTelegram(projectDir, tunnelCheck) {
         name: `Telegram (${botName})`,
         ok: false,
         message: "Webhook points to old tunnel",
-        fix: async () => {
-          const ok = await setTelegramWebhook(botToken, tunnelUrl);
-          return ok ? "Webhook updated" : "Could not update webhook";
-        }
+        fix: webhookFix
       };
     }
     if (wh.last_error_message) {
@@ -2458,7 +2527,13 @@ async function checkTelegram(projectDir, tunnelCheck) {
       return {
         name: `Telegram (${botName})`,
         ok: false,
-        message: `Error ${age}m ago: ${wh.last_error_message}`
+        message: `Error ${age}m ago: ${wh.last_error_message}`,
+        fix: async () => {
+          const freshUrl = await getTunnelUrl(projectDir, 5);
+          if (!freshUrl) return "No tunnel URL available \u2014 fix tunnel first";
+          const ok = await setTelegramWebhook(botToken, freshUrl);
+          return ok ? `Webhook re-set to ${freshUrl}` : "Could not set webhook";
+        }
       };
     }
     return {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "seclaw",
-  "version": "0.1.1",
+  "version": "0.1.3",
   "description": "Secure autonomous AI agents in 60 seconds",
   "type": "module",
   "bin": {