seclaw 0.1.7 → 0.1.9

package/dist/cli.js

@@ -380,11 +380,12 @@ async function scaffoldProject(targetDir, answers) {
   for (const sub of wsSubdirs) {
     await mkdir(resolve3(targetDir, ws, sub), { recursive: true });
   }
-  for (const dir of ["templates", "commander", "agent"]) {
+  for (const dir of ["templates", "commander", "agent", "cloudflared"]) {
     await mkdir(join2(targetDir, dir), { recursive: true });
   }
   await writeEnv(targetDir, answers);
   await writeDockerCompose(targetDir, ws);
+  await writeCloudflaredFiles(targetDir);
   await writePermissions(targetDir);
   await writeGitignore(targetDir);
   await writeDockerignore(targetDir);
@@ -481,9 +482,16 @@ async function writeDockerCompose(dir, workspacePath = "./shared") {
       retries: 5
 
   cloudflared:
-    image: cloudflare/cloudflared:latest
+    build:
+      context: ./cloudflared
+      dockerfile: Dockerfile
+    image: seclaw/cloudflared:latest
     restart: unless-stopped
-    command: ["tunnel", "--no-autoupdate", "--url", "http://agent:3000"]
+    entrypoint: ["/bin/sh", "/tunnel-start.sh"]
+    volumes:
+      - ./tunnel-start.sh:/tunnel-start.sh:ro
+    env_file:
+      - .env
     networks:
       - agent-net
     depends_on:
@@ -520,6 +528,51 @@ networks:
 `;
   await writeFile2(join2(dir, "docker-compose.yml"), content);
 }
+async function writeCloudflaredFiles(dir) {
+  await mkdir(join2(dir, "cloudflared"), { recursive: true });
+  await writeFile2(
+    join2(dir, "cloudflared", "Dockerfile"),
+    `FROM cloudflare/cloudflared:latest AS upstream
+FROM alpine:3.20
+RUN apk add --no-cache curl
+COPY --from=upstream /usr/local/bin/cloudflared /usr/local/bin/cloudflared
+ENTRYPOINT ["/bin/sh"]
+`
+  );
+  const script = `#!/bin/sh
+# Auto-updates Telegram webhook when tunnel URL changes on restart.
+
+set_webhook() {
+  URL="$1"
+  for i in 1 2 3; do
+    sleep 10
+    RESP=$(curl -s -X POST "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/setWebhook" \\
+      -H "Content-Type: application/json" \\
+      -d "{\\"url\\":\\"$URL/webhook\\",\\"allowed_updates\\":[\\"message\\",\\"callback_query\\"]}")
+    case "$RESP" in
+      *'"ok":true'*)
+        printf '[tunnel] Webhook set: %s (attempt %d)\\n' "$URL" "$i" >&2
+        return 0
+        ;;
+    esac
+    printf '[tunnel] Webhook attempt %d failed: %s\\n' "$i" "$RESP" >&2
+  done
+  return 1
+}
+
+cloudflared tunnel --no-autoupdate --url http://agent:3000 2>&1 | while IFS= read -r line; do
+  printf '%s\\n' "$line" >&2
+  case "$line" in
+    *https://*trycloudflare.com*)
+      URL=$(echo "$line" | sed -n 's|.*\\(https://[a-z0-9-]*\\.trycloudflare\\.com\\).*|\\1|p')
+      [ -z "$URL" ] && continue
+      [ -n "$TELEGRAM_BOT_TOKEN" ] && set_webhook "$URL" &
+      ;;
+  esac
+done
+`;
+  await writeFile2(join2(dir, "tunnel-start.sh"), script, { mode: 493 });
+}
 async function copyAgentFiles(dir) {
   const agentTemplateSrc = resolve3(import.meta.dirname, "runtime");
   const agentDest = join2(dir, "agent");

package/dist/runtime/agent.js

@@ -241,7 +241,7 @@ ${memory}` : ""}
 - When the user asks to save/note/draft/track something, use the appropriate workspace tool. Always confirm what was saved.`;
   return prompt;
 }
-var MAX_TOOL_RESULT = 4e3;
+var MAX_TOOL_RESULT = 1e4;
 function truncateToolResult(text) {
   let cleaned = text.replace(/<[^>]+>/g, " ");
   cleaned = cleaned.replace(/[A-Za-z0-9+/=]{100,}/g, "[base64-data]");
@@ -410,7 +410,7 @@ async function connectComposio(config2) {
     }
     const toolResults = await Promise.allSettled(
       activeApps.map(
-        (app) => apiFetch(`/tools?toolkit_slug=${app}&important=true&limit=8`)
+        (app) => apiFetch(`/tools?toolkit_slug=${app}&limit=20`)
       )
     );
     const tools = [];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "seclaw",
-  "version": "0.1.7",
+  "version": "0.1.9",
   "description": "Secure autonomous AI agents in 60 seconds",
   "type": "module",
   "bin": {