talon-agent 1.10.1 → 1.11.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "talon-agent",
-  "version": "1.10.1",
+  "version": "1.11.0",
   "description": "Multi-frontend AI agent with full tool access, streaming, cron jobs, and plugin system",
   "author": "Dylan Neve",
   "license": "MIT",
@@ -30,7 +30,16 @@
   },
   "files": [
     "bin/",
-    "src/",
+    "src/backend/",
+    "src/core/",
+    "src/frontend/",
+    "src/plugins/",
+    "src/storage/",
+    "src/util/",
+    "src/bootstrap.ts",
+    "src/cli.ts",
+    "src/index.ts",
+    "src/login.ts",
     "prompts/",
     "README.md",
     "tsconfig.json"
@@ -43,6 +52,9 @@
     "test": "vitest run",
     "test:ci": "vitest run --reporter=verbose --reporter=json --outputFile=test-results.json",
     "test:functional": "vitest run --reporter=verbose --reporter=json --outputFile=functional-results.json src/__tests__/package.functional.test.ts src/__tests__/tool-functional.test.ts src/__tests__/mcp-launcher.test.ts src/__tests__/mcp-launcher-functional.test.ts src/__tests__/integration/sdk-stub.test.ts src/__tests__/integration/talon-functional.test.ts",
+    "test:integration": "vitest run --reporter=verbose --reporter=json --outputFile=integration-results.json src/__tests__/integration/talon-mcp-functional.test.ts",
+    "test:integration:all": "vitest run --reporter=verbose src/__tests__/integration/",
+    "tarball:check": "node .github/scripts/tarball-check.mjs",
     "build:stub-sea": "node src/__tests__/integration/stub-claude/build-sea.mjs",
     "test:watch": "vitest",
     "test:coverage": "vitest run --coverage",
@@ -91,6 +103,7 @@
   },
   "overrides": {
     "@anthropic-ai/sdk": "^0.95.0",
-    "ip-address": "^10.1.1"
+    "ip-address": "^10.1.1",
+    "fast-uri": "^3.1.2"
   }
 }

package/src/backend/claude-sdk/options.ts

@@ -6,6 +6,7 @@
  */
 
 import { resolve } from "node:path";
+import { pathToFileURL } from "node:url";
 import type {
   Options,
   PostToolBatchHookInput,
@@ -45,10 +46,17 @@ export function buildMcpServers(
   const config = getConfig();
   const bridgeUrl = `http://127.0.0.1:${getBridgePort()}`;
 
-  const tsxImport = resolve(
-    import.meta.dirname ?? ".",
-    "../../../node_modules/tsx/dist/esm/index.mjs",
-  );
+  // tsx as a Node loader is passed via `--import <url>`. Node accepts URLs
+  // or absolute paths, but on Windows a raw backslash path (`D:\…\tsx`) is
+  // ambiguous between path and URL — the loader hook fails to register and
+  // every subsequent `import` of a .ts file throws. `pathToFileURL` produces
+  // a cross-platform `file://` URL that Node always treats as a loader URL.
+  const tsxImport = pathToFileURL(
+    resolve(
+      import.meta.dirname ?? ".",
+      "../../../node_modules/tsx/dist/esm/index.mjs",
+    ),
+  ).href;
   const mcpServerPath = resolve(
     import.meta.dirname ?? ".",
     "../../core/tools/mcp-server.ts",
@@ -72,12 +80,14 @@ export function buildMcpServers(
       TALON_CHAT_ID: chatId,
       TALON_FRONTEND: frontend,
     };
+    // `node --import <tsx-loader>` everywhere — tsx as a Node loader works
+    // identically on Windows and POSIX, and avoids spawning `npx.cmd` (which
+    // Node 20.19+ refuses to execute via child_process.spawn without
+    // shell:true; CVE-2024-27980 mitigation). The wrapping launcher would
+    // hit the same .cmd ban when calling its child.
     servers[serverName] = wrapMcpServer({
-      command: process.platform === "win32" ? "npx" : "node",
-      args:
-        process.platform === "win32"
-          ? ["tsx", mcpServerPath]
-          : ["--import", tsxImport, mcpServerPath],
+      command: "node",
+      args: ["--import", tsxImport, mcpServerPath],
       env: mcpEnv,
     });
   }

package/src/core/gateway.ts

@@ -298,9 +298,16 @@ export class Gateway {
         });
         httpServer.listen(p, "127.0.0.1", () => {
           this.server = httpServer;
-          this.port = p;
-          log("gateway", `Action gateway on :${p}`);
-          resolve(p);
+          // When the caller asks for port 0 the OS assigns a random free
+          // port — read the actual port off the listening socket instead
+          // of saving the requested 0.
+          const addr = httpServer.address();
+          this.port =
+            typeof addr === "object" && addr !== null
+              ? (addr as { port: number }).port
+              : p;
+          log("gateway", `Action gateway on :${this.port}`);
+          resolve(this.port);
         });
       };
       tryPort(port);

package/src/frontend/telegram/handlers.ts

@@ -159,11 +159,117 @@ export async function isAccessAllowed(
   return false;
 }
 
+/**
+ * Maximum length of an unauthorized message body to retain in logs.
+ * Keeps abusive payloads (large pastes, attachment captions etc.) bounded
+ * while still preserving enough context to understand what was sent.
+ */
+const UNAUTHORIZED_BODY_MAX_LEN = 1024;
+
+/**
+ * Best-effort preview of an unauthorized message for forensics.
+ *
+ * Returns the visible text payload (text or caption), a short tag for
+ * media-only messages (`[sticker: 🤖]`, `[photo]`, `[voice 14s]`, etc.),
+ * or `undefined` if there's nothing meaningful to capture (e.g. a service
+ * message or empty content).
+ *
+ * Truncated to UNAUTHORIZED_BODY_MAX_LEN to keep log lines bounded.
+ */
+export function extractUnauthorizedPreview(
+  message:
+    | {
+        text?: string;
+        caption?: string;
+        sticker?: { emoji?: string; set_name?: string };
+        photo?: unknown;
+        voice?: { duration?: number };
+        video?: unknown;
+        video_note?: unknown;
+        audio?: unknown;
+        animation?: unknown;
+        document?: { file_name?: string };
+        contact?: unknown;
+        location?: unknown;
+        poll?: { question?: string };
+        dice?: { emoji?: string };
+      }
+    | undefined,
+): string | undefined {
+  if (!message) return undefined;
+
+  const text = message.text ?? message.caption;
+  if (typeof text === "string" && text.trim().length > 0) {
+    return text.length > UNAUTHORIZED_BODY_MAX_LEN
+      ? `${text.slice(0, UNAUTHORIZED_BODY_MAX_LEN)}… [truncated]`
+      : text;
+  }
+
+  if (message.sticker) {
+    const emoji = message.sticker.emoji ?? "?";
+    const set = message.sticker.set_name
+      ? ` from ${message.sticker.set_name}`
+      : "";
+    return `[sticker: ${emoji}${set}]`;
+  }
+  if (message.photo) return "[photo]";
+  if (message.voice) {
+    const dur = message.voice.duration;
+    return dur ? `[voice ${dur}s]` : "[voice]";
+  }
+  if (message.video_note) return "[video note]";
+  if (message.video) return "[video]";
+  if (message.audio) return "[audio]";
+  if (message.animation) return "[animation]";
+  if (message.document) {
+    return message.document.file_name
+      ? `[document: ${message.document.file_name}]`
+      : "[document]";
+  }
+  if (message.contact) return "[contact]";
+  if (message.location) return "[location]";
+  if (message.poll) {
+    return message.poll.question
+      ? `[poll: ${message.poll.question}]`
+      : "[poll]";
+  }
+  if (message.dice) return `[dice: ${message.dice.emoji ?? "🎲"}]`;
+
+  return undefined;
+}
+
 async function notifyUnauthorized(
   bot: Bot,
   ctx: Context,
   type: "dm" | "group",
 ): Promise<void> {
+  const sender = getSenderName(ctx.from);
+  const username = ctx.from?.username ? ` (@${ctx.from.username})` : "";
+  const userId = ctx.from?.id ?? "unknown";
+
+  // Capture message body BEFORE the cooldown check — every unauthorized
+  // attempt should be recorded for forensics, even if the user-facing
+  // warning + admin notification are suppressed by cooldown. Without
+  // this, follow-up DMs from a known social-engineering account vanish
+  // entirely from logs.
+  const body = extractUnauthorizedPreview(
+    ctx.message as Parameters<typeof extractUnauthorizedPreview>[0],
+  );
+  if (body) {
+    try {
+      appendDailyLog(
+        `⚠️ UNAUTHORIZED ${sender}${username} [id:${userId}]`,
+        body,
+      );
+    } catch {
+      /* daily log unavailable — fall through to talon.log */
+    }
+    logWarn(
+      "access",
+      `Unauthorized ${type} body from ${sender}${username} [id:${userId}]: ${body.slice(0, 200)}`,
+    );
+  }
+
   const key = type === "dm" ? `dm:${ctx.from?.id}` : `group:${ctx.chat?.id}`;
   const now = Date.now();
   const lastWarned = unauthorizedCooldown.get(key);
@@ -173,10 +279,6 @@ async function notifyUnauthorized(
   }
   unauthorizedCooldown.set(key, now);
 
-  const sender = getSenderName(ctx.from);
-  const username = ctx.from?.username ? ` (@${ctx.from.username})` : "";
-  const userId = ctx.from?.id ?? "unknown";
-
   // Warn the user
   try {
     await bot.api.sendMessage(
@@ -193,8 +295,9 @@ async function notifyUnauthorized(
       type === "dm"
         ? `🚨 Unauthorized DM from ${sender}${username} [id:${userId}]`
         : `🚨 Unauthorized group access: "${(ctx.chat as { title?: string })?.title ?? ctx.chat!.id}" [id:${ctx.chat!.id}] by ${sender}${username}`;
+    const detailWithBody = body ? `${detail}\n\n${body.slice(0, 400)}` : detail;
     try {
-      await bot.api.sendMessage(adminId, detail);
+      await bot.api.sendMessage(adminId, detailWithBody);
     } catch {
       /* admin unreachable — ignore */
     }

package/src/__tests__/chat-id.test.ts

@@ -1,91 +0,0 @@
-import { describe, it, expect } from "vitest";
-
-import {
-  deriveNumericChatId,
-  generateTerminalChatId,
-  isTerminalChatId,
-} from "../util/chat-id.js";
-
-describe("deriveNumericChatId", () => {
-  it("returns a positive number", () => {
-    const id = deriveNumericChatId("test-chat");
-    expect(id).toBeGreaterThan(0);
-    expect(Number.isInteger(id)).toBe(true);
-  });
-
-  it("returns the same value for the same input", () => {
-    const a = deriveNumericChatId("stable-id");
-    const b = deriveNumericChatId("stable-id");
-    expect(a).toBe(b);
-  });
-
-  it("returns different values for different inputs", () => {
-    const a = deriveNumericChatId("chat-alpha");
-    const b = deriveNumericChatId("chat-beta");
-    expect(a).not.toBe(b);
-  });
-
-  it("handles terminal-style IDs", () => {
-    const id = deriveNumericChatId("t_1711360000000");
-    expect(id).toBeGreaterThan(0);
-  });
-
-  it("handles empty string", () => {
-    const id = deriveNumericChatId("");
-    expect(id).toBeGreaterThanOrEqual(0);
-    expect(Number.isInteger(id)).toBe(true);
-  });
-});
-
-describe("generateTerminalChatId", () => {
-  it("returns a string starting with t_", () => {
-    const id = generateTerminalChatId();
-    expect(id).toMatch(/^t_\d+$/);
-  });
-
-  it("returns a string with numeric timestamp portion", () => {
-    const id = generateTerminalChatId();
-    const ts = Number(id.slice(2));
-    expect(Number.isNaN(ts)).toBe(false);
-    expect(ts).toBeGreaterThan(0);
-  });
-
-  it("uses a recent timestamp", () => {
-    const before = Date.now();
-    const id = generateTerminalChatId();
-    const after = Date.now();
-    const ts = Number(id.slice(2));
-    expect(ts).toBeGreaterThanOrEqual(before);
-    expect(ts).toBeLessThanOrEqual(after);
-  });
-});
-
-describe("isTerminalChatId", () => {
-  it('returns true for "1" (legacy ID)', () => {
-    expect(isTerminalChatId("1")).toBe(true);
-  });
-
-  it("returns true for t_ prefixed IDs", () => {
-    expect(isTerminalChatId("t_1711360000000")).toBe(true);
-    expect(isTerminalChatId("t_0")).toBe(true);
-    expect(isTerminalChatId("t_abc")).toBe(true);
-  });
-
-  it("returns false for Telegram numeric IDs", () => {
-    expect(isTerminalChatId("123456789")).toBe(false);
-    expect(isTerminalChatId("-100123456")).toBe(false);
-  });
-
-  it("returns false for Teams IDs", () => {
-    expect(isTerminalChatId("teams_chat_abc123")).toBe(false);
-  });
-
-  it("returns false for empty string", () => {
-    expect(isTerminalChatId("")).toBe(false);
-  });
-
-  it('returns false for "10" and other strings starting with 1', () => {
-    expect(isTerminalChatId("10")).toBe(false);
-    expect(isTerminalChatId("100")).toBe(false);
-  });
-});