telecodex 0.1.0 → 0.1.1

package/README.md

@@ -73,6 +73,30 @@ npm run dev
 For a production-style local install during development, `npm link` exposes the
 same `telecodex` command globally from the current checkout.
 
+## Automated npm release
+
+This repository is set up for npm trusted publishing from GitHub Actions.
+
+1. On npm, open the `telecodex` package settings and configure a trusted publisher:
+   - Organization or user: `jiangege`
+   - Repository: `telecodex`
+   - Workflow filename: `publish.yml`
+2. Bump the version locally:
+
+```bash
+npm version patch
+```
+
+3. Push the branch and tag:
+
+```bash
+git push origin main --follow-tags
+```
+
+Pushing a `v*` tag runs `.github/workflows/publish.yml`, which installs dependencies,
+runs `npm run check`, runs `npm test`, and publishes the package to npm when the tag
+matches the version in `package.json`.
+
 ## First launch
 
 On first launch, `telecodex`:
@@ -83,6 +107,8 @@ On first launch, `telecodex`:
 4. Generates a one-time bootstrap code if no Telegram admin is bound yet.
 5. Waits for that code in a private chat. The first successful sender becomes the permanent admin for this bot instance.
 
+Bootstrap codes are time-limited and attempt-limited. When a code expires or is exhausted, start telecodex again locally to issue a fresh one.
+
 There are no required environment variables in the normal startup path.
 
 Optional security override:
@@ -116,6 +142,9 @@ Optional security override:
 
 - `/start` or `/help` - show the current usage model.
 - `/status` - in private chat shows global state; in a project topic shows project/thread runtime state.
+- `/admin` - in private chat, show admin binding and handoff status.
+- `/admin rebind` - in private chat, issue a time-limited handoff code for transferring control to another Telegram account.
+- `/admin cancel` - in private chat, cancel a pending admin handoff code.
 - `/project` - show the current supergroup's project binding.
 - `/project bind <absolute-path>` - bind the current supergroup to a project root.
 - `/project unbind` - remove the current supergroup's project binding.
@@ -134,7 +163,7 @@ Optional security override:
 - `/web default|disabled|cached|live` - set Codex SDK web search mode.
 - `/network on|off` - set workspace network access for Codex SDK runs.
 - `/gitcheck skip|enforce` - control Codex SDK git repository checks.
-- `/adddir list|add <absolute-path>|drop <index>|clear` - manage Codex SDK additional directories.
+- `/adddir list|add <path-inside-project>|add-external <absolute-path>|drop <index>|clear` - manage Codex SDK additional directories. `add` stays inside the project root; `add-external` is the explicit escape hatch.
 - `/schema show|set <JSON object>|clear` - manage Codex SDK output schema for the current topic.
 - `/codexconfig show|set <JSON object>|clear` - manage global non-auth Codex SDK config overrides for future runs.
 - Image messages in a topic - download the Telegram image locally and send it as SDK `local_image` input.
@@ -144,6 +173,7 @@ Optional security override:
 - Long polling is managed by `@grammyjs/runner`.
 - Streaming updates are throttled before editing Telegram messages.
 - Final answers are rendered from Markdown to Telegram-safe HTML.
+- Project-scoped path checks resolve symlinks before enforcing the root boundary, so topic cwd changes cannot escape the bound project through symlink paths.
 - Because the SDK run is in-process, a telecodex restart cannot resume a partially streamed Telegram turn; the topic is reset and the user is asked to resend.
 - Authentication and provider switching remain owned by the local Codex installation; telecodex does not manage API keys or login state.
 - Interactive terminal stdin bridging and native Codex approval UI are intentionally not part of the Telegram contract. For unattended remote work, use the topic's sandbox/approval preset deliberately.

package/dist/bot/auth.js

@@ -15,11 +15,30 @@ export function authMiddleware(input) {
             return;
         }
         const authorizedUserId = input.store.getAuthorizedUserId();
+        const binding = input.store.getBindingCodeState();
+        const messageText = ctx.message?.text?.trim();
         if (authorizedUserId != null) {
             if (authorizedUserId === userId) {
                 await next();
                 return;
             }
+            if (ctx.chat?.type === "private" && binding?.mode === "rebind" && messageText) {
+                const handled = await handleBindingCodeMessage({
+                    ctx,
+                    userId,
+                    text: messageText,
+                    binding,
+                    store: input.store,
+                    success: async () => {
+                        input.store.rebindAuthorizedUserId(userId);
+                        await ctx.reply("Admin handoff succeeded. This Telegram account is now authorized to use telecodex.");
+                    },
+                    mismatchLabel: "Admin handoff code did not match.",
+                    exhaustedLabel: "Admin handoff code exhausted its attempt limit and was invalidated. Issue a new one from the currently authorized account.",
+                });
+                if (handled)
+                    return;
+            }
             input.logger?.warn("telegram update denied because user is not authorized", {
                 chatId: ctx.chat?.id ?? null,
                 chatType: ctx.chat?.type ?? null,
@@ -30,29 +49,59 @@ export function authMiddleware(input) {
             await deny(ctx, "Unauthorized.");
             return;
         }
-        if (!input.bootstrapCode) {
-            await deny(ctx, "Authentication is not configured for this bot yet.");
+        if (!binding || binding.mode !== "bootstrap") {
+            await deny(ctx, "This bot is not initialized yet, or the binding code expired. Restart telecodex locally to issue a new binding code.");
             return;
         }
         if (ctx.chat?.type !== "private") {
             await deny(ctx, "Send the admin bootstrap code to the bot in a private chat first.");
             return;
         }
-        const messageText = ctx.message?.text?.trim();
-        if (messageText === input.bootstrapCode) {
-            const claimedUserId = input.store.claimAuthorizedUserId(userId);
-            if (claimedUserId === userId) {
-                input.onAdminBound?.(userId);
-                await ctx.reply("Admin binding succeeded. Only this Telegram account can use this bot from now on.");
-            }
-            else {
-                await deny(ctx, "An admin account has already claimed this bot.");
-            }
-            return;
+        if (messageText) {
+            const handled = await handleBindingCodeMessage({
+                ctx,
+                userId,
+                text: messageText,
+                binding,
+                store: input.store,
+                success: async () => {
+                    const claimedUserId = input.store.claimAuthorizedUserId(userId);
+                    if (claimedUserId === userId) {
+                        input.onAdminBound?.(userId);
+                        await ctx.reply("Admin binding succeeded. Only this Telegram account can use this bot from now on.");
+                        return;
+                    }
+                    await deny(ctx, "An admin account has already claimed this bot.");
+                },
+                mismatchLabel: "Binding code did not match.",
+                exhaustedLabel: "Binding code exhausted its attempt limit and was invalidated. Restart telecodex locally to issue a new one.",
+            });
+            if (handled)
+                return;
         }
         await ctx.reply("This bot is not initialized yet. Send the binding code shown in the startup logs to complete the one-time admin binding.");
     };
 }
+async function handleBindingCodeMessage(input) {
+    if (input.text === input.binding.code) {
+        await input.success();
+        return true;
+    }
+    if (input.text.startsWith("/")) {
+        return false;
+    }
+    const attempt = input.store.recordBindingCodeFailure();
+    if (!attempt) {
+        await input.ctx.reply("The binding code is no longer active. Issue a new one and try again.");
+        return true;
+    }
+    if (attempt.exhausted) {
+        await input.ctx.reply(input.exhaustedLabel);
+        return true;
+    }
+    await input.ctx.reply(`${input.mismatchLabel}\nRemaining attempts: ${attempt.remaining}`);
+    return true;
+}
 async function deny(ctx, text) {
     if (ctx.callbackQuery) {
         await ctx.answerCallbackQuery({ text, show_alert: false });

package/dist/bot/commandSupport.js

@@ -1,4 +1,4 @@
-import { statSync } from "node:fs";
+import { realpathSync, statSync } from "node:fs";
 import path from "node:path";
 import { APPROVAL_POLICIES, MODE_PRESETS, REASONING_EFFORTS, SANDBOX_MODES, } from "../config.js";
 import { makeSessionKey } from "../store/sessions.js";
@@ -56,6 +56,7 @@ export function formatHelpText(ctx, projects) {
             "/queue drop <id>",
             "/queue clear",
             "/stop",
+            "/admin",
             "",
             formatPrivateProjectSummary(projects),
         ].join("\n");
@@ -97,15 +98,17 @@ export function formatHelpText(ctx, projects) {
         "/web default|disabled|cached|live",
         "/network on|off",
         "/gitcheck skip|enforce",
-        "/adddir list|add|drop|clear",
+        "/adddir list|add|add-external|drop|clear",
         "/schema show|set|clear",
         "/codexconfig show|set|clear",
     ].join("\n");
 }
 export function formatPrivateStatus(store, projects) {
+    const binding = store.getBindingCodeState();
     return [
         "telecodex admin",
         `authorized telegram user id: ${store.getAuthorizedUserId() ?? "not bound"}`,
+        binding?.mode === "rebind" ? `pending handoff: active until ${binding.expiresAt}` : "pending handoff: none",
         "",
         formatPrivateProjectSummary(projects),
     ].join("\n");
@@ -199,11 +202,12 @@ export function resolveExistingDirectory(input) {
     if (!stat.isDirectory()) {
         throw new Error(`Not a directory: ${resolved}`);
     }
-    return resolved;
+    return canonicalizeBoundaryPath(resolved);
 }
 export function assertProjectScopedPath(input, projectRoot) {
-    const resolved = path.resolve(input.trim());
-    if (!isPathWithinRoot(resolved, projectRoot)) {
+    const resolved = resolveExistingDirectory(input);
+    const canonicalRoot = resolveExistingDirectory(projectRoot);
+    if (!isPathWithinRoot(resolved, canonicalRoot)) {
         throw new Error(["Path must stay within the project root.", `project root: ${projectRoot}`, `input: ${resolved}`].join("\n"));
     }
     return resolved;
@@ -233,7 +237,16 @@ export function hasTopicContext(ctx) {
     return ctx.message?.message_thread_id != null || ctx.callbackQuery?.message?.message_thread_id != null;
 }
 export function isPathWithinRoot(candidate, root) {
-    const resolvedCandidate = path.resolve(candidate);
-    const resolvedRoot = path.resolve(root);
+    const resolvedCandidate = canonicalizeBoundaryPath(candidate);
+    const resolvedRoot = canonicalizeBoundaryPath(root);
     return resolvedCandidate === resolvedRoot || resolvedCandidate.startsWith(`${resolvedRoot}${path.sep}`);
 }
+function canonicalizeBoundaryPath(input) {
+    const resolved = path.resolve(input);
+    try {
+        return realpathSync.native(resolved);
+    }
+    catch {
+        return resolved;
+    }
+}

package/dist/bot/createBot.js

@@ -8,7 +8,6 @@ export function wireBot(input) {
     const { bot, config, store, projects, codex, bootstrapCode, logger, onAdminBound } = input;
     const buffers = new MessageBuffer(bot, config.updateIntervalMs, logger?.child("message-buffer"));
     bot.use(authMiddleware({
-        bootstrapCode,
         store,
         ...(logger ? { logger: logger.child("auth") } : {}),
         ...(onAdminBound ? { onAdminBound } : {}),

package/dist/bot/handlers/operationalHandlers.js

@@ -1,4 +1,5 @@
 import { presetFromProfile } from "../../config.js";
+import { generateBindingCode } from "../../runtime/bindingCodes.js";
 import { formatSessionRuntimeStatus } from "../../runtime/sessionRuntime.js";
 import { refreshSessionIfActiveTurnIsStale } from "../inputService.js";
 import { contextLogFields, formatHelpText, formatPrivateStatus, formatProjectStatus, formatReasoningEffort, getProjectForContext, getScopedSession, hasTopicContext, isPrivateChat, parseSubcommand, } from "../commandSupport.js";
@@ -8,6 +9,57 @@ export function registerOperationalHandlers(deps) {
     bot.command(["start", "help"], async (ctx) => {
         await ctx.reply(formatHelpText(ctx, projects));
     });
+    bot.command("admin", async (ctx) => {
+        if (!isPrivateChat(ctx)) {
+            await ctx.reply("Use /admin in the bot private chat.");
+            return;
+        }
+        const authorizedUserId = store.getAuthorizedUserId();
+        if (authorizedUserId == null) {
+            await ctx.reply("Admin binding is not completed yet.");
+            return;
+        }
+        const { command } = parseSubcommand(ctx.match.trim());
+        const binding = store.getBindingCodeState();
+        if (!command || command === "status") {
+            await ctx.reply([
+                "Admin status",
+                `authorized telegram user id: ${authorizedUserId}`,
+                binding?.mode === "rebind"
+                    ? `pending handoff: active until ${formatIsoTimestamp(binding.expiresAt)} (${binding.maxAttempts - binding.attempts} attempts remaining)`
+                    : "pending handoff: none",
+                "Usage: /admin | /admin rebind | /admin cancel",
+            ].join("\n"));
+            return;
+        }
+        if (command === "rebind") {
+            const next = store.issueBindingCode({
+                code: generateBindingCode("rebind"),
+                mode: "rebind",
+                issuedByUserId: authorizedUserId,
+            });
+            await ctx.reply([
+                "Admin handoff code created.",
+                `expires at: ${formatIsoTimestamp(next.expiresAt)}`,
+                `max failed attempts: ${next.maxAttempts}`,
+                "",
+                next.code,
+                "",
+                "Send this code from the target Telegram account in this bot's private chat to transfer control.",
+            ].join("\n"));
+            return;
+        }
+        if (command === "cancel") {
+            if (binding?.mode !== "rebind") {
+                await ctx.reply("No pending admin handoff.");
+                return;
+            }
+            store.clearBindingCode();
+            await ctx.reply("Cancelled the pending admin handoff.");
+            return;
+        }
+        await ctx.reply("Usage: /admin | /admin rebind | /admin cancel");
+    });
     bot.command("status", async (ctx) => {
         if (isPrivateChat(ctx)) {
             await ctx.reply(formatPrivateStatus(store, projects));

package/dist/bot/handlers/sessionConfigHandlers.js

@@ -177,28 +177,29 @@ export function registerSessionConfigHandlers(deps) {
         await ctx.reply(`Set git repo check: ${value}`);
     });
     bot.command("adddir", async (ctx) => {
+        const project = getProjectForContext(ctx, projects);
         const session = getScopedSession(ctx, store, projects, config);
-        if (!session)
+        if (!project || !session)
             return;
         const [command, ...rest] = ctx.match.trim().split(/\s+/).filter(Boolean);
         const args = rest.join(" ");
         if (!command || command === "list") {
             await ctx.reply(session.additionalDirectories.length === 0
-                ? "additional directories: none\nUsage: /adddir add <absolute-path> | /adddir drop <index> | /adddir clear"
+                ? "additional directories: none\nUsage: /adddir add <path-inside-project> | /adddir add-external <absolute-path> | /adddir drop <index> | /adddir clear"
                 : [
                     "additional directories:",
                     ...session.additionalDirectories.map((directory, index) => `${index + 1}. ${directory}`),
-                    "Usage: /adddir add <absolute-path> | /adddir drop <index> | /adddir clear",
+                    "Usage: /adddir add <path-inside-project> | /adddir add-external <absolute-path> | /adddir drop <index> | /adddir clear",
                 ].join("\n"));
             return;
         }
         if (command === "add") {
             if (!args) {
-                await ctx.reply("Usage: /adddir add <absolute-path>");
+                await ctx.reply("Usage: /adddir add <path-inside-project>");
                 return;
             }
             try {
-                const directory = resolveExistingDirectory(args);
+                const directory = assertProjectScopedPath(args, project.cwd);
                 const next = [...session.additionalDirectories.filter((entry) => entry !== directory), directory];
                 store.setAdditionalDirectories(session.sessionKey, next);
                 await ctx.reply(`Added additional directory:\n${directory}`);
@@ -208,6 +209,26 @@ export function registerSessionConfigHandlers(deps) {
             }
             return;
         }
+        if (command === "add-external") {
+            if (!args) {
+                await ctx.reply("Usage: /adddir add-external <absolute-path>");
+                return;
+            }
+            try {
+                const directory = resolveExistingDirectory(args);
+                const next = [...session.additionalDirectories.filter((entry) => entry !== directory), directory];
+                store.setAdditionalDirectories(session.sessionKey, next);
+                await ctx.reply([
+                    "Added external additional directory outside the project root.",
+                    directory,
+                    "Codex can now read files there during future runs.",
+                ].join("\n"));
+            }
+            catch (error) {
+                await ctx.reply(error instanceof Error ? error.message : String(error));
+            }
+            return;
+        }
         if (command === "drop") {
             const index = Number(args);
             if (!Number.isInteger(index) || index <= 0 || index > session.additionalDirectories.length) {
@@ -224,7 +245,7 @@ export function registerSessionConfigHandlers(deps) {
             await ctx.reply("Cleared additional directories.");
             return;
         }
-        await ctx.reply("Usage: /adddir list | /adddir add <absolute-path> | /adddir drop <index> | /adddir clear");
+        await ctx.reply("Usage: /adddir list | /adddir add <path-inside-project> | /adddir add-external <absolute-path> | /adddir drop <index> | /adddir clear");
     });
     bot.command("schema", async (ctx) => {
         const session = getScopedSession(ctx, store, projects, config);

package/dist/runtime/bindingCodes.js

@@ -0,0 +1,5 @@
+import { randomBytes } from "node:crypto";
+export function generateBindingCode(mode) {
+    const prefix = mode === "rebind" ? "rebind" : "bind";
+    return `${prefix}-${randomBytes(6).toString("base64url")}`;
+}

package/dist/runtime/bootstrap.js

@@ -1,15 +1,15 @@
 import { cancel, confirm, intro, isCancel, note, password, spinner, text, } from "@clack/prompts";
 import clipboard from "clipboardy";
 import { spawnSync } from "node:child_process";
-import { randomBytes } from "node:crypto";
 import { existsSync } from "node:fs";
 import path from "node:path";
 import { Bot, GrammyError, HttpError } from "grammy";
 import { buildConfig } from "../config.js";
 import { openDatabase } from "../store/db.js";
 import { ProjectStore } from "../store/projects.js";
-import { SessionStore } from "../store/sessions.js";
+import { BINDING_CODE_MAX_ATTEMPTS, SessionStore } from "../store/sessions.js";
 import { getStateDbPath } from "./appPaths.js";
+import { generateBindingCode } from "./bindingCodes.js";
 import { PLAINTEXT_TOKEN_FALLBACK_ENV, SecretStore, } from "./secrets.js";
 const MAC_CODEX_BIN = "/Applications/Codex.app/Contents/Resources/codex";
 export async function bootstrapRuntime() {
@@ -35,19 +35,27 @@ export async function bootstrapRuntime() {
     });
     let bootstrapCode = null;
     if (store.getAuthorizedUserId() == null) {
-        bootstrapCode = store.getBootstrapCode();
-        if (!bootstrapCode) {
-            bootstrapCode = generateBootstrapCode();
-            store.setBootstrapCode(bootstrapCode);
+        let binding = store.getBindingCodeState();
+        if (!binding || binding.mode !== "bootstrap") {
+            binding = store.issueBindingCode({
+                code: generateBindingCode("bootstrap"),
+                mode: "bootstrap",
+            });
         }
+        bootstrapCode = binding.code;
+    }
+    else if (store.getBindingCodeState()?.mode === "bootstrap") {
+        store.clearBindingCode();
     }
     if (bootstrapCode) {
+        const binding = store.getBindingCodeState();
         const copied = await copyBootstrapCode(bootstrapCode);
         note([
             `Bot: ${botUsername ? `@${botUsername}` : "unknown"}`,
             `Workspace: ${config.defaultCwd}`,
             copied ? "Binding code copied to the clipboard." : "Failed to copy the binding code. Copy it manually.",
-            "This binding code stays valid until an admin account successfully claims it.",
+            `Binding code expires at: ${binding?.expiresAt ?? "unknown"}`,
+            `Max failed attempts: ${binding?.maxAttempts ?? BINDING_CODE_MAX_ATTEMPTS}`,
             "",
             bootstrapCode,
         ].join("\n"), "Admin Binding");
@@ -208,6 +216,3 @@ function exitCancelled() {
     cancel("Cancelled");
     process.exit(0);
 }
-function generateBootstrapCode() {
-    return `bind-${randomBytes(6).toString("base64url")}`;
-}

package/dist/store/sessions.js

@@ -1,4 +1,6 @@
 import { DEFAULT_SESSION_PROFILE, isSessionApprovalPolicy, isSessionReasoningEffort, isSessionSandboxMode, isSessionWebSearchMode, } from "../config.js";
+export const BINDING_CODE_TTL_MS = 15 * 60 * 1000;
+export const BINDING_CODE_MAX_ATTEMPTS = 5;
 export class SessionStore {
     db;
     constructor(db) {
@@ -26,13 +28,96 @@ export class SessionStore {
         return Number.isSafeInteger(userId) ? userId : null;
     }
     getBootstrapCode() {
-        return this.getAppState("bootstrap_code");
+        const binding = this.getBindingCodeState();
+        return binding?.mode === "bootstrap" ? binding.code : null;
     }
     setBootstrapCode(code) {
-        this.setAppState("bootstrap_code", code);
+        this.issueBindingCode({
+            code,
+            mode: "bootstrap",
+        });
     }
     clearBootstrapCode() {
+        this.clearBindingCode();
+    }
+    getBindingCodeState(now = new Date()) {
+        const code = this.getAppState("bootstrap_code");
+        const createdAt = this.getAppState("binding_code_created_at");
+        const expiresAt = this.getAppState("binding_code_expires_at");
+        if (!code || !createdAt || !expiresAt)
+            return null;
+        const expiresAtMs = Date.parse(expiresAt);
+        if (!Number.isFinite(expiresAtMs) || expiresAtMs <= now.getTime()) {
+            this.clearBindingCode();
+            return null;
+        }
+        const attempts = normalizeNonNegativeInteger(this.getAppState("binding_code_attempts"));
+        if (attempts >= BINDING_CODE_MAX_ATTEMPTS) {
+            this.clearBindingCode();
+            return null;
+        }
+        return {
+            code,
+            mode: normalizeBindingCodeMode(this.getAppState("binding_code_mode")),
+            createdAt,
+            expiresAt,
+            attempts,
+            maxAttempts: BINDING_CODE_MAX_ATTEMPTS,
+            issuedByUserId: normalizeOptionalUserId(this.getAppState("binding_code_issued_by_user_id")),
+        };
+    }
+    issueBindingCode(input) {
+        const now = input.now ?? new Date();
+        const createdAt = now.toISOString();
+        const expiresAt = new Date(now.getTime() + (input.ttlMs ?? BINDING_CODE_TTL_MS)).toISOString();
+        this.setAppState("bootstrap_code", input.code);
+        this.setAppState("binding_code_mode", input.mode);
+        this.setAppState("binding_code_created_at", createdAt);
+        this.setAppState("binding_code_expires_at", expiresAt);
+        this.setAppState("binding_code_attempts", "0");
+        if (input.issuedByUserId == null) {
+            this.deleteAppState("binding_code_issued_by_user_id");
+        }
+        else {
+            this.setAppState("binding_code_issued_by_user_id", String(input.issuedByUserId));
+        }
+        return {
+            code: input.code,
+            mode: input.mode,
+            createdAt,
+            expiresAt,
+            attempts: 0,
+            maxAttempts: BINDING_CODE_MAX_ATTEMPTS,
+            issuedByUserId: input.issuedByUserId ?? null,
+        };
+    }
+    recordBindingCodeFailure(now = new Date()) {
+        const state = this.getBindingCodeState(now);
+        if (!state)
+            return null;
+        const attempts = state.attempts + 1;
+        if (attempts >= state.maxAttempts) {
+            this.clearBindingCode();
+            return {
+                attempts,
+                remaining: 0,
+                exhausted: true,
+            };
+        }
+        this.setAppState("binding_code_attempts", String(attempts));
+        return {
+            attempts,
+            remaining: state.maxAttempts - attempts,
+            exhausted: false,
+        };
+    }
+    clearBindingCode() {
         this.deleteAppState("bootstrap_code");
+        this.deleteAppState("binding_code_mode");
+        this.deleteAppState("binding_code_created_at");
+        this.deleteAppState("binding_code_expires_at");
+        this.deleteAppState("binding_code_attempts");
+        this.deleteAppState("binding_code_issued_by_user_id");
     }
     claimAuthorizedUserId(userId) {
         const existing = this.getAuthorizedUserId();
@@ -42,11 +127,16 @@ export class SessionStore {
         const current = this.getAuthorizedUserId();
         if (current == null)
             throw new Error("Failed to persist authorized Telegram user id");
-        this.clearBootstrapCode();
+        this.clearBindingCode();
         return current;
     }
+    rebindAuthorizedUserId(userId) {
+        this.setAppState("authorized_user_id", String(userId));
+        this.clearBindingCode();
+    }
     clearAuthorizedUserId() {
         this.deleteAppState("authorized_user_id");
+        this.clearBindingCode();
     }
     getOrCreate(input) {
         const existing = this.get(input.sessionKey);
@@ -285,6 +375,21 @@ function normalizeRuntimeStatus(value, activeTurnId) {
             return activeTurnId ? "running" : "idle";
     }
 }
+function normalizeBindingCodeMode(value) {
+    return value === "rebind" ? "rebind" : "bootstrap";
+}
+function normalizeNonNegativeInteger(value) {
+    if (!value)
+        return 0;
+    const parsed = Number(value);
+    return Number.isSafeInteger(parsed) && parsed >= 0 ? parsed : 0;
+}
+function normalizeOptionalUserId(value) {
+    if (value == null)
+        return null;
+    const parsed = Number(value);
+    return Number.isSafeInteger(parsed) ? parsed : null;
+}
 function parseStoredCodexInput(inputJson, fallbackText) {
     if (!inputJson)
         return fallbackText;

package/dist/telegram/renderer.js

@@ -11,6 +11,11 @@ export function escapeHtml(value) {
         .replaceAll("<", "&lt;")
         .replaceAll(">", "&gt;");
 }
+function escapeHtmlAttribute(value) {
+    return escapeHtml(value)
+        .replaceAll('"', "&quot;")
+        .replaceAll("'", "&#39;");
+}
 export function renderMarkdownForTelegram(markdown) {
     const tokens = md.parse(markdown, {});
     const html = renderTokens(tokens).replace(/\n{3,}/g, "\n\n").trim();
@@ -95,6 +100,7 @@ function renderTokens(tokens) {
 }
 function renderInline(tokens) {
     let out = "";
+    const linkStack = [];
     for (const token of tokens) {
         switch (token.type) {
             case "text":
@@ -122,12 +128,18 @@ function renderInline(tokens) {
                 out += "</s>";
                 break;
             case "link_open": {
-                const href = token.attrGet("href");
-                out += href ? `<a href="${escapeHtml(href)}">` : "";
+                const href = sanitizeTelegramHref(token.attrGet("href"));
+                const opened = Boolean(href);
+                linkStack.push(opened);
+                if (href) {
+                    out += `<a href="${escapeHtmlAttribute(href)}">`;
+                }
                 break;
             }
             case "link_close":
-                out += "</a>";
+                if (linkStack.pop()) {
+                    out += "</a>";
+                }
                 break;
             case "softbreak":
             case "hardbreak":
@@ -144,3 +156,28 @@ function renderInline(tokens) {
     }
     return out;
 }
+function sanitizeTelegramHref(value) {
+    if (!value)
+        return null;
+    const href = value.trim();
+    if (!href)
+        return null;
+    try {
+        const url = new URL(href);
+        return isAllowedTelegramProtocol(url.protocol) ? url.toString() : null;
+    }
+    catch {
+        return null;
+    }
+}
+function isAllowedTelegramProtocol(protocol) {
+    switch (protocol) {
+        case "http:":
+        case "https:":
+        case "mailto:":
+        case "tg:":
+            return true;
+        default:
+            return false;
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "telecodex",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "Telegram bridge for local Codex.",
   "license": "MIT",
   "type": "module",