thepopebot 1.0.0

package/lib/tools/telegram.js

@@ -0,0 +1,222 @@
+const { Bot } = require('grammy');
+const { hydrateReply } = require('@grammyjs/parse-mode');
+
+const MAX_LENGTH = 4096;
+
+let bot = null;
+let currentToken = null;
+
+/**
+ * Get or create bot instance
+ * @param {string} token - Bot token from @BotFather
+ * @returns {Bot} grammY Bot instance
+ */
+function getBot(token) {
+  if (!bot || currentToken !== token) {
+    bot = new Bot(token);
+    bot.use(hydrateReply);
+    currentToken = token;
+  }
+  return bot;
+}
+
+/**
+ * Set webhook for a Telegram bot
+ * @param {string} botToken - Bot token from @BotFather
+ * @param {string} webhookUrl - HTTPS URL to receive updates
+ * @param {string} [secretToken] - Optional secret token for verification
+ * @returns {Promise<boolean>} - Success status
+ */
+async function setWebhook(botToken, webhookUrl, secretToken) {
+  const b = getBot(botToken);
+  const options = {};
+  if (secretToken) {
+    options.secret_token = secretToken;
+  }
+  return b.api.setWebhook(webhookUrl, options);
+}
+
+/**
+ * Smart split text into chunks that fit Telegram's limit
+ * Prefers splitting at paragraph > newline > sentence > space
+ * @param {string} text - Text to split
+ * @param {number} maxLength - Maximum chunk length
+ * @returns {string[]} Array of chunks
+ */
+function smartSplit(text, maxLength = MAX_LENGTH) {
+  if (text.length <= maxLength) return [text];
+
+  const chunks = [];
+  let remaining = text;
+
+  while (remaining.length > 0) {
+    if (remaining.length <= maxLength) {
+      chunks.push(remaining);
+      break;
+    }
+
+    const chunk = remaining.slice(0, maxLength);
+    let splitAt = -1;
+
+    // Try to split at natural boundaries (prefer earlier ones)
+    for (const delim of ['\n\n', '\n', '. ', ' ']) {
+      const idx = chunk.lastIndexOf(delim);
+      if (idx > maxLength * 0.3) {
+        splitAt = idx + delim.length;
+        break;
+      }
+    }
+
+    if (splitAt === -1) splitAt = maxLength;
+
+    chunks.push(remaining.slice(0, splitAt).trimEnd());
+    remaining = remaining.slice(splitAt).trimStart();
+  }
+
+  return chunks;
+}
+
+/**
+ * Escape HTML special characters
+ * @param {string} text - Text to escape
+ * @returns {string} Escaped text
+ */
+function escapeHtml(text) {
+  if (!text) return '';
+  return text
+    .replace(/&/g, '&amp;')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;');
+}
+
+/**
+ * Send a message to a Telegram chat with HTML formatting
+ * Automatically splits long messages
+ * @param {string} botToken - Bot token from @BotFather
+ * @param {number|string} chatId - Chat ID to send message to
+ * @param {string} text - Message text (HTML formatted)
+ * @param {Object} [options] - Additional options
+ * @param {boolean} [options.disablePreview] - Disable link previews
+ * @returns {Promise<Object>} - Last message sent
+ */
+async function sendMessage(botToken, chatId, text, options = {}) {
+  const b = getBot(botToken);
+  // Strip HTML comments — Telegram's HTML parser doesn't support them
+  text = text.replace(/<!--[\s\S]*?-->/g, '');
+  const chunks = smartSplit(text, MAX_LENGTH);
+
+  let lastMessage;
+  for (const chunk of chunks) {
+    lastMessage = await b.api.sendMessage(chatId, chunk, {
+      parse_mode: 'HTML',
+      link_preview_options: { is_disabled: options.disablePreview ?? false },
+    });
+  }
+
+  return lastMessage;
+}
+
+/**
+ * Format a job notification message
+ * @param {Object} params - Notification parameters
+ * @param {string} params.jobId - Full job ID
+ * @param {boolean} params.success - Whether job succeeded
+ * @param {string} params.summary - Job summary text
+ * @param {string} params.prUrl - PR URL
+ * @returns {string} Formatted HTML message
+ */
+function formatJobNotification({ jobId, success, summary, prUrl }) {
+  const emoji = success ? '\u2705' : '\u26a0\ufe0f';
+  const status = success ? 'complete' : 'had issues';
+  const shortId = jobId.slice(0, 8);
+
+  return `${emoji} <b>Job ${shortId}</b> ${status}
+
+${escapeHtml(summary)}
+
+<a href="${prUrl}">View PR</a>`;
+}
+
+/**
+ * Download a file from Telegram servers
+ * @param {string} botToken - Bot token from @BotFather
+ * @param {string} fileId - Telegram file_id
+ * @returns {Promise<{buffer: Buffer, filename: string}>}
+ */
+async function downloadFile(botToken, fileId) {
+  // Get file path from Telegram
+  const fileInfoRes = await fetch(
+    `https://api.telegram.org/bot${botToken}/getFile?file_id=${fileId}`
+  );
+  const fileInfo = await fileInfoRes.json();
+  if (!fileInfo.ok) {
+    throw new Error(`Telegram API error: ${fileInfo.description}`);
+  }
+
+  const filePath = fileInfo.result.file_path;
+
+  // Download file
+  const fileRes = await fetch(
+    `https://api.telegram.org/file/bot${botToken}/${filePath}`
+  );
+  const buffer = Buffer.from(await fileRes.arrayBuffer());
+  const filename = filePath.split('/').pop();
+
+  return { buffer, filename };
+}
+
+/**
+ * React to a message with an emoji
+ * @param {string} botToken - Bot token from @BotFather
+ * @param {number|string} chatId - Chat ID
+ * @param {number} messageId - Message ID to react to
+ * @param {string} [emoji='\ud83d\udc4d'] - Emoji to react with
+ */
+async function reactToMessage(botToken, chatId, messageId, emoji = '\ud83d\udc4d') {
+  const b = getBot(botToken);
+  await b.api.setMessageReaction(chatId, messageId, [{ type: 'emoji', emoji }]);
+}
+
+/**
+ * Start a repeating typing indicator for a chat.
+ * Returns a stop function. The indicator naturally expires after 5s,
+ * so we re-send with random gaps (5.5-8s) to look human.
+ * @param {string} botToken - Bot token from @BotFather
+ * @param {number|string} chatId - Chat ID
+ * @returns {Function} Call to stop the typing indicator
+ */
+function startTypingIndicator(botToken, chatId) {
+  const b = getBot(botToken);
+  let timeout;
+  let stopped = false;
+
+  function scheduleNext() {
+    if (stopped) return;
+    const delay = 5500 + Math.random() * 2500;
+    timeout = setTimeout(() => {
+      if (stopped) return;
+      b.api.sendChatAction(chatId, 'typing').catch(() => {});
+      scheduleNext();
+    }, delay);
+  }
+
+  b.api.sendChatAction(chatId, 'typing').catch(() => {});
+  scheduleNext();
+
+  return () => {
+    stopped = true;
+    clearTimeout(timeout);
+  };
+}
+
+module.exports = {
+  getBot,
+  setWebhook,
+  sendMessage,
+  smartSplit,
+  escapeHtml,
+  formatJobNotification,
+  downloadFile,
+  reactToMessage,
+  startTypingIndicator,
+};

package/lib/triggers.js

@@ -0,0 +1,105 @@
+const fs = require('fs');
+const paths = require('./paths');
+
+const { executeAction } = require('./actions');
+
+/**
+ * Replace {{body.field}} templates with values from request context
+ * @param {string} template - String with {{body.field}} placeholders
+ * @param {Object} context - { body, query, headers }
+ * @returns {string}
+ */
+function resolveTemplate(template, context) {
+  return template.replace(/\{\{(\w+)(?:\.(\w+))?\}\}/g, (match, source, field) => {
+    const data = context[source];
+    if (data === undefined) return match;
+    if (!field) return typeof data === 'string' ? data : JSON.stringify(data, null, 2);
+    if (data[field] !== undefined) return String(data[field]);
+    return match;
+  });
+}
+
+/**
+ * Execute all actions for a trigger (fire-and-forget)
+ * @param {Object} trigger - Trigger config object
+ * @param {Object} context - { body, query, headers }
+ */
+async function executeActions(trigger, context) {
+  for (const action of trigger.actions) {
+    try {
+      const resolved = { ...action };
+      if (resolved.command) resolved.command = resolveTemplate(resolved.command, context);
+      if (resolved.job) resolved.job = resolveTemplate(resolved.job, context);
+      const result = await executeAction(resolved, { cwd: paths.triggersDir, data: context.body });
+      console.log(`[TRIGGER] ${trigger.name}: ${result || 'ran'}`);
+    } catch (err) {
+      console.error(`[TRIGGER] ${trigger.name}: error - ${err.message}`);
+    }
+  }
+}
+
+/**
+ * Load triggers from TRIGGERS.json and return trigger map + fire function
+ * @returns {{ triggerMap: Map, fireTriggers: Function }}
+ */
+function loadTriggers() {
+  const triggerFile = paths.triggersFile;
+  const triggerMap = new Map();
+
+  console.log('\n--- Triggers ---');
+
+  if (!fs.existsSync(triggerFile)) {
+    console.log('No TRIGGERS.json found');
+    console.log('----------------\n');
+    return { triggerMap, fireTriggers: () => {} };
+  }
+
+  const triggers = JSON.parse(fs.readFileSync(triggerFile, 'utf8'));
+
+  for (const trigger of triggers) {
+    if (trigger.enabled === false) continue;
+
+    if (!triggerMap.has(trigger.watch_path)) {
+      triggerMap.set(trigger.watch_path, []);
+    }
+    triggerMap.get(trigger.watch_path).push(trigger);
+  }
+
+  const activeCount = [...triggerMap.values()].reduce((sum, arr) => sum + arr.length, 0);
+
+  if (activeCount === 0) {
+    console.log('No active triggers');
+  } else {
+    for (const [watchPath, pathTriggers] of triggerMap) {
+      for (const t of pathTriggers) {
+        const actionTypes = t.actions.map(a => a.type || 'agent').join(', ');
+        console.log(`  ${t.name}: ${watchPath} (${actionTypes})`);
+      }
+    }
+  }
+
+  console.log('----------------\n');
+
+  /**
+   * Fire matching triggers for a given path (non-blocking)
+   * @param {string} path - Request path (e.g., '/webhook')
+   * @param {Object} body - Request body
+   * @param {Object} [query={}] - Query parameters
+   * @param {Object} [headers={}] - Request headers
+   */
+  function fireTriggers(path, body, query = {}, headers = {}) {
+    const matched = triggerMap.get(path);
+    if (matched) {
+      const context = { body, query, headers };
+      for (const trigger of matched) {
+        executeActions(trigger, context).catch(err => {
+          console.error(`[TRIGGER] ${trigger.name}: unhandled error - ${err.message}`);
+        });
+      }
+    }
+  }
+
+  return { triggerMap, fireTriggers };
+}
+
+module.exports = { loadTriggers };

package/lib/utils/render-md.js

@@ -0,0 +1,39 @@
+const fs = require('fs');
+const path = require('path');
+const paths = require('../paths');
+
+const INCLUDE_PATTERN = /\{\{([^}]+\.md)\}\}/g;
+
+/**
+ * Render a markdown file, resolving {{filepath}} includes recursively.
+ * Referenced file paths resolve relative to the project root.
+ * @param {string} filePath - Absolute path to the markdown file
+ * @param {string[]} [chain=[]] - Already-resolved file paths (for circular detection)
+ * @returns {string} Rendered markdown content
+ */
+function render_md(filePath, chain = []) {
+  const resolved = path.resolve(filePath);
+
+  if (chain.includes(resolved)) {
+    const cycle = [...chain, resolved].map((p) => path.relative(paths.PROJECT_ROOT, p)).join(' -> ');
+    console.log(`[render_md] Circular include detected: ${cycle}`);
+    return '';
+  }
+
+  if (!fs.existsSync(resolved)) {
+    return '';
+  }
+
+  const content = fs.readFileSync(resolved, 'utf8');
+  const currentChain = [...chain, resolved];
+
+  return content.replace(INCLUDE_PATTERN, (match, includePath) => {
+    const includeResolved = path.resolve(paths.PROJECT_ROOT, includePath.trim());
+    if (!fs.existsSync(includeResolved)) {
+      return match;
+    }
+    return render_md(includeResolved, currentChain);
+  });
+}
+
+module.exports = { render_md };

package/package.json

@@ -0,0 +1,57 @@
+{
+  "name": "thepopebot",
+  "version": "1.0.0",
+  "description": "Create autonomous AI agents with a two-layer architecture: Next.js Event Handler + Docker Agent.",
+  "bin": {
+    "thepopebot": "./bin/cli.js"
+  },
+  "main": "api/index.js",
+  "exports": {
+    "./api": "./api/index.js",
+    "./config": "./config/index.js",
+    "./instrumentation": "./config/instrumentation.js"
+  },
+  "files": [
+    "bin/",
+    "lib/",
+    "api/",
+    "config/",
+    "setup/",
+    "docker/",
+    "pi/",
+    "templates/"
+  ],
+  "scripts": {
+    "test": "echo \"No tests yet\" && exit 0"
+  },
+  "keywords": [
+    "ai",
+    "agent",
+    "autonomous",
+    "telegram",
+    "bot",
+    "claude",
+    "nextjs"
+  ],
+  "author": "Stephen Pope",
+  "license": "MIT",
+  "dependencies": {
+    "@grammyjs/parse-mode": "^2.2.0",
+    "dotenv": "^16.3.1",
+    "grammy": "^1.39.3",
+    "node-cron": "^3.0.3",
+    "uuid": "^9.0.0",
+    "chalk": "^5.3.0",
+    "inquirer": "^9.2.12",
+    "open": "^10.0.0",
+    "ora": "^8.0.1"
+  },
+  "peerDependencies": {
+    "next": ">=15.0.0",
+    "react": ">=19.0.0",
+    "react-dom": ">=19.0.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}

package/pi/extensions/env-sanitizer/index.ts

@@ -0,0 +1,48 @@
+/**
+ * Env Sanitizer Extension - Protects credentials from AI agent access
+ *
+ * Uses Pi's spawnHook to filter sensitive env vars from bash subprocess calls
+ * while keeping them available in the main process for:
+ * - Anthropic SDK (needs ANTHROPIC_API_KEY at init)
+ * - GitHub CLI (needs GH_TOKEN)
+ * - Other extensions that may need credentials
+ *
+ * Dynamically filters all keys defined in the SECRETS JSON env var.
+ */
+
+import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+import { createBashTool } from "@mariozechner/pi-coding-agent";
+
+// Parse SECRETS JSON to get list of keys to filter
+function getSecretKeys(): string[] {
+  const keys: string[] = [];
+  if (process.env.SECRETS) {
+    try {
+      const secrets = JSON.parse(process.env.SECRETS);
+      keys.push(...Object.keys(secrets));
+    } catch {
+      // Invalid JSON, ignore
+    }
+  }
+  // Always filter SECRETS itself
+  keys.push("SECRETS");
+  return [...new Set(keys)]; // Dedupe
+}
+
+export default function (pi: ExtensionAPI) {
+  const secretKeys = getSecretKeys();
+
+  // Override bash tool with filtered environment for subprocesses
+  const bashTool = createBashTool(process.cwd(), {
+    spawnHook: ({ command, cwd, env }) => {
+      // Filter all secret keys from subprocess environment
+      const filteredEnv = { ...env };
+      for (const key of secretKeys) {
+        delete filteredEnv[key];
+      }
+      return { command, cwd, env: filteredEnv };
+    },
+  });
+
+  pi.registerTool(bashTool);
+}

package/pi/extensions/env-sanitizer/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "env-sanitizer",
+  "private": true,
+  "type": "module"
+}

package/pi/skills/llm-secrets/SKILL.md

@@ -0,0 +1,34 @@
+---
+name: llm-secrets
+description: List available LLM-accessible credentials. Use when you need API keys, passwords, or other secrets that have been made available to you.
+---
+
+# List Available Secrets
+
+```bash
+/job/.pi/skills/llm-secrets/llm-secrets.js
+```
+
+Shows the names of available secret keys (not values). Output example:
+
+```
+Available secrets:
+  - BROWSER_PASSWORD
+  - SOME_API_KEY
+
+To get a value: echo $KEY_NAME
+```
+
+## Get a Secret Value
+
+```bash
+echo $KEY_NAME
+```
+
+Replace `KEY_NAME` with one of the available secret names.
+
+## When to Use
+
+- When a skill or tool needs authentication credentials
+- When logging into a website via browser tools
+- When calling an external API that requires a key

package/pi/skills/llm-secrets/llm-secrets.js

@@ -0,0 +1,34 @@
+#!/usr/bin/env node
+
+/**
+ * llm-secrets.js - List available LLM-accessible secret keys
+ *
+ * Usage: llm-secrets.js
+ *
+ * Lists the key names from LLM_SECRETS (not the values).
+ * To get a value, use: echo $KEY_NAME
+ */
+
+const secretsBase64 = process.env.LLM_SECRETS;
+
+if (!secretsBase64) {
+  console.log('No LLM_SECRETS configured.');
+  process.exit(0);
+}
+
+try {
+  const decoded = Buffer.from(secretsBase64, 'base64').toString('utf-8');
+  const parsed = JSON.parse(decoded);
+  const keys = Object.keys(parsed);
+
+  if (keys.length === 0) {
+    console.log('LLM_SECRETS is empty.');
+  } else {
+    console.log('Available secrets:');
+    keys.forEach(key => console.log(`  - ${key}`));
+    console.log('\nTo get a value: echo $KEY_NAME');
+  }
+} catch (e) {
+  console.error('Error parsing LLM_SECRETS:', e.message);
+  process.exit(1);
+}