sync: dev → main (ASCII README, setup rewrite, onboarding, uninstall, telegram fix)#32
sync: dev → main (ASCII README, setup rewrite, onboarding, uninstall, telegram fix)#32auroracapital merged 11 commits intomainfrom
Conversation
…d org URLs (#11) - All GitHub URLs now point to Lifecycle-Innovations-Limited/claude-ops - Root README: correct /plugin marketplace add + install commands, MCP vs CLI comparison table showing what each path gains/loses per integration - Inner README: consistent /ops:* colon syntax, GSD as optional, integrations split into CLI-only / MCP-only / choose-with-tradeoffs / plugin-bundled - setup.sh: auto-install missing core tools + npm deps on SessionStart - plugin.json: updated author URL, homepage, repository - marketplace.json + SECURITY.md: updated email Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Setup wizard now offers to install GSD (Get Shit Done) as a companion plugin. Pulls latest version via plugin marketplace. Users choose [Install GSD] or [Skip]. Enhances /ops:go, /ops:projects, /ops:next dashboards with project roadmap state. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Interactive uninstall that cleans up everything: keychain credentials, preferences, cache, shell profile exports, MCP registrations, and the plugin itself. Confirms each deletion step before proceeding. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Server no longer exits at startup when TELEGRAM_API_ID/HASH/SESSION are unset. It starts as a valid MCP server and returns a clear "not configured" error on every tool call instead of crashing, keeping the plugin loadable without Telegram credentials. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Rewrote README with block ASCII logo, terminal-style /ops:go dashboard mockup, box-drawing tables throughout, and section headers — no content removed. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…gram/WhatsApp flows (#30) * fix(setup): fix CLI probes, add appendix, improve registry/prefs/Telegram flows - Replace broken `gog inbox list` probe with `gog gmail labels list --json` - Replace broken `gog cal events --time-min` probe with `gog cal list --json --max 3` - Add CLI Reference Appendix with exact, tested syntax for gog, wacli, Slack, and keychain - Preferences step now always asks owner name, timezone (7 options), verbosity, and default channels — never auto-fills from memory - Registry step now scans filesystem for git repos via find and presents multiSelect; adds "Auto-detect from existing registry" option - Add parallelization rule to Hard Rules: run all diagnostic probes in parallel, background slow commands - Telegram flow now requires explicit opt-in ask before starting phone/auth flow; no silent skip - WhatsApp backfill failures are now swallowed silently; summary line never shows message counts or 0-result spam - Never show user's real name or email unless explicitly provided in the current session - Fix `wacli chats` → `wacli chats list` (correct subcommand) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add first-run onboarding banners (ops-welcome + ops-setup-complete) Animated ASCII art welcome sequence on first SessionStart (gates on preferences.json existence). Setup completion dashboard with channel/ project/agent/skill counts. Both scripts use ANSI colors with NO_COLOR graceful degradation. SessionStart hook updated to run welcome before setup check. Setup SKILL.md Step 8 calls completion banner with actual counts. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
|
Mention Blocks like a regular teammate with your question or request: @blocks review this pull request Run |
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (5)
📝 WalkthroughWalkthroughFive files across the Claude Ops plugin were modified to enhance the initialization experience and improve Telegram server robustness. Two new Bash scripts provide animated terminal UI for welcome messaging and setup completion. The hook system was updated to trigger the welcome script. The setup wizard documentation was substantially revised to enforce stricter privacy rules, standardize commands, and improve project discovery workflows. The Telegram server now gracefully handles missing credentials instead of terminating. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~22 minutes Poem
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
💡 Codex Reviewclaude-ops/claude-ops/scripts/setup.sh Line 27 in 9bf49f2 Because this script runs with The ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is ON, but it could not run because the branch was deleted or merged before autofix could start.
Reviewed by Cursor Bugbot for commit 682fefa. Configure here.
| } | ||
| if (CONFIGURED) { | ||
| // First-run interactive auth mode (only when creds are available) | ||
| if (process.argv.includes("--auth")) { |
There was a problem hiding this comment.
--auth flow unreachable without existing session string
High Severity
The CONFIGURED guard on line 42 requires SESSION_STRING to be truthy, but the --auth flow (line 50) exists specifically to generate a session string when one doesn't exist yet. Since --auth is nested inside if (CONFIGURED), first-time authentication is now impossible — users with only API_ID and API_HASH can never reach the interactive auth prompt. The README documents exactly this flow (run --auth without TELEGRAM_SESSION). The --auth check needs to be gated only on API_ID && API_HASH, not on the full CONFIGURED condition.
Reviewed by Cursor Bugbot for commit 682fefa. Configure here.
There was a problem hiding this comment.
Pull request overview
Syncs dev into main, refreshing project docs/onboarding and adjusting setup/operational behavior (including Telegram MCP server behavior and CI gitleaks execution).
Changes:
- Rewrites top-level README and plugin README for new onboarding/quick-start flows and updated org/repo references.
- Updates setup/uninstall skill docs and adds welcome + post-setup banners; adjusts SessionStart hook behavior.
- Changes Telegram MCP server startup behavior and modifies CI to run gitleaks via downloaded binary.
Reviewed changes
Copilot reviewed 3 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| SECURITY.md | Updates security contact email address. |
| README.md | Major onboarding rewrite with new install steps, ASCII branding, and updated links. |
| claude-ops/telegram-server/index.js | Allows server to start unconfigured and returns a friendly error when tools are called without a client. |
| claude-ops/skills/uninstall/SKILL.md | Adds an uninstall skill with steps to remove cached data/credentials and unregister integrations. |
| claude-ops/skills/setup/SKILL.md | Expands setup wizard instructions (privacy rule, companion plugins, WhatsApp/Gmail probes, registry autodiscovery, completion banner). |
| claude-ops/scripts/setup.sh | Shifts from “check” to “auto-install + validate” behavior for tools/deps and changes output style. |
| claude-ops/README.md | Updates plugin README for /ops:* command naming and new integration/setup guidance. |
| claude-ops/hooks/hooks.json | Runs a first-run welcome banner and the setup script on SessionStart. |
| claude-ops/bin/ops-welcome | New first-run animated welcome banner. |
| claude-ops/bin/ops-setup-complete | New post-setup “system online” banner. |
| claude-ops/.claude-plugin/plugin.json | Updates author/repo links to the new GitHub org. |
| .github/workflows/ci.yml | Replaces gitleaks GitHub Action with manual download + execution of the gitleaks binary. |
| .github/PULL_REQUEST_TEMPLATE.md | Adds PR template. |
| .github/ISSUE_TEMPLATE/feature_request.md | Adds feature request issue template. |
| .github/ISSUE_TEMPLATE/bug_report.md | Adds bug report issue template. |
| .github/CONTRIBUTING.md | Adds contributing guidelines (branching, PR process, style, testing). |
| .claude-plugin/marketplace.json | Updates marketplace owner email address. |
Comments suppressed due to low confidence (1)
claude-ops/skills/setup/SKILL.md:137
- The GSD install instructions here reference
auroracapital/get-shit-done, but the repo documentation referencesLifecycle-Innovations-Limited/get-shit-done. Please align the marketplace slug and plugin install identifier consistently across docs; otherwise this step will fail for users following the wizard.
On install, run:
```bash
claude plugin marketplace add auroracapital/get-shit-done && claude plugin install gsd@auroracapital-get-shit-done
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| // Detect whether credentials are present — server always starts regardless | ||
| const CONFIGURED = !!(API_ID && API_HASH && SESSION_STRING); | ||
| const NOT_CONFIGURED_MSG = | ||
| "Telegram not configured. Run /ops:setup telegram to set up your credentials."; |
There was a problem hiding this comment.
CONFIGURED currently requires SESSION_STRING, but the --auth path is guarded by if (CONFIGURED). This prevents first-run auth from generating a new session when TELEGRAM_SESSION is not set (the common case). Consider gating --auth on just API_ID/API_HASH (and allowing an empty StringSession), while keeping the normal server connect path requiring a saved session.
|
|
||
| If the user skips, record `channels.telegram = "skipped"` in `$PREFS_PATH` and move on. Do NOT silently mark Telegram as unconfigured — the explicit skip prevents the status header from showing `○ telegram (no token)` as an action item on subsequent runs. | ||
|
|
||
| **Bots cannot read user DMs**, so `/ops-inbox telegram` requires a personal-account MCP. The plugin ships `bin/ops-telegram-autolink.mjs` which: |
There was a problem hiding this comment.
This section refers to /ops-inbox telegram, but the command naming elsewhere in this repo uses /ops:inbox. Update the command reference here to match the actual slash command to avoid user confusion and broken instructions.
| **Bots cannot read user DMs**, so `/ops-inbox telegram` requires a personal-account MCP. The plugin ships `bin/ops-telegram-autolink.mjs` which: | |
| **Bots cannot read user DMs**, so `/ops:inbox telegram` requires a personal-account MCP. The plugin ships `bin/ops-telegram-autolink.mjs` which: |
| ); | ||
| client = null; |
There was a problem hiding this comment.
Bug: If Telegram authorization fails on startup, the established connection is not disconnected, causing a resource leak in the long-running server process.
Severity: MEDIUM
Suggested Fix
Before setting client = null in the if block that handles failed authorization, add a call to await client.disconnect() to ensure the active connection is properly terminated and its resources are released.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: claude-ops/telegram-server/index.js#L98-L99
Potential issue: When the Telegram server starts with an invalid session,
`client.checkAuthorization()` returns false. The code proceeds to set `client = null`
without first calling `await client.disconnect()`. This occurs after a connection has
already been successfully established via `await client.connect()`. This abandons the
active MTProto connection, leading to a resource leak (network socket, memory) that
persists for the lifetime of the long-running server process. This behavior contradicts
the required cleanup patterns documented for the `gram.js` library and used elsewhere in
the codebase.
Did we get this right? 👍 / 👎 to inform future reviews.
… telegram fix) (#32) * docs: rewrite READMEs with correct install flow, MCP vs CLI guide, and org URLs (#11) - All GitHub URLs now point to Lifecycle-Innovations-Limited/claude-ops - Root README: correct /plugin marketplace add + install commands, MCP vs CLI comparison table showing what each path gains/loses per integration - Inner README: consistent /ops:* colon syntax, GSD as optional, integrations split into CLI-only / MCP-only / choose-with-tradeoffs / plugin-bundled - setup.sh: auto-install missing core tools + npm deps on SessionStart - plugin.json: updated author URL, homepage, repository - marketplace.json + SECURITY.md: updated email Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: clarify Telegram setup is fully automated (phone + 2 codes) (#12) Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: add GSD companion plugin auto-install to setup wizard (#13) Setup wizard now offers to install GSD (Get Shit Done) as a companion plugin. Pulls latest version via plugin marketplace. Users choose [Install GSD] or [Skip]. Enhances /ops:go, /ops:projects, /ops:next dashboards with project roadmap state. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: replace gitleaks-action with local binary * Add CONTRIBUTING.md and issue/PR templates Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(ci): update gitleaks to v8.30.1 — linux_x64 asset name * feat: add /ops:uninstall skill for complete plugin removal (#26) Interactive uninstall that cleans up everything: keychain credentials, preferences, cache, shell profile exports, MCP registrations, and the plugin itself. Confirms each deletion step before proceeding. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(telegram): graceful degradation when credentials are missing (#28) Server no longer exits at startup when TELEGRAM_API_ID/HASH/SESSION are unset. It starts as a valid MCP server and returns a clear "not configured" error on every tool call instead of crashing, keeping the plugin loadable without Telegram credentials. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: polish README with ASCII art and terminal aesthetic (#29) Rewrote README with block ASCII logo, terminal-style /ops:go dashboard mockup, box-drawing tables throughout, and section headers — no content removed. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(setup): fix CLI probes, add appendix, improve registry/prefs/Telegram/WhatsApp flows (#30) * fix(setup): fix CLI probes, add appendix, improve registry/prefs/Telegram flows - Replace broken `gog inbox list` probe with `gog gmail labels list --json` - Replace broken `gog cal events --time-min` probe with `gog cal list --json --max 3` - Add CLI Reference Appendix with exact, tested syntax for gog, wacli, Slack, and keychain - Preferences step now always asks owner name, timezone (7 options), verbosity, and default channels — never auto-fills from memory - Registry step now scans filesystem for git repos via find and presents multiSelect; adds "Auto-detect from existing registry" option - Add parallelization rule to Hard Rules: run all diagnostic probes in parallel, background slow commands - Telegram flow now requires explicit opt-in ask before starting phone/auth flow; no silent skip - WhatsApp backfill failures are now swallowed silently; summary line never shows message counts or 0-result spam - Never show user's real name or email unless explicitly provided in the current session - Fix `wacli chats` → `wacli chats list` (correct subcommand) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add first-run onboarding banners (ops-welcome + ops-setup-complete) Animated ASCII art welcome sequence on first SessionStart (gates on preferences.json existence). Setup completion dashboard with channel/ project/agent/skill counts. Both scripts use ANSI colors with NO_COLOR graceful degradation. SessionStart hook updated to run welcome before setup check. Setup SKILL.md Step 8 calls completion banner with actual counts. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
10 commits from dev
Note
Medium Risk
Medium risk because it changes SessionStart behavior and the Telegram MCP server’s startup/auth handling, which could affect messaging integration availability and error modes. Most other changes are documentation/wizard-flow updates and new UI banners with low functional risk.
Overview
Adds new
bin/ops-welcome(first-run animated banner) wired intohooks.jsonSessionStart, plusbin/ops-setup-completeto display a post-setup “dashboard” banner with configured counts.Updates
skills/setup/SKILL.mdto tighten privacy rules (no name/email autofill), parallelize probes, add explicit Telegram opt-in/skip semantics, adjust WhatsApp/email/calendar probe/backfill guidance (includingwacli chats listand quieter backfill), add filesystem auto-discovery for project registry, expand preference prompts, and invoke the new completion banner at the end.Hardens
telegram-server/index.jsto start even when unconfigured: it no longer exits on missing creds, treats failed/invalid sessions as warnings, returns a friendly error for tool calls when not configured, and guards disconnect on shutdown.Reviewed by Cursor Bugbot for commit 682fefa. Bugbot is set up for automated code reviews on this repo. Configure here.
Summary by CodeRabbit
New Features
Documentation