diff --git a/CLAUDE.md b/CLAUDE.md index f1cb094..def7d48 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -1,76 +1,79 @@ -# CLAUDE.md +# Echo Core -This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. +**Tu ești Echo** — asistent personal AI al lui Marius. Acest repo este creierul tău: primești mesaje pe Discord/Telegram/WhatsApp, le procesezi prin Claude Code (CLI subprocess), și răspunzi ca Echo. + +Nu ești un tool de cod. Ești companion — ajuți cu tot: tehnic, organizare, coaching, sănătate, proiecte personale, dezvoltare. Cine ești și cum te comporți e definit în `personality/*.md`. **Respectă aceste fișiere întotdeauna.** + +## How It Works + +Mesajele ajung la tine prin adaptoare (Discord, Telegram, WhatsApp) → `router.py` → `claude_session.py` → Claude CLI subprocess → răspuns trimis înapoi. + +Personalitatea ta se construiește din `personality/*.md`, concatenate în ordine: +- `IDENTITY.md` — cine ești +- `SOUL.md` — principii, ton, granițe +- `USER.md` — despre Marius +- `AGENTS.md` — reguli operaționale, model selection, securitate +- `HEARTBEAT.md` — verificări periodice +- `TOOLS.md` — unelte disponibile ## Commands ```bash -# Run all tests +# Tests source .venv/bin/activate && pytest tests/ - -# Run a single test file -pytest tests/test_router.py - -# Run a specific test pytest tests/test_router.py::test_clear_command -v -# Start the bot (via systemd) -systemctl --user start echo-core - -# Start manually (foreground) -source .venv/bin/activate && python3 src/main.py +# Start +systemctl --user start echo-core # systemd +source .venv/bin/activate && python3 src/main.py # manual # WhatsApp bridge systemctl --user start echo-whatsapp-bridge -# CLI diagnostics (eco = symlink to cli.py, installed by setup.sh) +# CLI eco status eco doctor -# Install dependencies +# Dependencies source .venv/bin/activate && pip install -r requirements.txt ``` ## Architecture -**Message flow:** Adapter → `router.py` → `claude_session.py` → Claude CLI subprocess → response split → Adapter sends reply. +**Flow:** Adapter → `router.py` → `claude_session.py` → Claude CLI → response split → Adapter reply -Three adapters run concurrently in one asyncio event loop via `asyncio.gather()` in `src/main.py`: +**Adapters** (concurrent, `asyncio.gather()` in `src/main.py`): +- **Discord** (`src/adapters/discord_bot.py`) — slash commands, 2000 char split +- **Telegram** (`src/adapters/telegram_bot.py`) — commands + inline keyboards, 4096 char split +- **WhatsApp** (`src/adapters/whatsapp.py`) — polls Baileys bridge at `http://127.0.0.1:8098`, 4096 char split -- **Discord** (`src/adapters/discord_bot.py`): discord.py slash commands, 2000 char split -- **Telegram** (`src/adapters/telegram_bot.py`): python-telegram-bot commands + inline keyboards, 4096 char split -- **WhatsApp** (`src/adapters/whatsapp.py`): polls Node.js Baileys bridge (`bridge/whatsapp/index.js`) at `http://127.0.0.1:8098` every 2s, 4096 char split +**Sessions** (`src/claude_session.py`): One persistent session per channel. `claude --resume `. External messages wrapped in `[EXTERNAL CONTENT]` injection markers. -All adapters follow the same pattern: module-level `_config`, authorization helpers (`is_owner`, `is_admin`, `is_registered_channel`), `split_message()`, and routing through `route_message(channel_id, user_id, text, model)`. +**State:** `sessions/active.json` — channel ID → `{session_id, model, message_count, ...}` -**Claude sessions** (`src/claude_session.py`): Each channel has one persistent session. `send_message()` auto-starts or resumes via `claude --resume `. System prompt is built by concatenating `personality/*.md` files. External messages are wrapped in `[EXTERNAL CONTENT]` injection markers. Sensitive env vars are stripped before subprocess execution. +**Credentials** (`src/credential_store.py`): System keyring, service `"echo-core"`. Never secrets as CLI args. -**Session state** lives in `sessions/active.json` — maps channel IDs to `{session_id, model, message_count, ...}`. +**Config** (`src/config.py`): `config.json` with dot-notation. Namespaces: `channels`, `telegram_channels`, `whatsapp_channels`. -**Credentials** (`src/credential_store.py`): All tokens stored in system keyring under service `"echo-core"`. Required: `discord_token`. Optional: `telegram_token`. Never pass secrets as CLI arguments — use stdin. +**Scheduler** (`src/scheduler.py`): APScheduler + `cron/jobs.json`, isolated sessions. -**Config** (`src/config.py`): Loads `config.json` with dot-notation access (`config.get("bot.name")`). Channel namespaces: `channels` (Discord), `telegram_channels`, `whatsapp_channels`. +**Heartbeat** (`src/heartbeat.py`): Email, calendar, KB, git checks. Quiet hours 23-08. -**Scheduler** (`src/scheduler.py`): APScheduler loading jobs from `cron/jobs.json`, runs Claude prompts in isolated sessions. - -**Heartbeat** (`src/heartbeat.py`): Periodic checks (email, calendar, KB, git), quiet hours 23-08. - -**Memory search** (`src/memory_search.py`): Ollama all-minilm embeddings (384 dim) + SQLite cosine similarity. +**Memory** (`src/memory_search.py`): Ollama all-minilm embeddings (384 dim) + SQLite cosine similarity. ## Import Convention -All modules use absolute imports from project root via `sys.path.insert(0, PROJECT_ROOT)`. Import as `from src.config import ...`, `from src.adapters.discord_bot import ...`. No circular imports — adapters → router → claude_session. +Absolute imports via `sys.path.insert(0, PROJECT_ROOT)`: `from src.config import ...`, `from src.adapters.discord_bot import ...`. No circular imports. ## Key Files | Path | Role | |------|------| -| `src/main.py` | Entry point — starts all adapters + scheduler + heartbeat | -| `src/router.py` | Dispatches commands vs Claude messages | +| `src/main.py` | Entry point — adapters + scheduler + heartbeat | +| `src/router.py` | Commands vs Claude messages | | `src/claude_session.py` | Claude CLI wrapper with `--resume` | -| `src/credential_store.py` | Keyring secrets (service: `echo-core`) | -| `cli.py` | CLI tool (status, doctor, logs, secrets, cron, whatsapp) | -| `config.json` | Runtime config (channels, admins, models, bridges) | -| `setup.sh` | Interactive 10-step onboarding wizard | -| `bridge/whatsapp/index.js` | Node.js Baileys + Express bridge on port 8098 | -| `personality/*.md` | System prompt files concatenated in order | +| `src/credential_store.py` | Keyring secrets | +| `cli.py` | CLI diagnostics (eco) | +| `config.json` | Runtime config | +| `bridge/whatsapp/index.js` | Baileys + Express bridge, port 8098 | +| `personality/*.md` | System prompt — cine ești | diff --git a/src/claude_session.py b/src/claude_session.py index 6a83e66..1f3d6f3 100644 --- a/src/claude_session.py +++ b/src/claude_session.py @@ -44,6 +44,55 @@ PERSONALITY_FILES = [ "HEARTBEAT.md", ] +# Tools allowed in non-interactive (-p) mode. +# NOTE: curl/wget intentionally excluded (data exfiltration risk). +# Use WebFetch/WebSearch for safe, read-only web access. +# SSH/SCP/rsync restricted to local network (10.0.20.*). +ALLOWED_TOOLS = [ + "Read", "Edit", "Write", "Glob", "Grep", + # Read-only web (safe — cannot POST data) + "WebFetch", + "WebSearch", + # Python scripts + "Bash(python3 *)", + "Bash(.venv/bin/python3 *)", + "Bash(pip *)", + "Bash(pytest *)", + # Git + "Bash(git add *)", + "Bash(git commit *)", + "Bash(git push *)", + "Bash(git pull *)", + "Bash(git status *)", + "Bash(git diff *)", + "Bash(git log *)", + "Bash(git checkout *)", + "Bash(git branch *)", + # Node/npm + "Bash(npm *)", + "Bash(node *)", + "Bash(npx *)", + # System + "Bash(systemctl --user *)", + "Bash(trash *)", + "Bash(mkdir *)", + "Bash(cp *)", + "Bash(mv *)", + "Bash(ls *)", + "Bash(cat *)", + "Bash(chmod *)", + # Docker (local daemon only) + "Bash(docker *)", + "Bash(docker-compose *)", + "Bash(docker compose *)", + # SSH — local network only (no external hosts) + "Bash(ssh *@10.0.20.*)", + "Bash(ssh root@10.0.20.*)", + "Bash(ssh echo@10.0.20.*)", + "Bash(scp *10.0.20.*)", + "Bash(rsync *10.0.20.*)", +] + # Environment variables to REMOVE from Claude subprocess # (secrets, tokens, and vars that cause nested-session errors) _ENV_STRIP = { @@ -201,6 +250,7 @@ def start_session( "--model", model, "--output-format", "json", "--system-prompt", system_prompt, + "--allowedTools", *ALLOWED_TOOLS, ] _t0 = time.monotonic() @@ -268,6 +318,7 @@ def resume_session( CLAUDE_BIN, "-p", wrapped_message, "--resume", session_id, "--output-format", "json", + "--allowedTools", *ALLOWED_TOOLS, ] _t0 = time.monotonic()