Document how to find Telegram and Discord user IDs for pre-approving users.
Added comprehensive instructions including:
- Environment variables for TELEGRAM_ALLOWED_USERS and DISCORD_ALLOWED_USERS
- Step-by-step guide to discover user IDs via pairing messages
- Alternative methods (@userinfobot for Telegram, Developer Mode for Discord)
- Updated docker-compose and .env examples
This completes the auto-approval feature documentation for Phala Cloud
deployments, allowing users to skip the manual pairing step.
Enable automatic channel configuration when bot tokens are provided via
environment variables. Previously channels were auto-detected but not enabled
due to --skip-channels flag.
Changes:
- Remove --skip-channels from onboarding to enable channel auto-configuration
- Add TELEGRAM_ALLOWED_USERS and DISCORD_ALLOWED_USERS environment variables
- Auto-configure channel allowlists when user IDs are provided
- Channels are now fully operational on first boot without manual pairing
This allows users to pre-approve specific Telegram/Discord user IDs,
skipping the pairing code step entirely. Users can message the bot
immediately after deployment.
Gateway SIGUSR1 restart keeps PID=1 alive but clears in-memory lock state,
leaving .lock files that appear valid but are orphaned. This causes session
file lock timeouts when new agent sessions try to acquire the same locks.
Solution: On container start, clean all session lock files since they're
guaranteed orphaned (new process state). Lock files are safe to remove on
startup because the gateway hasn't started any agent sessions yet.
Fixes session lock timeout errors after gateway restarts in Docker.
- Add docker-compose.phala.yml for Phala Cloud deployment
- Add docker-entrypoint-phala.sh for auto-configuration
- Auto-configure Redpill provider on first boot
- Auto-configure Telegram/Discord channels from env vars
- Support gateway auth (token/password) modes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add --redpill-api-key CLI flag for non-interactive onboarding
- Add redpill-api-key auth choice handler
- Auto-configure all 18 GPU TEE models in agent allowlist
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add static catalog of 18 GPU TEE models as source of truth.
Models run in secure hardware enclaves with cryptographic attestation.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
CLI backends (claude-cli etc) don't emit streaming assistant events,
causing TUI to show "(no output)" despite correct processing. Now emits
assistant event with final text before lifecycle end so server-chat
buffer gets populated for WebSocket clients.
- Add resumeArgs to DEFAULT_CLAUDE_BACKEND for proper --resume flag usage
- Fix gateway not preserving cliSessionIds/claudeCliSessionId in nextEntry
- Add test for CLI session ID preservation in gateway agent handler
- Update docs with new resumeArgs default
* fix(gateway): prevent auth bypass when behind unconfigured reverse proxy
When proxy headers (X-Forwarded-For, X-Real-IP) are present but
gateway.trustedProxies is not configured, the gateway now treats
connections as non-local. This prevents a scenario where all proxied
requests appear to come from localhost and receive automatic trust.
Previously, running behind nginx/Caddy without configuring trustedProxies
would cause isLocalClient=true for all external connections, potentially
bypassing authentication and auto-approving device pairing.
The gateway now logs a warning when this condition is detected, guiding
operators to configure trustedProxies for proper client IP detection.
Also adds documentation for reverse proxy security configuration.
* fix: harden reverse proxy auth (#1795) (thanks @orlyjamie)
---------
Co-authored-by: orlyjamie <orlyjamie@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* fix(telegram): fall back to text when voice messages forbidden
When TTS auto mode is enabled, slash commands like /status would fail
silently because sendVoice was rejected with VOICE_MESSAGES_FORBIDDEN.
The entire reply would fail without any text being sent.
This adds error handling to catch VOICE_MESSAGES_FORBIDDEN specifically
and fall back to sending the text content as a regular message instead
of failing completely.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: handle telegram voice fallback errors (#1725) (thanks @foeken)
---------
Co-authored-by: Echo <andre.foeken@Donut.local>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
When a cron job runs in isolated mode, the sessions_spawn tool now correctly
inherits the allowAgents permissions from the parent agent's config.
The fix adds a requesterAgentIdOverride parameter that flows through the
tool creation chain:
- resolveEffectiveToolPolicy() extracts the correct agentId from the session key
- This agentId is passed to sessions_spawn and agents_list tools
- The tools use this override instead of re-parsing the session key
This fixes#1767
Fixes#1765
- Extract client ID and secret from Gemini CLI's bundled oauth2.js
- Cross-platform binary lookup (no shell commands)
- Fallback to env vars for user override
- Add tests for credential extraction
The previous check used includes("win") which incorrectly matched
"darwin" (macOS) because it contains "win". This caused cmd.exe to be
used on macOS instead of /bin/sh.
* feat: audit fixes and documentation improvements
- Refactored model selection to drop legacy fallback and add warning
- Improved heartbeat content validation
- Added Skill Creation guide
- Updated CONTRIBUTING.md with roadmap
* style: fix formatting in model-selection.ts
* style: fix formatting and improve model selection logic with tests