30e9eec9fb
- Add Commands section with /js, /python, /ts, /bash, /run - Document Piston API fallback for sandbox - Add OpenRouter as AI provider option - Document PostgreSQL/Redis storage layer - Update architecture diagram - Add Sandbox Backends section explaining auto-detection https://claude.ai/code/session_015VqJ7gN4vaxtYfYc92UjLs
8.0 KiB
8.0 KiB
AssureBot
Lean, secure, self-hosted AI assistant for Railway.
Your AI agent that runs on your infrastructure, answers only to you, and you can actually audit.
Why AssureBot?
| Full Moltbot | AssureBot |
|---|---|
| 12+ channels | Telegram only |
| File-based config | Env vars only |
| Plugins/extensions | None (locked down) |
| Desktop/mobile apps | Headless server |
| Complex setup | One-click deploy |
Trade-off: Less features, more trust.
Features
┌─────────────────────────────────────────────────────┐
│ TELEGRAM (your secure UI) │
│ ├── Chat with AI (text, images, documents) │
│ ├── Code execution (15+ languages) │
│ ├── Forward anything → get analysis │
│ └── /commands for actions │
├─────────────────────────────────────────────────────┤
│ CODE EXECUTION │
│ ├── /js, /python, /ts, /bash - Quick execute │
│ ├── /run <lang> <code> - Any language │
│ ├── Docker (local) or Piston API (cloud) │
│ └── Isolated, no network, resource limits │
├─────────────────────────────────────────────────────┤
│ WEBHOOKS IN (authenticated) │
│ ├── GitHub → "PR merged, here's the summary" │
│ ├── Uptime → "Site down, checking why..." │
│ └── Anything → AI-summarized to Telegram │
├─────────────────────────────────────────────────────┤
│ SCHEDULED TASKS (cron) │
│ ├── Morning briefing │
│ ├── Monitor RSS/sites │
│ └── Recurring research │
├─────────────────────────────────────────────────────┤
│ PERSISTENCE (optional) │
│ ├── PostgreSQL - Tasks, user profiles │
│ ├── Redis - Conversations, cache │
│ └── Personality learning per user │
└─────────────────────────────────────────────────────┘
Commands
| Command | Description |
|---|---|
/js <code> |
Run JavaScript |
/python <code> |
Run Python |
/ts <code> |
Run TypeScript |
/bash <code> |
Run shell commands |
/run <lang> <code> |
Run any language |
/status |
Bot & sandbox status |
/clear |
Clear conversation |
/schedule |
Schedule AI tasks |
/tasks |
List scheduled tasks |
/help |
Full command list |
Supported Languages: python, javascript, typescript, bash, rust, go, c, cpp, java, ruby, php
Deploy to Railway
One-Click (Recommended)
This auto-provisions PostgreSQL and Redis for persistence.
Manual
- Fork this repo
- Create Railway project from GitHub
- Set Root Directory to
secure - Set environment variables (see below)
- Optionally add PostgreSQL and Redis services
- Deploy
Configuration
All config via environment variables. No files.
Required
TELEGRAM_BOT_TOKEN=123456:ABC-DEF... # From @BotFather
ALLOWED_USERS=123456789,987654321 # Telegram user IDs
# Pick ONE AI provider:
ANTHROPIC_API_KEY=sk-ant-... # Claude
OPENAI_API_KEY=sk-... # GPT-4
OPENROUTER_API_KEY=sk-or-... # 100+ models
Optional
# AI Model (optional - uses sensible defaults)
AI_MODEL=claude-sonnet-4-20250514 # or gpt-4o, etc.
# Storage (auto-wired on Railway template)
DATABASE_URL=postgres://... # PostgreSQL
REDIS_URL=redis://... # Redis
# Sandbox (enabled by default)
SANDBOX_ENABLED=true # Auto-detects Docker or Piston API
SANDBOX_NETWORK=none # none | bridge
SANDBOX_MEMORY=512m
SANDBOX_CPUS=1
SANDBOX_TIMEOUT_MS=60000
# Webhooks
WEBHOOK_SECRET=random-32-chars # Auto-generated if missing
WEBHOOK_BASE_PATH=/hooks # Default: /hooks
# Scheduler
SCHEDULER_ENABLED=true # Default: true
# Audit
AUDIT_ENABLED=true # Default: true
AUDIT_LOG_PATH=/data/audit.jsonl
# Server
PORT=8080 # Railway sets this
HOST=0.0.0.0
Security Model
What's Enforced
| Control | Implementation |
|---|---|
| Access | Telegram user ID allowlist |
| Auth | Timing-safe token comparison |
| Sandbox | Docker (local) or Piston API (cloud), isolated |
| Secrets | Env-only, auto-redacted in logs |
| Audit | Every interaction logged |
Sandbox Backends
AssureBot auto-detects the best available backend:
- Docker - Full isolation, no network, caps dropped (requires Docker socket)
- Piston API - Free cloud execution, 15+ languages (works on Railway/Render/Fly)
- None - Sandbox disabled if neither available
What's NOT Included
Intentionally removed:
- Web UI / setup wizard
- Plugin system
- WhatsApp/Signal/Discord/Slack
- File-based configuration
- Multi-account support
- Desktop/mobile apps
Run Locally
cd secure
npm install
# Dev mode
TELEGRAM_BOT_TOKEN=xxx \
ANTHROPIC_API_KEY=xxx \
ALLOWED_USERS=123456789 \
npm run dev
# Production
npm run build
npm start
Endpoints
| Path | Description |
|---|---|
/health |
Health check (JSON) |
/ready |
Readiness probe |
/hooks/* |
Webhook receiver (POST, auth required) |
Webhook Usage
# Send a webhook
curl -X POST https://your-app.up.railway.app/hooks/github \
-H "Authorization: Bearer YOUR_WEBHOOK_SECRET" \
-H "Content-Type: application/json" \
-d '{"action": "opened", "pull_request": {"title": "Fix bug"}}'
All webhooks are:
- Authenticated (token required)
- Summarized by AI
- Forwarded to all allowed Telegram users
Audit Log Format
{"ts":"2024-01-15T10:30:00Z","type":"message","userId":123,"text":"Hello","response":"Hi!"}
{"ts":"2024-01-15T10:30:05Z","type":"webhook","path":"/hooks/github","status":200}
{"ts":"2024-01-15T10:30:10Z","type":"sandbox","command":"[python] print(1)","exitCode":0}
Architecture
┌────────────────────┐ ┌────────────────────┐
│ AssureBot │────▶│ Sandbox │
│ (main container) │ │ (Docker/Piston) │
│ │ │ │
│ • Telegram bot │ │ • Code execution │
│ • Webhook recv │ │ • 15+ languages │
│ • Scheduler │ │ • Isolated │
│ • Personality │ │ • No network │
└────────────────────┘ └────────────────────┘
│
├────▶ [PostgreSQL] - Tasks, profiles
├────▶ [Redis] - Conversations, cache
│
▼
[Anthropic/OpenAI/OpenRouter]
(Direct API calls)
License
MIT - Same as Moltbot.
Full Moltbot: github.com/moltbot/moltbot