mirror of
https://github.com/qwibitai/nanoclaw.git
synced 2026-06-12 18:11:51 +08:00
Koshkoshinsk
712a0e1e01
Adds three allowlist-friendly setup helpers so /new-setup and /new-setup-2 don't hit unmatchable commands during a fresh install: - setup/install-node.sh — idempotent Node 22 install wrapper (macOS via brew, Linux via NodeSource + apt). Replaces the raw `curl | sudo -E bash -` flow whose stdin-consuming `bash -` segment can't be pre-approved. - setup/install-docker.sh — same pattern for Docker (brew --cask on macOS, get.docker.com on Linux + usermod). - setup/set-env.ts — generic `--step set-env` that writes KEY=VALUE to .env (and optionally syncs to data/env/env) so channel-install flows don't invent `grep && sed && rm` pipelines, which split at each && and can't be tightly allowlisted. new-setup-2's Telegram path now uses set-env for TELEGRAM_BOT_TOKEN and explicitly skips /add-telegram's Credentials section. new-setup step 1 and step 2 now call the install wrappers; the raw curl/apt entries are gone from the allowed-tools list. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
55 lines
1.5 KiB
Bash
Executable File
55 lines
1.5 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Setup helper: install-node — bundles Node 22 install into one idempotent
|
|
# script so /new-setup can run it without needing `curl | sudo -E bash -` in
|
|
# the allowlist (that pattern is inherently unmatchable — bash reads from
|
|
# stdin, so pre-approval can't inspect what's being executed).
|
|
#
|
|
# The script itself is the allowlisted unit; the pipes and sudo live inside
|
|
# it. Pure bash by design — runs before Node exists on the host.
|
|
set -euo pipefail
|
|
|
|
echo "=== NANOCLAW SETUP: INSTALL_NODE ==="
|
|
|
|
if command -v node >/dev/null 2>&1; then
|
|
echo "STATUS: already-installed"
|
|
echo "NODE_VERSION: $(node --version)"
|
|
echo "=== END ==="
|
|
exit 0
|
|
fi
|
|
|
|
case "$(uname -s)" in
|
|
Darwin)
|
|
echo "STEP: brew-install-node"
|
|
if ! command -v brew >/dev/null 2>&1; then
|
|
echo "STATUS: failed"
|
|
echo "ERROR: Homebrew not installed. Install brew first (https://brew.sh) then re-run."
|
|
echo "=== END ==="
|
|
exit 1
|
|
fi
|
|
brew install node@22
|
|
;;
|
|
Linux)
|
|
echo "STEP: nodesource-setup"
|
|
curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
|
|
echo "STEP: apt-install-nodejs"
|
|
sudo apt-get install -y nodejs
|
|
;;
|
|
*)
|
|
echo "STATUS: failed"
|
|
echo "ERROR: Unsupported platform: $(uname -s)"
|
|
echo "=== END ==="
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
if ! command -v node >/dev/null 2>&1; then
|
|
echo "STATUS: failed"
|
|
echo "ERROR: node not found on PATH after install"
|
|
echo "=== END ==="
|
|
exit 1
|
|
fi
|
|
|
|
echo "STATUS: installed"
|
|
echo "NODE_VERSION: $(node --version)"
|
|
echo "=== END ==="
|