Summary
tg-sai profile add --login is buggy in the session-generation path. The wrapper does not honor some documented credential sources, and the Python session helper is too interactive/noisy when invoked by the CLI wrapper.
Findings
profile add --login ignores process environment credentials.
Command shape:
TELEGRAM_API_ID=123 TELEGRAM_API_HASH=fakehash \
bun main.ts profile add --name debug --login --qr
Observed output:
--login requires apiId and apiHash from flags, --src, env, or .env discovery
The error says env, but inputFromProfileAddOptions only merges explicit CLI flags and --src values. It does not merge process.env.
profile add --login does not auto-use the user-local ~/.tg-sai/.env / TG_SAI_DIR/.env path.
A temp TG_SAI_DIR/.env containing TELEGRAM_API_ID and TELEGRAM_API_HASH still produces the same failure unless the user first runs discovery and passes --src explicitly.
- Explicit flags do reach the Python helper.
Command shape:
bun main.ts profile add \
--name debug \
--api-id 123 \
--api-hash fakehash \
--login \
--qr
This launches session_string_generator.py and then fails later with fake credentials:
Error: The api_id/api_hash combination is invalid
So the spawn path works once credentials are passed as flags.
- The Python helper prompts for account label even in wrapper mode.
Even with --qr --session-output <path> --no-env-write, it prompts:
Account label (optional, e.g. 'work', 'personal'; leave empty for default):
Wrapper mode should not prompt for an env-var label because tg-sai profile add --login stores the session in the named tg-sai profile.
- The Python helper prints sensitive values in wrapper mode.
On success, session_string_generator.py prints the generated session string and a command containing the API hash. generateSessionString() uses inherited stdout/stderr, so tg-sai profile add --login would also print those values even though it already captures the session through --session-output.
- Success guidance still references the repo-local development shim.
The helper prints just tg-sai profile add ...; distributed usage should say tg-sai profile add ....
Expected behavior
tg-sai profile add --login should use documented credential sources consistently.
- Wrapper mode should only require interaction for login itself: QR scan, phone code, or 2FA password.
- Wrapper mode should not print the session string or API hash to the terminal.
- Distributed guidance should use
tg-sai, not just tg-sai.
Candidate fix areas
- Merge process env credential values into
profile add credential resolution.
- Decide whether
--login should auto-use exactly one discovered partial credential source, or require explicit --src and update docs/error text.
- Add a wrapper/quiet mode to
session_string_generator.py that suppresses the account-label prompt and sensitive success output while still writing --session-output.
- Update helper success guidance from
just tg-sai to tg-sai.
- Add CLI integration tests for env creds and wrapper mode.
Verification already run
uv run pytest -q session_string_generator_test.py
# 13 passed
bun main.ts profile add --help
uv run python session_string_generator.py --help
Summary
tg-sai profile add --loginis buggy in the session-generation path. The wrapper does not honor some documented credential sources, and the Python session helper is too interactive/noisy when invoked by the CLI wrapper.Findings
profile add --loginignores process environment credentials.Command shape:
Observed output:
The error says
env, butinputFromProfileAddOptionsonly merges explicit CLI flags and--srcvalues. It does not mergeprocess.env.profile add --logindoes not auto-use the user-local~/.tg-sai/.env/TG_SAI_DIR/.envpath.A temp
TG_SAI_DIR/.envcontainingTELEGRAM_API_IDandTELEGRAM_API_HASHstill produces the same failure unless the user first runs discovery and passes--srcexplicitly.Command shape:
This launches
session_string_generator.pyand then fails later with fake credentials:So the spawn path works once credentials are passed as flags.
Even with
--qr --session-output <path> --no-env-write, it prompts:Wrapper mode should not prompt for an env-var label because
tg-sai profile add --loginstores the session in the named tg-sai profile.On success,
session_string_generator.pyprints the generated session string and a command containing the API hash.generateSessionString()uses inherited stdout/stderr, sotg-sai profile add --loginwould also print those values even though it already captures the session through--session-output.The helper prints
just tg-sai profile add ...; distributed usage should saytg-sai profile add ....Expected behavior
tg-sai profile add --loginshould use documented credential sources consistently.tg-sai, notjust tg-sai.Candidate fix areas
profile addcredential resolution.--loginshould auto-use exactly one discovered partial credential source, or require explicit--srcand update docs/error text.session_string_generator.pythat suppresses the account-label prompt and sensitive success output while still writing--session-output.just tg-saitotg-sai.Verification already run
uv run pytest -q session_string_generator_test.py # 13 passed bun main.ts profile add --help uv run python session_string_generator.py --help