feat(new-setup): wrap node/docker installs and add generic set-env step

Adds three allowlist-friendly setup helpers so /new-setup and /new-setup-2
don't hit unmatchable commands during a fresh install:

- setup/install-node.sh — idempotent Node 22 install wrapper (macOS via brew,
  Linux via NodeSource + apt). Replaces the raw `curl | sudo -E bash -` flow
  whose stdin-consuming `bash -` segment can't be pre-approved.
- setup/install-docker.sh — same pattern for Docker (brew --cask on macOS,
  get.docker.com on Linux + usermod).
- setup/set-env.ts — generic `--step set-env` that writes KEY=VALUE to .env
  (and optionally syncs to data/env/env) so channel-install flows don't
  invent `grep && sed && rm` pipelines, which split at each && and can't be
  tightly allowlisted.

new-setup-2's Telegram path now uses set-env for TELEGRAM_BOT_TOKEN and
explicitly skips /add-telegram's Credentials section. new-setup step 1 and
step 2 now call the install wrappers; the raw curl/apt entries are gone from
the allowed-tools list.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

setup/index.ts

@@ -10,6 +10,7 @@ const STEPS: Record<
   () => Promise<{ run: (args: string[]) => Promise<void> }>
 > = {
   timezone: () => import('./timezone.js'),
+  'set-env': () => import('./set-env.js'),
   environment: () => import('./environment.js'),
   container: () => import('./container.js'),
   register: () => import('./register.js'),

setup/install-docker.sh

@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+# Setup helper: install-docker — bundles Docker install into one idempotent
+# script so /new-setup can run it without needing `curl | sh` in the allowlist
+# (pipelines split at matching time, and `sh` receiving stdin can't be
+# pre-approved safely).
+#
+# The script itself is the allowlisted unit; the pipes and sudo live inside
+# it. Starting the daemon (after install) stays separate — `open -a Docker`
+# and `sudo systemctl start docker` are already in the allowlist.
+set -euo pipefail
+
+echo "=== NANOCLAW SETUP: INSTALL_DOCKER ==="
+
+if command -v docker >/dev/null 2>&1; then
+  echo "STATUS: already-installed"
+  echo "DOCKER_VERSION: $(docker --version 2>/dev/null || echo unknown)"
+  echo "=== END ==="
+  exit 0
+fi
+
+case "$(uname -s)" in
+  Darwin)
+    echo "STEP: brew-install-docker"
+    if ! command -v brew >/dev/null 2>&1; then
+      echo "STATUS: failed"
+      echo "ERROR: Homebrew not installed. Install brew first (https://brew.sh) then re-run."
+      echo "=== END ==="
+      exit 1
+    fi
+    brew install --cask docker
+    ;;
+  Linux)
+    echo "STEP: docker-get-script"
+    curl -fsSL https://get.docker.com | sh
+    echo "STEP: usermod-docker-group"
+    sudo usermod -aG docker "$USER"
+    echo "NOTE: you may need to log out and back in for docker group membership to take effect"
+    ;;
+  *)
+    echo "STATUS: failed"
+    echo "ERROR: Unsupported platform: $(uname -s)"
+    echo "=== END ==="
+    exit 1
+    ;;
+esac
+
+if ! command -v docker >/dev/null 2>&1; then
+  echo "STATUS: failed"
+  echo "ERROR: docker not found on PATH after install"
+  echo "=== END ==="
+  exit 1
+fi
+
+echo "STATUS: installed"
+echo "DOCKER_VERSION: $(docker --version 2>/dev/null || echo unknown)"
+echo "=== END ==="

setup/install-node.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+# Setup helper: install-node — bundles Node 22 install into one idempotent
+# script so /new-setup can run it without needing `curl | sudo -E bash -` in
+# the allowlist (that pattern is inherently unmatchable — bash reads from
+# stdin, so pre-approval can't inspect what's being executed).
+#
+# The script itself is the allowlisted unit; the pipes and sudo live inside
+# it. Pure bash by design — runs before Node exists on the host.
+set -euo pipefail
+
+echo "=== NANOCLAW SETUP: INSTALL_NODE ==="
+
+if command -v node >/dev/null 2>&1; then
+  echo "STATUS: already-installed"
+  echo "NODE_VERSION: $(node --version)"
+  echo "=== END ==="
+  exit 0
+fi
+
+case "$(uname -s)" in
+  Darwin)
+    echo "STEP: brew-install-node"
+    if ! command -v brew >/dev/null 2>&1; then
+      echo "STATUS: failed"
+      echo "ERROR: Homebrew not installed. Install brew first (https://brew.sh) then re-run."
+      echo "=== END ==="
+      exit 1
+    fi
+    brew install node@22
+    ;;
+  Linux)
+    echo "STEP: nodesource-setup"
+    curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
+    echo "STEP: apt-install-nodejs"
+    sudo apt-get install -y nodejs
+    ;;
+  *)
+    echo "STATUS: failed"
+    echo "ERROR: Unsupported platform: $(uname -s)"
+    echo "=== END ==="
+    exit 1
+    ;;
+esac
+
+if ! command -v node >/dev/null 2>&1; then
+  echo "STATUS: failed"
+  echo "ERROR: node not found on PATH after install"
+  echo "=== END ==="
+  exit 1
+fi
+
+echo "STATUS: installed"
+echo "NODE_VERSION: $(node --version)"
+echo "=== END ==="

setup/set-env.ts

@@ -0,0 +1,77 @@
+/**
+ * Step: set-env — Write or update a KEY=VALUE in .env, with optional sync to
+ * data/env/env (the container-mounted copy).
+ *
+ * Usage:
+ *   pnpm exec tsx setup/index.ts --step set-env -- \
+ *     --key TELEGRAM_BOT_TOKEN --value "<token>" [--sync-container]
+ *
+ * Exists so channel-install flows don't have to invent grep/sed/rm pipelines
+ * (which can't be allowlisted tightly — sed can read any file, and each
+ * segment of an && chain is matched separately).
+ *
+ * Logs the key but never the value.
+ */
+import fs from 'fs';
+import path from 'path';
+
+import { log } from '../src/log.js';
+import { emitStatus } from './status.js';
+
+export async function run(args: string[]): Promise<void> {
+  const keyIdx = args.indexOf('--key');
+  const valueIdx = args.indexOf('--value');
+  const syncContainer = args.includes('--sync-container');
+
+  if (keyIdx === -1 || !args[keyIdx + 1]) {
+    throw new Error('--key <KEY> is required');
+  }
+  if (valueIdx === -1 || args[valueIdx + 1] === undefined) {
+    throw new Error('--value <VALUE> is required');
+  }
+
+  const key = args[keyIdx + 1];
+  const value = args[valueIdx + 1];
+
+  if (!/^[A-Z][A-Z0-9_]*$/.test(key)) {
+    throw new Error(`Invalid env key: ${key} (must be UPPER_SNAKE_CASE)`);
+  }
+
+  const projectRoot = process.cwd();
+  const envFile = path.join(projectRoot, '.env');
+
+  let content = '';
+  if (fs.existsSync(envFile)) {
+    content = fs.readFileSync(envFile, 'utf-8');
+  }
+
+  const lineRegex = new RegExp(`^${key}=.*$`, 'm');
+  const newLine = `${key}=${value}`;
+  const existed = lineRegex.test(content);
+
+  if (existed) {
+    content = content.replace(lineRegex, newLine);
+  } else {
+    const sep = content && !content.endsWith('\n') ? '\n' : '';
+    content = content + sep + newLine + '\n';
+  }
+
+  fs.writeFileSync(envFile, content);
+  log.info('Updated .env', { key, existed });
+
+  let synced = false;
+  if (syncContainer) {
+    const dataEnvDir = path.join(projectRoot, 'data', 'env');
+    fs.mkdirSync(dataEnvDir, { recursive: true });
+    fs.copyFileSync(envFile, path.join(dataEnvDir, 'env'));
+    synced = true;
+    log.info('Synced .env to container mount', { path: 'data/env/env' });
+  }
+
+  emitStatus('SET_ENV', {
+    KEY: key,
+    EXISTED: existed,
+    SYNCED_TO_CONTAINER: synced,
+    STATUS: 'success',
+  });
+}