revert: restore Allow/Deny button labels

feat(telegram,discord): compact permission messages with expandable details
Replace verbose permission request messages with a compact format showing only the tool name. Adds a "See more" button that expands inline to show tool_name, description, and pretty-printed input_preview JSON. Yes/No buttons replace Allow/Deny. Bump plugin versions to 0.0.4.
2026-04-26 03:32:44 +00:00 · 2026-03-23 22:50:27 -07:00 · 2026-03-23 22:48:34 -07:00 · 2026-03-23 22:19:51 -07:00 · 2026-03-23 13:15:41 -07:00
4 changed files with 159 additions and 15 deletions
--- a/external_plugins/discord/.claude-plugin/plugin.json
+++ b/external_plugins/discord/.claude-plugin/plugin.json
@@ -1,7 +1,7 @@
 {
  "name": "discord",
  "description": "Discord channel for Claude Code \u2014 messaging bridge with built-in access control. Manage pairing, allowlists, and policy via /discord:access.",
-  "version": "0.0.2",
+  "version": "0.0.4",
  "keywords": [
    "discord",
    "messaging",
--- a/external_plugins/discord/server.ts
+++ b/external_plugins/discord/server.ts
@@ -22,8 +22,12 @@ import {
  GatewayIntentBits,
  Partials,
  ChannelType,
+  ButtonBuilder,
+  ButtonStyle,
+  ActionRowBuilder,
  type Message,
  type Attachment,
+  type Interaction,
 } from 'discord.js'
 import { randomBytes } from 'crypto'
 import { readFileSync, writeFileSync, mkdirSync, readdirSync, rmSync, statSync, renameSync, realpathSync, chmodSync } from 'fs'
@@ -459,6 +463,9 @@ const mcp = new Server(
  },
 )

+// Stores full permission details for "See more" expansion keyed by request_id.
+const pendingPermissions = new Map<string, { tool_name: string; description: string; input_preview: string }>()
+
 // Receive permission_request from CC → format → send to all allowlisted DMs.
 // Groups are intentionally excluded — the security thread resolution was
 // "single-user mode for official plugins." Anyone in access.allowFrom
@@ -475,17 +482,30 @@ mcp.setNotificationHandler(
  }),
  async ({ params }) => {
    const { request_id, tool_name, description, input_preview } = params
+    pendingPermissions.set(request_id, { tool_name, description, input_preview })
    const access = loadAccess()
-    const text =
-      `🔐 Permission request [${request_id}]\n` +
-      `${tool_name}: ${description}\n` +
-      `${input_preview}\n\n` +
-      `Reply "yes ${request_id}" to allow or "no ${request_id}" to deny.`
+    const text = `🔐 Permission: ${tool_name}`
+    const row = new ActionRowBuilder<ButtonBuilder>().addComponents(
+      new ButtonBuilder()
+        .setCustomId(`perm:more:${request_id}`)
+        .setLabel('See more')
+        .setStyle(ButtonStyle.Secondary),
+      new ButtonBuilder()
+        .setCustomId(`perm:allow:${request_id}`)
+        .setLabel('Allow')
+        .setEmoji('✅')
+        .setStyle(ButtonStyle.Success),
+      new ButtonBuilder()
+        .setCustomId(`perm:deny:${request_id}`)
+        .setLabel('Deny')
+        .setEmoji('❌')
+        .setStyle(ButtonStyle.Danger),
+    )
    for (const userId of access.allowFrom) {
      void (async () => {
        try {
          const user = await client.users.fetch(userId)
-          await user.send(text)
+          await user.send({ content: text, components: [row] })
        } catch (e) {
          process.stderr.write(`permission_request send to ${userId} failed: ${e}\n`)
        }
@@ -718,6 +738,67 @@ client.on('error', err => {
  process.stderr.write(`discord channel: client error: ${err}\n`)
 })

+// Button-click handler for permission requests. customId is
+// `perm:allow:<id>`, `perm:deny:<id>`, or `perm:more:<id>`.
+// Security mirrors the text-reply path: allowFrom must contain the sender.
+client.on('interactionCreate', async (interaction: Interaction) => {
+  if (!interaction.isButton()) return
+  const m = /^perm:(allow|deny|more):([a-km-z]{5})$/.exec(interaction.customId)
+  if (!m) return
+  const access = loadAccess()
+  if (!access.allowFrom.includes(interaction.user.id)) {
+    await interaction.reply({ content: 'Not authorized.', ephemeral: true }).catch(() => {})
+    return
+  }
+  const [, behavior, request_id] = m
+
+  if (behavior === 'more') {
+    const details = pendingPermissions.get(request_id)
+    if (!details) {
+      await interaction.reply({ content: 'Details no longer available.', ephemeral: true }).catch(() => {})
+      return
+    }
+    const { tool_name, description, input_preview } = details
+    let prettyInput: string
+    try {
+      prettyInput = JSON.stringify(JSON.parse(input_preview), null, 2)
+    } catch {
+      prettyInput = input_preview
+    }
+    const expanded =
+      `🔐 Permission: ${tool_name}\n\n` +
+      `tool_name: ${tool_name}\n` +
+      `description: ${description}\n` +
+      `input_preview:\n${prettyInput}`
+    const row = new ActionRowBuilder<ButtonBuilder>().addComponents(
+      new ButtonBuilder()
+        .setCustomId(`perm:allow:${request_id}`)
+        .setLabel('Allow')
+        .setEmoji('✅')
+        .setStyle(ButtonStyle.Success),
+      new ButtonBuilder()
+        .setCustomId(`perm:deny:${request_id}`)
+        .setLabel('Deny')
+        .setEmoji('❌')
+        .setStyle(ButtonStyle.Danger),
+    )
+    await interaction.update({ content: expanded, components: [row] }).catch(() => {})
+    return
+  }
+
+  void mcp.notification({
+    method: 'notifications/claude/channel/permission',
+    params: { request_id, behavior },
+  })
+  pendingPermissions.delete(request_id)
+  const label = behavior === 'allow' ? '✅ Allowed' : '❌ Denied'
+  // Replace buttons with the outcome so the same request can't be answered
+  // twice and the chat history shows what was chosen.
+  await interaction
+    .update({ content: `${interaction.message.content}\n\n${label}`, components: [] })
+    .catch(() => {})
+})
+
 client.on('messageCreate', msg => {
  if (msg.author.bot) return
  handleInbound(msg).catch(e => process.stderr.write(`discord: handleInbound failed: ${e}\n`))
--- a/external_plugins/telegram/.claude-plugin/plugin.json
+++ b/external_plugins/telegram/.claude-plugin/plugin.json
@@ -1,7 +1,7 @@
 {
  "name": "telegram",
  "description": "Telegram channel for Claude Code \u2014 messaging bridge with built-in access control. Manage pairing, allowlists, and policy via /telegram:access.",
-  "version": "0.0.2",
+  "version": "0.0.4",
  "keywords": [
    "telegram",
    "messaging",
--- a/external_plugins/telegram/server.ts
+++ b/external_plugins/telegram/server.ts
@@ -16,7 +16,7 @@ import {
  CallToolRequestSchema,
 } from '@modelcontextprotocol/sdk/types.js'
 import { z } from 'zod'
-import { Bot, GrammyError, InputFile, type Context } from 'grammy'
+import { Bot, GrammyError, InlineKeyboard, InputFile, type Context } from 'grammy'
 import type { ReactionTypeEmoji } from 'grammy/types'
 import { randomBytes } from 'crypto'
 import { readFileSync, writeFileSync, mkdirSync, readdirSync, rmSync, statSync, renameSync, realpathSync, chmodSync } from 'fs'
@@ -379,6 +379,9 @@ const mcp = new Server(
  },
 )

+// Stores full permission details for "See more" expansion keyed by request_id.
+const pendingPermissions = new Map<string, { tool_name: string; description: string; input_preview: string }>()
+
 // Receive permission_request from CC → format → send to all allowlisted DMs.
 // Groups are intentionally excluded — the security thread resolution was
 // "single-user mode for official plugins." Anyone in access.allowFrom
@@ -395,14 +398,15 @@ mcp.setNotificationHandler(
  }),
  async ({ params }) => {
    const { request_id, tool_name, description, input_preview } = params
+    pendingPermissions.set(request_id, { tool_name, description, input_preview })
    const access = loadAccess()
-    const text =
-      `🔐 Permission request [${request_id}]\n` +
-      `${tool_name}: ${description}\n` +
-      `${input_preview}\n\n` +
-      `Reply "yes ${request_id}" to allow or "no ${request_id}" to deny.`
+    const text = `🔐 Permission: ${tool_name}`
+    const keyboard = new InlineKeyboard()
+      .text('See more', `perm:more:${request_id}`)
+      .text('✅ Allow', `perm:allow:${request_id}`)
+      .text('❌ Deny', `perm:deny:${request_id}`)
    for (const chat_id of access.allowFrom) {
-      void bot.api.sendMessage(chat_id, text).catch(e => {
+      void bot.api.sendMessage(chat_id, text, { reply_markup: keyboard }).catch(e => {
        process.stderr.write(`permission_request send to ${chat_id} failed: ${e}\n`)
      })
    }
@@ -683,6 +687,65 @@ bot.command('status', async ctx => {
  await ctx.reply(`Not paired. Send me a message to get a pairing code.`)
 })

+// Inline-button handler for permission requests. Callback data is
+// `perm:allow:<id>`, `perm:deny:<id>`, or `perm:more:<id>`.
+// Security mirrors the text-reply path: allowFrom must contain the sender.
+bot.on('callback_query:data', async ctx => {
+  const data = ctx.callbackQuery.data
+  const m = /^perm:(allow|deny|more):([a-km-z]{5})$/.exec(data)
+  if (!m) {
+    await ctx.answerCallbackQuery().catch(() => {})
+    return
+  }
+  const access = loadAccess()
+  const senderId = String(ctx.from.id)
+  if (!access.allowFrom.includes(senderId)) {
+    await ctx.answerCallbackQuery({ text: 'Not authorized.' }).catch(() => {})
+    return
+  }
+  const [, behavior, request_id] = m
+
+  if (behavior === 'more') {
+    const details = pendingPermissions.get(request_id)
+    if (!details) {
+      await ctx.answerCallbackQuery({ text: 'Details no longer available.' }).catch(() => {})
+      return
+    }
+    const { tool_name, description, input_preview } = details
+    let prettyInput: string
+    try {
+      prettyInput = JSON.stringify(JSON.parse(input_preview), null, 2)
+    } catch {
+      prettyInput = input_preview
+    }
+    const expanded =
+      `🔐 Permission: ${tool_name}\n\n` +
+      `tool_name: ${tool_name}\n` +
+      `description: ${description}\n` +
+      `input_preview:\n${prettyInput}`
+    const keyboard = new InlineKeyboard()
+      .text('✅ Allow', `perm:allow:${request_id}`)
+      .text('❌ Deny', `perm:deny:${request_id}`)
+    await ctx.editMessageText(expanded, { reply_markup: keyboard }).catch(() => {})
+    await ctx.answerCallbackQuery().catch(() => {})
+    return
+  }
+
+  void mcp.notification({
+    method: 'notifications/claude/channel/permission',
+    params: { request_id, behavior },
+  })
+  pendingPermissions.delete(request_id)
+  const label = behavior === 'allow' ? '✅ Allowed' : '❌ Denied'
+  await ctx.answerCallbackQuery({ text: label }).catch(() => {})
+  // Replace buttons with the outcome so the same request can't be answered
+  // twice and the chat history shows what was chosen.
+  const msg = ctx.callbackQuery.message
+  if (msg && 'text' in msg && msg.text) {
+    await ctx.editMessageText(`${msg.text}\n\n${label}`).catch(() => {})
+  }
+})
+
 bot.on('message:text', async ctx => {
  await handleInbound(ctx, ctx.message.text, undefined)
 })
Author	SHA1	Message	Date
Noah Zweben MacBook	ec682345d1	revert: restore Allow/Deny button labels	2026-03-23 22:50:27 -07:00
Noah Zweben MacBook	fce00fe3c3	feat(telegram,discord): compact permission messages with expandable details Replace verbose permission request messages with a compact format showing only the tool name. Adds a "See more" button that expands inline to show tool_name, description, and pretty-printed input_preview JSON. Yes/No buttons replace Allow/Deny. Bump plugin versions to 0.0.4.	2026-03-23 22:48:34 -07:00
Daisy S. Hollman	b3a0714d7f	feat(telegram,discord): inline buttons for permission approval (#945 ) Replace "Reply 'yes abcde' to allow" text instruction with native inline buttons (Telegram InlineKeyboard, Discord ButtonBuilder). One tap to approve/deny instead of typing a 5-char ID. - Telegram: callback_query handler with allowFrom gate, edits message to show outcome and remove buttons after decision - Discord: interactionCreate handler with allowFrom gate, updates interaction with outcome and clears components - Text-reply path (PERMISSION_REPLY_RE) kept as fallback - Bump both plugins to v0.0.3 🏠 Remote-Dev: homespace	2026-03-23 22:19:51 -07:00
Daisy S. Hollman	15268f03d2	Merge pull request #833 from anthropics/daisy/plugin-7/channel-permissions feat(telegram,discord): permission-relay — approve Claude Code tool use from your phone	2026-03-23 13:15:41 -07:00