mirror of
https://github.com/anthropics/claude-plugins-official.git
synced 2026-05-03 17:42:41 +00:00
03a685d5f6
Permission prompts were being broadcast to all allowlisted contacts plus every DM resolvable from the SELF address set. Two compounding bugs: 1. SELF was polluted by chat.last_addressed_handle, which on machines with SMS history returns short codes, business handles, and other contacts' numbers — not just the owner's addresses. One reporter's query returned 50 addresses (2 actually theirs) resolving to 148 DM chats, all of which received permission prompts. 2. Even with a clean SELF, the handler sent to allowFrom + SELF, so every allowlisted contact received the prompt and could reply to approve tool execution on the owner's machine. Fix: - Build SELF from message.account WHERE is_from_me=1 only - Send permission prompts to self-chat only, not allowFrom - Accept permission replies from self-chat only Fixes #1048 Fixes #1010