@adriangalilea/utils 0.7.0 → 0.9.0

package/dist/bot/access-control.js

@@ -11,59 +11,77 @@
  *      │     no  → drop + notify admin (rate-limited)    │
  *      └─────────────────────────────────────────────────┘
  *                       │
- *           admin gets DM with [✅ Aprobar] [❌ Denegar]
+ *           admin gets DM with [✅ Approve] [❌ Deny]
  *                       │
  *                  admin taps
  *                       │
  *      stranger's session updated  ·  stranger gets DM
  *
- * **Storage layout.** Per-user state lives in its own key, written
- * through `@gramio/session` so the gate read on the hot path costs
- * nothing extra (session is loaded for the user already). A single
- * tiny index key keeps track of who's pending / approved / denied so
- * the `/access` admin menu can list without scanning the whole DB.
+ * **Storage layout.** This plugin stores its per-user record under
+ * the `access` field of the shared session record (see
+ * `bot/CLAUDE.md` § "Shared session, one record per user"). All
+ * per-user state across our plugins coexists in the same record:
  *
- *     storage:
- *       access:<userId>        → AccessRecord  (the user's session)
- *       ac:index               → { pending, approved, denied }
+ *     storage[String(userId)] = {
+ *       access:   { status, approvedAt, … },   // ← this plugin
+ *       language: 'es',                         // ← bot/language
+ *       history:  { items: [...] },             // ← bot/message-history
+ *     }
  *
- * **Cross-user mutations.** When you tap `[✅ Aprobar]` on Pepe's
- * notification, ctx is *yours* (the admin), so `ctx.access` is your
- * own record. To mutate Pepe's record we hit the storage at the same
- * key format we registered the session with (`access:<id>`) and
- * update the index. This isn't a hack — it's our own module
- * coordinating with itself.
+ * Plus one tiny admin-side index so `/access` can list pending /
+ * approved / denied without scanning every user:
  *
- * **Composes with `adminContext`** (kit.ts) — that plugin must be
- * extended first or `bot.start()` throws. Inside this plugin,
- * `ctx.adminId` and `ctx.isAdmin` are typed.
+ *     storage['ac:index'] = { pending: [...ids], approved: [...], denied: [...] }
  *
- * Peer deps: `gramio`, `@gramio/storage`, `@gramio/session`.
+ * **Cross-user mutations.** When the admin taps `[✅ Approve]` on
+ * Pepe's notification, `ctx` is the admin's, so `ctx.session` is the
+ * admin's record — useless for mutating Pepe. We reach for Pepe's
+ * record directly via `storage.get(String(pepeId))`, preserve other
+ * plugins' fields in it (read-modify-write), and put it back.
+ *
+ * **i18n.** Every user-facing string is an inline `{ en, es }`
+ * polyglot literal resolved via `say(value, lang)` at the call site
+ * — no message bundle, no override registry. The recipient's stored
+ * `language` field (set by `bot/language`) picks the variant; falls
+ * back to `'en'`. Want a different default? Set `language` on the
+ * relevant session record before this plugin fires.
+ *
+ * **Composes with**:
+ *   - `adminContext` (kit.ts) — required, gives us `ctx.adminId` /
+ *     `ctx.isAdmin`. Declared as a runtime dependency.
+ *   - `@gramio/session` — the user creates ONE session at bot level
+ *     and passes it to this plugin (and the other session-using
+ *     ones). gramio's runtime dedup ensures the session derive runs
+ *     exactly once per update.
+ *
+ * Peer deps: `gramio`, `@gramio/session`, `@gramio/storage`.
  *
  * @example
  * import { Bot } from 'gramio'
+ * import { session } from '@gramio/session'
  * import { redisStorage } from '@gramio/storage-redis'
  * import { adminContext, gracefulStart } from '@adriangalilea/utils/bot/kit'
  * import { accessControl } from '@adriangalilea/utils/bot/access-control'
  *
  * const storage = redisStorage()
+ * const userSession = session({ storage, key: 'session', initial: () => ({}) })
  *
  * const bot = new Bot(process.env.BOT_TOKEN!)
  *   .extend(adminContext({ adminId: 190202471 }))
- *   .extend(accessControl({ storage, defaults: [1158734055] }))
- *   .command('start', (ctx) => ctx.send(`hola, source=${ctx.access.source}`))
+ *   .extend(userSession)
+ *   .extend(accessControl({ session: userSession, storage, defaults: [1158734055] }))
+ *   .command('start', (ctx) => ctx.send(`source=${ctx.access.source ?? 'denied'}`))
  *
  * await gracefulStart(bot)
  */
 import { CallbackData, InlineKeyboard, Plugin, } from 'gramio';
-import { session } from '@gramio/session';
-import { inMemoryStorage } from '@gramio/storage';
-const SESSION_KEY_PREFIX = 'access:';
+import { say } from '../say/index.js';
 const INDEX_KEY = 'ac:index';
 const FIRST_MSG_LIMIT = 200;
-const DEFAULT_DENY_MSG = 'Este bot es privado. Tu solicitud se ha enviado al admin.';
 const DEFAULT_THROTTLE_MS = 6 * 60 * 60 * 1000;
-const userSessionKey = (userId) => `${SESSION_KEY_PREFIX}${userId}`;
+const FALLBACK_LANG = 'en';
+/** gramio's `@gramio/session` default `getSessionKey` is `String(senderId)`. */
+const sessionKey = (userId) => String(userId);
 // ─── callback schemas ──────────────────────────────────────────────
 //
 // Short `nameId`s keep callback_data under Telegram's 64-byte cap.
@@ -95,34 +113,27 @@ const fmtAge = (ms) => {
         return `${h}h`;
     return `${Math.floor(h / 24)}d`;
 };
-const requestNotificationText = (uid, r, repeat) => {
+const requestNotificationText = (uid, r, repeat, lang) => {
     const parts = [
-        repeat ? '🔁 Acceso re-solicitado' : '🔔 Acceso solicitado',
+        say(repeat
+            ? { en: '🔁 Access re-requested', es: '🔁 Acceso re-solicitado' }
+            : { en: '🔔 Access requested', es: '🔔 Acceso solicitado' }, lang),
         '',
         `👤 ${formatUser(r.user, uid)}`,
         `🆔 ${uid}`,
-        `⏰ hace ${fmtAge(Date.now() - (r.requestedAt ?? Date.now()))}`,
+        `⏰ ${say({ en: 'ago', es: 'hace' }, lang)} ${fmtAge(Date.now() - (r.requestedAt ?? Date.now()))}`,
     ];
-    if (repeat)
-        parts.push(`🔁 intentos: ${(r.rejectedAttempts ?? 0) + 1}`);
+    if (repeat) {
+        parts.push(`🔁 ${say({ en: 'attempts', es: 'intentos' }, lang)}: ${(r.rejectedAttempts ?? 0) + 1}`);
+    }
     if (r.firstMessage)
         parts.push('', `💬 "${r.firstMessage}"`);
     return parts.join('\n');
 };
-const requestKeyboard = (uid) => new InlineKeyboard()
-    .text('✅ Aprobar', acApprove.pack({ uid }))
-    .text('❌ Denegar', acDeny.pack({ uid }));
-let warnedMemory = false;
-const warnedMemoryStorage = () => {
-    if (!warnedMemory) {
-        warnedMemory = true;
-        console.warn('[access-control] using inMemoryStorage — approvals will not survive restarts. ' +
-            'Pass `storage: redisStorage()` (or sqliteStorage / cloudflareStorage) for persistence.');
-    }
-    return inMemoryStorage();
-};
+const requestKeyboard = (uid, lang) => new InlineKeyboard()
+    .text(say({ en: '✅ Approve', es: '✅ Aprobar' }, lang), acApprove.pack({ uid }))
+    .text(say({ en: '❌ Deny', es: '❌ Denegar' }, lang), acDeny.pack({ uid }));
 // ─── index helpers ─────────────────────────────────────────────────
-const emptyIndex = () => ({ pending: [], approved: [], denied: [] });
 const loadIndex = async (storage) => {
     const raw = (await storage.get(INDEX_KEY));
     return {
@@ -157,27 +168,40 @@ const indexMove = async (storage, uid, from, to) => {
         idx[to].push(uid);
     await saveIndex(storage, idx);
 };
-// ─── per-user record helpers (cross-user storage access) ───────────
-const loadRecord = async (storage, userId) => (await storage.get(userSessionKey(userId)));
-const saveRecord = (storage, userId, rec) => storage.set(userSessionKey(userId), rec);
+const loadFullRecord = async (storage, userId) => (await storage.get(sessionKey(userId))) ?? {};
+const saveAccess = async (storage, userId, rec) => {
+    const full = await loadFullRecord(storage, userId);
+    full.access = rec;
+    await storage.set(sessionKey(userId), full);
+};
+const loadAccess = async (storage, userId) => {
+    const full = await loadFullRecord(storage, userId);
+    return full.access;
+};
+/** Read recipient's stored language (set by bot/language); fallback to en. */
+const langOfUser = async (storage, userId) => {
+    const full = await loadFullRecord(storage, userId);
+    return full.language ?? FALLBACK_LANG;
+};
+/** Read current ctx's lang. */
+const ctxLang = (ctx) => ctx.session.language ?? FALLBACK_LANG;
 // ─── plugin ────────────────────────────────────────────────────────
-export const accessControl = (opts = {}) => {
-    const storage = opts.storage ?? warnedMemoryStorage();
+export const accessControl = (opts) => {
+    const { session: sessionPlugin, storage } = opts;
     const defaults = new Set(opts.defaults ?? []);
-    const denyMessage = opts.denyMessage === false ? null : (opts.denyMessage ?? DEFAULT_DENY_MSG);
+    const silentDeny = opts.silentDeny === true;
     const throttleMs = opts.notifyThrottleMs ?? DEFAULT_THROTTLE_MS;
-    return (new Plugin('@adriangalilea/utils/bot/access-control', {
+    return (
+    // Generic declares dependency on adminContext's derives so
+    // ctx.adminId / ctx.isAdmin are typed inside our handlers.
+    // Session-side types flow through `.extend(opts.session)` below
+    // and TypeScript merges them with our generic via the chain.
+    new Plugin('@adriangalilea/utils/bot/access-control', {
         dependencies: ['@adriangalilea/utils/bot/admin'],
     })
-        // Per-user record lives in this session (storage key `access:<senderId>`).
-        // The internal name `_accessSession` is plumbing — consumers read
-        // `ctx.access` (computed below) instead.
-        .extend(session({
-        storage,
-        key: '_accessSession',
-        getSessionKey: (ctx) => userSessionKey(ctx.senderId ?? 0),
-        initial: () => ({ status: 'unknown' }),
-    }))
+        // Declare the shared session as a dependency. gramio's runtime
+        // dedups against the bot's top-level extension; types flow.
+        .extend(sessionPlugin)
         // Compute the gate decision so handlers can read `ctx.access` ergonomically.
         .derive((ctx) => {
         // Only message + callback_query carry a senderId we can gate on.
@@ -191,7 +215,9 @@ export const accessControl = (opts = {}) => {
         if (defaults.has(senderId)) {
             return { access: { allowed: true, source: 'default' } };
         }
-        const rec = ctx._accessSession;
+        // ctx.session.access may be undefined for first-ever interaction
+        // (session.initial() returns {} so .access isn't set yet).
+        const rec = ctx.session.access ?? { status: 'unknown' };
         if (rec.status === 'approved') {
             return { access: { allowed: true, source: 'store', record: rec } };
         }
@@ -205,37 +231,49 @@ export const accessControl = (opts = {}) => {
         if (ctx.access.allowed) {
             // Activity bump (only for store-approved users — admins/defaults
             // don't have a session record we want to clutter).
-            if (ctx.access.source === 'store' && ctx.is('message')) {
-                ctx._accessSession.lastActivityAt = Date.now();
-                ctx._accessSession.messageCount = (ctx._accessSession.messageCount ?? 0) + 1;
+            if (ctx.access.source === 'store' &&
+                ctx.is('message') &&
+                ctx.session.access) {
+                ctx.session.access = {
+                    ...ctx.session.access,
+                    lastActivityAt: Date.now(),
+                    messageCount: (ctx.session.access.messageCount ?? 0) + 1,
+                };
             }
             return next();
         }
         // Acknowledge unauthorized callback queries so the spinner clears.
         if (ctx.is('callback_query')) {
-            await ctx.answer({ text: 'Sin acceso.', show_alert: false });
+            await ctx.answer({
+                text: say({ en: 'No access.', es: 'Sin acceso.' }, ctxLang(ctx)),
+                show_alert: false,
+            });
             return;
         }
         // Only message-shaped events have .text/.chat for our notification.
         if (!ctx.is('message'))
             return;
         const userId = ctx.from.id;
-        const rec = ctx._accessSession;
+        const existing = ctx.session.access;
         const now = Date.now();
-        const isFirstRequest = rec.status === 'unknown';
+        const isFirstRequest = !existing || existing.status === 'unknown';
+        const rec = isFirstRequest
+            ? {
+                status: 'pending',
+                user: {
+                    id: userId,
+                    firstName: ctx.from.firstName,
+                    lastName: ctx.from.lastName,
+                    username: ctx.from.username,
+                },
+                chatId: ctx.chat.id,
+                requestedAt: now,
+                firstMessage: ctx.text?.slice(0, FIRST_MSG_LIMIT),
+                messageCount: 0,
+                rejectedAttempts: 0,
+            }
+            : { ...existing };
         if (isFirstRequest) {
-            rec.status = 'pending';
-            rec.user = {
-                id: userId,
-                firstName: ctx.from.firstName,
-                lastName: ctx.from.lastName,
-                username: ctx.from.username,
-            };
-            rec.chatId = ctx.chat.id;
-            rec.requestedAt = now;
-            rec.firstMessage = ctx.text?.slice(0, FIRST_MSG_LIMIT);
-            rec.messageCount = 0;
-            rec.rejectedAttempts = 0;
             await indexAdd(storage, 'pending', userId);
         }
         else {
@@ -245,10 +283,11 @@ export const accessControl = (opts = {}) => {
         if (shouldNotify) {
             rec.lastNotifiedAt = now;
             try {
+                const adminLang = await langOfUser(storage, ctx.adminId);
                 await ctx.bot.api.sendMessage({
                     chat_id: ctx.adminId,
-                    text: requestNotificationText(userId, rec, !isFirstRequest),
-                    reply_markup: requestKeyboard(userId),
+                    text: requestNotificationText(userId, rec, !isFirstRequest, adminLang),
+                    reply_markup: requestKeyboard(userId, adminLang),
                 });
             }
             catch (e) {
@@ -256,9 +295,14 @@ export const accessControl = (opts = {}) => {
             }
             opts.onAccessRequest?.({ user: rec.user, firstMessage: rec.firstMessage });
         }
-        if (denyMessage && isFirstRequest) {
+        // Persist the updated record to the user's session.
+        ctx.session.access = rec;
+        if (!silentDeny && isFirstRequest) {
             try {
-                await ctx.send(denyMessage);
+                await ctx.send(say({
+                    en: 'This bot is private. Your request has been sent to the admin.',
+                    es: 'Este bot es privado. Tu solicitud se ha enviado al admin.',
+                }, ctxLang(ctx)));
             }
             catch {
                 // user blocked the bot — irrelevant
@@ -268,12 +312,18 @@ export const accessControl = (opts = {}) => {
     })
         // ─── admin actions ────────────────────────────────────────
         .callbackQuery(acApprove, async (ctx) => {
+        const aLang = ctxLang(ctx);
         if (!ctx.isAdmin)
-            return ctx.answer({ text: 'Solo admin.', show_alert: true });
+            return ctx.answer({
+                text: say({ en: 'Admin only.', es: 'Solo admin.' }, aLang),
+                show_alert: true,
+            });
         const uid = ctx.queryData.uid;
-        const rec = await loadRecord(storage, uid);
+        const rec = await loadAccess(storage, uid);
         if (!rec)
-            return ctx.answer({ text: 'No encontrado.' });
+            return ctx.answer({
+                text: say({ en: 'Not found.', es: 'No encontrado.' }, aLang),
+            });
         const wasDenied = rec.status === 'denied';
         const wasPending = rec.status === 'pending';
         rec.status = 'approved';
@@ -281,28 +331,37 @@ export const accessControl = (opts = {}) => {
         rec.approvedBy = ctx.adminId;
         rec.deniedAt = undefined;
         rec.deniedBy = undefined;
-        await saveRecord(storage, uid, rec);
+        await saveAccess(storage, uid, rec);
         await indexMove(storage, uid, wasPending ? 'pending' : wasDenied ? 'denied' : 'any', 'approved');
         if (rec.chatId !== undefined) {
             try {
+                const sLang = await langOfUser(storage, uid);
                 await ctx.bot.api.sendMessage({
                     chat_id: rec.chatId,
-                    text: wasDenied
-                        ? '✅ El admin reconsideró: ya tienes acceso.'
-                        : '✅ Acceso concedido. Ya puedes usar el bot.',
+                    text: say(wasDenied
+                        ? {
+                            en: '✅ The admin reconsidered: you have access.',
+                            es: '✅ El admin reconsideró: ya tienes acceso.',
+                        }
+                        : {
+                            en: '✅ Access granted. You can use the bot now.',
+                            es: '✅ Acceso concedido. Ya puedes usar el bot.',
+                        }, sLang),
                 });
             }
             catch {
                 // user blocked / chat gone
             }
         }
-        await ctx.answer({ text: '✅ Aprobado' });
+        await ctx.answer({
+            text: say({ en: '✅ Approved', es: '✅ Aprobado' }, aLang),
+        });
         if (ctx.queryData.v) {
-            await renderView(ctx, storage, defaults, ctx.queryData.v);
+            await renderView(ctx, storage, defaults, ctx.queryData.v, aLang);
         }
         else {
             try {
-                await ctx.editText(`✅ Aprobado · ${formatUser(rec.user, uid)}`);
+                await ctx.editText(`${say({ en: '✅ Approved', es: '✅ Aprobado' }, aLang)} · ${formatUser(rec.user, uid)}`);
             }
             catch {
                 // not always editable
@@ -311,36 +370,45 @@ export const accessControl = (opts = {}) => {
         opts.onApprove?.({ userId: uid, approvedBy: ctx.adminId });
     })
         .callbackQuery(acDeny, async (ctx) => {
+        const aLang = ctxLang(ctx);
         if (!ctx.isAdmin)
-            return ctx.answer({ text: 'Solo admin.', show_alert: true });
+            return ctx.answer({
+                text: say({ en: 'Admin only.', es: 'Solo admin.' }, aLang),
+                show_alert: true,
+            });
         const uid = ctx.queryData.uid;
-        const rec = await loadRecord(storage, uid);
+        const rec = await loadAccess(storage, uid);
         if (!rec)
-            return ctx.answer({ text: 'No encontrado.' });
+            return ctx.answer({
+                text: say({ en: 'Not found.', es: 'No encontrado.' }, aLang),
+            });
         const wasPending = rec.status === 'pending';
         rec.status = 'denied';
         rec.deniedAt = Date.now();
         rec.deniedBy = ctx.adminId;
-        await saveRecord(storage, uid, rec);
+        await saveAccess(storage, uid, rec);
         await indexMove(storage, uid, wasPending ? 'pending' : 'any', 'denied');
         if (rec.chatId !== undefined) {
             try {
+                const sLang = await langOfUser(storage, uid);
                 await ctx.bot.api.sendMessage({
                     chat_id: rec.chatId,
-                    text: '❌ Acceso denegado.',
+                    text: say({ en: '❌ Access denied.', es: '❌ Acceso denegado.' }, sLang),
                 });
             }
             catch {
                 // ignore
             }
         }
-        await ctx.answer({ text: '❌ Denegado' });
+        await ctx.answer({
+            text: say({ en: '❌ Denied', es: '❌ Denegado' }, aLang),
+        });
         if (ctx.queryData.v) {
-            await renderView(ctx, storage, defaults, ctx.queryData.v);
+            await renderView(ctx, storage, defaults, ctx.queryData.v, aLang);
         }
         else {
             try {
-                await ctx.editText(`❌ Denegado · ${formatUser(rec.user, uid)}`);
+                await ctx.editText(`${say({ en: '❌ Denied', es: '❌ Denegado' }, aLang)} · ${formatUser(rec.user, uid)}`);
             }
             catch {
                 // ignore
@@ -349,40 +417,60 @@ export const accessControl = (opts = {}) => {
         opts.onDeny?.({ userId: uid, deniedBy: ctx.adminId });
     })
         .callbackQuery(acRevoke, async (ctx) => {
+        const aLang = ctxLang(ctx);
         if (!ctx.isAdmin)
-            return ctx.answer({ text: 'Solo admin.', show_alert: true });
+            return ctx.answer({
+                text: say({ en: 'Admin only.', es: 'Solo admin.' }, aLang),
+                show_alert: true,
+            });
         const uid = ctx.queryData.uid;
-        const rec = await loadRecord(storage, uid);
+        const rec = await loadAccess(storage, uid);
         if (!rec)
-            return ctx.answer({ text: 'No encontrado.' });
+            return ctx.answer({
+                text: say({ en: 'Not found.', es: 'No encontrado.' }, aLang),
+            });
         rec.status = 'denied';
         rec.deniedAt = Date.now();
         rec.deniedBy = ctx.adminId;
-        await saveRecord(storage, uid, rec);
+        await saveAccess(storage, uid, rec);
         await indexMove(storage, uid, 'approved', 'denied');
         if (rec.chatId !== undefined) {
             try {
+                const sLang = await langOfUser(storage, uid);
                 await ctx.bot.api.sendMessage({
                     chat_id: rec.chatId,
-                    text: '↩️ Tu acceso al bot ha sido revocado.',
+                    text: say({
+                        en: '↩️ Your bot access has been revoked.',
+                        es: '↩️ Tu acceso al bot ha sido revocado.',
+                    }, sLang),
                 });
             }
             catch {
                 // ignore
             }
         }
-        await ctx.answer({ text: '↩️ Revocado' });
-        await renderView(ctx, storage, defaults, 'approved');
+        await ctx.answer({
+            text: say({ en: '↩️ Revoked', es: '↩️ Revocado' }, aLang),
+        });
+        await renderView(ctx, storage, defaults, 'approved', aLang);
     })
         .callbackQuery(acView, async (ctx) => {
+        const aLang = ctxLang(ctx);
         if (!ctx.isAdmin)
-            return ctx.answer({ text: 'Solo admin.', show_alert: true });
+            return ctx.answer({
+                text: say({ en: 'Admin only.', es: 'Solo admin.' }, aLang),
+                show_alert: true,
+            });
         await ctx.answer({});
-        await renderView(ctx, storage, defaults, ctx.queryData.v);
+        await renderView(ctx, storage, defaults, ctx.queryData.v, aLang);
     })
         .callbackQuery(acClose, async (ctx) => {
+        const aLang = ctxLang(ctx);
         if (!ctx.isAdmin)
-            return ctx.answer({ text: 'Solo admin.', show_alert: true });
+            return ctx.answer({
+                text: say({ en: 'Admin only.', es: 'Solo admin.' }, aLang),
+                show_alert: true,
+            });
         await ctx.answer({});
         try {
             await ctx.message?.delete();
@@ -391,21 +479,32 @@ export const accessControl = (opts = {}) => {
             // ignore
         }
     })
-        .command('access', async (ctx) => {
+        .command('access', {
+        // Admin-only; hidden from Telegram's `/` menu so it doesn't
+        // tempt other users to type it. Admin still invokes via /access.
+        // See https://gramio.dev/triggers/command.html#commandmeta-fields
+        //
+        // Note: gramio's setMyCommands publishes ONE description per
+        // bot, not per language. English form used as the canonical.
+        description: 'Admin: access control menu',
+        hide: true,
+    }, async (ctx) => {
         if (!ctx.isAdmin)
             return;
-        const v = await mainView(storage, defaults);
+        const aLang = ctxLang(ctx);
+        const v = mainView(await loadIndex(storage), defaults, aLang);
         await ctx.send(v.text, { reply_markup: v.keyboard });
     }));
 };
-const renderView = async (ctx, storage, defaults, view) => {
+const renderView = async (ctx, storage, defaults, view, lang) => {
+    const idx = await loadIndex(storage);
     const v = view === 'approved'
-        ? await listView(storage, 'approved', defaults)
+        ? await listView(storage, idx, 'approved', defaults, lang)
         : view === 'pending'
-            ? await listView(storage, 'pending', defaults)
+            ? await listView(storage, idx, 'pending', defaults, lang)
             : view === 'denied'
-                ? await listView(storage, 'denied', defaults)
-                : await mainView(storage, defaults);
+                ? await listView(storage, idx, 'denied', defaults, lang)
+                : mainView(idx, defaults, lang);
     try {
         await ctx.editText(v.text, { reply_markup: v.keyboard });
     }
@@ -413,37 +512,44 @@ const renderView = async (ctx, storage, defaults, view) => {
         // editText only works while message is recent enough; ignore
     }
 };
-const mainView = async (storage, defaults) => {
-    const idx = await loadIndex(storage);
+const mainView = (idx, defaults, lang) => {
+    const approved = say({ en: 'Approved', es: 'Aprobados' }, lang);
+    const pending = say({ en: 'Pending', es: 'Pendientes' }, lang);
+    const denied = say({ en: 'Denied', es: 'Denegados' }, lang);
     const text = [
-        '🔐 Access Control',
+        say({ en: '🔐 Access Control', es: '🔐 Access Control' }, lang),
         '',
-        `✅ Aprobados: ${idx.approved.length}`,
-        `⏳ Pendientes: ${idx.pending.length}`,
-        `❌ Denegados: ${idx.denied.length}`,
-        `👑 Defaults: ${defaults.size} (hardcoded)`,
+        `✅ ${approved}: ${idx.approved.length}`,
+        `⏳ ${pending}: ${idx.pending.length}`,
+        `❌ ${denied}: ${idx.denied.length}`,
+        `👑 ${say({ en: 'Defaults', es: 'Defaults' }, lang)}: ${defaults.size} (hardcoded)`,
     ].join('\n');
     const keyboard = new InlineKeyboard()
-        .text(`✅ Aprobados (${idx.approved.length})`, acView.pack({ v: 'approved' }))
-        .text(`⏳ Pendientes (${idx.pending.length})`, acView.pack({ v: 'pending' }))
+        .text(`✅ ${approved} (${idx.approved.length})`, acView.pack({ v: 'approved' }))
+        .text(`⏳ ${pending} (${idx.pending.length})`, acView.pack({ v: 'pending' }))
         .row()
-        .text(`❌ Denegados (${idx.denied.length})`, acView.pack({ v: 'denied' }))
-        .text('🔄 Refresh', acView.pack({ v: 'main' }))
+        .text(`❌ ${denied} (${idx.denied.length})`, acView.pack({ v: 'denied' }))
+        .text(say({ en: '🔄 Refresh', es: '🔄 Refresh' }, lang), acView.pack({ v: 'main' }))
         .row()
-        .text('✖️ Cerrar', acClose.pack({}));
+        .text(say({ en: '✖️ Close', es: '✖️ Cerrar' }, lang), acClose.pack({}));
     return { text, keyboard };
 };
-const listView = async (storage, filter, defaults) => {
-    const idx = await loadIndex(storage);
+const listView = async (storage, idx, filter, defaults, lang) => {
     const ids = idx[filter];
     // Cap at 20 to keep callback_data + rendering sane.
     const shownIds = ids.slice(0, 20);
-    const records = await Promise.all(shownIds.map(async (id) => ({ id, rec: await loadRecord(storage, id) })));
+    const records = await Promise.all(shownIds.map(async (id) => ({ id, rec: await loadAccess(storage, id) })));
     const headerEmoji = filter === 'approved' ? '✅' : filter === 'pending' ? '⏳' : '❌';
-    const headerLabel = filter === 'approved' ? 'Aprobados' : filter === 'pending' ? 'Pendientes' : 'Denegados';
+    const headerLabel = filter === 'approved'
+        ? say({ en: 'Approved', es: 'Aprobados' }, lang)
+        : filter === 'pending'
+            ? say({ en: 'Pending', es: 'Pendientes' }, lang)
+            : say({ en: 'Denied', es: 'Denegados' }, lang);
+    const back = say({ en: '⬅️ Back', es: '⬅️ Volver' }, lang);
     if (ids.length === 0) {
-        const text = `${headerEmoji} ${headerLabel} (0)\n\n(vacío)`;
-        const keyboard = new InlineKeyboard().text('⬅️ Volver', acView.pack({ v: 'main' }));
+        const text = `${headerEmoji} ${headerLabel} (0)\n\n` +
+            say({ en: '(empty)', es: '(vacío)' }, lang);
+        const keyboard = new InlineKeyboard().text(back, acView.pack({ v: 'main' }));
         return { text, keyboard };
     }
     const lines = [`${headerEmoji} ${headerLabel} (${ids.length})`, ''];
@@ -452,11 +558,11 @@ const listView = async (storage, filter, defaults) => {
         const { id, rec } = records[i];
         if (!rec) {
             // index referenced a missing record — show as placeholder
-            lines.push(`${i + 1}. id ${id} (datos perdidos)`);
+            lines.push(`${i + 1}. id ${id} ${say({ en: '(data lost)', es: '(datos perdidos)' }, lang)}`);
             continue;
         }
         const ageRef = rec.approvedAt ?? rec.deniedAt ?? rec.requestedAt ?? Date.now();
-        lines.push(`${i + 1}. ${formatUser(rec.user, id)} · hace ${fmtAge(Date.now() - ageRef)}` +
+        lines.push(`${i + 1}. ${formatUser(rec.user, id)} · ${say({ en: 'ago', es: 'hace' }, lang)} ${fmtAge(Date.now() - ageRef)}` +
             (rec.messageCount ? ` · ${rec.messageCount} msgs` : ''));
         if (filter === 'pending') {
             keyboard
@@ -465,21 +571,23 @@ const listView = async (storage, filter, defaults) => {
                 .row();
         }
         else if (filter === 'approved') {
-            keyboard.text(`↩️ Revocar #${i + 1}`, acRevoke.pack({ uid: id })).row();
+            keyboard
+                .text(`${say({ en: '↩️ Revoke', es: '↩️ Revocar' }, lang)} #${i + 1}`, acRevoke.pack({ uid: id }))
+                .row();
         }
         else if (filter === 'denied') {
             keyboard
-                .text(`✅ Reaprobar #${i + 1}`, acApprove.pack({ uid: id, v: 'denied' }))
+                .text(`${say({ en: '✅ Reapprove', es: '✅ Reaprobar' }, lang)} #${i + 1}`, acApprove.pack({ uid: id, v: 'denied' }))
                 .row();
         }
     }
     if (ids.length > shownIds.length) {
-        lines.push('', `(+${ids.length - shownIds.length} más, no mostrados)`);
+        lines.push('', `(+${ids.length - shownIds.length} ${say({ en: 'more, not shown', es: 'más, no mostrados' }, lang)})`);
     }
     if (filter === 'approved' && defaults.size > 0) {
         lines.push('', `+ ${defaults.size} hardcoded defaults`);
     }
-    keyboard.text('⬅️ Volver', acView.pack({ v: 'main' }));
+    keyboard.text(back, acView.pack({ v: 'main' }));
     return { text: lines.join('\n'), keyboard };
 };
 // ─── test helper ───────────────────────────────────────────────────
@@ -488,7 +596,7 @@ const listView = async (storage, filter, defaults) => {
  * easily spin up a second Telegram account. Writes a `pending` record
  * to storage at the same key the plugin's session would, updates the
  * index, then DMs the admin with the real
- * `[✅ Aprobar][❌ Denegar]` keyboard. Tapping those buttons exercises
+ * `[✅ Approve][❌ Deny]` keyboard. Tapping those buttons exercises
  * the real callback handlers end-to-end.
  *
  * Pass the SAME `storage` instance you passed to `accessControl({ storage })`.
@@ -505,12 +613,13 @@ export const simulateAccessRequest = async (bot, storage, adminId, fakeUser, mes
         rejectedAttempts: 0,
         lastNotifiedAt: now,
     };
-    await saveRecord(storage, fakeUser.id, rec);
+    await saveAccess(storage, fakeUser.id, rec);
     await indexAdd(storage, 'pending', fakeUser.id);
+    const adminLang = await langOfUser(storage, adminId);
     await bot.api.sendMessage({
         chat_id: adminId,
-        text: requestNotificationText(fakeUser.id, rec, false),
-        reply_markup: requestKeyboard(fakeUser.id),
+        text: requestNotificationText(fakeUser.id, rec, false, adminLang),
+        reply_markup: requestKeyboard(fakeUser.id, adminLang),
     });
 };
 //# sourceMappingURL=access-control.js.map