@heylemon/lemonade 0.0.2 → 0.0.4

package/dist/build-info.json

@@ -1,5 +1,5 @@
 {
-  "version": "0.0.2",
-  "commit": "b1e752b7e12e9b825bce88e0633a044f282ddbd8",
-  "builtAt": "2026-02-20T04:45:33.293Z"
+  "version": "0.0.4",
+  "commit": "a26b38261e6a55844b0eed17963361b8374e9742",
+  "builtAt": "2026-02-20T05:21:43.349Z"
 }

package/dist/canvas-host/a2ui/.bundle.hash

@@ -1 +1 @@
-c77230f007691fa7cb97f258b75674d6a4a6be4b9afdfd0bc34c2edcf7e36e7b
+d27c866a9f91a1bf3b7a29bef001583ee57f61540140511ed6840c4b5dfcd5eb

package/dist/cli/pairing-cli.js

@@ -2,7 +2,7 @@ import { listPairingChannels, notifyPairingApproved } from "../channels/plugins/
 import { normalizeChannelId } from "../channels/plugins/index.js";
 import { loadConfig } from "../config/config.js";
 import { resolvePairingIdLabel } from "../pairing/pairing-labels.js";
-import { approveChannelPairingCode, listChannelPairingRequests, } from "../pairing/pairing-store.js";
+import { approveChannelPairingCode, listChannelPairingRequests, rejectChannelPairingCode, } from "../pairing/pairing-store.js";
 import { defaultRuntime } from "../runtime.js";
 import { formatDocsLink } from "../terminal/links.js";
 import { renderTable } from "../terminal/table.js";
@@ -116,4 +116,30 @@ export function registerPairingCli(program) {
             defaultRuntime.log(theme.warn(`Failed to notify requester: ${String(err)}`));
         });
     });
+    pairing
+        .command("reject")
+        .alias("decline")
+        .description("Reject a pairing request (removes it without granting access)")
+        .option("--channel <channel>", `Channel (${channels.join(", ")})`)
+        .argument("<codeOrChannel>", "Pairing code (or channel when using 2 args)")
+        .argument("[code]", "Pairing code (when channel is passed as the 1st arg)")
+        .action(async (codeOrChannel, code, opts) => {
+        const channelRaw = opts.channel ?? codeOrChannel;
+        const resolvedCode = opts.channel ? codeOrChannel : code;
+        if (!opts.channel && !code) {
+            throw new Error(`Usage: ${formatCliCommand("lemonade pairing reject <channel> <code>")} (or: ${formatCliCommand("lemonade pairing reject --channel <channel> <code>")})`);
+        }
+        if (opts.channel && code != null) {
+            throw new Error(`Too many arguments. Use: ${formatCliCommand("lemonade pairing reject --channel <channel> <code>")}`);
+        }
+        const channel = parseChannel(channelRaw, channels);
+        const rejected = await rejectChannelPairingCode({
+            channel,
+            code: String(resolvedCode),
+        });
+        if (!rejected) {
+            throw new Error(`No pending pairing request found for code: ${String(resolvedCode)}`);
+        }
+        defaultRuntime.log(`${theme.success("Rejected")} ${theme.muted(channel)} request from ${theme.command(rejected.id)}.`);
+    });
 }

package/dist/cron/service/ops.js

@@ -1,6 +1,6 @@
 import { applyJobPatch, computeJobNextRunAtMs, createJob, findJobOrThrow, isJobDue, nextWakeAtMs, recomputeNextRuns, } from "./jobs.js";
 import { locked } from "./locked.js";
-import { ensureLoaded, forceReload, persist, startFileWatcher, stopFileWatcher, warnIfDisabled } from "./store.js";
+import { ensureLoaded, forceReload, persist, startFileWatcher, stopFileWatcher, warnIfDisabled, } from "./store.js";
 import { armTimer, emit, executeJob, stopTimer, wake } from "./timer.js";
 export async function start(state) {
     await locked(state, async () => {

package/dist/pairing/pairing-messages.js

@@ -1,10 +1,9 @@
 export function buildPairingReply(params) {
-    const { channel, idLine, code } = params;
     return [
-        "Hey! I'm not able to chat with you yet.",
+        "Hey! I don't have permission to chat with you yet.",
         "",
-        "Your request has been sent to the admin. Once they accept it, I'll be ready to help you.",
+        "The administrator has been notified of your request. They can grant you access from the Lemon app.",
         "",
-        "Please ask the admin to check their Lemon app to approve your access.",
+        "If you know the administrator, please reach out to them directly to speed things up.",
     ].join("\n");
 }

package/dist/pairing/pairing-store.js

@@ -355,6 +355,34 @@ export async function upsertChannelPairingRequest(params) {
         return { code, created: true };
     });
 }
+export async function rejectChannelPairingCode(params) {
+    const env = params.env ?? process.env;
+    const code = params.code.trim().toUpperCase();
+    if (!code)
+        return null;
+    const filePath = resolvePairingPath(params.channel, env);
+    return await withFileLock(filePath, { version: 1, requests: [] }, async () => {
+        const { value } = await readJsonFile(filePath, {
+            version: 1,
+            requests: [],
+        });
+        const reqs = Array.isArray(value.requests) ? value.requests : [];
+        const nowMs = Date.now();
+        const { requests: pruned } = pruneExpiredRequests(reqs, nowMs);
+        const idx = pruned.findIndex((r) => String(r.code ?? "").toUpperCase() === code);
+        if (idx < 0)
+            return null;
+        const entry = pruned[idx];
+        if (!entry)
+            return null;
+        pruned.splice(idx, 1);
+        await writeJsonFile(filePath, {
+            version: 1,
+            requests: pruned,
+        });
+        return { id: entry.id, entry };
+    });
+}
 export async function approveChannelPairingCode(params) {
     const env = params.env ?? process.env;
     const code = params.code.trim().toUpperCase();

package/dist/slack/monitor/allow-list.js

@@ -21,6 +21,7 @@ export function resolveSlackAllowListMatch(params) {
     }
     const id = params.id?.toLowerCase();
     const name = params.name?.toLowerCase();
+    const email = params.email?.toLowerCase();
     const slug = normalizeSlackSlug(name);
     const candidates = [
         { value: id, source: "id" },
@@ -29,6 +30,7 @@ export function resolveSlackAllowListMatch(params) {
         { value: name, source: "name" },
         { value: name ? `slack:${name}` : undefined, source: "prefixed-name" },
         { value: slug, source: "slug" },
+        { value: email, source: "email" },
     ];
     for (const candidate of candidates) {
         if (!candidate.value)

package/dist/slack/monitor/context.js

@@ -98,7 +98,8 @@ export function createSlackMonitorContext(params) {
             });
             const profile = info.user?.profile;
             const name = profile?.display_name || profile?.real_name || info.user?.name || undefined;
-            const entry = { name };
+            const email = profile?.email || undefined;
+            const entry = { name, email };
             userCache.set(userId, entry);
             return entry;
         }

package/dist/slack/monitor/message-handler/prepare.js

@@ -96,72 +96,66 @@ export async function prepareSlackMessage(params) {
             return null;
         }
         if (ctx.dmPolicy !== "open") {
+            const dmSender = await ctx.resolveUserName(directUserId);
+            const dmSenderEmail = dmSender?.email ?? undefined;
             const allowMatch = resolveSlackAllowListMatch({
                 allowList: allowFromLower,
                 id: directUserId,
+                email: dmSenderEmail,
             });
             const allowMatchMeta = formatAllowlistMatchMeta(allowMatch);
             if (!allowMatch.allowed) {
-                // Check if sender is an approved guest (responses only, no tools)
                 const guestMatch = resolveSlackAllowListMatch({
                     allowList: guestFromLower,
                     id: directUserId,
+                    email: dmSenderEmail,
                 });
                 if (guestMatch.allowed) {
                     isGuestSender = true;
                     logVerbose(`slack: guest sender ${directUserId} allowed (responses only, no tools)`);
                 }
-                else if (ctx.dmPolicy === "pairing") {
-                    const sender = await ctx.resolveUserName(directUserId);
-                    const senderName = sender?.name ?? undefined;
-                    const { code, created } = await upsertChannelPairingRequest({
+                else if (ctx.dmPolicy === "pairing" || ctx.dmPolicy === "allowlist") {
+                    const senderName = dmSender?.name ?? undefined;
+                    const { created } = await upsertChannelPairingRequest({
                         channel: "slack",
                         id: directUserId,
                         meta: { name: senderName },
                     });
                     if (created) {
-                        logVerbose(`slack pairing request sender=${directUserId} name=${senderName ?? "unknown"} (${allowMatchMeta})`);
+                        logVerbose(`slack access request sender=${directUserId} name=${senderName ?? "unknown"} (${allowMatchMeta})`);
                         const displayName = senderName ?? directUserId;
-                        // Notify frontend via SSE (reliable — works regardless of gateway context)
                         emitAgentEvent({
                             runId: `pairing-slack-${directUserId}-${Date.now()}`,
                             stream: "notification",
                             data: {
                                 type: "pairing",
                                 channel: "slack",
-                                title: "Access Request",
-                                body: `${displayName} wants to message you on Slack.`,
-                                code,
+                                title: "Lemonade Access Request",
+                                body: `${displayName} is requesting access to your Lemon via Slack.`,
                                 name: displayName,
                                 senderId: directUserId,
                             },
                         });
-                        // Also notify via URL scheme (fallback for when SSE isn't connected)
                         try {
-                            const title = encodeURIComponent("Access Request");
-                            const body = encodeURIComponent(`${displayName} wants to message you on Slack.`);
+                            const title = encodeURIComponent("Lemonade Access Request");
+                            const body = encodeURIComponent(`${displayName} is requesting access to your Lemon via Slack.`);
                             const channel = encodeURIComponent("slack");
-                            const encodedCode = encodeURIComponent(code);
                             const encodedName = encodeURIComponent(displayName);
                             const { exec } = await import("node:child_process");
-                            exec(`open "lemon://notify?title=${title}&body=${body}&type=pairing&channel=${channel}&code=${encodedCode}&name=${encodedName}"`);
+                            exec(`open "lemon://notify?title=${title}&body=${body}&type=pairing&channel=${channel}&name=${encodedName}"`);
                         }
                         catch {
                             // Notification is best-effort
                         }
                         try {
-                            await sendMessageSlack(message.channel, buildPairingReply({
-                                channel: "slack",
-                                idLine: `Your Slack user id: ${directUserId}`,
-                                code,
-                            }), {
+                            await sendMessageSlack(message.channel, buildPairingReply({ channel: "slack" }), {
                                 token: ctx.botToken,
                                 client: ctx.app.client,
                                 accountId: account.accountId,
                             });
                         }
                         catch (err) {
-                            logVerbose(`slack pairing reply failed for ${message.user}: ${String(err)}`);
+                            logVerbose(`slack access reply failed for ${message.user}: ${String(err)}`);
                         }
                     }
                     return null;
@@ -234,6 +228,7 @@ export async function prepareSlackMessage(params) {
         allowList: allowFromLower,
         id: senderId,
         name: senderName,
+        email: sender?.email,
     }).allowed;
     const channelUsersAllowlistConfigured = isRoom && Array.isArray(channelConfig?.users) && channelConfig.users.length > 0;
     const channelCommandAuthorized = isRoom && channelUsersAllowlistConfigured

package/dist/web/inbound/access-control.js

@@ -100,58 +100,50 @@ export async function checkInboundAccessControl(params) {
             const allowed = dmHasWildcard ||
                 (normalizedAllowFrom.length > 0 && normalizedAllowFrom.includes(candidate));
             if (!allowed) {
-                if (dmPolicy === "pairing") {
+                if (dmPolicy === "pairing" || dmPolicy === "allowlist") {
                     if (suppressPairingReply) {
-                        logVerbose(`Skipping pairing reply for historical DM from ${candidate}.`);
+                        logVerbose(`Skipping access reply for historical DM from ${candidate}.`);
                     }
                     else {
-                        const { code, created } = await upsertChannelPairingRequest({
+                        const { created } = await upsertChannelPairingRequest({
                             channel: "whatsapp",
                             id: candidate,
                             meta: { name: (params.pushName ?? "").trim() || undefined },
                         });
                         if (created) {
                             const pushName = (params.pushName ?? "").trim() || "unknown";
-                            logVerbose(`whatsapp pairing request sender=${candidate} name=${pushName}`);
+                            logVerbose(`whatsapp access request sender=${candidate} name=${pushName}`);
                             const displayName = pushName !== "unknown" ? pushName : candidate;
-                            // Notify frontend via SSE (reliable — works regardless of gateway context)
                             emitAgentEvent({
                                 runId: `pairing-whatsapp-${candidate}-${Date.now()}`,
                                 stream: "notification",
                                 data: {
                                     type: "pairing",
                                     channel: "whatsapp",
-                                    title: "Access Request",
-                                    body: `${displayName} wants to message you on WhatsApp.`,
-                                    code,
+                                    title: "Lemonade Access Request",
+                                    body: `${displayName} is requesting access to your Lemon via WhatsApp.`,
                                     name: displayName,
                                     senderId: candidate,
                                 },
                             });
-                            // Also notify via URL scheme (fallback for when SSE isn't connected)
                             try {
-                                const title = encodeURIComponent("Access Request");
-                                const body = encodeURIComponent(`${displayName} wants to message you on WhatsApp.`);
+                                const title = encodeURIComponent("Lemonade Access Request");
+                                const body = encodeURIComponent(`${displayName} is requesting access to your Lemon via WhatsApp.`);
                                 const channel = encodeURIComponent("whatsapp");
-                                const encodedCode = encodeURIComponent(code);
                                 const encodedName = encodeURIComponent(displayName);
                                 const { exec } = await import("node:child_process");
-                                exec(`open "lemon://notify?title=${title}&body=${body}&type=pairing&channel=${channel}&code=${encodedCode}&name=${encodedName}"`);
+                                exec(`open "lemon://notify?title=${title}&body=${body}&type=pairing&channel=${channel}&name=${encodedName}"`);
                             }
                             catch {
                                 // Notification is best-effort
                             }
                             try {
                                 await params.sock.sendMessage(params.remoteJid, {
-                                    text: buildPairingReply({
-                                        channel: "whatsapp",
-                                        idLine: `Your WhatsApp phone number: ${candidate}`,
-                                        code,
-                                    }),
+                                    text: buildPairingReply({ channel: "whatsapp" }),
                                 });
                             }
                             catch (err) {
-                                logVerbose(`whatsapp pairing reply failed for ${candidate}: ${String(err)}`);
+                                logVerbose(`whatsapp access reply failed for ${candidate}: ${String(err)}`);
                             }
                         }
                     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@heylemon/lemonade",
-  "version": "0.0.2",
+  "version": "0.0.4",
   "description": "AI gateway CLI for Lemon - local AI assistant with integrations",
   "publishConfig": {
     "access": "restricted"