claude-threads 1.11.0 → 1.12.0

package/dist/mcp/permission-server.js

@@ -50934,6 +50934,26 @@ function createMessageManagerEvents() {
   return new TypedEventEmitter;
 }
 
+// src/utils/safe-filename.ts
+import { basename } from "path";
+function sanitizeFilename(name) {
+  const flat = basename(name.replace(/\\/g, "/"));
+  const cleaned = flat.replace(/[\x00-\x1F\x7F]/g, "_").trim();
+  if (!cleaned || cleaned === "." || cleaned === "..") {
+    return "attachment";
+  }
+  return cleaned;
+}
+function formatBytes(bytes) {
+  if (bytes < 1024)
+    return `${bytes} B`;
+  if (bytes < 1024 * 1024)
+    return `${(bytes / 1024).toFixed(1)} KB`;
+  if (bytes < 1024 * 1024 * 1024)
+    return `${(bytes / 1024 / 1024).toFixed(1)} MB`;
+  return `${(bytes / 1024 / 1024 / 1024).toFixed(2)} GB`;
+}
+
 // src/operations/streaming/handler.ts
 var log2 = createLogger("streaming");
 var MAX_UPLOAD_SIZE = 100 * 1024 * 1024;
@@ -54702,6 +54722,14 @@ import { existsSync as existsSync4, readFileSync as readFileSync3, watchFile, un
 import { tmpdir } from "os";
 import { join as join3 } from "path";
 
+// src/mcp/outbound-env.ts
+var OUTBOUND_ENV = {
+  SESSION_WORKING_DIR: "SESSION_WORKING_DIR",
+  SESSION_UPLOAD_DIR: "SESSION_UPLOAD_DIR",
+  OUTBOUND_FILES_ENABLED: "OUTBOUND_FILES_ENABLED",
+  OUTBOUND_FILES_MAX_BYTES: "OUTBOUND_FILES_MAX_BYTES"
+};
+
 // src/claude/rate-limit-detector.ts
 var RATE_LIMIT_PHRASES = [
   /usage limit reached/i,
@@ -54823,7 +54851,7 @@ function materializeMcpConfig(config3, sessionId, opts = {}) {
 }
 function buildPermissionArgs(opts) {
   const args = [];
-  if (opts.permissionMode === "bypass") {
+  if (opts.permissionMode === "bypass" && !opts.platformConfig) {
     args.push("--dangerously-skip-permissions");
     return { args, tempFile: null };
   }
@@ -54843,6 +54871,18 @@ function buildPermissionArgs(opts) {
   if (opts.platformConfig.appToken) {
     mcpEnv.PLATFORM_APP_TOKEN = opts.platformConfig.appToken;
   }
+  if (opts.workingDir) {
+    mcpEnv[OUTBOUND_ENV.SESSION_WORKING_DIR] = opts.workingDir;
+  }
+  if (opts.uploadDir) {
+    mcpEnv[OUTBOUND_ENV.SESSION_UPLOAD_DIR] = opts.uploadDir;
+  }
+  if (opts.outboundFiles?.enabled === false) {
+    mcpEnv[OUTBOUND_ENV.OUTBOUND_FILES_ENABLED] = "0";
+  }
+  if (typeof opts.outboundFiles?.maxBytes === "number" && Number.isFinite(opts.outboundFiles.maxBytes) && opts.outboundFiles.maxBytes > 0) {
+    mcpEnv[OUTBOUND_ENV.OUTBOUND_FILES_MAX_BYTES] = String(opts.outboundFiles.maxBytes);
+  }
   const mcpConfig = {
     mcpServers: {
       "claude-threads-permissions": {
@@ -54861,9 +54901,13 @@ function buildPermissionArgs(opts) {
   } else {
     args.push("--mcp-config", materialized.value);
   }
-  args.push("--permission-prompt-tool", "mcp__claude-threads-permissions__permission_prompt");
-  if (opts.permissionMode === "auto") {
-    args.push("--permission-mode", "auto");
+  if (opts.permissionMode === "bypass") {
+    args.push("--dangerously-skip-permissions");
+  } else {
+    args.push("--permission-prompt-tool", "mcp__claude-threads-permissions__permission_prompt");
+    if (opts.permissionMode === "auto") {
+      args.push("--permission-mode", "auto");
+    }
   }
   return { args, tempFile };
 }
@@ -54958,7 +55002,10 @@ class ClaudeCli extends EventEmitter2 {
       threadId: this.options.threadId,
       sessionId: this.options.sessionId,
       permissionTimeoutMs: this.options.permissionTimeoutMs ?? 120000,
-      debug: this.debug
+      debug: this.debug,
+      workingDir: this.options.workingDir,
+      uploadDir: this.options.uploadDir,
+      outboundFiles: this.options.outboundFiles
     });
     args.push(...permResult.args);
     this.mcpConfigTempFile = permResult.tempFile;
@@ -55730,6 +55777,15 @@ You are running inside a chat platform (like Mattermost or Slack). Users interac
 - Keep responses concise - very long responses are split across multiple messages
 - Multiple users may participate in a session (the owner can invite others)
 
+## Sending files into THIS thread
+You are RIGHT NOW running inside a chat thread (Mattermost or Slack). The \`send_file\` MCP tool — exposed as \`mcp__claude-threads-permissions__send_file\` in your tool list — uploads a file from your working directory and posts it directly into THIS thread, where the user is talking to you. It is NOT a hypothetical capability that requires extra setup; it works for the session you are in right now.
+
+Use it whenever the user asks to "send", "share", "show", or "post" a file, OR whenever you produce an artifact (screenshot, generated audio, plot, document, PDF) that the user would benefit from seeing inline rather than as a path to read.
+
+Arguments: \`{ path: <absolute path inside the working directory>, caption?: <optional one-line message> }\`. Returns a JSON envelope: \`{ ok: true, postId }\` on success or \`{ ok: false, reason }\` on failure — when it fails, surface \`reason\` to the user verbatim so they understand what went wrong (e.g. "outside the working directory", "file too large").
+
+Do NOT tell the user the tool isn't available, doesn't apply, or requires Mattermost — it's wired up and pointed at this very thread. Just call it.
+
 ## Permissions & Interactions
 - Permission requests (file writes, commands, etc.) appear as messages with emoji options
 - Users approve with \uD83D\uDC4D or deny with \uD83D\uDC4E by reacting to the message
@@ -55800,7 +55856,6 @@ var contextPromptFiles = new Map;
 var log16 = createLogger("lifecycle");
 var sessionLog3 = createSessionLog(log16);
 var CHAT_PLATFORM_PROMPT = generateChatPlatformPrompt();
-
 // src/update-notifier.ts
 var import_semver2 = __toESM(require_semver2(), 1);
 
@@ -55901,6 +55956,57 @@ ${code}
   }
 }
 
+// src/platform/mattermost/upload.ts
+import { readFile } from "fs/promises";
+var log22 = createLogger("mm-upload");
+async function uploadFileMattermost(args) {
+  const { url: url2, token, channelId, threadId, filePath, filename, caption } = args;
+  const buffer = await readFile(filePath);
+  const uploadUrl = `${url2}/api/v4/files?channel_id=${encodeURIComponent(channelId)}`;
+  const arrayBuffer = buffer.buffer.slice(buffer.byteOffset, buffer.byteOffset + buffer.byteLength);
+  const formData = new FormData;
+  formData.append("files", new Blob([arrayBuffer]), filename);
+  log22.debug(`POST /files (${buffer.length} bytes, ${filename})`);
+  const uploadResponse = await fetch(uploadUrl, {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${token}`
+    },
+    body: formData
+  });
+  if (!uploadResponse.ok) {
+    const text = await uploadResponse.text();
+    throw new Error(`Mattermost file upload failed: ${uploadResponse.status} ${text}`);
+  }
+  const uploadJson = await uploadResponse.json();
+  const fileInfo = uploadJson.file_infos?.[0];
+  if (!fileInfo?.id) {
+    throw new Error("Mattermost file upload response missing file_infos[0].id");
+  }
+  const postUrl = `${url2}/api/v4/posts`;
+  const postBody = {
+    channel_id: channelId,
+    message: caption ?? "",
+    root_id: threadId,
+    file_ids: [fileInfo.id]
+  };
+  log22.debug(`POST /posts (file_ids=[${fileInfo.id}])`);
+  const postResponse = await fetch(postUrl, {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${token}`,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify(postBody)
+  });
+  if (!postResponse.ok) {
+    const text = await postResponse.text();
+    throw new Error(`Mattermost post-with-file failed: ${postResponse.status} ${text}`);
+  }
+  const post2 = await postResponse.json();
+  return { postId: post2.id, fileId: fileInfo.id, post: post2 };
+}
+
 // src/platform/mattermost/permission-api.ts
 var apiLog = createLogger("mm-api");
 async function mattermostApi(config3, method, path2, body) {
@@ -56095,6 +56201,20 @@ class MattermostPermissionApi {
       };
     });
   }
+  async uploadFile(filePath, threadId, options) {
+    const filename = sanitizeFilename(options?.filename ?? filePath);
+    mcpLogger.debug(`uploadFile: ${filename} → thread ${formatShortId(threadId)}`);
+    const result = await uploadFileMattermost({
+      url: this.config.url,
+      token: this.config.token,
+      channelId: this.config.channelId,
+      threadId,
+      filePath,
+      filename,
+      caption: options?.caption
+    });
+    return { postId: result.postId };
+  }
 }
 function createMattermostPermissionApi(config3) {
   return new MattermostPermissionApi(config3);
@@ -56169,6 +56289,77 @@ ${code}
   }
 }
 
+// src/platform/slack/upload.ts
+import { readFile as readFile2 } from "fs/promises";
+var log23 = createLogger("slack-upload");
+var DEFAULT_API_URL = "https://slack.com/api";
+async function uploadFileSlack(args) {
+  const { botToken, channelId, threadTs, filePath, filename, caption } = args;
+  const apiUrl = args.apiUrl ?? DEFAULT_API_URL;
+  const buffer = await readFile2(filePath);
+  const params = new URLSearchParams({ filename, length: String(buffer.length) });
+  const step1Url = `${apiUrl}/files.getUploadURLExternal?${params.toString()}`;
+  log23.debug(`GET files.getUploadURLExternal (${buffer.length} bytes, ${filename})`);
+  const step1Response = await fetch(step1Url, {
+    method: "GET",
+    headers: {
+      Authorization: `Bearer ${botToken}`
+    }
+  });
+  if (!step1Response.ok) {
+    const text = await step1Response.text();
+    throw new Error(`Slack getUploadURLExternal failed: ${step1Response.status} ${text}`);
+  }
+  const step1Data = await step1Response.json();
+  if (!step1Data.ok || !step1Data.upload_url || !step1Data.file_id) {
+    throw new Error(`Slack getUploadURLExternal error: ${step1Data.error || "missing upload_url/file_id"}`);
+  }
+  const uploadUrl = step1Data.upload_url;
+  const fileId = step1Data.file_id;
+  const arrayBuffer = buffer.buffer.slice(buffer.byteOffset, buffer.byteOffset + buffer.byteLength);
+  log23.debug(`POST <upload_url>`);
+  const step2Response = await fetch(uploadUrl, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/octet-stream"
+    },
+    body: arrayBuffer
+  });
+  if (!step2Response.ok) {
+    const text = await step2Response.text();
+    throw new Error(`Slack file bytes upload failed: ${step2Response.status} ${text}`);
+  }
+  const step3Body = {
+    files: [{ id: fileId, title: caption ?? filename }],
+    channel_id: channelId,
+    thread_ts: threadTs
+  };
+  if (caption !== undefined) {
+    step3Body.initial_comment = caption;
+  }
+  log23.debug(`POST files.completeUploadExternal (file_id=${fileId}, thread_ts=${threadTs})`);
+  const step3Response = await fetch(`${apiUrl}/files.completeUploadExternal`, {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${botToken}`,
+      "Content-Type": "application/json; charset=utf-8"
+    },
+    body: JSON.stringify(step3Body)
+  });
+  if (!step3Response.ok) {
+    const text = await step3Response.text();
+    throw new Error(`Slack completeUploadExternal failed: ${step3Response.status} ${text}`);
+  }
+  const step3Data = await step3Response.json();
+  if (!step3Data.ok) {
+    throw new Error(`Slack completeUploadExternal error: ${step3Data.error || "unknown"}`);
+  }
+  if (!step3Data.ts) {
+    log23.warn(`Slack completeUploadExternal returned no ts; using fileId ${fileId} as postId. ` + `Do not use this id for updatePost/addReaction.`);
+  }
+  return { fileId, postId: step3Data.ts ?? fileId };
+}
+
 // src/platform/slack/permission-api.ts
 var SLACK_API_BASE = "https://slack.com/api";
 async function slackApi(method, token, body) {
@@ -56377,6 +56568,19 @@ class SlackPermissionApi {
     mcpLogger.debug("Got Socket Mode URL");
     return response.url;
   }
+  async uploadFile(filePath, threadId, options) {
+    const filename = sanitizeFilename(options?.filename ?? filePath);
+    mcpLogger.debug(`uploadFile: ${filename} → thread_ts ${threadId}`);
+    const result = await uploadFileSlack({
+      botToken: this.config.botToken,
+      channelId: this.config.channelId,
+      threadTs: threadId,
+      filePath,
+      filename,
+      caption: options?.caption
+    });
+    return { postId: result.postId };
+  }
 }
 function createSlackPermissionApi(config3) {
   return new SlackPermissionApi(config3);
@@ -56394,6 +56598,109 @@ function createPermissionApi(platformType, config3) {
   }
 }
 
+// src/mcp/path-validator.ts
+import { lstat, realpath, stat } from "fs/promises";
+import { sep as sep2, isAbsolute } from "path";
+function isUnderRoot(needle, root) {
+  if (needle === root)
+    return true;
+  const withSep = root.endsWith(sep2) ? root : root + sep2;
+  return needle.startsWith(withSep);
+}
+var DANGEROUSLY_WIDE_ROOTS = new Set([
+  "/",
+  "/home",
+  "/Users",
+  "/root",
+  "/etc",
+  "/var",
+  "/tmp",
+  "/usr",
+  "/opt"
+]);
+function isDangerouslyWide(root) {
+  if (DANGEROUSLY_WIDE_ROOTS.has(root))
+    return true;
+  if (root === "/private/tmp" || root === "/private/var" || root === "/private/etc")
+    return true;
+  return false;
+}
+async function validateOutboundPath(inputPath, opts) {
+  if (typeof inputPath !== "string" || inputPath.length === 0) {
+    return { ok: false, reason: "path is required" };
+  }
+  if (!isAbsolute(inputPath)) {
+    return { ok: false, reason: "path must be absolute" };
+  }
+  if (!Number.isFinite(opts.maxBytes) || opts.maxBytes <= 0) {
+    return {
+      ok: false,
+      reason: `invalid maxBytes ${opts.maxBytes} — check outboundFiles.maxBytes configuration`
+    };
+  }
+  for (const root of opts.allowedRoots) {
+    if (isDangerouslyWide(root)) {
+      return {
+        ok: false,
+        reason: `refusing to validate against dangerously wide allowed root '${root}' — check SESSION_WORKING_DIR configuration`
+      };
+    }
+  }
+  let resolvedPath;
+  try {
+    resolvedPath = await realpath(inputPath);
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    return { ok: false, reason: `cannot resolve path: ${msg}` };
+  }
+  const inAllowedRoot = opts.allowedRoots.some((root) => isUnderRoot(resolvedPath, root));
+  if (!inAllowedRoot) {
+    return {
+      ok: false,
+      reason: "path is outside the session working directory. Move the file into the working directory and retry."
+    };
+  }
+  let lstatPre, statResolved;
+  try {
+    lstatPre = await lstat(inputPath);
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    return { ok: false, reason: `cannot stat path: ${msg}` };
+  }
+  try {
+    statResolved = await stat(resolvedPath);
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    return { ok: false, reason: `cannot stat resolved path: ${msg}` };
+  }
+  if (!statResolved.isFile()) {
+    return { ok: false, reason: "not a regular file" };
+  }
+  if (!lstatPre.isFile() && !lstatPre.isSymbolicLink()) {
+    return { ok: false, reason: "not a regular file" };
+  }
+  const SUID = 2048;
+  const SGID = 1024;
+  if (statResolved.mode & SUID || statResolved.mode & SGID) {
+    return { ok: false, reason: "refusing to upload SUID/SGID file" };
+  }
+  if (statResolved.size === 0) {
+    return { ok: false, reason: "file is empty" };
+  }
+  if (statResolved.size > opts.maxBytes) {
+    return {
+      ok: false,
+      reason: `file too large (${formatBytes(statResolved.size)} > ${formatBytes(opts.maxBytes)} limit)`
+    };
+  }
+  return {
+    ok: true,
+    resolvedPath,
+    size: statResolved.size,
+    basename: sanitizeFilename(resolvedPath)
+  };
+}
+
 // src/mcp/permission-server.ts
 var PLATFORM_TYPE = process.env.PLATFORM_TYPE || "";
 var PLATFORM_URL = process.env.PLATFORM_URL || "";
@@ -56402,6 +56709,11 @@ var PLATFORM_CHANNEL_ID = process.env.PLATFORM_CHANNEL_ID || "";
 var PLATFORM_THREAD_ID = process.env.PLATFORM_THREAD_ID || "";
 var ALLOWED_USERS = (process.env.ALLOWED_USERS || "").split(",").map((u) => u.trim()).filter((u) => u.length > 0);
 var PERMISSION_TIMEOUT_MS = parseInt(process.env.PERMISSION_TIMEOUT_MS || "120000", 10);
+var SESSION_WORKING_DIR = process.env[OUTBOUND_ENV.SESSION_WORKING_DIR] || "";
+var SESSION_UPLOAD_DIR = process.env[OUTBOUND_ENV.SESSION_UPLOAD_DIR] || "";
+var OUTBOUND_FILES_ENABLED = (process.env[OUTBOUND_ENV.OUTBOUND_FILES_ENABLED] ?? "1") !== "0";
+var OUTBOUND_FILES_MAX_BYTES = parseInt(process.env[OUTBOUND_ENV.OUTBOUND_FILES_MAX_BYTES] || String(100 * 1024 * 1024), 10);
+var SEND_FILE_TOOL_NAME = "mcp__claude-threads-permissions__send_file";
 var apiConfig = PLATFORM_TYPE === "slack" ? {
   platformType: "slack",
   botToken: PLATFORM_TOKEN,
@@ -56429,6 +56741,10 @@ function getApi() {
 var allowAllSession = false;
 async function handlePermissionWith(toolName, toolInput, cfg) {
   mcpLogger.debug(`handlePermission called for ${toolName}`);
+  if (toolName === SEND_FILE_TOOL_NAME) {
+    mcpLogger.debug(`Auto-allowing ${toolName} (path validator is the real gate)`);
+    return { behavior: "allow", updatedInput: toolInput };
+  }
   if (cfg.getAllowAll()) {
     mcpLogger.debug(`Auto-allowing ${toolName} (allow all active)`);
     return { behavior: "allow", updatedInput: toolInput };
@@ -56518,6 +56834,51 @@ var permissionInputSchema = {
   tool_name: exports_external.string().describe("Name of the tool requesting permission"),
   input: exports_external.record(exports_external.string(), exports_external.unknown()).describe("Tool input parameters")
 };
+var sendFileInputSchema = {
+  path: exports_external.string().describe("Absolute path of a file inside the session working directory. The bot will upload it to chat."),
+  caption: exports_external.string().optional().describe("Optional message body / initial comment shown alongside the file.")
+};
+async function handleSendFileWith(args, cfg) {
+  if (!cfg.enabled) {
+    return { ok: false, reason: "outbound file sending is disabled by the operator" };
+  }
+  if (!cfg.api.uploadFile) {
+    return { ok: false, reason: "this platform does not support outbound file uploads" };
+  }
+  if (!cfg.threadId) {
+    return { ok: false, reason: "no thread context — file uploads only work inside a session thread" };
+  }
+  if (cfg.allowedRoots.length === 0) {
+    return { ok: false, reason: "no allowed roots configured for outbound file uploads" };
+  }
+  const validated = await validateOutboundPath(args.path, {
+    allowedRoots: cfg.allowedRoots,
+    maxBytes: cfg.maxBytes
+  });
+  if (!validated.ok) {
+    return { ok: false, reason: validated.reason };
+  }
+  try {
+    const result = await cfg.api.uploadFile(validated.resolvedPath, cfg.threadId, {
+      caption: args.caption,
+      filename: validated.basename
+    });
+    return { ok: true, postId: result.postId };
+  } catch (err) {
+    const reason = err instanceof Error ? err.message : String(err);
+    mcpLogger.warn(`send_file upload failed: ${reason}`);
+    return { ok: false, reason };
+  }
+}
+async function handleSendFile(args) {
+  return handleSendFileWith(args, {
+    api: getApi(),
+    threadId: PLATFORM_THREAD_ID,
+    enabled: OUTBOUND_FILES_ENABLED,
+    allowedRoots: [SESSION_WORKING_DIR, SESSION_UPLOAD_DIR].filter((p) => p.length > 0),
+    maxBytes: OUTBOUND_FILES_MAX_BYTES
+  });
+}
 async function main() {
   const server = new McpServer({
     name: "claude-threads-permissions",
@@ -56529,6 +56890,12 @@ async function main() {
       content: [{ type: "text", text: JSON.stringify(result) }]
     };
   });
+  server.tool("send_file", "Send a file from the session working directory directly into the chat thread. " + "Use this when the user asked to receive a file inline, or when you produce an artifact " + "they should see (screenshot, generated audio, plot, document). The path must be absolute " + "and inside the session working directory. Returns { ok: true, postId } on success or " + "{ ok: false, reason } on failure.", sendFileInputSchema, async ({ path: path2, caption }) => {
+    const result = await handleSendFile({ path: path2, caption });
+    return {
+      content: [{ type: "text", text: JSON.stringify(result) }]
+    };
+  });
   const transport = new StdioServerTransport;
   await server.connect(transport);
   mcpLogger.info(`Permission server ready (platform: ${PLATFORM_TYPE})`);
@@ -56538,5 +56905,6 @@ main().catch((err) => {
   process.exit(1);
 });
 export {
+  handleSendFileWith,
   handlePermissionWith
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-threads",
-  "version": "1.11.0",
+  "version": "1.12.0",
   "description": "Share Claude Code sessions live in a Mattermost channel with interactive features",
   "main": "dist/index.js",
   "type": "module",