kimaki 0.4.26 → 0.4.27

package/dist/cli.js

@@ -156,18 +156,6 @@ async function registerCommands(token, appId, userCommands = []) {
             return option;
         })
             .toJSON(),
-        new SlashCommandBuilder()
-            .setName('accept')
-            .setDescription('Accept a pending permission request (this request only)')
-            .toJSON(),
-        new SlashCommandBuilder()
-            .setName('accept-always')
-            .setDescription('Accept and auto-approve future requests matching this pattern')
-            .toJSON(),
-        new SlashCommandBuilder()
-            .setName('reject')
-            .setDescription('Reject a pending permission request')
-            .toJSON(),
         new SlashCommandBuilder()
             .setName('abort')
             .setDescription('Abort the current OpenCode request in this thread')

package/dist/commands/ask-question.js

@@ -3,7 +3,7 @@
 // for each question and collects user responses.
 import { StringSelectMenuBuilder, StringSelectMenuInteraction, ActionRowBuilder, } from 'discord.js';
 import crypto from 'node:crypto';
-import { sendThreadMessage } from '../discord-utils.js';
+import { sendThreadMessage, NOTIFY_MESSAGE_FLAGS } from '../discord-utils.js';
 import { getOpencodeServerPort } from '../opencode.js';
 import { createLogger } from '../logger.js';
 const logger = createLogger('ASK_QUESTION');
@@ -57,6 +57,7 @@ export async function showAskUserQuestionDropdowns({ thread, sessionId, director
         await thread.send({
             content: `**${q.header}**\n${q.question}`,
             components: [actionRow],
+            flags: NOTIFY_MESSAGE_FLAGS,
         });
     }
     logger.log(`Showed ${input.questions.length} question dropdown(s) for session ${sessionId}`);

package/dist/commands/permissions.js

@@ -1,126 +1,122 @@
-// Permission commands - /accept, /accept-always, /reject
-import { ChannelType } from 'discord.js';
+// Permission dropdown handler - Shows dropdown for permission requests.
+// When OpenCode asks for permission, this module renders a dropdown
+// with Accept, Accept Always, and Deny options.
+import { StringSelectMenuBuilder, StringSelectMenuInteraction, ActionRowBuilder, } from 'discord.js';
+import crypto from 'node:crypto';
 import { initializeOpencodeForDirectory } from '../opencode.js';
-import { pendingPermissions } from '../session-handler.js';
-import { SILENT_MESSAGE_FLAGS } from '../discord-utils.js';
+import { NOTIFY_MESSAGE_FLAGS } from '../discord-utils.js';
 import { createLogger } from '../logger.js';
 const logger = createLogger('PERMISSIONS');
-export async function handleAcceptCommand({ command, }) {
-    const scope = command.commandName === 'accept-always' ? 'always' : 'once';
-    const channel = command.channel;
-    if (!channel) {
-        await command.reply({
-            content: 'This command can only be used in a channel',
-            ephemeral: true,
-            flags: SILENT_MESSAGE_FLAGS,
-        });
-        return;
-    }
-    const isThread = [
-        ChannelType.PublicThread,
-        ChannelType.PrivateThread,
-        ChannelType.AnnouncementThread,
-    ].includes(channel.type);
-    if (!isThread) {
-        await command.reply({
-            content: 'This command can only be used in a thread with an active session',
-            ephemeral: true,
-            flags: SILENT_MESSAGE_FLAGS,
-        });
-        return;
-    }
-    const pending = pendingPermissions.get(channel.id);
-    if (!pending) {
-        await command.reply({
-            content: 'No pending permission request in this thread',
-            ephemeral: true,
-            flags: SILENT_MESSAGE_FLAGS,
-        });
-        return;
-    }
-    try {
-        const getClient = await initializeOpencodeForDirectory(pending.directory);
-        await getClient().postSessionIdPermissionsPermissionId({
-            path: {
-                id: pending.permission.sessionID,
-                permissionID: pending.permission.id,
-            },
-            body: {
-                response: scope,
-            },
-        });
-        pendingPermissions.delete(channel.id);
-        const msg = scope === 'always'
-            ? `✅ Permission **accepted** (auto-approve similar requests)`
-            : `✅ Permission **accepted**`;
-        await command.reply({ content: msg, flags: SILENT_MESSAGE_FLAGS });
-        logger.log(`Permission ${pending.permission.id} accepted with scope: ${scope}`);
-    }
-    catch (error) {
-        logger.error('[ACCEPT] Error:', error);
-        await command.reply({
-            content: `Failed to accept permission: ${error instanceof Error ? error.message : 'Unknown error'}`,
-            ephemeral: true,
-            flags: SILENT_MESSAGE_FLAGS,
-        });
-    }
+// Store pending permission contexts by hash
+export const pendingPermissionContexts = new Map();
+/**
+ * Show permission dropdown for a permission request.
+ * Returns the message ID and context hash for tracking.
+ */
+export async function showPermissionDropdown({ thread, permission, directory, }) {
+    const contextHash = crypto.randomBytes(8).toString('hex');
+    const context = {
+        permission,
+        directory,
+        thread,
+        contextHash,
+    };
+    pendingPermissionContexts.set(contextHash, context);
+    const patternStr = permission.patterns.join(', ');
+    // Build dropdown options
+    const options = [
+        {
+            label: 'Accept',
+            value: 'once',
+            description: 'Allow this request only',
+        },
+        {
+            label: 'Accept Always',
+            value: 'always',
+            description: 'Auto-approve similar requests',
+        },
+        {
+            label: 'Deny',
+            value: 'reject',
+            description: 'Reject this permission request',
+        },
+    ];
+    const selectMenu = new StringSelectMenuBuilder()
+        .setCustomId(`permission:${contextHash}`)
+        .setPlaceholder('Choose an action')
+        .addOptions(options);
+    const actionRow = new ActionRowBuilder().addComponents(selectMenu);
+    const permissionMessage = await thread.send({
+        content: `⚠️ **Permission Required**\n\n` +
+            `**Type:** \`${permission.permission}\`\n` +
+            (patternStr ? `**Pattern:** \`${patternStr}\`` : ''),
+        components: [actionRow],
+        flags: NOTIFY_MESSAGE_FLAGS,
+    });
+    logger.log(`Showed permission dropdown for ${permission.id}`);
+    return { messageId: permissionMessage.id, contextHash };
 }
-export async function handleRejectCommand({ command, }) {
-    const channel = command.channel;
-    if (!channel) {
-        await command.reply({
-            content: 'This command can only be used in a channel',
-            ephemeral: true,
-            flags: SILENT_MESSAGE_FLAGS,
-        });
-        return;
-    }
-    const isThread = [
-        ChannelType.PublicThread,
-        ChannelType.PrivateThread,
-        ChannelType.AnnouncementThread,
-    ].includes(channel.type);
-    if (!isThread) {
-        await command.reply({
-            content: 'This command can only be used in a thread with an active session',
-            ephemeral: true,
-            flags: SILENT_MESSAGE_FLAGS,
-        });
+/**
+ * Handle dropdown selection for permission.
+ */
+export async function handlePermissionSelectMenu(interaction) {
+    const customId = interaction.customId;
+    if (!customId.startsWith('permission:')) {
         return;
     }
-    const pending = pendingPermissions.get(channel.id);
-    if (!pending) {
-        await command.reply({
-            content: 'No pending permission request in this thread',
+    const contextHash = customId.replace('permission:', '');
+    const context = pendingPermissionContexts.get(contextHash);
+    if (!context) {
+        await interaction.reply({
+            content: 'This permission request has expired or was already handled.',
             ephemeral: true,
-            flags: SILENT_MESSAGE_FLAGS,
         });
         return;
     }
+    await interaction.deferUpdate();
+    const response = interaction.values[0];
     try {
-        const getClient = await initializeOpencodeForDirectory(pending.directory);
+        const getClient = await initializeOpencodeForDirectory(context.directory);
         await getClient().postSessionIdPermissionsPermissionId({
             path: {
-                id: pending.permission.sessionID,
-                permissionID: pending.permission.id,
-            },
-            body: {
-                response: 'reject',
+                id: context.permission.sessionID,
+                permissionID: context.permission.id,
             },
+            body: { response },
         });
-        pendingPermissions.delete(channel.id);
-        await command.reply({
-            content: `❌ Permission **rejected**`,
-            flags: SILENT_MESSAGE_FLAGS,
+        pendingPermissionContexts.delete(contextHash);
+        // Update message: show result and remove dropdown
+        const resultText = (() => {
+            switch (response) {
+                case 'once':
+                    return '✅ Permission **accepted**';
+                case 'always':
+                    return '✅ Permission **accepted** (auto-approve similar requests)';
+                case 'reject':
+                    return '❌ Permission **rejected**';
+            }
+        })();
+        const patternStr = context.permission.patterns.join(', ');
+        await interaction.editReply({
+            content: `⚠️ **Permission Required**\n\n` +
+                `**Type:** \`${context.permission.permission}\`\n` +
+                (patternStr ? `**Pattern:** \`${patternStr}\`\n\n` : '\n') +
+                resultText,
+            components: [], // Remove the dropdown
         });
-        logger.log(`Permission ${pending.permission.id} rejected`);
+        logger.log(`Permission ${context.permission.id} ${response}`);
     }
     catch (error) {
-        logger.error('[REJECT] Error:', error);
-        await command.reply({
-            content: `Failed to reject permission: ${error instanceof Error ? error.message : 'Unknown error'}`,
-            ephemeral: true,
-            flags: SILENT_MESSAGE_FLAGS,
+        logger.error('Error handling permission:', error);
+        await interaction.editReply({
+            content: `Failed to process permission: ${error instanceof Error ? error.message : 'Unknown error'}`,
+            components: [],
         });
     }
 }
+/**
+ * Clean up a pending permission context (e.g., on auto-reject).
+ */
+export function cleanupPermissionContext(contextHash) {
+    pendingPermissionContexts.delete(contextHash);
+}

package/dist/interaction-handler.js

@@ -6,7 +6,7 @@ import { handleSessionCommand, handleSessionAutocomplete } from './commands/sess
 import { handleResumeCommand, handleResumeAutocomplete } from './commands/resume.js';
 import { handleAddProjectCommand, handleAddProjectAutocomplete } from './commands/add-project.js';
 import { handleCreateNewProjectCommand } from './commands/create-new-project.js';
-import { handleAcceptCommand, handleRejectCommand } from './commands/permissions.js';
+import { handlePermissionSelectMenu } from './commands/permissions.js';
 import { handleAbortCommand } from './commands/abort.js';
 import { handleShareCommand } from './commands/share.js';
 import { handleForkCommand, handleForkSelectMenu } from './commands/fork.js';
@@ -58,13 +58,6 @@ export function registerInteractionHandler({ discordClient, appId, }) {
                     case 'create-new-project':
                         await handleCreateNewProjectCommand({ command: interaction, appId });
                         return;
-                    case 'accept':
-                    case 'accept-always':
-                        await handleAcceptCommand({ command: interaction, appId });
-                        return;
-                    case 'reject':
-                        await handleRejectCommand({ command: interaction, appId });
-                        return;
                     case 'abort':
                     case 'stop':
                         await handleAbortCommand({ command: interaction, appId });
@@ -123,6 +116,10 @@ export function registerInteractionHandler({ discordClient, appId, }) {
                     await handleAskQuestionSelectMenu(interaction);
                     return;
                 }
+                if (customId.startsWith('permission:')) {
+                    await handlePermissionSelectMenu(interaction);
+                    return;
+                }
                 return;
             }
         }

package/dist/session-handler.js

@@ -10,6 +10,7 @@ import { getOpencodeSystemMessage } from './system-message.js';
 import { createLogger } from './logger.js';
 import { isAbortError } from './utils.js';
 import { showAskUserQuestionDropdowns } from './commands/ask-question.js';
+import { showPermissionDropdown, cleanupPermissionContext } from './commands/permissions.js';
 const sessionLogger = createLogger('SESSION');
 const voiceLogger = createLogger('VOICE');
 const discordLogger = createLogger('DISCORD');
@@ -142,11 +143,14 @@ export async function handleOpencodeSession({ prompt, thread, projectDirectory,
                 },
                 body: { response: 'reject' },
             });
+            // Clean up both the pending permission and its dropdown context
+            cleanupPermissionContext(pendingPerm.contextHash);
             pendingPermissions.delete(thread.id);
             await sendThreadMessage(thread, `⚠️ Previous permission request auto-rejected due to new message`);
         }
         catch (e) {
             sessionLogger.log(`[PERMISSION] Failed to auto-reject permission:`, e);
+            cleanupPermissionContext(pendingPerm.contextHash);
             pendingPermissions.delete(thread.id);
         }
     }
@@ -350,15 +354,17 @@ export async function handleOpencodeSession({ prompt, thread, projectDirectory,
                         continue;
                     }
                     sessionLogger.log(`Permission requested: permission=${permission.permission}, patterns=${permission.patterns.join(', ')}`);
-                    const patternStr = permission.patterns.join(', ');
-                    const permissionMessage = await sendThreadMessage(thread, `⚠️ **Permission Required**\n\n` +
-                        `**Type:** \`${permission.permission}\`\n` +
-                        (patternStr ? `**Pattern:** \`${patternStr}\`\n` : '') +
-                        `\nUse \`/accept\` or \`/reject\` to respond.`);
+                    // Show dropdown instead of text message
+                    const { messageId, contextHash } = await showPermissionDropdown({
+                        thread,
+                        permission,
+                        directory,
+                    });
                     pendingPermissions.set(thread.id, {
                         permission,
-                        messageId: permissionMessage.id,
+                        messageId,
                         directory,
+                        contextHash,
                     });
                 }
                 else if (event.type === 'permission.replied') {
@@ -369,6 +375,7 @@ export async function handleOpencodeSession({ prompt, thread, projectDirectory,
                     sessionLogger.log(`Permission ${requestID} replied with: ${reply}`);
                     const pending = pendingPermissions.get(thread.id);
                     if (pending && pending.permission.id === requestID) {
+                        cleanupPermissionContext(pending.contextHash);
                         pendingPermissions.delete(thread.id);
                     }
                 }

package/package.json

@@ -2,7 +2,7 @@
   "name": "kimaki",
   "module": "index.ts",
   "type": "module",
-  "version": "0.4.26",
+  "version": "0.4.27",
   "scripts": {
     "dev": "tsx --env-file .env src/cli.ts",
     "prepublishOnly": "pnpm tsc",

package/src/cli.ts

@@ -219,18 +219,6 @@ async function registerCommands(token: string, appId: string, userCommands: Open
         return option
       })
       .toJSON(),
-    new SlashCommandBuilder()
-      .setName('accept')
-      .setDescription('Accept a pending permission request (this request only)')
-      .toJSON(),
-    new SlashCommandBuilder()
-      .setName('accept-always')
-      .setDescription('Accept and auto-approve future requests matching this pattern')
-      .toJSON(),
-    new SlashCommandBuilder()
-      .setName('reject')
-      .setDescription('Reject a pending permission request')
-      .toJSON(),
     new SlashCommandBuilder()
       .setName('abort')
       .setDescription('Abort the current OpenCode request in this thread')

package/src/commands/ask-question.ts

@@ -9,7 +9,7 @@ import {
   type ThreadChannel,
 } from 'discord.js'
 import crypto from 'node:crypto'
-import { sendThreadMessage } from '../discord-utils.js'
+import { sendThreadMessage, NOTIFY_MESSAGE_FLAGS } from '../discord-utils.js'
 import { getOpencodeServerPort } from '../opencode.js'
 import { createLogger } from '../logger.js'
 
@@ -111,6 +111,7 @@ export async function showAskUserQuestionDropdowns({
     await thread.send({
       content: `**${q.header}**\n${q.question}`,
       components: [actionRow],
+      flags: NOTIFY_MESSAGE_FLAGS,
     })
   }
 

package/src/commands/permissions.ts

@@ -1,146 +1,171 @@
-// Permission commands - /accept, /accept-always, /reject
-
-import { ChannelType } from 'discord.js'
-import type { CommandContext } from './types.js'
+// Permission dropdown handler - Shows dropdown for permission requests.
+// When OpenCode asks for permission, this module renders a dropdown
+// with Accept, Accept Always, and Deny options.
+
+import {
+  StringSelectMenuBuilder,
+  StringSelectMenuInteraction,
+  ActionRowBuilder,
+  type ThreadChannel,
+} from 'discord.js'
+import crypto from 'node:crypto'
+import type { PermissionRequest } from '@opencode-ai/sdk/v2'
 import { initializeOpencodeForDirectory } from '../opencode.js'
-import { pendingPermissions } from '../session-handler.js'
-import { SILENT_MESSAGE_FLAGS } from '../discord-utils.js'
+import { NOTIFY_MESSAGE_FLAGS } from '../discord-utils.js'
 import { createLogger } from '../logger.js'
 
 const logger = createLogger('PERMISSIONS')
 
-export async function handleAcceptCommand({
-  command,
-}: CommandContext): Promise<void> {
-  const scope = command.commandName === 'accept-always' ? 'always' : 'once'
-  const channel = command.channel
-
-  if (!channel) {
-    await command.reply({
-      content: 'This command can only be used in a channel',
-      ephemeral: true,
-      flags: SILENT_MESSAGE_FLAGS,
-    })
-    return
-  }
-
-  const isThread = [
-    ChannelType.PublicThread,
-    ChannelType.PrivateThread,
-    ChannelType.AnnouncementThread,
-  ].includes(channel.type)
-
-  if (!isThread) {
-    await command.reply({
-      content: 'This command can only be used in a thread with an active session',
-      ephemeral: true,
-      flags: SILENT_MESSAGE_FLAGS,
-    })
-    return
-  }
+type PendingPermissionContext = {
+  permission: PermissionRequest
+  directory: string
+  thread: ThreadChannel
+  contextHash: string
+}
 
-  const pending = pendingPermissions.get(channel.id)
-  if (!pending) {
-    await command.reply({
-      content: 'No pending permission request in this thread',
-      ephemeral: true,
-      flags: SILENT_MESSAGE_FLAGS,
-    })
-    return
+// Store pending permission contexts by hash
+export const pendingPermissionContexts = new Map<string, PendingPermissionContext>()
+
+/**
+ * Show permission dropdown for a permission request.
+ * Returns the message ID and context hash for tracking.
+ */
+export async function showPermissionDropdown({
+  thread,
+  permission,
+  directory,
+}: {
+  thread: ThreadChannel
+  permission: PermissionRequest
+  directory: string
+}): Promise<{ messageId: string; contextHash: string }> {
+  const contextHash = crypto.randomBytes(8).toString('hex')
+
+  const context: PendingPermissionContext = {
+    permission,
+    directory,
+    thread,
+    contextHash,
   }
 
-  try {
-    const getClient = await initializeOpencodeForDirectory(pending.directory)
-    await getClient().postSessionIdPermissionsPermissionId({
-      path: {
-        id: pending.permission.sessionID,
-        permissionID: pending.permission.id,
-      },
-      body: {
-        response: scope,
-      },
-    })
-
-    pendingPermissions.delete(channel.id)
-    const msg =
-      scope === 'always'
-        ? `✅ Permission **accepted** (auto-approve similar requests)`
-        : `✅ Permission **accepted**`
-    await command.reply({ content: msg, flags: SILENT_MESSAGE_FLAGS })
-    logger.log(`Permission ${pending.permission.id} accepted with scope: ${scope}`)
-  } catch (error) {
-    logger.error('[ACCEPT] Error:', error)
-    await command.reply({
-      content: `Failed to accept permission: ${error instanceof Error ? error.message : 'Unknown error'}`,
-      ephemeral: true,
-      flags: SILENT_MESSAGE_FLAGS,
-    })
-  }
+  pendingPermissionContexts.set(contextHash, context)
+
+  const patternStr = permission.patterns.join(', ')
+
+  // Build dropdown options
+  const options = [
+    {
+      label: 'Accept',
+      value: 'once',
+      description: 'Allow this request only',
+    },
+    {
+      label: 'Accept Always',
+      value: 'always',
+      description: 'Auto-approve similar requests',
+    },
+    {
+      label: 'Deny',
+      value: 'reject',
+      description: 'Reject this permission request',
+    },
+  ]
+
+  const selectMenu = new StringSelectMenuBuilder()
+    .setCustomId(`permission:${contextHash}`)
+    .setPlaceholder('Choose an action')
+    .addOptions(options)
+
+  const actionRow = new ActionRowBuilder<StringSelectMenuBuilder>().addComponents(selectMenu)
+
+  const permissionMessage = await thread.send({
+    content:
+      `⚠️ **Permission Required**\n\n` +
+      `**Type:** \`${permission.permission}\`\n` +
+      (patternStr ? `**Pattern:** \`${patternStr}\`` : ''),
+    components: [actionRow],
+    flags: NOTIFY_MESSAGE_FLAGS,
+  })
+
+  logger.log(`Showed permission dropdown for ${permission.id}`)
+
+  return { messageId: permissionMessage.id, contextHash }
 }
 
-export async function handleRejectCommand({
-  command,
-}: CommandContext): Promise<void> {
-  const channel = command.channel
+/**
+ * Handle dropdown selection for permission.
+ */
+export async function handlePermissionSelectMenu(
+  interaction: StringSelectMenuInteraction
+): Promise<void> {
+  const customId = interaction.customId
 
-  if (!channel) {
-    await command.reply({
-      content: 'This command can only be used in a channel',
-      ephemeral: true,
-      flags: SILENT_MESSAGE_FLAGS,
-    })
+  if (!customId.startsWith('permission:')) {
     return
   }
 
-  const isThread = [
-    ChannelType.PublicThread,
-    ChannelType.PrivateThread,
-    ChannelType.AnnouncementThread,
-  ].includes(channel.type)
+  const contextHash = customId.replace('permission:', '')
+  const context = pendingPermissionContexts.get(contextHash)
 
-  if (!isThread) {
-    await command.reply({
-      content: 'This command can only be used in a thread with an active session',
+  if (!context) {
+    await interaction.reply({
+      content: 'This permission request has expired or was already handled.',
       ephemeral: true,
-      flags: SILENT_MESSAGE_FLAGS,
     })
     return
   }
 
-  const pending = pendingPermissions.get(channel.id)
-  if (!pending) {
-    await command.reply({
-      content: 'No pending permission request in this thread',
-      ephemeral: true,
-      flags: SILENT_MESSAGE_FLAGS,
-    })
-    return
-  }
+  await interaction.deferUpdate()
+
+  const response = interaction.values[0] as 'once' | 'always' | 'reject'
 
   try {
-    const getClient = await initializeOpencodeForDirectory(pending.directory)
+    const getClient = await initializeOpencodeForDirectory(context.directory)
     await getClient().postSessionIdPermissionsPermissionId({
       path: {
-        id: pending.permission.sessionID,
-        permissionID: pending.permission.id,
-      },
-      body: {
-        response: 'reject',
+        id: context.permission.sessionID,
+        permissionID: context.permission.id,
       },
+      body: { response },
     })
 
-    pendingPermissions.delete(channel.id)
-    await command.reply({
-      content: `❌ Permission **rejected**`,
-      flags: SILENT_MESSAGE_FLAGS,
+    pendingPermissionContexts.delete(contextHash)
+
+    // Update message: show result and remove dropdown
+    const resultText = (() => {
+      switch (response) {
+        case 'once':
+          return '✅ Permission **accepted**'
+        case 'always':
+          return '✅ Permission **accepted** (auto-approve similar requests)'
+        case 'reject':
+          return '❌ Permission **rejected**'
+      }
+    })()
+
+    const patternStr = context.permission.patterns.join(', ')
+    await interaction.editReply({
+      content:
+        `⚠️ **Permission Required**\n\n` +
+        `**Type:** \`${context.permission.permission}\`\n` +
+        (patternStr ? `**Pattern:** \`${patternStr}\`\n\n` : '\n') +
+        resultText,
+      components: [], // Remove the dropdown
     })
-    logger.log(`Permission ${pending.permission.id} rejected`)
+
+    logger.log(`Permission ${context.permission.id} ${response}`)
   } catch (error) {
-    logger.error('[REJECT] Error:', error)
-    await command.reply({
-      content: `Failed to reject permission: ${error instanceof Error ? error.message : 'Unknown error'}`,
-      ephemeral: true,
-      flags: SILENT_MESSAGE_FLAGS,
+    logger.error('Error handling permission:', error)
+    await interaction.editReply({
+      content: `Failed to process permission: ${error instanceof Error ? error.message : 'Unknown error'}`,
+      components: [],
     })
   }
 }
+
+/**
+ * Clean up a pending permission context (e.g., on auto-reject).
+ */
+export function cleanupPermissionContext(contextHash: string): void {
+  pendingPermissionContexts.delete(contextHash)
+}

package/src/interaction-handler.ts

@@ -7,7 +7,7 @@ import { handleSessionCommand, handleSessionAutocomplete } from './commands/sess
 import { handleResumeCommand, handleResumeAutocomplete } from './commands/resume.js'
 import { handleAddProjectCommand, handleAddProjectAutocomplete } from './commands/add-project.js'
 import { handleCreateNewProjectCommand } from './commands/create-new-project.js'
-import { handleAcceptCommand, handleRejectCommand } from './commands/permissions.js'
+import { handlePermissionSelectMenu } from './commands/permissions.js'
 import { handleAbortCommand } from './commands/abort.js'
 import { handleShareCommand } from './commands/share.js'
 import { handleForkCommand, handleForkSelectMenu } from './commands/fork.js'
@@ -85,15 +85,6 @@ export function registerInteractionHandler({
               await handleCreateNewProjectCommand({ command: interaction, appId })
               return
 
-            case 'accept':
-            case 'accept-always':
-              await handleAcceptCommand({ command: interaction, appId })
-              return
-
-            case 'reject':
-              await handleRejectCommand({ command: interaction, appId })
-              return
-
             case 'abort':
             case 'stop':
               await handleAbortCommand({ command: interaction, appId })
@@ -167,6 +158,11 @@ export function registerInteractionHandler({
             await handleAskQuestionSelectMenu(interaction)
             return
           }
+
+          if (customId.startsWith('permission:')) {
+            await handlePermissionSelectMenu(interaction)
+            return
+          }
           return
         }
       } catch (error) {

package/src/session-handler.ts

@@ -14,6 +14,7 @@ import { getOpencodeSystemMessage } from './system-message.js'
 import { createLogger } from './logger.js'
 import { isAbortError } from './utils.js'
 import { showAskUserQuestionDropdowns } from './commands/ask-question.js'
+import { showPermissionDropdown, cleanupPermissionContext } from './commands/permissions.js'
 
 const sessionLogger = createLogger('SESSION')
 const voiceLogger = createLogger('VOICE')
@@ -23,7 +24,7 @@ export const abortControllers = new Map<string, AbortController>()
 
 export const pendingPermissions = new Map<
   string,
-  { permission: PermissionRequest; messageId: string; directory: string }
+  { permission: PermissionRequest; messageId: string; directory: string; contextHash: string }
 >()
 
 export type QueuedMessage = {
@@ -227,10 +228,13 @@ export async function handleOpencodeSession({
         },
         body: { response: 'reject' },
       })
+      // Clean up both the pending permission and its dropdown context
+      cleanupPermissionContext(pendingPerm.contextHash)
       pendingPermissions.delete(thread.id)
       await sendThreadMessage(thread, `⚠️ Previous permission request auto-rejected due to new message`)
     } catch (e) {
       sessionLogger.log(`[PERMISSION] Failed to auto-reject permission:`, e)
+      cleanupPermissionContext(pendingPerm.contextHash)
       pendingPermissions.delete(thread.id)
     }
   }
@@ -484,20 +488,18 @@ export async function handleOpencodeSession({
             `Permission requested: permission=${permission.permission}, patterns=${permission.patterns.join(', ')}`,
           )
 
-          const patternStr = permission.patterns.join(', ')
-
-          const permissionMessage = await sendThreadMessage(
+          // Show dropdown instead of text message
+          const { messageId, contextHash } = await showPermissionDropdown({
             thread,
-            `⚠️ **Permission Required**\n\n` +
-              `**Type:** \`${permission.permission}\`\n` +
-              (patternStr ? `**Pattern:** \`${patternStr}\`\n` : '') +
-              `\nUse \`/accept\` or \`/reject\` to respond.`,
-          )
+            permission,
+            directory,
+          })
 
           pendingPermissions.set(thread.id, {
             permission,
-            messageId: permissionMessage.id,
+            messageId,
             directory,
+            contextHash,
           })
         } else if (event.type === 'permission.replied') {
           const { requestID, reply, sessionID } = event.properties
@@ -511,6 +513,7 @@ export async function handleOpencodeSession({
 
           const pending = pendingPermissions.get(thread.id)
           if (pending && pending.permission.id === requestID) {
+            cleanupPermissionContext(pending.contextHash)
             pendingPermissions.delete(thread.id)
           }
         } else if (event.type === 'question.asked') {