polygram 0.8.0-rc.19 → 0.8.0-rc.20

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://anthropic.com/claude-code/plugin.schema.json",
   "name": "polygram",
-  "version": "0.8.0-rc.19",
+  "version": "0.8.0-rc.20",
   "description": "Telegram integration for Claude Code that preserves the OpenClaw per-chat session model. Migration target for OpenClaw users. Multi-bot, multi-chat, per-topic isolation; SQLite transcripts; inline-keyboard approvals. Bundles /polygram:status|logs|pair-code|approvals admin commands and a history skill.",
   "keywords": [
     "telegram",

package/lib/approval-ui.js

@@ -0,0 +1,135 @@
+/**
+ * Pure UI builders for the approval flow's Telegram surface.
+ *
+ *   - 2-button keyboard (CLI pm IPC approval-hook flow)
+ *   - 4-button keyboard (rc.6 SDK pm canUseTool flow with persisted
+ *     "Always allow / Always deny" via chat_tool_decisions)
+ *   - Card text with friendly heading + clipped tool_input body
+ *
+ * No runtime dependencies — these are pure transforms suitable for
+ * unit-testing in isolation. The polygram.js side wires them to
+ * `tg(bot, 'sendMessage', ...)` / `editMessageText`.
+ */
+
+'use strict';
+
+/**
+ * 2-button keyboard for the legacy IPC approval flow.
+ * @param {number|string} approvalId
+ * @param {string} token
+ */
+function buildApprovalKeyboard(approvalId, token) {
+  return {
+    inline_keyboard: [[
+      { text: '✅ Approve', callback_data: `approve:${approvalId}:${token}` },
+      { text: '❌ Deny',    callback_data: `deny:${approvalId}:${token}` },
+    ]],
+  };
+}
+
+/**
+ * 4-button keyboard for the SDK canUseTool flow (rc.6 Phase 2 step 6).
+ * "Always allow" / "Always deny" rows persist the decision into
+ * `chat_tool_decisions` so subsequent invocations of the same tool
+ * with the same input short-circuit.
+ *
+ * Callback_data conventions:
+ *   approve:<id>:<token>          — one-time allow
+ *   deny:<id>:<token>             — one-time deny
+ *   approve-always:<id>:<token>   — allow + persist
+ *   deny-always:<id>:<token>      — deny + persist
+ *
+ * @param {number|string} approvalId
+ * @param {string} token
+ */
+function buildApprovalKeyboardWithAlways(approvalId, token) {
+  return {
+    inline_keyboard: [
+      [
+        { text: '✅ Approve', callback_data: `approve:${approvalId}:${token}` },
+        { text: '❌ Deny',    callback_data: `deny:${approvalId}:${token}` },
+      ],
+      [
+        { text: '🔁 Always allow', callback_data: `approve-always:${approvalId}:${token}` },
+        { text: '🚫 Always deny',  callback_data: `deny-always:${approvalId}:${token}` },
+      ],
+    ],
+  };
+}
+
+/**
+ * Format a tool_input value for the inline-keyboard card body.
+ * Clips aggressively so the whole card stays under Telegram's
+ * 4096-char limit (approval card has surrounding metadata too).
+ *
+ * @param {unknown} input — string OR any JSON-able object
+ * @returns {string}
+ */
+function formatToolInputForCard(input) {
+  let s;
+  try {
+    s = typeof input === 'string' ? input : JSON.stringify(input, null, 2);
+  } catch {
+    s = String(input);
+  }
+  // JSON.stringify(undefined) returns undefined, and objects with
+  // a circular toJSON could surface odd values too. Fall back to
+  // String() so we always operate on a real string.
+  if (typeof s !== 'string') s = String(input);
+  if (s.length <= 1200) return s;
+  return s.slice(0, 900) + '\n…[clipped]…\n' + s.slice(-200);
+}
+
+/**
+ * Approval card text. Plain-text only (NO parse_mode) — tool_input
+ * originates from Claude and could contain Markdown specials or
+ * tg:// links crafted for phishing.
+ *
+ * @param {object} row             — approval row from the approvals store
+ * @param {string} row.tool_name
+ * @param {number|string|null} row.turn_id
+ * @param {string} row.requester_chat_id
+ * @param {object|string|null} [row.tool_input_json]
+ * @param {object|string|null} [row.tool_input]    — alias for tool_input_json
+ * @param {number} row.timeout_ts  — unix ms when the row expires
+ * @param {object} [opts]
+ * @param {string} [opts.resolvedBy] — heading override for resolved cards
+ *                                     (e.g. "✓ Approved by ivan").
+ *                                     When set, footer is dropped.
+ *                                     When unset, heading is "Approval needed — <tool>"
+ *                                     and footer shows seconds-to-expire.
+ * @param {() => number} [opts.now]  — clock injection for tests
+ *
+ * @returns {string}
+ */
+function approvalCardText(row, opts = {}) {
+  const now = (typeof opts.now === 'function' ? opts.now : Date.now)();
+  const heading = opts.resolvedBy
+    ? opts.resolvedBy
+    : `Approval needed — ${row.tool_name}`;
+  // tool_input may arrive as a parsed object OR a JSON string under
+  // either key name depending on the call site.
+  const inputSource = row.tool_input_json !== undefined
+    ? row.tool_input_json
+    : row.tool_input;
+  const parsed = typeof inputSource === 'string'
+    ? safeParse(inputSource)
+    : inputSource;
+  const body = formatToolInputForCard(parsed);
+  const ttl = Math.max(0, Math.round((row.timeout_ts - now) / 1000));
+  const footer = opts.resolvedBy ? '' : `\n\n⏱ expires in ${ttl}s`;
+  return `${heading}\nChat: ${row.requester_chat_id}\nTurn: ${row.turn_id || '-'}\n\n${body}${footer}`;
+}
+
+function safeParse(s) {
+  try { return JSON.parse(s); } catch { return s; }
+}
+
+module.exports = {
+  buildApprovalKeyboard,
+  buildApprovalKeyboardWithAlways,
+  formatToolInputForCard,
+  approvalCardText,
+  // Internals exposed for tests
+  _safeParse: safeParse,
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "polygram",
-  "version": "0.8.0-rc.19",
+  "version": "0.8.0-rc.20",
   "description": "Telegram daemon for Claude Code that preserves the OpenClaw per-chat session model. Migration path for OpenClaw users moving to Claude Code.",
   "main": "lib/ipc-client.js",
   "bin": {

package/polygram.js

@@ -34,6 +34,12 @@ const { ProcessManagerSdk } = require('./lib/process-manager-sdk');
 const { createAutosteerBuffer, makePostToolBatchHook } = require('./lib/autosteer-buffer');
 const { makeRouterPolicy, createPmRouter } = require('./lib/pm-router');
 const { canonicalizeToolInput } = require('./lib/canonical-json');
+const {
+  buildApprovalKeyboard,
+  buildApprovalKeyboardWithAlways,
+  formatToolInputForCard,
+  approvalCardText,
+} = require('./lib/approval-ui');
 const agentLoader = require('./lib/agent-loader');
 const USE_SDK = process.env.POLYGRAM_USE_SDK === '1';
 const { createSender } = require('./lib/telegram');
@@ -1232,51 +1238,9 @@ async function handleSendOverIpc(req) {
 }
 
 // ─── Approvals ─────────────────────────────────────────────────────
-
-// Format a tool_input for the inline keyboard card. Clip aggressively so
-// the card doesn't exceed Telegram's 4096-char limit.
-function formatToolInputForCard(input) {
-  let s;
-  try { s = typeof input === 'string' ? input : JSON.stringify(input, null, 2); }
-  catch { s = String(input); }
-  if (s.length <= 1200) return s;
-  return s.slice(0, 900) + '\n…[clipped]…\n' + s.slice(-200);
-}
-
-function buildApprovalKeyboard(approvalId, token) {
-  return {
-    inline_keyboard: [[
-      { text: '✅ Approve', callback_data: `approve:${approvalId}:${token}` },
-      { text: '❌ Deny',    callback_data: `deny:${approvalId}:${token}` },
-    ]],
-  };
-}
-
-// 0.8.0 Phase 2 step 6: 4-button approval keyboard for SDK canUseTool
-// flow. Adds "Always allow" and "Always deny" rows that persist the
-// decision into chat_tool_decisions (via callback_query handler),
-// so subsequent invocations of the same tool with the same input
-// short-circuit without prompting.
-//
-// Callback_data conventions:
-//   approve:<id>:<token>          — one-time allow
-//   deny:<id>:<token>             — one-time deny
-//   approve-always:<id>:<token>   — allow + persist
-//   deny-always:<id>:<token>      — deny + persist
-function buildApprovalKeyboardWithAlways(approvalId, token) {
-  return {
-    inline_keyboard: [
-      [
-        { text: '✅ Approve', callback_data: `approve:${approvalId}:${token}` },
-        { text: '❌ Deny',    callback_data: `deny:${approvalId}:${token}` },
-      ],
-      [
-        { text: '🔁 Always allow', callback_data: `approve-always:${approvalId}:${token}` },
-        { text: '🚫 Always deny',  callback_data: `deny-always:${approvalId}:${token}` },
-      ],
-    ],
-  };
-}
+// rc.20: pure UI builders moved to lib/approval-ui.js for testability.
+// Imported above (buildApprovalKeyboard, buildApprovalKeyboardWithAlways,
+// approvalCardText, formatToolInputForCard).
 
 // /model and /effort inline keyboard. `show` controls which row(s) appear:
 // 'model', 'effort', or 'all'. The current value gets a ✓ marker so the
@@ -1345,28 +1309,7 @@ function formatConfigInfoText(chatConfig, show, sessionKey) {
   return body;
 }
 
-function approvalCardText(row, opts = {}) {
-  // No parse_mode is used on this card — tool_name/turn_id/tool_input
-  // originate from the Claude subprocess and could contain Markdown special
-  // chars or tg:// links crafted for phishing. Plain text renders as-is.
-  const heading = opts.resolvedBy
-    ? opts.resolvedBy
-    : `Approval needed — ${row.tool_name}`;
-  const body = formatToolInputForCard(
-    typeof row.tool_input_json === 'string'
-      ? safeParse(row.tool_input_json)
-      : row.tool_input_json,
-  );
-  const ttl = Math.max(0, Math.round((row.timeout_ts - Date.now()) / 1000));
-  const footer = opts.resolvedBy
-    ? ''
-    : `\n\n⏱ expires in ${ttl}s`;
-  return `${heading}\nChat: ${row.requester_chat_id}\nTurn: ${row.turn_id || '-'}\n\n${body}${footer}`;
-}
-
-function safeParse(s) {
-  try { return JSON.parse(s); } catch { return s; }
-}
+// rc.20: approvalCardText + safeParse moved to lib/approval-ui.js.
 
 // 0.8.0-rc.18+: canonicalizeToolInput moved to lib/canonical-json.js
 // for testability. Same function, no behavior change.