feat: interactive permission requests via Discord buttons

When Claude wants to use a tool that isn't pre-approved (e.g. Bash, Write),
the bot now shows an Allow/Deny embed with buttons in Discord instead of
auto-denying. This makes the 'default' permission mode usable for Discord.

- New module: claude/permission-request.ts (types, embed builder, button parser)
- canUseTool callback delegates to onPermissionRequest when available
- createPermissionRequestHandler wired through handler-registry
- Embed shows tool name, action description, input preview
- Turns green/red after user clicks Allow/Deny

Author: zebbern

claude/client.ts

@@ -1,6 +1,7 @@
 import { query as claudeQuery, type SDKMessage, type AgentDefinition as SDKAgentDefinition, type ModelInfo as SDKModelInfo, type SdkBeta, type McpServerConfig, type HookEvent, type HookCallbackMatcher } from "@anthropic-ai/claude-agent-sdk";
 import { setActiveQuery, trackMessageId, clearTrackedMessages } from "./query-manager.ts";
 import type { AskUserQuestionInput, AskUserCallback } from "./user-question.ts";
+import type { PermissionRequestCallback } from "./permission-request.ts";
 import * as path from "https://deno.land/std@0.208.0/path/mod.ts";
 
 // Load MCP server configs from .claude/mcp.json
@@ -146,6 +147,10 @@ export interface ClaudeModelOptions {
   /** Callback for AskUserQuestion tool — Claude asks the user mid-session.
    *  If provided, the AskUserQuestion tool is enabled and routed through this callback. */
   onAskUser?: AskUserCallback;
+  /** Callback for interactive permission requests — replaces auto-deny.
+   *  When Claude wants to use a tool that isn't pre-approved, this callback
+   *  presents Allow/Deny buttons in Discord and waits for a response. */
+  onPermissionRequest?: PermissionRequestCallback;
 }
 
 // Wrapper for Claude Code SDK query function
@@ -279,6 +284,20 @@ export async function sendToClaudeCode(
               return { behavior: 'allow' as const, updatedInput: input };
             }
 
+            // Interactive permission request — show Discord buttons for Allow/Deny
+            if (modelOptions?.onPermissionRequest) {
+              try {
+                const allowed = await modelOptions.onPermissionRequest(toolName, input);
+                if (allowed) {
+                  return { behavior: 'allow' as const, updatedInput: input };
+                }
+                return { behavior: 'deny' as const, message: `User denied tool: ${toolName}` };
+              } catch (err) {
+                console.error(`[PermissionRequest] Error for ${toolName}:`, err);
+                return { behavior: 'deny' as const, message: `Permission request failed for: ${toolName}` };
+              }
+            }
+
             return { behavior: 'deny' as const, message: `Tool ${toolName} not pre-approved` };
           },
           env: envVars,

claude/index.ts

@@ -56,4 +56,7 @@ export { buildHooks } from "./hooks.ts";
 export type { HookConfig, HookEvent_Discord } from "./hooks.ts";
 // AskUserQuestion — interactive question flow (SDK v0.1.71+)
 export { buildQuestionMessages, parseAskUserButtonId, parseAskUserConfirmId } from "./user-question.ts";
-export type { AskUserCallback, AskUserQuestionInput, AskUserQuestionItem, AskUserOption } from "./user-question.ts";
+export type { AskUserCallback, AskUserQuestionInput, AskUserQuestionItem, AskUserOption } from "./user-question.ts";
+// PermissionRequest — interactive tool-permission flow (replaces TUI prompt)
+export { buildPermissionEmbed, describeToolAction, parsePermissionButtonId } from "./permission-request.ts";
+export type { PermissionRequestCallback } from "./permission-request.ts";

claude/permission-request.ts

@@ -0,0 +1,104 @@
+/**
+ * PermissionRequest — Interactive tool-permission flow for Claude ↔ Discord.
+ *
+ * When Claude wants to use a tool that isn't pre-approved (e.g. Bash, Write)
+ * in `default` or `acceptEdits` permission modes, the SDK fires `canUseTool`.
+ * Instead of auto-denying, this module presents an Allow / Deny embed with
+ * buttons in Discord and waits for the user's click.
+ *
+ * This replaces the terminal TUI "Allow tool X? [Y/n]" prompt with a
+ * Discord-native interaction.
+ *
+ * @module claude/permission-request
+ */
+
+// ================================
+// Types
+// ================================
+
+/**
+ * Callback that presents a tool-permission request to the user and returns
+ * `true` (allow) or `false` (deny).
+ *
+ * Throwing rejects the tool use (deny).
+ */
+export type PermissionRequestCallback = (
+  toolName: string,
+  toolInput: Record<string, unknown>,
+) => Promise<boolean>;
+
+// ================================
+// Helpers
+// ================================
+
+/** Max characters to show from the tool input JSON in the embed. */
+const INPUT_PREVIEW_MAX = 800;
+
+/** Truncate a JSON string for embed display. */
+function truncateJson(obj: Record<string, unknown>, maxLen: number): string {
+  const raw = JSON.stringify(obj, null, 2);
+  if (raw.length <= maxLen) return raw;
+  return raw.slice(0, maxLen) + '\n… (truncated)';
+}
+
+/**
+ * Build a short human-readable description of what the tool is about to do.
+ * Covers the most common built-in tools.
+ */
+export function describeToolAction(toolName: string, input: Record<string, unknown>): string {
+  switch (toolName) {
+    case 'Bash':
+    case 'bash':
+      return `Run command: \`${String(input.command ?? input.cmd ?? '').slice(0, 200)}\``;
+    case 'Write':
+    case 'write':
+    case 'CreateFile':
+      return `Write file: \`${String(input.file_path ?? input.path ?? 'unknown')}\``;
+    case 'Edit':
+    case 'edit':
+      return `Edit file: \`${String(input.file_path ?? input.path ?? 'unknown')}\``;
+    case 'MultiEdit':
+      return `Multi-edit file: \`${String(input.file_path ?? input.path ?? 'unknown')}\``;
+    default:
+      return `Use tool: **${toolName}**`;
+  }
+}
+
+/**
+ * Build the Discord embed data for a permission request.
+ *
+ * Returned as a plain object so the caller (index.ts) can wrap it
+ * in the Discord.js EmbedBuilder.
+ */
+export function buildPermissionEmbed(toolName: string, input: Record<string, unknown>): {
+  color: number;
+  title: string;
+  description: string;
+  fields: Array<{ name: string; value: string; inline: boolean }>;
+  footer: { text: string };
+} {
+  const action = describeToolAction(toolName, input);
+  const preview = truncateJson(input, INPUT_PREVIEW_MAX);
+
+  return {
+    color: 0xff9900, // Orange — "waiting for you"
+    title: `🔐 Permission Request: ${toolName}`,
+    description: `Claude wants to ${action}\n\nClick **Allow** to proceed or **Deny** to block this action.`,
+    fields: [
+      { name: 'Tool', value: `\`${toolName}\``, inline: true },
+      { name: 'Input', value: `\`\`\`json\n${preview}\n\`\`\``, inline: false },
+    ],
+    footer: { text: 'Claude is waiting for your decision — this controls what tools are permitted' },
+  };
+}
+
+/**
+ * Parse a permission-request button custom ID.
+ *
+ * Custom IDs follow the pattern: `perm-req:<nonce>:allow` or `perm-req:<nonce>:deny`.
+ */
+export function parsePermissionButtonId(customId: string): { nonce: string; allowed: boolean } | null {
+  const match = customId.match(/^perm-req:([^:]+):(allow|deny)$/);
+  if (!match) return null;
+  return { nonce: match[1], allowed: match[2] === 'allow' };
+}

core/handler-registry.ts

@@ -30,6 +30,7 @@ import { infoCommands, createInfoCommandHandlers } from "../claude/index.ts";
 import { cleanSessionId, ClaudeSessionManager } from "../claude/index.ts";
 import type { ClaudeModelOptions } from "../claude/index.ts";
 import type { AskUserCallback } from "../claude/index.ts";
+import type { PermissionRequestCallback } from "../claude/index.ts";
 import { buildHooks } from "../claude/hooks.ts";
 import type { HookEvent_Discord } from "../claude/hooks.ts";
 import { THINKING_MODES, OPERATION_MODES, EFFORT_LEVELS } from "../settings/index.ts";
@@ -173,6 +174,9 @@ export interface HandlerRegistryDeps {
   /** Late-bound callback for AskUserQuestion tool — Claude asks the Discord user mid-session.
    *  Set from index.ts after bot is created. */
   onAskUser?: AskUserCallback;
+  /** Late-bound callback for interactive permission requests — replaces auto-deny.
+   *  Shows Allow/Deny buttons in Discord when Claude wants to use an unapproved tool. */
+  onPermissionRequest?: PermissionRequestCallback;
 }
 
 /**
@@ -490,6 +494,11 @@ export function createAllHandlers(
     if (deps.onAskUser) {
       opts.onAskUser = deps.onAskUser;
     }
+
+    // PermissionRequest — interactive Allow/Deny buttons (late-bound from index.ts)
+    if (deps.onPermissionRequest) {
+      opts.onPermissionRequest = deps.onPermissionRequest;
+    }
 
     return opts;
   }

index.ts

@@ -21,6 +21,7 @@ import {
 import { getGitInfo } from "./git/index.ts";
 import { createClaudeSender, expandableContent, type DiscordSender, type ClaudeMessage } from "./claude/index.ts";
 import { buildQuestionMessages, parseAskUserButtonId, parseAskUserConfirmId, type AskUserQuestionInput } from "./claude/index.ts";
+import { buildPermissionEmbed, parsePermissionButtonId, type PermissionRequestCallback } from "./claude/index.ts";
 import { claudeCommands, enhancedClaudeCommands } from "./claude/index.ts";
 import { additionalClaudeCommands } from "./claude/additional-index.ts";
 import { initModels } from "./claude/enhanced-client.ts";
@@ -120,6 +121,11 @@ export async function createClaudeCodeBot(config: BotConfig) {
   // and waits for the user's click.
   // Uses an object wrapper so TypeScript doesn't narrow the closure to `never`.
   const askUserState: { handler: ((input: AskUserQuestionInput) => Promise<Record<string, string>>) | null } = { handler: null };
+
+  // Late-bound PermissionRequest handler — set after bot is created.
+  // When Claude wants to use a tool that isn't pre-approved, this shows
+  // Allow/Deny buttons in Discord and returns the user's decision.
+  const permReqState: { handler: PermissionRequestCallback | null } = { handler: null };
 
   // Create sendClaudeMessages function that uses the sender when available
   const sendClaudeMessages = async (messages: ClaudeMessage[]) => {
@@ -136,6 +142,15 @@ export async function createClaudeCodeBot(config: BotConfig) {
     return await askUserState.handler(input);
   };
 
+  // Create onPermissionRequest wrapper — delegates to permReqState.handler once bot is ready
+  const onPermissionRequest: PermissionRequestCallback = async (toolName, toolInput) => {
+    if (!permReqState.handler) {
+      console.warn('[PermissionRequest] Handler not initialized — auto-denying');
+      return false;
+    }
+    return await permReqState.handler(toolName, toolInput);
+  };
+
   // Create all handlers using the registry (centralized handler creation)
   const allHandlers: AllHandlers = createAllHandlers(
     {
@@ -153,6 +168,7 @@ export async function createClaudeCodeBot(config: BotConfig) {
       claudeSessionManager,
       sendClaudeMessages,
       onAskUser,
+      onPermissionRequest,
       onBotSettingsUpdate: (settings) => {
         botSettings.mentionEnabled = settings.mentionEnabled;
         botSettings.mentionUserId = settings.mentionUserId;
@@ -212,6 +228,9 @@ export async function createClaudeCodeBot(config: BotConfig) {
 
   // Initialize AskUserQuestion handler — sends questions to Discord, waits for button clicks
   askUserState.handler = createAskUserDiscordHandler(bot);
+
+  // Initialize PermissionRequest handler — shows Allow/Deny buttons for unapproved tools
+  permReqState.handler = createPermissionRequestHandler(bot);
 
   // Check for updates (non-blocking)
   runVersionCheck().then(async ({ updateAvailable, embed }) => {
@@ -431,6 +450,81 @@ function createAskUserDiscordHandler(bot: any): (input: AskUserQuestionInput) =>
     return answers;
   };
 }
+
+/**
+ * Create the PermissionRequest handler that uses the Discord channel.
+ *
+ * When Claude wants to use a tool that isn't pre-approved:
+ * 1. Builds an embed showing the tool name and input preview
+ * 2. Adds Allow / Deny buttons
+ * 3. Sends to the bot's channel
+ * 4. Waits for a button click (no timeout — user decides)
+ * 5. Returns true (allow) or false (deny)
+ */
+// deno-lint-ignore no-explicit-any
+function createPermissionRequestHandler(bot: any): PermissionRequestCallback {
+  // Simple incrementing nonce to disambiguate concurrent requests
+  let nonce = 0;
+
+  return async (toolName: string, toolInput: Record<string, unknown>): Promise<boolean> => {
+    const channel = bot.getChannel();
+    if (!channel) {
+      console.warn('[PermissionRequest] No channel — auto-denying');
+      return false;
+    }
+
+    const reqNonce = String(++nonce);
+    const embedData = buildPermissionEmbed(toolName, toolInput);
+
+    const { EmbedBuilder, ActionRowBuilder, ButtonBuilder, ButtonStyle, ComponentType } = await import("npm:discord.js@14.14.1");
+
+    const embed = new EmbedBuilder()
+      .setColor(embedData.color)
+      .setTitle(embedData.title)
+      .setDescription(embedData.description)
+      .setFooter({ text: embedData.footer.text })
+      .setTimestamp();
+
+    for (const field of embedData.fields) {
+      embed.addFields({ name: field.name, value: field.value, inline: field.inline });
+    }
+
+    const row = new ActionRowBuilder().addComponents(
+      new ButtonBuilder()
+        .setCustomId(`perm-req:${reqNonce}:allow`)
+        .setLabel('✅ Allow')
+        .setStyle(ButtonStyle.Success),
+      new ButtonBuilder()
+        .setCustomId(`perm-req:${reqNonce}:deny`)
+        .setLabel('❌ Deny')
+        .setStyle(ButtonStyle.Danger),
+    );
+
+    const msg = await channel.send({ embeds: [embed], components: [row] });
+
+    // Wait for exactly one button click — no timeout
+    // deno-lint-ignore no-explicit-any
+    const interaction: any = await msg.awaitMessageComponent({
+      componentType: ComponentType.Button,
+    });
+
+    const parsed = parsePermissionButtonId(interaction.customId);
+    const allowed = parsed?.allowed ?? false;
+
+    // Update the embed to reflect the decision
+    embed.setColor(allowed ? 0x00ff00 : 0xff4444)
+      .setFooter({ text: allowed ? `✅ Allowed by user` : `❌ Denied by user` });
+
+    await interaction.update({
+      embeds: [embed],
+      components: [], // Remove buttons after decision
+    });
+
+    console.log(`[PermissionRequest] Tool "${toolName}" — ${allowed ? 'ALLOWED' : 'DENIED'} by user`);
+    return allowed;
+  };
+}
+
 /**
  * Setup signal handlers for graceful shutdown.
  */