Tighten /start and /help copy

Less chatty, more precise. Explicitly mentions the /telegram:access
skill and the 6-char code format.

external_plugins/discord/.claude-plugin/plugin.json

@@ -1,20 +1,11 @@
 {
   "name": "discord",
-  "description": "Discord channel for Claude Code — messaging bridge with built-in access control. Manage pairing, allowlists, and policy via /discord:access.",
-  "version": "0.0.2",
+  "description": "Discord channel for Claude Code \u2014 messaging bridge with built-in access control. Manage pairing, allowlists, and policy via /discord:access.",
+  "version": "0.0.1",
   "keywords": [
     "discord",
     "messaging",
     "channel",
     "mcp"
-  ],
-  "userConfig": {
-    "DISCORD_BOT_TOKEN": {
-      "type": "string",
-      "title": "Bot Token",
-      "description": "Bot token from the Discord Developer Portal. Stored in keychain (macOS) or ~/.claude/.credentials.json with 0600 permissions elsewhere. Never written to settings.json.",
-      "required": true,
-      "sensitive": true
-    }
-  }
+  ]
 }

external_plugins/discord/.mcp.json

@@ -2,10 +2,7 @@
   "mcpServers": {
     "discord": {
       "command": "bun",
-      "args": ["run", "--cwd", "${CLAUDE_PLUGIN_ROOT}", "--shell=bun", "--silent", "start"],
-      "env": {
-        "DISCORD_BOT_TOKEN": "${user_config.DISCORD_BOT_TOKEN}"
-      }
+      "args": ["run", "--cwd", "${CLAUDE_PLUGIN_ROOT}", "--shell=bun", "--silent", "start"]
     }
   }
 }

external_plugins/discord/server.ts

@@ -34,12 +34,10 @@ const ACCESS_FILE = join(STATE_DIR, 'access.json')
 const APPROVED_DIR = join(STATE_DIR, 'approved')
 const ENV_FILE = join(STATE_DIR, '.env')
 
-// Token is injected via ${user_config.DISCORD_BOT_TOKEN} from .mcp.json —
-// prompted at enable time, stored in keychain (macOS) or .credentials.json 0600
-// elsewhere. The .env file below is a legacy fallback for users configured
-// before H1 #3617646 — real env wins, so the injected value takes precedence.
+// Load ~/.claude/channels/discord/.env into process.env. Real env wins.
+// Plugin-spawned servers don't get an env block — this is where the token lives.
 try {
-  // Defensive chmod for legacy .env files (no-op on Windows).
+  // Token is a credential — lock to owner. No-op on Windows (would need ACLs).
   chmodSync(ENV_FILE, 0o600)
   for (const line of readFileSync(ENV_FILE, 'utf8').split('\n')) {
     const m = line.match(/^(\w+)=(.*)$/)
@@ -53,8 +51,8 @@ const STATIC = process.env.DISCORD_ACCESS_MODE === 'static'
 if (!TOKEN) {
   process.stderr.write(
     `discord channel: DISCORD_BOT_TOKEN required\n` +
-    `  re-enter via: /plugin manage → discord → Configure options\n` +
-    `  (stored in keychain/credentials.json, not settings.json)\n`,
+    `  set in ${ENV_FILE}\n` +
+    `  format: DISCORD_BOT_TOKEN=MTIz...\n`,
   )
   process.exit(1)
 }

external_plugins/telegram/.claude-plugin/plugin.json

@@ -1,20 +1,11 @@
 {
   "name": "telegram",
-  "description": "Telegram channel for Claude Code — messaging bridge with built-in access control. Manage pairing, allowlists, and policy via /telegram:access.",
-  "version": "0.0.2",
+  "description": "Telegram channel for Claude Code \u2014 messaging bridge with built-in access control. Manage pairing, allowlists, and policy via /telegram:access.",
+  "version": "0.0.1",
   "keywords": [
     "telegram",
     "messaging",
     "channel",
     "mcp"
-  ],
-  "userConfig": {
-    "TELEGRAM_BOT_TOKEN": {
-      "type": "string",
-      "title": "Bot Token",
-      "description": "Bot token from @BotFather — format is 123456789:AAH... Stored in keychain (macOS) or ~/.claude/.credentials.json with 0600 permissions elsewhere. Never written to settings.json.",
-      "required": true,
-      "sensitive": true
-    }
-  }
+  ]
 }

external_plugins/telegram/.mcp.json

@@ -2,10 +2,7 @@
   "mcpServers": {
     "telegram": {
       "command": "bun",
-      "args": ["run", "--cwd", "${CLAUDE_PLUGIN_ROOT}", "--shell=bun", "--silent", "start"],
-      "env": {
-        "TELEGRAM_BOT_TOKEN": "${user_config.TELEGRAM_BOT_TOKEN}"
-      }
+      "args": ["run", "--cwd", "${CLAUDE_PLUGIN_ROOT}", "--shell=bun", "--silent", "start"]
     }
   }
 }

external_plugins/telegram/server.ts

@@ -27,12 +27,10 @@ const ACCESS_FILE = join(STATE_DIR, 'access.json')
 const APPROVED_DIR = join(STATE_DIR, 'approved')
 const ENV_FILE = join(STATE_DIR, '.env')
 
-// Token is injected via ${user_config.TELEGRAM_BOT_TOKEN} from .mcp.json —
-// prompted at enable time, stored in keychain (macOS) or .credentials.json 0600
-// elsewhere. The .env file below is a legacy fallback for users configured
-// before H1 #3617646 — real env wins, so the injected value takes precedence.
+// Load ~/.claude/channels/telegram/.env into process.env. Real env wins.
+// Plugin-spawned servers don't get an env block — this is where the token lives.
 try {
-  // Defensive chmod for legacy .env files (no-op on Windows).
+  // Token is a credential — lock to owner. No-op on Windows (would need ACLs).
   chmodSync(ENV_FILE, 0o600)
   for (const line of readFileSync(ENV_FILE, 'utf8').split('\n')) {
     const m = line.match(/^(\w+)=(.*)$/)
@@ -46,8 +44,8 @@ const STATIC = process.env.TELEGRAM_ACCESS_MODE === 'static'
 if (!TOKEN) {
   process.stderr.write(
     `telegram channel: TELEGRAM_BOT_TOKEN required\n` +
-    `  re-enter via: /plugin manage → telegram → Configure options\n` +
-    `  (stored in keychain/credentials.json, not settings.json)\n`,
+    `  set in ${ENV_FILE}\n` +
+    `  format: TELEGRAM_BOT_TOKEN=123456789:AAH...\n`,
   )
   process.exit(1)
 }
@@ -509,6 +507,62 @@ mcp.setRequestHandler(CallToolRequestSchema, async req => {
 
 await mcp.connect(new StdioServerTransport())
 
+// Commands are DM-only. Responding in groups would: (1) leak pairing codes via
+// /status to other group members, (2) confirm bot presence in non-allowlisted
+// groups, (3) spam channels the operator never approved. Silent drop matches
+// the gate's behavior for unrecognized groups.
+
+bot.command('start', async ctx => {
+  if (ctx.chat?.type !== 'private') return
+  const access = loadAccess()
+  if (access.dmPolicy === 'disabled') {
+    await ctx.reply(`This bot isn't accepting new connections.`)
+    return
+  }
+  await ctx.reply(
+    `This bot bridges Telegram to a Claude Code session.\n\n` +
+    `To pair:\n` +
+    `1. DM me anything — you'll get a 6-char code\n` +
+    `2. In Claude Code: /telegram:access pair <code>\n\n` +
+    `After that, DMs here reach that session.`
+  )
+})
+
+bot.command('help', async ctx => {
+  if (ctx.chat?.type !== 'private') return
+  await ctx.reply(
+    `Messages you send here route to a paired Claude Code session. ` +
+    `Text and photos are forwarded; replies and reactions come back.\n\n` +
+    `/start — pairing instructions\n` +
+    `/status — check your pairing state`
+  )
+})
+
+bot.command('status', async ctx => {
+  if (ctx.chat?.type !== 'private') return
+  const from = ctx.from
+  if (!from) return
+  const senderId = String(from.id)
+  const access = loadAccess()
+
+  if (access.allowFrom.includes(senderId)) {
+    const name = from.username ? `@${from.username}` : senderId
+    await ctx.reply(`Paired as ${name}.`)
+    return
+  }
+
+  for (const [code, p] of Object.entries(access.pending)) {
+    if (p.senderId === senderId) {
+      await ctx.reply(
+        `Pending pairing — run in Claude Code:\n\n/telegram:access pair ${code}`
+      )
+      return
+    }
+  }
+
+  await ctx.reply(`Not paired. Send me a message to get a pairing code.`)
+})
+
 bot.on('message:text', async ctx => {
   await handleInbound(ctx, ctx.message.text, undefined)
 })
@@ -599,5 +653,13 @@ void bot.start({
   onStart: info => {
     botUsername = info.username
     process.stderr.write(`telegram channel: polling as @${info.username}\n`)
+    void bot.api.setMyCommands(
+      [
+        { command: 'start', description: 'Welcome and setup guide' },
+        { command: 'help', description: 'What this bot can do' },
+        { command: 'status', description: 'Check your pairing status' },
+      ],
+      { scope: { type: 'all_private_chats' } },
+    ).catch(() => {})
   },
 })