fix: error message points to real path (/plugin manage), not nonexistent subcommand

/plugin reconfigure doesn't exist. The actual path is /plugin manage →
select plugin → Configure options (ManagePlugins.tsx:1692).

🏠 Remote-Dev: homespace

external_plugins/discord/.claude-plugin/plugin.json

@@ -1,11 +1,20 @@
 {
   "name": "discord",
-  "description": "Discord channel for Claude Code \u2014 messaging bridge with built-in access control. Manage pairing, allowlists, and policy via /discord:access.",
-  "version": "0.0.1",
+  "description": "Discord channel for Claude Code — messaging bridge with built-in access control. Manage pairing, allowlists, and policy via /discord:access.",
+  "version": "0.0.2",
   "keywords": [
     "discord",
     "messaging",
     "channel",
     "mcp"
-  ]
+  ],
+  "userConfig": {
+    "DISCORD_BOT_TOKEN": {
+      "type": "string",
+      "title": "Bot Token",
+      "description": "Bot token from the Discord Developer Portal. Stored in keychain (macOS) or ~/.claude/.credentials.json with 0600 permissions elsewhere. Never written to settings.json.",
+      "required": true,
+      "sensitive": true
+    }
+  }
 }

external_plugins/discord/.mcp.json

@@ -2,7 +2,10 @@
   "mcpServers": {
     "discord": {
       "command": "bun",
-      "args": ["run", "--cwd", "${CLAUDE_PLUGIN_ROOT}", "--shell=bun", "--silent", "start"]
+      "args": ["run", "--cwd", "${CLAUDE_PLUGIN_ROOT}", "--shell=bun", "--silent", "start"],
+      "env": {
+        "DISCORD_BOT_TOKEN": "${user_config.DISCORD_BOT_TOKEN}"
+      }
     }
   }
 }

external_plugins/discord/server.ts

@@ -34,10 +34,12 @@ const ACCESS_FILE = join(STATE_DIR, 'access.json')
 const APPROVED_DIR = join(STATE_DIR, 'approved')
 const ENV_FILE = join(STATE_DIR, '.env')
 
-// Load ~/.claude/channels/discord/.env into process.env. Real env wins.
-// Plugin-spawned servers don't get an env block — this is where the token lives.
+// Token is injected via ${user_config.DISCORD_BOT_TOKEN} from .mcp.json —
+// prompted at enable time, stored in keychain (macOS) or .credentials.json 0600
+// elsewhere. The .env file below is a legacy fallback for users configured
+// before H1 #3617646 — real env wins, so the injected value takes precedence.
 try {
-  // Token is a credential — lock to owner. No-op on Windows (would need ACLs).
+  // Defensive chmod for legacy .env files (no-op on Windows).
   chmodSync(ENV_FILE, 0o600)
   for (const line of readFileSync(ENV_FILE, 'utf8').split('\n')) {
     const m = line.match(/^(\w+)=(.*)$/)
@@ -51,22 +53,13 @@ const STATIC = process.env.DISCORD_ACCESS_MODE === 'static'
 if (!TOKEN) {
   process.stderr.write(
     `discord channel: DISCORD_BOT_TOKEN required\n` +
-    `  set in ${ENV_FILE}\n` +
-    `  format: DISCORD_BOT_TOKEN=MTIz...\n`,
+    `  re-enter via: /plugin manage → discord → Configure options\n` +
+    `  (stored in keychain/credentials.json, not settings.json)\n`,
   )
   process.exit(1)
 }
 const INBOX_DIR = join(STATE_DIR, 'inbox')
 
-// Last-resort safety net — without these the process dies silently on any
-// unhandled promise rejection. With them it logs and keeps serving tools.
-process.on('unhandledRejection', err => {
-  process.stderr.write(`discord channel: unhandled rejection: ${err}\n`)
-})
-process.on('uncaughtException', err => {
-  process.stderr.write(`discord channel: uncaught exception: ${err}\n`)
-})
-
 const client = new Client({
   intents: [
     GatewayIntentBits.DirectMessages,
@@ -351,7 +344,7 @@ function checkApprovals(): void {
   }
 }
 
-if (!STATIC) setInterval(checkApprovals, 5000).unref()
+if (!STATIC) setInterval(checkApprovals, 5000)
 
 // Discord caps messages at 2000 chars (hard limit — larger sends reject).
 // Split long replies, preferring paragraph boundaries when chunkMode is
@@ -646,25 +639,6 @@ mcp.setRequestHandler(CallToolRequestSchema, async req => {
 
 await mcp.connect(new StdioServerTransport())
 
-// When Claude Code closes the MCP connection, stdin gets EOF. Without this
-// the gateway stays connected as a zombie holding resources.
-let shuttingDown = false
-function shutdown(): void {
-  if (shuttingDown) return
-  shuttingDown = true
-  process.stderr.write('discord channel: shutting down\n')
-  setTimeout(() => process.exit(0), 2000)
-  void Promise.resolve(client.destroy()).finally(() => process.exit(0))
-}
-process.stdin.on('end', shutdown)
-process.stdin.on('close', shutdown)
-process.on('SIGTERM', shutdown)
-process.on('SIGINT', shutdown)
-
-client.on('error', err => {
-  process.stderr.write(`discord channel: client error: ${err}\n`)
-})
-
 client.on('messageCreate', msg => {
   if (msg.author.bot) return
   handleInbound(msg).catch(e => process.stderr.write(`discord: handleInbound failed: ${e}\n`))
@@ -713,7 +687,7 @@ async function handleInbound(msg: Message): Promise<void> {
   // forgeable by any allowlisted sender typing that string.
   const content = msg.content || (atts.length > 0 ? '(attachment)' : '')
 
-  mcp.notification({
+  void mcp.notification({
     method: 'notifications/claude/channel',
     params: {
       content,
@@ -726,8 +700,6 @@ async function handleInbound(msg: Message): Promise<void> {
         ...(atts.length > 0 ? { attachment_count: String(atts.length), attachments: atts.join('; ') } : {}),
       },
     },
-  }).catch(err => {
-    process.stderr.write(`discord channel: failed to deliver inbound to Claude: ${err}\n`)
   })
 }
 
@@ -735,7 +707,4 @@ client.once('ready', c => {
   process.stderr.write(`discord channel: gateway connected as ${c.user.tag}\n`)
 })
 
-client.login(TOKEN).catch(err => {
-  process.stderr.write(`discord channel: login failed: ${err}\n`)
-  process.exit(1)
-})
+await client.login(TOKEN)

external_plugins/telegram/.claude-plugin/plugin.json

@@ -1,11 +1,20 @@
 {
   "name": "telegram",
-  "description": "Telegram channel for Claude Code \u2014 messaging bridge with built-in access control. Manage pairing, allowlists, and policy via /telegram:access.",
-  "version": "0.0.1",
+  "description": "Telegram channel for Claude Code — messaging bridge with built-in access control. Manage pairing, allowlists, and policy via /telegram:access.",
+  "version": "0.0.2",
   "keywords": [
     "telegram",
     "messaging",
     "channel",
     "mcp"
-  ]
+  ],
+  "userConfig": {
+    "TELEGRAM_BOT_TOKEN": {
+      "type": "string",
+      "title": "Bot Token",
+      "description": "Bot token from @BotFather — format is 123456789:AAH... Stored in keychain (macOS) or ~/.claude/.credentials.json with 0600 permissions elsewhere. Never written to settings.json.",
+      "required": true,
+      "sensitive": true
+    }
+  }
 }

external_plugins/telegram/.mcp.json

@@ -2,7 +2,10 @@
   "mcpServers": {
     "telegram": {
       "command": "bun",
-      "args": ["run", "--cwd", "${CLAUDE_PLUGIN_ROOT}", "--shell=bun", "--silent", "start"]
+      "args": ["run", "--cwd", "${CLAUDE_PLUGIN_ROOT}", "--shell=bun", "--silent", "start"],
+      "env": {
+        "TELEGRAM_BOT_TOKEN": "${user_config.TELEGRAM_BOT_TOKEN}"
+      }
     }
   }
 }

external_plugins/telegram/server.ts

@@ -27,10 +27,12 @@ const ACCESS_FILE = join(STATE_DIR, 'access.json')
 const APPROVED_DIR = join(STATE_DIR, 'approved')
 const ENV_FILE = join(STATE_DIR, '.env')
 
-// Load ~/.claude/channels/telegram/.env into process.env. Real env wins.
-// Plugin-spawned servers don't get an env block — this is where the token lives.
+// Token is injected via ${user_config.TELEGRAM_BOT_TOKEN} from .mcp.json —
+// prompted at enable time, stored in keychain (macOS) or .credentials.json 0600
+// elsewhere. The .env file below is a legacy fallback for users configured
+// before H1 #3617646 — real env wins, so the injected value takes precedence.
 try {
-  // Token is a credential — lock to owner. No-op on Windows (would need ACLs).
+  // Defensive chmod for legacy .env files (no-op on Windows).
   chmodSync(ENV_FILE, 0o600)
   for (const line of readFileSync(ENV_FILE, 'utf8').split('\n')) {
     const m = line.match(/^(\w+)=(.*)$/)
@@ -44,8 +46,8 @@ const STATIC = process.env.TELEGRAM_ACCESS_MODE === 'static'
 if (!TOKEN) {
   process.stderr.write(
     `telegram channel: TELEGRAM_BOT_TOKEN required\n` +
-    `  set in ${ENV_FILE}\n` +
-    `  format: TELEGRAM_BOT_TOKEN=123456789:AAH...\n`,
+    `  re-enter via: /plugin manage → telegram → Configure options\n` +
+    `  (stored in keychain/credentials.json, not settings.json)\n`,
   )
   process.exit(1)
 }