mirror of
https://github.com/anthropics/claude-plugins-official.git
synced 2026-03-20 23:43:07 +00:00
355be7d582
Closes H1 #3617646 via the proper path — plugin userConfig with sensitive: true routes tokens to keychain (macOS) or .credentials.json 0600 (elsewhere) instead of world-readable .env files. Requires claude-cli-internal#23383 (PLUGIN_OPTIONS ungate + per-server sensitive split). Changes per plugin: - plugin.json: add userConfig.{PLATFORM}_BOT_TOKEN with sensitive: true - .mcp.json: add env block with ${user_config.{PLATFORM}_BOT_TOKEN} - server.ts: update comment + error message to point to /plugin reconfigure instead of .env file The .env read loop stays as a legacy fallback for existing users — process.env wins (injected value takes precedence), so no migration forced. New users get prompted at enable time via CC's built-in dialog; token lands in keychain, never touches settings.json. /telegram:configure and /discord:configure skills are NOT removed in this PR — they still work for the legacy .env path. Follow-up: repurpose or remove after a grace period once cli#23383 is released. 🏠 Remote-Dev: homespace
21 lines
652 B
JSON
21 lines
652 B
JSON
{
|
|
"name": "telegram",
|
|
"description": "Telegram channel for Claude Code — messaging bridge with built-in access control. Manage pairing, allowlists, and policy via /telegram:access.",
|
|
"version": "0.0.2",
|
|
"keywords": [
|
|
"telegram",
|
|
"messaging",
|
|
"channel",
|
|
"mcp"
|
|
],
|
|
"userConfig": {
|
|
"TELEGRAM_BOT_TOKEN": {
|
|
"type": "string",
|
|
"title": "Bot Token",
|
|
"description": "Bot token from @BotFather — format is 123456789:AAH... Stored in keychain (macOS) or ~/.claude/.credentials.json with 0600 permissions elsewhere. Never written to settings.json.",
|
|
"required": true,
|
|
"sensitive": true
|
|
}
|
|
}
|
|
}
|