feat: accept PDF uploads in agentic mode#192
Closed
timurvafin wants to merge 1 commit intoRichardAtCT:mainfrom
Closed
feat: accept PDF uploads in agentic mode#192timurvafin wants to merge 1 commit intoRichardAtCT:mainfrom
timurvafin wants to merge 1 commit intoRichardAtCT:mainfrom
Conversation
Add `.pdf` to the allowed-extensions whitelist so the security middleware lets PDF files through. In `agentic_document`, branch early for PDFs: save the file to `<approved_directory>/.uploads/<timestamp>-<name>` and pass Claude an absolute path plus an instruction to use the Read tool. Classic mode is intentionally untouched — PDFs in that path would still hit the UTF-8 decode branch. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
5 tasks
Author
|
Superseded by #193, which implements the same capability through the proper FileHandler abstraction. #193:
Please review #193 instead. |
timurvafin
added a commit
to timurvafin/claude-code-telegram
that referenced
this pull request
Apr 24, 2026
Add a new `"document"` type to FileHandler for binary document formats. Matching files are persisted to `<current_dir>/.uploads/<timestamp>-<name>` and Claude receives a generic prompt with the absolute path, letting the agent pick whichever tool fits the format (Read for PDF/text; Bash with pandoc, python-docx, openpyxl, unzip, etc. for Office/OpenDocument). Covered formats (added to ALLOWED_EXTENSIONS): - Binary (document branch): .pdf, .docx, .xlsx, .pptx, .odt, .ods, .odp, .rtf - UTF-8 text-compatible (existing text branch): .csv, .tsv, .log, .ics, .eml Both agentic (`agentic_document`) and classic (`handle_document`) handlers pass `current_dir` into `FileHandler.handle_document_upload`, so classic mode gains document support for free. The `.uploads/` directory sits inside APPROVED_DIRECTORY, so Claude's tools can reach it without tool_monitor boundary issues. The file survives the upload call so follow-up turns can still read or reference it. Supersedes RichardAtCT#192 (narrow PDF-only patch that branched directly in `agentic_document`). This PR routes the same capability through the proper abstraction and extends it to the whole Office family in one step. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add
.pdfto the allowed-extensions whitelist so the security middleware lets PDF files through. Inagentic_document, branch early for PDFs: save the file to<approved_directory>/.uploads/<timestamp>-<name>and pass Claude an absolute path plus an instruction to use the Read tool. Claude reads PDFs natively via its built-in Read tool.Motivation
Users reported that sending a PDF (ticket, receipt, invoice) to the bot produced
🛡️ File Upload Blocked — File type not allowed: .pdf. Adding only the whitelist entry wasn't enough — the downstream handler then tries to UTF-8 decode the bytes and fails withUnsupported file format. This PR makes both paths work for PDFs.Changes
src/security/validators.py: add.pdftoALLOWED_EXTENSIONSsrc/bot/orchestrator.py: new_save_pdf_and_build_prompthelper + early branch inagentic_documentfor PDFs.gitignore: ignore.uploads/.pdf.exeregression, fullagentic_documentPDF flow (tmp_path based)Known limitations
AGENTIC_MODE=false) is intentionally untouched. PDFs there would still hit the UTF-8 decode branch. Can be addressed in a follow-up PR..uploads/has no automatic cleanup. Manual housekeeping for now — a separate PR could add a/newhook or cron-based LRU..pdfis added..docx/.xlsxrequire different UX (Bash + converters) and are out of scope here.Test plan
make test— 532 passedblack,isort,flake8clean on changed filesSMOKE-TOKEN-42, verified (a) no block message, (b) file saved to.uploads/<timestamp>-ticket.pdfwith matching size, (c) Claude's response included the token via Read tool.exestill blocked, files > 10 MB still rejected,.pdf.exetrap name still blocked🤖 Generated with Claude Code