story-kit: create 130_bug_permission_approval_returns_wrong_format_tools_fail_after_user_approves

.story_kit/work/1_upcoming/130_bug_permission_approval_returns_wrong_format_tools_fail_after_user_approves.md

@@ -0,0 +1,32 @@
+---
+name: "Permission approval returns wrong format — tools fail after user approves"
+---
+
+# Bug 130: Permission approval returns wrong format — tools fail after user approves
+
+## Description
+
+The `prompt_permission` MCP tool returns plain text ("Permission granted for '...'") but Claude Code's `--permission-prompt-tool` expects a JSON object with a `behavior` field. After the user approves a permission request in the web UI dialog, every tool call fails with a Zod validation error: `"expected object, received null"`.
+
+## How to Reproduce
+
+1. Start the story-kit server and open the web UI
+2. Chat with the claude-code-pty model
+3. Ask it to do something that requires a tool NOT in `.claude/settings.json` allow list (e.g. `wc -l /etc/hosts`, or WebFetch to a non-allowed domain)
+4. The permission dialog appears — click Approve
+5. Observe the tool call fails with: `[{"code":"invalid_union","errors":[[{"expected":"object","code":"invalid_type","path":[],"message":"Invalid input: expected object, received null"}]],"path":[],"message":"Invalid input"}]`
+
+## Actual Result
+
+After approval, the tool fails with a Zod validation error. Claude Code cannot parse the plain-text response as a permission decision.
+
+## Expected Result
+
+After approval, the tool executes successfully. The MCP tool should return JSON that Claude Code understands: `{"behavior": "allow"}` for approval or `{"behavior": "deny", "message": "..."}` for denial.
+
+## Acceptance Criteria
+
+- [ ] prompt_permission returns `{"behavior": "allow"}` JSON when user approves
+- [ ] prompt_permission returns `{"behavior": "deny"}` JSON when user denies
+- [ ] After approving a permission request, the tool executes successfully and returns its result
+- [ ] After denying a permission request, the tool is skipped gracefully