1750 Commits

Author SHA1 Message Date
Peter Steinberger
2580b81bd2
refactor: move channel capability diagnostics into plugins 2026-03-15 22:53:03 -07:00
Peter Steinberger
ad97c581e2
refactor: move channel messaging hooks into plugins 2026-03-15 22:39:00 -07:00
Vincent Koc
8f41001edf Reply: update shared interactive normalize tests 2026-03-15 21:55:45 -07:00
Vincent Koc
576ea84195 Reply: update shared interactive flow tests 2026-03-15 21:55:45 -07:00
Vincent Koc
14b7187c33 Reply: route shared interactive payloads outbound 2026-03-15 21:55:45 -07:00
Vincent Koc
38f61564ac Reply: keep shared interactive payloads during normalization 2026-03-15 21:55:45 -07:00
Vincent Koc
82f587fc82 Reply: compile Slack directives into shared interactions 2026-03-15 21:55:45 -07:00
Vincent Koc
7018412102 Reply: keep interactive payloads renderable 2026-03-15 21:55:45 -07:00
Vincent Koc
12f4dd9a05 Reply: expose shared interactive payloads 2026-03-15 21:55:45 -07:00
Peter Steinberger
7a6be3d531
refactor(plugins): move auth and model policy to providers 2026-03-15 21:52:29 -07:00
Peter Steinberger
a33caab280
refactor(plugins): move auth and model policy to providers 2026-03-15 20:59:06 -07:00
Peter Steinberger
d56559bad7 fix: repair node24 ci type drift 2026-03-16 01:15:31 +00:00
Peter Steinberger
a058bf918d
feat(plugins): test bundle MCP end to end 2026-03-15 16:51:13 -07:00
Peter Steinberger
74c762beb0
refactor: decouple channel setup discovery 2026-03-15 16:26:09 -07:00
Harold Hunt
aa1454d1a8
Plugins: broaden plugin surface for Codex App Server (#45318)
* Plugins: add inbound claim and Telegram interaction seams

* Plugins: add Discord interaction surface

* Chore: fix formatting after plugin rebase

* fix(hooks): preserve observers after inbound claim

* test(hooks): cover claimed inbound observer delivery

* fix(plugins): harden typing lease refreshes

* fix(discord): pass real auth to plugin interactions

* fix(plugins): remove raw session binding runtime exposure

* fix(plugins): tighten interactive callback handling

* Plugins: gate conversation binding with approvals

* Plugins: migrate legacy plugin binding records

* Plugins/phone-control: update test command context

* Plugins: migrate legacy binding ids

* Plugins: migrate legacy codex session bindings

* Discord: fix plugin interaction handling

* Discord: support direct plugin conversation binds

* Plugins: preserve Discord command bind targets

* Tests: fix plugin binding and interactive fallout

* Discord: stabilize directory lookup tests

* Discord: route bound DMs to plugins

* Discord: restore plugin bindings after restart

* Telegram: persist detached plugin bindings

* Plugins: limit binding APIs to Telegram and Discord

* Plugins: harden bound conversation routing

* Plugins: fix extension target imports

* Plugins: fix Telegram runtime extension imports

* Plugins: format rebased binding handlers

* Discord: bind group DM interactions by channel

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-15 16:06:11 -07:00
Vincent Koc
7679eb3752
Subagents: restrict follow-up messaging scope (#46801)
* Subagents: restrict follow-up messaging scope

* Subagents: cover foreign-session follow-up sends

* Update CHANGELOG.md
2026-03-15 09:44:51 -07:00
Vincent Koc
229426a257
ACP: require admin scope for mutating internal actions (#46789)
* ACP: require admin scope for mutating internal actions

* ACP: cover operator admin mutating actions

* ACP: gate internal status behind admin scope
2026-03-15 09:28:44 -07:00
Peter Steinberger
ff61343d76
fix: harden mention pattern regex compilation 2026-03-15 08:44:12 -07:00
Tak Hoffman
89e3969d64
feat(feishu): add ACP and subagent session binding (#46819)
* feat(feishu): add ACP session support

* fix(feishu): preserve sender-scoped ACP rebinding

* fix(feishu): recover sender scope from bound ACP sessions

* fix(feishu): support DM ACP binding placement

* feat(feishu): add current-conversation session binding

* fix(feishu): avoid DM parent binding fallback

* fix(feishu): require canonical topic sender ids

* fix(feishu): honor sender-scoped ACP bindings

* fix(feishu): allow user-id ACP DM bindings

* fix(feishu): recover user-id ACP DM bindings
2026-03-15 10:33:49 -05:00
ufhy
3928b4872a
fix: persist context-engine auto-compaction counts (#42629)
Merged via squash.

Prepared head SHA: df8f292039e27edec45b8ed2ad65ab0ac7f56194
Co-authored-by: uf-hy <41638541+uf-hy@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
2026-03-14 16:22:10 -07:00
Nimrod Gutman
9aac55d306
Add /btw side questions (#45444)
* feat(agent): add /btw side questions

* fix(agent): gate and log /btw reviews

* feat(btw): isolate side-question delivery

* test(reply): update route reply runtime mocks

* fix(btw): complete side-result delivery across clients

* fix(gateway): handle streamed btw side results

* fix(telegram): unblock btw side questions

* fix(reply): make external btw replies explicit

* fix(chat): keep btw side results ephemeral in internal history

* fix(btw): address remaining review feedback

* fix(chat): preserve btw history on mobile refresh

* fix(acp): keep btw replies out of prompt history

* refactor(btw): narrow side questions to live channels

* fix(btw): preserve channel typing indicators

* fix(btw): keep side questions isolated in chat

* fix(outbound): restore typed channel send deps

* fix(btw): avoid blocking replies on transcript persistence

* fix(btw): keep side questions fast

* docs(commands): document btw slash command

* docs(changelog): add btw side questions entry

* test(outbound): align session transcript mocks
2026-03-14 17:27:54 +02:00
scoootscooob
439c21e078
refactor: remove channel shim directories, point all imports to extensions (#45967)
* refactor: remove channel shim directories, point all imports to extensions

Delete the 6 backward-compat shim directories (src/telegram, src/discord,
src/slack, src/signal, src/imessage, src/web) that were re-exporting from
extensions. Update all 112+ source files to import directly from
extensions/{channel}/src/ instead of through the shims.

Also:
- Move src/channels/telegram/ (allow-from, api) to extensions/telegram/src/
- Fix outbound adapters to use resolveOutboundSendDep (fixes 5 pre-existing TS errors)
- Update cross-extension imports (src/web/media.js → extensions/whatsapp/src/media.js)
- Update vitest, tsdown, knip, labeler, and script configs for new paths
- Update guard test allowlists for extension paths

After this, src/ has zero channel-specific implementation code — only the
generic plugin framework remains.

* fix: update raw-fetch guard allowlist line numbers after shim removal

* refactor: document direct extension channel imports

* test: mock transcript module in delivery helpers
2026-03-14 03:43:07 -07:00
scoootscooob
16505718e8
refactor: move WhatsApp channel implementation to extensions/ (#45725)
* refactor: move WhatsApp channel from src/web/ to extensions/whatsapp/

Move all WhatsApp implementation code (77 source/test files + 9 channel
plugin files) from src/web/ and src/channels/plugins/*/whatsapp* to
extensions/whatsapp/src/.

- Leave thin re-export shims at all original locations so cross-cutting
  imports continue to resolve
- Update plugin-sdk/whatsapp.ts to only re-export generic framework
  utilities; channel-specific functions imported locally by the extension
- Update vi.mock paths in 15 cross-cutting test files
- Rename outbound.ts -> send.ts to match extension naming conventions
  and avoid false positive in cfg-threading guard test
- Widen tsconfig.plugin-sdk.dts.json rootDir to support shim->extension
  cross-directory references

Part of the core-channels-to-extensions migration (PR 6/10).

* style: format WhatsApp extension files

* fix: correct stale import paths in WhatsApp extension tests

Fix vi.importActual, test mock, and hardcoded source paths that weren't
updated during the file move:
- media.test.ts: vi.importActual path
- onboarding.test.ts: vi.importActual path
- test-helpers.ts: test/mocks/baileys.js path
- monitor-inbox.test-harness.ts: incomplete media/store mock
- login.test.ts: hardcoded source file path
- message-action-runner.media.test.ts: vi.mock/importActual path
2026-03-14 02:44:55 -07:00
Teconomix
0c926a2c5e
fix(mattermost): carry thread context to non-inbound reply paths (#44283)
Merged via squash.

Prepared head SHA: 2846a6cfa959019d3ed811ccafae6b757db3bdf3
Co-authored-by: teconomix <6959299+teconomix@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
2026-03-14 12:23:23 +05:30
Peter Steinberger
f4094ab19e refactor: share slack text truncation 2026-03-14 01:41:17 +00:00
Val Alexander
0e8672af87
fix(ui): stop dashboard chat history reload storm (#45541)
* UI: stop dashboard chat history reload storm

* Changelog: add PR number for chat reload fix

* fix: resolve branch typecheck regressions
2026-03-13 19:19:53 -05:00
Robin Waslander
a54bf71b4c
fix(imessage): sanitize SCP remote path to prevent shell metacharacter injection
References GHSA-g2f6-pwvx-r275.
2026-03-14 00:38:14 +01:00
Peter Steinberger
46d4fe2fa1 refactor: share embedded run and discord test helpers 2026-03-13 23:35:28 +00:00
Peter Steinberger
0201f3ff7b refactor: share auto reply helper fixtures 2026-03-13 23:35:28 +00:00
Peter Steinberger
6cabcf3fd2 test: dedupe session idle timeout assertions 2026-03-13 23:35:27 +00:00
Peter Steinberger
801113b46a refactor: share session entry persistence update 2026-03-13 23:35:27 +00:00
Peter Steinberger
cad1c95405 test: dedupe inline action skip assertions 2026-03-13 23:35:27 +00:00
Peter Steinberger
8cd48c2896 test: dedupe model info reply setup 2026-03-13 23:35:27 +00:00
Peter Steinberger
0f9e16ca46 refactor: share provider chunk context resolution 2026-03-13 23:35:27 +00:00
Peter Steinberger
da51e40638 refactor: share auth label suffix formatting 2026-03-13 23:35:27 +00:00
Peter Steinberger
bd758bb438 refactor: share abort target apply params 2026-03-13 23:35:27 +00:00
Peter Steinberger
aaea0b2f28 test: dedupe directive auth ref label setup 2026-03-13 23:35:27 +00:00
Peter Steinberger
07b3f5233e test: dedupe post compaction legacy fallback checks 2026-03-13 23:35:27 +00:00
Peter Steinberger
91c94c8b95 test: dedupe elevated permission assertions 2026-03-13 23:35:27 +00:00
Peter Steinberger
b9e5f23914 test: dedupe route reply slack no-op cases 2026-03-13 23:35:27 +00:00
Peter Steinberger
467a7bae3f refactor: share session conversation normalization 2026-03-13 21:40:53 +00:00
Peter Steinberger
0f637b5e30 refactor: share acp conversation text normalization 2026-03-13 21:40:53 +00:00
Vincent Koc
a976cc2e95
Slack: add opt-in interactive reply directives (#44607)
* Reply: add Slack interactive directive parser

* Reply: wire Slack directives into normalization

* Reply: cover Slack directive parsing

* Reply: test Slack directive normalization

* Slack: hint interactive reply directives

* Config: add Slack interactive reply capability type

* Config: validate Slack interactive reply capability

* Reply: gate Slack directives behind capability

* Slack: gate interactive reply hints by capability

* Tests: cover Slack interactive reply capability gating

* Changelog: note opt-in Slack interactive replies

* Slack: fix interactive reply review findings

* Slack: harden interactive reply routing and limits

* Slack: harden interactive reply trust and validation
2026-03-13 14:08:04 -07:00
xingsy97
2c39cd0953
fix(agents): rephrase session reset prompt to avoid Azure content filter (#43403)
* fix(agents): rephrase session reset prompt to avoid Azure content filter

Azure OpenAI's content filter flags the phrase 'Execute your Session
Startup sequence now' as potentially harmful, causing /new and /reset
to return 400 for all Azure-hosted deployments.

Replace 'Execute ... now' with 'Run your Session Startup sequence' in
session-reset-prompt.ts and post-compaction-context.ts. The semantics
are identical but the softer phrasing avoids the false-positive.

Closes #42769

* ci: retrigger checks (windows shard timeout)

* fix: add changelog for Azure startup prompt fix (#43403) (thanks @xingsy97)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-03-13 15:07:03 +05:30
Cypherm
61d219cb39
feat: show status reaction during context compaction (#35474)
Merged via squash.

Prepared head SHA: 145a7b7c4e1939718c41a300899ae813bd9c511b
Co-authored-by: Cypherm <28184436+Cypherm@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
2026-03-12 21:06:15 -07:00
Peter Steinberger
6b14e6b55b test(commands): align slash-command config persistence coverage 2026-03-13 02:51:55 +00:00
Peter Steinberger
268a8592de fix: avoid ineffective dynamic imports 2026-03-13 01:33:37 +00:00
Peter Steinberger
d5bffcdeab
feat: add fast mode toggle for OpenAI models 2026-03-12 23:31:31 +00:00
Vincent Koc
4ca84acf24
fix(runtime): duplicate messages, share singleton state across bundled chunks (#43683)
* Tests: add fresh module import helper

* Process: share command queue runtime state

* Agents: share embedded run runtime state

* Reply: share followup queue runtime state

* Reply: share followup drain callback state

* Reply: share queued message dedupe state

* Reply: share inbound dedupe state

* Tests: cover shared command queue runtime state

* Tests: cover shared embedded run runtime state

* Tests: cover shared followup queue runtime state

* Tests: cover shared inbound dedupe state

* Tests: cover shared Slack thread participation state

* Slack: share sent thread participation state

* Tests: document fresh import helper

* Telegram: share draft stream runtime state

* Tests: cover shared Telegram draft stream state

* Telegram: share sent message cache state

* Tests: cover shared Telegram sent message cache

* Telegram: share thread binding runtime state

* Tests: cover shared Telegram thread binding state

* Tests: avoid duplicate shared queue reset

* refactor(runtime): centralize global singleton access

* refactor(runtime): preserve undefined global singleton values

* test(runtime): cover undefined global singleton values

---------

Co-authored-by: Nimrod Gutman <nimrod.gutman@gmail.com>
2026-03-12 14:59:27 -04:00
Vincent Koc
08aa57a3de
Commands: require owner for /config and /debug (#44305)
* Commands: add non-owner gate helper

* Commands: enforce owner-only config and debug

* Commands/test: cover owner-only config and debug

* Changelog: add owner-only config debug entry

* Commands/test: split config owner gating section

* Commands: redact sender ids in verbose command logs

* Commands: preserve internal read-only config access

* Commands/test: keep operator.write config show coverage non-owner
2026-03-12 14:58:14 -04:00