afa78a5b13
test: trim telegram testing barrel imports
2026-04-03 12:36:07 +01:00
de1d0f4fae
fix(ci): restore telegram real registry test support
2026-04-03 12:31:28 +01:00
1337be3063
refactor: narrow telegram native command test seams
2026-04-03 12:25:47 +01:00
5021b12ac1
perf(browser): trim invoke-browser test imports
2026-04-03 20:12:40 +09:00
045d590542
perf(matrix): isolate probe runtime deps
2026-04-03 20:05:50 +09:00
fac89d403b
perf(browser): split remote profile tab op tests
2026-04-03 20:03:48 +09:00
4e22e75697
test: reduce telegram broad partial mocks
2026-04-03 12:01:10 +01:00
225431665a
test: trim telegram media retry import cost
2026-04-03 12:01:10 +01:00
566fc72106
refactor(discord): share proxy resolution helpers
2026-04-03 19:58:23 +09:00
50f4bffbb6
fix: unblock Discord land by breaking import cycles ( #57465 )
2026-04-03 19:38:59 +09:00
32ebaa3757
refactor: share session model resolution helpers
2026-04-03 19:37:56 +09:00
bb3ea2137b
test: move telegram fetch coverage into extensions
2026-04-03 11:37:41 +01:00
52225db134
fix(ci): reuse sdk tool auth error for whatsapp
2026-04-03 11:35:45 +01:00
b53ab34d04
perf(msteams): split graph message tests
2026-04-03 19:23:26 +09:00
c0a8d07fce
test(browser): collapse wrapper suite files
2026-04-03 19:18:49 +09:00
2766c27b2a
refactor(plugin-sdk): genericize web channel runtime seams
2026-04-03 11:17:28 +01:00
d55e580307
perf(acpx): clean up runtime fixtures per test
2026-04-03 19:15:26 +09:00
e18611188d
test(discord): defer provider runtime mocks
2026-04-03 19:13:10 +09:00
e414e51761
perf(nextcloud-talk): split setup test hotspots
2026-04-03 19:09:49 +09:00
80c5764482
refactor(telegram): streamline media runtime options
2026-04-03 19:09:13 +09:00
ddd1c77b49
perf(feishu): narrow hotspot runtime seams
2026-04-03 19:06:49 +09:00
64755c52f2
test: move extension-owned coverage out of core
2026-04-03 10:58:44 +01:00
2bfbddb81f
perf(browser): remove duplicate heavy test wrappers
2026-04-03 18:57:05 +09:00
0657cfbb34
test(feishu): slim bot menu runtime fixtures
2026-04-03 18:54:42 +09:00
294d425ae4
test(feishu): slim comment handler runtime fixtures
2026-04-03 18:49:43 +09:00
86ff57518f
fix: keep Discord proxy fallback local ( #57465 ) (thanks @geekhuashan)
2026-04-03 18:49:14 +09:00
3a4fd62135
test(discord): proxy fetch regression coverage for REST, webhook, and stagger
2026-04-03 18:49:14 +09:00
c8223606ca
fix(discord): proxy Carbon REST, webhook and monitor fetch paths; stagger multi-bot startup
2026-04-03 18:49:14 +09:00
1bba19decb
perf(msteams): narrow secret and ssrf runtime seams
2026-04-03 18:47:31 +09:00
8a58a18a0a
test(feishu): slim broadcast runtime fixtures
2026-04-03 18:47:08 +09:00
f2d7a825b1
refactor(plugin-sdk): remove channel-specific sdk seams
2026-04-03 10:45:10 +01:00
5e0decd9b5
test(msteams): slim messenger runtime fixtures
2026-04-03 18:42:59 +09:00
b55ac9e64d
test(msteams): trim attachment test runtime footprint
2026-04-03 18:39:50 +09:00
e1093a3177
test(diffs): split render coverage from config tests
2026-04-03 18:39:50 +09:00
4bfa9260ce
fix(telegram): add dangerous private-network media opt-in
2026-04-03 18:39:17 +09:00
7bf0496dd8
feat: add qwen3.6-plus to modelstudio catalog
2026-04-03 18:32:14 +09:00
f9785c63e7
docs(slack): add groups:history scope to app manifest
2026-04-03 02:15:53 -07:00
44f1887f25
test(diffs): dispose highlighter after each render
2026-04-03 17:49:37 +09:00
97c542a67b
test(memory-lancedb): avoid repeated dynamic imports
2026-04-03 17:47:08 +09:00
de2d4ecd9e
test(nextcloud-talk): avoid per-test module resets
2026-04-03 17:47:08 +09:00
dc45faaf4e
docs(slack): order recommended scopes and events
2026-04-03 01:10:42 -07:00
6f23e513cc
docs(slack): match recommended bot scopes in onboarding
2026-04-03 01:01:25 -07:00
52d8dc5b56
feat: add bundled StepFun provider plugin ( #60032 )
...
Co-authored-by: George Zhang <georgezhangtj97@gmail.com>
2026-04-02 23:53:50 -07:00
9bba2ec0ad
test: trim extension teardown churn
2026-04-03 07:14:58 +01:00
d2d9a928b1
WhatsApp: honor block streaming config ( #60069 )
2026-04-03 03:12:37 -03:00
251fa72798
fix: emit passive hooks for mention-skipped group messages ( #60018 )
...
* fix(channels): emit passive hooks for mention-skipped group messages
* fix(channels): honor signal ingest overrides
* fix(channels): honor telegram ingest fallback
* fix: emit passive hooks for mention-skipped group messages (#60018 )
2026-04-03 10:14:48 +05:30
d5ea5f27ac
fix: parse kimi tagged tool calls ( #60051 )
...
* fix: parse kimi tagged tool calls
* fix: parse kimi tagged tool calls (#60051 )
* fix: parse kimi tagged tool calls (#60051 )
2026-04-03 09:39:19 +05:30
847faa3d04
test: trim extension test import churn
2026-04-03 04:41:08 +01:00
3a7555a27b
"fix(telegram): surface media placeholder and file_id when download f… ( #59948 )
...
* "fix(telegram): surface media placeholder and file_id when download fails"
* fix: unify telegram media placeholder selection
* fix: preserve telegram media context on captioned download failures (#59948 ) (thanks @v1p0r)
---------
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-04-03 09:08:05 +05:30
0e0ad692b5
fix: persist Telegram reaction ownership across restart ( #59207 ) (thanks @samzong)
2026-04-03 08:57:06 +05:30
a5d6e519eb
fix: preserve explicit Telegram topic targets on replies ( #59634 ) (thanks @dashhuang)
2026-04-03 08:50:02 +05:30
c001c090b9
fix(telegram): keep topic thread when replying with message tool
2026-04-03 08:50:02 +05:30
dd080b6fb0
fix(msteams): download DM inline images via Graph API ( #52212 )
...
Fix three bugs preventing inline image downloads in Teams 1:1 DM chats: wrong conversation ID format for Graph API, missing media URL extraction, and incorrect content type detection.
Fixes #24797
Thanks @Ted-developer
2026-04-02 22:14:02 -05:00
985533efbc
fix: cover buffered Telegram apiRoot downloads ( #59544 ) (thanks @SARAMALI15792)
...
* test(telegram): add URL construction tests for custom apiRoot
Add comprehensive test cases to verify that file download URLs are correctly
constructed when using a custom apiRoot configuration for local Bot API servers.
Tests validate:
- Document downloads use the custom apiRoot in the constructed URL
- Sticker downloads use the custom apiRoot in the constructed URL
- SSRF policy correctly includes the custom hostname
This ensures issue #59512 (Telegram file downloads with local Bot API) is
properly covered by regression tests.
* refactor(telegram): improve media resolution code quality
Apply KISS and YAGNI principles to reduce code duplication and improve maintainability:
1. Extract media metadata resolution
- Consolidate resolveMediaFileRef(), resolveTelegramFileName(), and
resolveTelegramMimeType() into single resolveMediaMetadata() function
- Returns typed MediaMetadata object with fileRef, fileName, mimeType
- Reduces duplication and improves readability
2. Add logging for apiRoot parsing failures
- Log when custom apiRoot URL parsing fails in buildTelegramMediaSsrfPolicy()
- Helps debug configuration issues with local Bot API servers
3. Fix missing apiRoot in buffered messages
- Add telegramCfg.apiRoot parameter to resolveMedia() calls in
bot-handlers.buffers.ts (lines 150-159, 189)
- Ensures reply media in buffered contexts respects custom apiRoot config
- Fixes inconsistency where runtime handler passed apiRoot but buffers didn't
These changes improve code quality while maintaining backward compatibility and
ensuring issue #59512 (Telegram file downloads with local Bot API) works correctly
in all contexts.
* fix(telegram): resolve bot review issues
Address critical issues identified by Greptile code review:
1. Define telegramCfg in bot-handlers.buffers.ts
- Extract telegramCfg from cfg.channels?.telegram
- Fixes ReferenceError when accessing telegramCfg.apiRoot
- Ensures buffered message handlers can access apiRoot configuration
2. Restore type safety for MediaMetadata.fileRef
- Change from 'unknown' to proper union type
- Preserves type information for downstream file_id access
- Prevents TypeScript strict mode compilation errors
These fixes ensure the PR compiles correctly and handles buffered
media downloads with custom apiRoot configuration.
* fix(telegram): use optional chaining for telegramCfg.apiRoot
TypeScript strict mode requires optional chaining when accessing
properties on potentially undefined objects. Changed telegramCfg.apiRoot
to telegramCfg?.apiRoot to handle cases where telegramCfg is undefined.
Fixes TypeScript errors:
- TS18048: 'telegramCfg' is possibly 'undefined' (line 160)
- TS18048: 'telegramCfg' is possibly 'undefined' (line 191)
* fix(telegram): add missing optional chaining on line 191
Complete the fix for telegramCfg optional chaining.
Previous commit only fixed line 160, but line 191 also needs
the same fix to prevent TS18048 error.
* fix: cover buffered Telegram apiRoot downloads (#59544 ) (thanks @SARAMALI15792)
---------
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-04-03 08:41:41 +05:30
0fdb55c4e4
Docs: refresh diffs plugin docs
2026-04-02 21:47:55 -04:00
78a842d055
fix(matrix): align IDB snapshot lock timing
2026-04-02 21:44:08 -04:00
1efa923ab8
Matrix: add native exec approvals ( #58635 )
...
Merged via squash.
Prepared head SHA: d9f048e827
2026-04-02 21:08:54 -04:00
3a91a4f8d4
fix(matrix): add advisory file locking to IDB crypto persistence ( #59851 )
...
Merged via squash.
Prepared head SHA: 392e411ffd
2026-04-02 20:19:40 -04:00
b894ca6702
fix(matrix): allow secret storage recreation during repair bootstrap ( #59846 )
...
Merged via squash.
Prepared head SHA: 06b10f61eb
2026-04-02 20:11:58 -04:00
739ed1bf29
fix(msteams): preserve channel reply threading in proactive fallback ( #55198 )
...
When a thread reply's turn context is revoked and falls back to proactive messaging, the normalized conversation ID lost the thread suffix, causing replies to land in the channel root instead of the original thread.
Reconstructs the threaded conversation ID (`;messageid=<activityId>`) for channel conversations in the proactive fallback path, while correctly leaving group chat conversations flat.
Fixes #27189
Thanks @hyojin
2026-04-02 18:27:13 -05:00
ed8d5b3797
fix: add Telegram native progress placeholder opt-in for plugin commands ( #59300 )
...
Merged via squash.
Prepared head SHA: 4f5bc22a89
2026-04-02 15:55:46 -07:00
bff6025bde
test: refresh generated baselines
2026-04-03 04:54:59 +09:00
04cf29f613
refactor: speed up whatsapp inbound dispatch tests
2026-04-03 04:34:58 +09:00
694d12a90b
refactor: apply context visibility across channels
2026-04-03 04:34:57 +09:00
d74a12264a
fix: mirror bedrock runtime dep in root package
2026-04-02 19:26:56 +01:00
9f3a26caa6
fix(discord): quiet Carbon reconcile log
2026-04-02 18:55:34 +01:00
d56415e353
fix(openai): support reference-image edits
2026-04-03 02:26:33 +09:00
2ea0ca08f6
test: add cross-provider approval availability coverage ( #59776 ) (thanks @joelnishanth)
2026-04-03 02:21:17 +09:00
7eb094a00d
fix(infra): align env key normalization in approval binding path ( #59182 )
...
* fix: address issue
* fix: address PR review feedback
* fix: address review feedback
* fix: address review feedback
* chore: add changelog for Windows env approval binding
---------
Co-authored-by: Devin Robison <drobison@nvidia.com>
2026-04-02 11:14:33 -06:00
8aceaf5d0f
fix(security): close fail-open bypass in exec script preflight [AI] ( #59398 )
...
* fix: address issue
* fix: finalize issue changes
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address review feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address review-pr skill feedback
* fix: address PR review feedback
* fix: address review-pr skill feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address review-pr skill feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address review-pr skill feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address review-pr skill feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address PR review feedback
* chore: add changelog for exec preflight fail-closed hardening
---------
Co-authored-by: Devin Robison <drobison@nvidia.com>
2026-04-02 11:00:39 -06:00
a26f4d0f3e
Separate Gemini OAuth state from PKCE verifier ( #59116 )
...
* fix(google): separate oauth state from pkce verifier
* fix(google): drop unused oauth callback state arg
* docs(changelog): add #59116 google oauth state fix
---------
Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>
2026-04-02 09:51:11 -07:00
367969759c
perf(memory): trim matrix host validation imports
2026-04-03 01:48:09 +09:00
7cea7c2970
fix(zalo): scope replay dedupe cache key to path and account [AI] ( #59387 )
...
* fix: address issue #139
* changelog: add zalo replay dedupe fix entry
---------
Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>
2026-04-02 09:36:35 -07:00
d5b6bfc48c
test(discord): align native approval fixture with auto mode
2026-04-02 17:33:35 +01:00
17f6626ffe
feat(approvals): auto-enable native chat approvals
2026-04-02 17:30:40 +01:00
462b4020bc
fix(browser): block SSRF redirect bypass via real-time route interception ( #58771 )
...
Install a Playwright route handler before `page.goto()` so navigations
to private/internal IPs are intercepted and aborted mid-redirect instead
of being checked post-hoc after the request already reached the internal
host. Blocked targets are permanently marked and rejected for subsequent
tool calls.
Thanks @pgondhi987
2026-04-02 09:07:57 -07:00
b5161042b7
Diffs: validate viewerBaseUrl in manifest schema
...
Reject invalid diffs viewerBaseUrl values during manifest config validation,
not later during plugin registration.
Keep runtime normalization intact and add manifest-level coverage so bad
protocols and query/hash values fail fast.
2026-04-02 11:55:05 -04:00
047b701859
refactor(telegram): unify callback-data byte limit checks
2026-04-03 00:38:44 +09:00
0ad2dbd307
fix(providers): route image generation through shared transport ( #59729 )
...
* fix(providers): route image generation through shared transport
* fix(providers): use normalized minimax image base url
* fix(providers): fail closed on image private routes
* fix(providers): bound shared HTTP fetches
2026-04-03 00:32:37 +09:00
988f7627de
refactor(telegram): centralize approval callback shaping
2026-04-03 00:26:27 +09:00
3872a866a1
fix(xai): make x_search auth plugin-owned ( #59691 )
...
* fix(xai): make x_search auth plugin-owned
* fix(xai): restore x_search runtime migration fallback
* fix(xai): narrow legacy x_search auth migration
* fix(secrets): drop legacy x_search target registry entry
* fix(xai): no-op knob-only x_search migration fallback
2026-04-02 23:54:07 +09:00
52866656c3
fix(telegram): preserve allow-always callback alias
2026-04-02 23:41:12 +09:00
4251ad6638
fix(telegram): allow trusted explicit proxy media fetches
2026-04-02 23:36:17 +09:00
7fea8250fb
fix(approvals): use canonical decision values in interactive button payloads
2026-04-02 23:35:23 +09:00
b0f94a227b
refactor(providers): normalize transport policy wiring ( #59682 )
...
* refactor(providers): normalize transport policy wiring
* fix(providers): address transport policy review
* fix(providers): harden transport overrides
* fix(providers): keep env proxy tls separate
* fix(changelog): note provider transport policy hardening
2026-04-02 22:54:34 +09:00
1ecd92af89
chore: refresh deps and backfill changelog
2026-04-02 14:49:47 +01:00
b21c9840c2
OpenShell: constrain mirror sync roots ( #58515 )
...
* fix(openshell): constrain mirror sync roots
* fix(openshell): restore config test types
* fix(openshell): simplify managed root sync
2026-04-02 06:21:30 -07:00
3e4de956c0
!refactor(xai): move x_search config behind plugin boundary ( #59674 )
...
* refactor(xai): move x_search config behind plugin boundary
* chore(changelog): note x_search config migration
* fix(xai): include x_search migration helpers
2026-04-02 22:08:59 +09:00
ef7c553dd1
fix(zalo): scope webhook replay dedupe ( #58444 )
...
* fix(zalo): scope webhook replay dedupe
* fix(zalo): harden replay metadata reads
* docs(changelog): add Zalo replay scope fix entry
---------
Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>
2026-04-02 06:07:14 -07:00
be10ecef77
fix(compare): reuse shared secret comparison helper ( #58432 )
...
* fix(compare): reuse shared secret comparison helper
* fix(compare): reject empty bluebubbles auth tokens
* docs: add changelog entry for shared secret comparison fix
---------
Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>
2026-04-02 13:53:19 +01:00
9c22d63669
Browser: normalize localhost absolute-form CDP hosts ( #59236 )
...
* Browser: normalize localhost absolute-form CDP hosts
* CHANGELOG: note localhost absolute-form CDP fix
---------
Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>
2026-04-02 13:34:55 +01:00
6eca1949d5
refactor(plugins): tighten web fetch provider boundary ( #59646 )
...
* refactor(plugins): tighten web fetch provider boundary
* fix(config): sync fetch secret parity and baseline
* fix(ci): enforce web fetch boundary guard
2026-04-02 20:53:57 +09:00
c405bcfa98
refactor(providers): centralize request capabilities ( #59636 )
...
* refactor(providers): centralize request capabilities
* fix(providers): harden comparable base url parsing
2026-04-02 20:26:22 +09:00
38d2faee20
!feat(plugins): add web fetch provider boundary ( #59465 )
...
* feat(plugins): add web fetch provider boundary
* feat(plugins): add web fetch provider modules
* refactor(web-fetch): remove remaining core firecrawl fetch config
* fix(web-fetch): address review follow-ups
* fix(web-fetch): harden provider runtime boundaries
* fix(web-fetch): restore firecrawl compare helper
* fix(web-fetch): restore env-based provider autodetect
* fix(web-fetch): tighten provider hardening
* fix(web-fetch): restore fetch autodetect and compat args
* chore(changelog): note firecrawl fetch config break
2026-04-02 20:25:19 +09:00
d49460b417
fix(providers): centralize Anthropic endpoint classification ( #59608 )
...
* fix(providers): centralize Anthropic endpoint classification
* fix(agents): share Anthropic thinking recovery gating
2026-04-02 19:54:43 +09:00
0e9a9dae84
fix(providers): centralize Google endpoint classification ( #59556 )
...
* fix(providers): centralize Google endpoint classification
* fix(providers): tighten Google endpoint fallback parsing
* fix(security): harden provider endpoint fallback parsing
2026-04-02 19:21:31 +09:00
ac5bc4fb37
Slack: filter thread context by allowlist ( #58380 )
...
* Slack: filter thread context by allowlist
* Slack: honor room thread allowlists
* Slack: keep open-room thread context
* Slack: keep non-room thread context
* Changelog: add Slack thread context fix
2026-04-02 11:01:11 +01:00
2eaf5a695e
Mattermost: guard probe fetches ( #58529 )
2026-04-02 10:30:33 +01:00
2c45b06afd
fix(qqbot): restrict structured payload local paths ( #58453 )
...
* fix(qqbot): restrict structured payload local paths
* fix(qqbot): narrow structured payload file access
* test(qqbot): cover payload path traversal guards
* fix(qqbot): reduce structured payload log exposure
* fix(qqbot): preserve inline image payload URLs
2026-04-02 10:20:52 +01:00
b441cd2f4f
fix: normalize kimi anthropic tool payloads ( #59440 )
...
* fix: normalize kimi anthropic tool payloads
* fix: normalize kimi anthropic tool payloads (#59440 )
2026-04-02 13:39:51 +05:30
Peter Steinberger
Vincent Koc
geekhuashan
@zimeg
hengm3467
Marcus Castro
Ayaan Zaidi
v1p0r
samzong
Cindy
Ted-developer
saram ali
Gustavo Madeira Santana
Alejandro Martinez
Hyojin Kwak
Josh Lehman
pgondhi987
Agustin Rivera
James Cowan
mappel-nv
Jacob Tomlinson