* replace for tablewriter not longer needed
jaytaylof/html2text project has been updated and now it supports
tablewriter 1.0.0
* Replace fwSeeker with bufReadSeeker to support backward seeks for imagemeta v0.17
* Bump server dependencies (includes imagemeta v0.12→v0.17)
* revert the imagemeta upgrade to reduce risk this time
* modules-tidy
---------
Co-authored-by: Jesse Hallam <jesse@mattermost.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Add operation tracking fields to bridge client CompletionRequest calls
Populate UserID, Operation, and OperationSubType on CompletionRequest
for recaps (SummarizePosts) and message rewrite (RewriteMessage) so
token usage logs show correct values instead of defaults.
Also bumps mattermost-plugin-ai v1.8.1 → v1.12.0 which adds the
Operation/OperationSubType fields to the bridgeclient struct.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Address PR feedback: normalize rewrite action and use session-derived userID
- post.go: Add normalizeRewriteAction() that validates action against a
whitelist of known RewriteAction values, mapping unknown values to
"unknown" before assigning to OperationSubType.
- summarization.go: Use sessionUserID (derived from rctx.Session().UserId)
instead of the userID parameter for tracking, ensuring operation
tracking always uses the authenticated session user.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Add default agent support and App Bar integration
- Add Agents section to App Bar, separating it from Core Products.
- Implement Default Agent logic in AtMentionProvider:
- Promote default agent to top of suggestions for empty '@' prefix.
- Filter duplicate agent entry from main list when default is shown.
- Add `AgentTag` component for UI distinction.
- Update `mattermost-plugin-ai` and `server/public` dependencies.
- Add unit tests for default agent suggestion logic.
* Add missing files (server deps, types)
* Fix pre-commit check failures
- Fix TypeScript errors in test files:
- Add missing displayName property to defaultAgent in at_mention_provider test
- Add missing fetchAgents mock in textbox test
- Fix Go assignment mismatch in integration_action_test.go (CreatePostAsUser returns 3 values)
- Fix license copyright year in plugins/mattermost-ai/assets/embed.go
- Update i18n translations (add tag.default.agent)
- Regenerate Go serialized files, mmctl docs, and update go.mod/go.sum
* Update snapshot tests for textbox and at_mention_suggestion
* Undo mmctl docs changes
* Undo more changes
* revert package-lock.json
* Update dep for ai plugin
* Update again
* Update at_mention_provider to filter out agent duplicates and add .cursor/ to gitignore
- Filter agent usernames from priorityProfiles and localAndRemoteMembers to prevent duplicate entries in autocomplete suggestions
- Add .cursor/ directory to .gitignore
Co-authored-by: Cursor <cursoragent@cursor.com>
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
* removes direct jaytaylor/html2text dependency
there is still some indirect dependency on the library preventing
to use latest tablewriter with a PR made to the outdated library
that should be monitored as stated in go.mod comments.
* makes variable not shadow outer one
* fixes typo and makes test fail on error
* uses current docconv dependency to generate plain text email content
* updated aws-sdk dependency to aws-sdk-go-v2
* simplify error handling in case of timeout errors
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* initial commit for POC of Plugin Bridge
* Updates
* POC for plugin bridge
* Updates from collaboration
* Fixes
* Refactor Plugin Bridge to use HTTP/REST instead of RPC
- Remove ExecuteBridgeCall hook and Context.SourcePluginId
- Implement HTTP-based bridge using existing PluginHTTP infrastructure
- Add CallPlugin API method with endpoint parameter instead of method name
- Update CallPluginBridge to construct HTTP POST requests
- Add proper headers: Mattermost-User-Id, Mattermost-Plugin-ID
- Use 'com.mattermost.server' as plugin ID for core server calls
- Update ai.go to use REST endpoint /inter-plugin/v1/completion
- Add comprehensive spec documentation in server/spec.md
- Add MIGRATION_GUIDE.md for plugin developers
- Fix 401/404 issues by setting correct headers and URL paths
* Improve Plugin Bridge security and architecture
- Create ServeInternalPluginRequest for internal plugin calls (core + plugin-to-plugin)
- Move header-setting logic from CallPluginBridge to ServeInternalPluginRequest
- Improve separation of concerns: business logic vs HTTP transport
- Add security documentation explaining header protection
Security Improvements:
- ServeInternalPluginRequest is NOT exposed as HTTP route (internal only)
- Headers (Mattermost-User-Id, Mattermost-Plugin-ID) are set by trusted server code
- External requests cannot spoof these headers (stripped by servePluginRequest)
- Core calls use 'com.mattermost.server' as plugin ID for authorization
- Plugin-to-plugin calls use real plugin ID (enforced by server)
Backward Compatibility:
- Keep ServeInterPluginRequest for existing API.PluginHTTP callers (deprecated)
- All tests pass
Docs:
- Update spec.md with security model explanation
- Update MIGRATION_GUIDE.md with correct header usage examples
* Space
* cursor please stop creating markdown files
* Fix style
* Fix i18n, linter
* REMOVE MARKDOWN
* Remove CallPlugin method from plugin API interface
Per review feedback, this method is no longer needed.
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* Remove CallPlugin method implementation from PluginAPI
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* fixes
* Add AI OpenAPI spec
* fix openapi spec
* Use agents client (#34225)
* Use agents client
* Remove default agent
* Fixes
* fix: modify system prompts to ensure JSON is being returned
* remove webapp changes
* Add feature flags for rewrites and ai bridge, clean up
* Remove comments that aren't helpful
* Fix i18n
* Remove rewrites
* Fix tests
* Fix i18n
* adjust i18n again
* Add back translations
* Remove leftover mock code
* remove model file
* Make the real substitutions
* Include a basic invokation of the client with noop to ensure build works
* Remove unneeded change
* Updates from review
* Fixes
* Use v1.5.0 of agents plugin
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
Co-authored-by: Christopher Speller <crspeller@gmail.com>
Co-authored-by: Felipe Martin <me@fmartingr.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Update dependencies
* Undo hack needed by go-elasticsearch v8.18.0
See https://github.com/mattermost/mattermost/pull/31021 for more
information.
* Another breaking change in a minor version :)
* Remove old exclude rules
* Unify ES/OS tests when getting no documents
* Clarify weird assert on ES/OS common tests
* Bump dependencies now that archives v0.1.5 is out
* MM-64486: Remove telemetry
Remove telemetry from Mattermost. We're no longer relying on Rudder upstream, and no longer making use of this information.
* recover mock for SystemStore.Get
* Fix TestClearPushNotificationSync by adding missing SystemStore mock
The test was failing because the SystemStore mock was missing the Get()
method that's required by the ServerId() function. Added the missing mock
to return a StringMap with SystemServerId.
* fix mocking issue
* Remove now-unused telemetry and constants
* Remove "Disable telemetry events" debug setting
* Remove empty functions
* Remove most "Telemetry tracking removed" comments
* Remove remains of DataPrefetch telemetry
* Remove now-unused prop from InviteMembersButton
* Remove trackDotMenuEvent
* Remove some more leftover comments
* Remove lingering logic related to trackingLocation
* Remove now-unused argument from useCopyText
* Remove lingering telemetry references from PreparingWorkspace
* fixup Remove trackDotMenuEvent
* Remove lingering telemetry references from signup page and password check
* Update snapshots and fix test broken by my changes
* Fix unintended behavior change in thread list filtering
Remove handleSetFilter wrapper that was accidentally modified during
telemetry removal. The function was calling clear() when switching to
unread filter, which was not the original behavior. Use setFilter
directly instead, restoring the original functionality.
* Remove unused useOpenDowngradeModal hook
The useOpenDowngradeModal hook was not being used anywhere in the codebase.
* Remove unused expandableLink from useExpandOverageUsersCheck
The expandableLink return value was not being used by any components.
* Re-add missing TeamLinkClicked performance telemetry
The mark(Mark.TeamLinkClicked) call was accidentally removed from the
handleSwitch function. This telemetry is needed for Looker-based
performance tracking.
* drop LogSettings.VerboseDiagnostics
---------
Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
While investigating code paths during
Redis downtime, I found out that the library
by default retries indefinitely for read commmands.
This leads to it being stuck in a loop
while trying to read anything from Redis.
We fix that by disabling retry.
Secondly, we adjust the ConnWriteTimeout
value slightly from its default of 10s
which is a bit too high for normal working
conditions.
Ref: https://github.com/redis/rueidis/issues/680
```release-note
NONE
```
* Bump yuin/goldmark dependency to latest version
* Add docs to modules-tidy make rule
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
- Update library version.
- Added MaxFlush delay to help reduce CPU usage.
- Fall back to LRU cache for the caches which use SCAN.
- Added mattermost-redis and running for all api layer
tests in Postgres.
https://mattermost.atlassian.net/browse/MM-59934
```release-note
NONE
```
* on login add UserId and SessionId to audit's Actor field to match logout
* lint
* simplify to add only userId and sessionId
* AddToEventActor -> AddUser/SessionToEventActor
* fill in missing session data when logging the audit record
* why did it bump that? reverting.
* make modules-tidy
* trigger build
* add more context to the comment
* - ensure new users get correct remoteID
- ensure remotes can only update users belonging to them
- ensure user remoteIDs cannot be changed once set
* make modules-tidy
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
