mirror of
https://github.com/multica-ai/multica.git
synced 2026-07-05 13:29:44 +02:00
* feat(slack): Socket Mode channel.Channel adapter (MUL-3516) First slice of the Slack adapter: implements channel.Channel (Type/Connect/Disconnect/Send/Capabilities) over Slack Socket Mode, normalizes inbound events to channel.InboundMessage (DM, channel @mention, thread reply; bot-loop + edit/delete guards), decodes the per-installation config/secret blob, and registers the Factory under TypeSlack. No engine, core, or channel_* schema change. Unit-tested (translation, capabilities, config decode, chunking, Send via httptest). Resolvers + engine wiring + Block Kit binding replier follow. Co-authored-by: multica-agent <github@multica.ai> * fix(slack): address adapter review (MUL-3516) - Propagate InboundHandler errors through dispatchEventsAPI/handleSocketEvent to Connect so an infra failure tears down the connection for Supervisor reconnect/backoff instead of being silently swallowed (ACK still happens first). - Capabilities: declare only CapText | CapThreadReply; drop CapRichCard/CapAttachment/CapMessageEdit until those Send paths are wired. - slackChatType: map mpim (multi-party DM) to group, not p2p, so the 'must address bot' filter applies; only 1:1 im is p2p. - Document the group-addressing decision: explicit @bot mention required in groups; mention-free thread continuation deferred to the session-aware layer. - Tests: handler-error propagation, slackChatType table, mpim-requires-mention, capabilities negative assertions. Co-authored-by: multica-agent <github@multica.ai> * refactor(channel): shared channel-agnostic ChatSession service (MUL-3516) Extract the session/append//issue machinery — currently locked inside the Feishu-pinned lark.chatSessionService — into a shared engine.ChatSession parameterized by channel_type + session titles, so every IM adapter reuses it instead of re-implementing it. Logic is verbatim (find-or-create session+binding with unique-violation race re-read; append+touch+reply-target+in-tx dedup Mark; /issue parse with bare-command previous-message fallback) but channel-neutral: command-parse source is supplied by the adapter (enrichment is platform-specific). Backed by a narrow SessionQueries interface so it is unit-tested with an in-memory fake (no DB). /issue parser moved to engine.ParseIssueCommand. Next: migrate Feishu onto it and wire Slack's ResolverSet, removing the lark duplicate. Co-authored-by: multica-agent <github@multica.ai> * fix(channel): decouple session binding key from outbound target (MUL-3516) Addresses Elon's round-2 review. engine.ChatSession.EnsureSession previously keyed the binding on a raw chat id (EnsureSessionInput.ChatID), so a resolver wiring Slack straight through would collapse every @bot thread in one channel into a single chat_session and overwrite last_thread_id. Make the API un-misusable: - EnsureSessionInput.ChatID -> BindingKey: the explicit session-isolation key (Feishu: chat id; Slack DM: channel id; Slack channel: channel id + thread root), documented so a raw threaded-platform chat id is never passed straight through. - Add EnsureSessionInput.BindingConfig (opaque) persisted on the binding's config column, so the real outbound channel/thread is preserved when BindingKey is composite — outbound routing stays separate from the isolation key. - channel.sql CreateChannelChatSessionBinding now writes config (additive, uses the existing NOT NULL column; lark caller passes '{}', no schema change, no Feishu regression). - Tests: TestEnsureSession_ThreadRootIsolation (two thread roots in one channel -> two sessions; same root reuses) and TestEnsureSession_StoresBindingConfig. No production wiring change yet (per review, the not-yet-wired shared service is an accepted preparatory state); this makes the API correct before Feishu/Slack are migrated onto it. Co-authored-by: multica-agent <github@multica.ai> * feat(slack): Slack ResolverSet with thread-root session isolation (MUL-3516) Wires Slack into the channel-agnostic engine.Router via a ResolverSet built on the generic channel_* queries (installation route by team_id, identity + workspace-membership recheck, two-phase dedup, audit) plus the shared engine.ChatSession. No new query, no schema change. slackSessionRouting is the per-message isolation rule (Elon round-2 / Niko round-3): a DM is one session per channel; a channel/group message is isolated by thread root (key = channel:threadRoot, root = inbound thread_ts or the message ts for a top-level @mention), so two @bot threads in one channel are two sessions. The real channel id rides in BindingConfig for outbound; the reply thread is returned separately. Tests cover DM/channel/thread routing, config, and that distinct thread roots isolate while a same-thread follow-up reuses its key. Not yet wired into router.go (still a preparatory commit, per review); Feishu migration onto the shared service, router/config wiring, and the Slack outbound path follow. Co-authored-by: multica-agent <github@multica.ai> * feat(slack): Markdown->mrkdwn outbound formatting (MUL-3516) Slack renders mrkdwn, not Markdown, so an unconverted agent reply shows literal ** , ## and [text](url). Add formatMrkdwn — a faithful Go port of Hermes Agent's slack format_message (MIT) — and apply it in slackChannel.Send before chunking/posting. Protects fenced+inline code, converted links, and existing Slack entities behind placeholders; converts headers/bold/italic/strike/links; escapes control chars. Unit tests cover each construct plus fenced-code protection and a link nested in bold. Co-authored-by: multica-agent <github@multica.ai> * docs(slack): preserve Hermes MIT notice for ported mrkdwn converter (MUL-3516) Addresses Niko's review. formatMrkdwn is a substantial port of Hermes Agent's slack format_message; MIT requires preserving the copyright + permission notice. Add the full Hermes MIT copyright/permission notice + source URL as a header on mrkdwn.go (no repo-level third-party notice file exists, and the header cannot get separated from the ported code). Also add the suggested Send-layer regression test (TestSend_AppliesMrkdwn) that pins the wiring: slackChannel.Send converts Markdown to mrkdwn before posting. Co-authored-by: multica-agent <github@multica.ai> * refactor(lark): migrate Feishu onto shared engine.ChatSession, drop duplicate (MUL-3516) Completes 'every IM reuses one shared session service' and removes the dual-path the reviewers flagged as temporary. Feishu's ResolverSet now drives the channel-agnostic engine.ChatSession (channel_type=feishu, Lark session titles preserved) instead of the Feishu-specific lark.chatSessionService, which is deleted. Behavior is unchanged: engine.ChatSession is the verbatim port of the old logic and is unit-tested; the new Feishu binder param-mapping (BindingKey=chat id, CommandText=un-enriched CommandBody from Raw) is covered by feishu_resolvers_test.go. - Delete chat_service.go (chatSessionService + helpers) and issue_command.go/_test.go (parser now engine.ParseIssueCommand). Relocate the shared TxStarter interface to tx.go (still used by binding-token + registration services). - chat.go keeps only the AuditLogger seam; remove the now-dead ChatSessionService / EnsureChatSessionParams / AppendUserMessageParams / AppendResult / IssueCommand types. - router.go constructs engine.NewChatSession for Feishu; inbound_enricher_test + doc.go updated. make-test parity: go build ./..., go vet, gofmt, and go test ./internal/integrations/{lark,channel/...,slack} all pass (full Feishu suite green). Co-authored-by: multica-agent <github@multica.ai> * feat(slack): wire Slack adapter + ResolverSet + outbound into router (MUL-3516) Activates the full Slack pipeline, gated by MULTICA_SLACK_SECRET_KEY (the bot/app-token decryption key). When unset the block is skipped, so existing deployments are unaffected and Feishu is untouched. - router.go registers slack.RegisterSlack (Socket Mode connect/send Factory) + channelRouter.Register(TypeSlack, NewSlackResolverSet) (inbound pipeline) + slack.NewOutbound(...).Register(bus) (outbound). - New slack/outbound.go: an EventChatDone subscriber mirroring the Feishu Patcher. It finds the Slack chat binding for the finished session, recovers the real channel from the binding config (the channel_chat_id may be a composite thread-isolation key) + the reply thread from last_thread_id, and posts via slackChannel.Send (reusing formatMrkdwn / chunking / threading). Sessions with no Slack binding are ignored, so it coexists with the Feishu Patcher on the shared bus. - Tests: posts to the bound channel/thread with the real channel id; ignores non-Slack sessions, empty completions, revoked installations, and non-chat events. Slack now shares engine.ChatSession, channel_* tables, IssueService and TaskService with Feishu. Remaining: config-driven installation provisioning (an operator currently creates the channel_type='slack' row; the config block shape — which workspace/agent — is a product decision) and a live end-to-end smoke. go build ./..., go vet, gofmt, and go test ./internal/integrations/{slack,channel/...,lark} all pass. Co-authored-by: multica-agent <github@multica.ai> --------- Co-authored-by: J <j@multica.ai> Co-authored-by: multica-agent <github@multica.ai>
61 lines
3.5 KiB
Go
61 lines
3.5 KiB
Go
// Package lark contains the Multica ↔ 飞书 (Lark) Bot integration.
|
|
//
|
|
// MVP scope is tracked in MUL-2671. After the migration / service
|
|
// boundary PRs landed, this package now covers:
|
|
//
|
|
// 1. DB schema + sqlc wrappers (migration 109_lark_integration.up.sql)
|
|
// 2. InstallationService (encrypted app_secret, workspace-scoped lookups)
|
|
// 3. BindingTokenService (15-minute single-use, transactional redeem
|
|
// that rejects cross-user rebinds in-DB)
|
|
// 4. Feishu ResolverSet (feishu_resolvers.go) feeding the shared,
|
|
// channel-agnostic engine.ChatSession (chat_session ensure / append,
|
|
// /issue parsing) — no Feishu-specific session service remains
|
|
// 5. Dispatcher (inbound pipeline: installation route → top-level
|
|
// message_id dedup → group filter → identity check → ensure
|
|
// session → append → /issue → enqueue chat task; typed outcomes
|
|
// for offline / archived; emit returns DispatchResult + error so
|
|
// the connector can post the matching Lark-side reply card)
|
|
// 6. AuditLogger (lark_inbound_audit; deliberately no body column)
|
|
// 7. APIClient interface + http_client.go (real Lark Open Platform
|
|
// transport for IM v1 send/patch + binding prompt + bot info;
|
|
// stubAPIClient refuses calls when no production client is wired)
|
|
// 8. Hub (WS lease + per-installation supervisor goroutines with
|
|
// exponential backoff + jitter; renewer cancels the connector's
|
|
// run ctx on lease loss to keep §4.4 ownership safe across
|
|
// replicas; EventConnector interface is the seam for the real
|
|
// wire protocol)
|
|
// 9. WSLongConnConnector (real long-conn over gorilla/websocket; the
|
|
// wire protocol is the binary Frame envelope from the official Go
|
|
// SDK — bootstrap via POST /callback/ws/endpoint, app-layer
|
|
// ping/pong, ACK responses on every data frame, ctx cancel breaks
|
|
// blocking ReadMessage via a watchdog goroutine for §4.4)
|
|
// 10. Patcher (subscribes to task / chat-done events; keeps the
|
|
// per-task Lark interactive card in sync; throttled patches +
|
|
// final/error bypass)
|
|
// 11. OutcomeReplier (outbound side of the EventEmitter contract:
|
|
// NeedsBinding mints a token + sends the binding prompt;
|
|
// AgentOffline / AgentArchived push status notice cards into the
|
|
// chat; Ingested is owned by the Patcher; Dropped is silent)
|
|
// 12. RegistrationService (RFC 8628 device-flow scan-to-install: opens
|
|
// a session against accounts.feishu.cn, polls in the background,
|
|
// and on success writes through InstallationService + auto-binds
|
|
// the installer via InstallerBinder so §2.1 "scan to bind, you're
|
|
// done" holds end-to-end)
|
|
//
|
|
// Architectural boundaries (frozen from Elon's 二审, MUL-2671 §4.8):
|
|
//
|
|
// 1. Issue creation goes through internal/service.IssueService.Create —
|
|
// this package never calls qtx.CreateIssue directly.
|
|
// 2. Inbound message ingestion uses the shared engine.ChatSession, NOT
|
|
// the HTTP `SendChatMessage` handler. Group chat_sessions have multi-
|
|
// member creator semantics that the HTTP handler's single-creator
|
|
// guard rejects on purpose.
|
|
// 3. Outbound card-message mapping lives in `lark_outbound_card_message`
|
|
// (per task/message), never on `chat_session.metadata`.
|
|
// 4. Unbound users and non-workspace members never reach
|
|
// chat_session/chat_message. They land in `lark_inbound_audit` (no
|
|
// body) with a drop_reason and nothing else.
|
|
// 5. `app_secret` is encrypted at rest via internal/util/secretbox.
|
|
// The DB never sees plaintext.
|
|
package lark
|