* initial commit for POC of Plugin Bridge
* Updates
* POC for plugin bridge
* Updates from collaboration
* Fixes
* Refactor Plugin Bridge to use HTTP/REST instead of RPC
- Remove ExecuteBridgeCall hook and Context.SourcePluginId
- Implement HTTP-based bridge using existing PluginHTTP infrastructure
- Add CallPlugin API method with endpoint parameter instead of method name
- Update CallPluginBridge to construct HTTP POST requests
- Add proper headers: Mattermost-User-Id, Mattermost-Plugin-ID
- Use 'com.mattermost.server' as plugin ID for core server calls
- Update ai.go to use REST endpoint /inter-plugin/v1/completion
- Add comprehensive spec documentation in server/spec.md
- Add MIGRATION_GUIDE.md for plugin developers
- Fix 401/404 issues by setting correct headers and URL paths
* Improve Plugin Bridge security and architecture
- Create ServeInternalPluginRequest for internal plugin calls (core + plugin-to-plugin)
- Move header-setting logic from CallPluginBridge to ServeInternalPluginRequest
- Improve separation of concerns: business logic vs HTTP transport
- Add security documentation explaining header protection
Security Improvements:
- ServeInternalPluginRequest is NOT exposed as HTTP route (internal only)
- Headers (Mattermost-User-Id, Mattermost-Plugin-ID) are set by trusted server code
- External requests cannot spoof these headers (stripped by servePluginRequest)
- Core calls use 'com.mattermost.server' as plugin ID for authorization
- Plugin-to-plugin calls use real plugin ID (enforced by server)
Backward Compatibility:
- Keep ServeInterPluginRequest for existing API.PluginHTTP callers (deprecated)
- All tests pass
Docs:
- Update spec.md with security model explanation
- Update MIGRATION_GUIDE.md with correct header usage examples
* Space
* cursor please stop creating markdown files
* Fix style
* Fix i18n, linter
* REMOVE MARKDOWN
* Remove CallPlugin method from plugin API interface
Per review feedback, this method is no longer needed.
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* Remove CallPlugin method implementation from PluginAPI
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* fixes
* Add AI OpenAPI spec
* fix openapi spec
* Use agents client (#34225)
* Use agents client
* Remove default agent
* Fixes
* fix: modify system prompts to ensure JSON is being returned
* remove webapp changes
* Add feature flags for rewrites and ai bridge, clean up
* Remove comments that aren't helpful
* Fix i18n
* Remove rewrites
* Fix tests
* Fix i18n
* adjust i18n again
* Add back translations
* Remove leftover mock code
* remove model file
* Make the real substitutions
* Include a basic invokation of the client with noop to ensure build works
* Remove unneeded change
* Updates from review
* Fixes
* Use v1.5.0 of agents plugin
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
Co-authored-by: Christopher Speller <crspeller@gmail.com>
Co-authored-by: Felipe Martin <me@fmartingr.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Revert "MM-13657: Set ExperimentalStrictCSRFEnforcement to true by default (#33444)"
This reverts commit 257eec43ed.
* Fix call to checkCSRFToken
* Adapt test that relied on strict CSRF enforcement
This test was added after
https://github.com/mattermost/mattermost/pull/33444, so it assumed
strict CSRF enforcement to be enabled. When reverting that PR, we need
to adapt the test to account for both cases.
* Fix newer tests to use older setting
https://mattermost.atlassian.net/browse/MM-13657
```release-note
We change ServiceSettings.ExperimentalStrictCSRFEnforcement to be
true by default for new installations. For existing installations,
the value will remain unchanged.
```
* Remove ''Experimental'' prefix from CSRF enforcement field
Change field name from ExperimentalStrictCSRFEnforcement to StrictCSRFEnforcement across all files
Co-authored-by: Agniva De Sarker <agnivade@users.noreply.github.com>
* lint fix
```release-note
NONE
```
* fix test
```release-note
NONE
```
* set StrictCSRFEnforcement to false on starting a test server
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Agniva De Sarker <agnivade@users.noreply.github.com>
Co-authored-by: Saturnino Abril <5334504+saturninoabril@users.noreply.github.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
This originated from https://github.com/mattermost/mattermost/issues/15249.
However, the original idea was discarded https://github.com/mattermost/mattermost/issues/15249#issuecomment-709713065
as being too complicated to implement. Then I had another
idea to implement it just for session objects.
My thinking was that since every single request allocates a new
session struct, it would be good to use a sync.Pool for that.
However, 4 years later, now we know that the primary bottleneck
in app performance comes from websocket event marshalling.
Therefore, while it would be good to do this, it is difficult
to do it correctly (as shown by the numerous racy tests).
Hence, reverting this.
```release-note
NONE
```
* remove the authorization header if the request is from an authenticated MM user
* fix lint
Co-authored-by: Michael Kochell <6913320+mickmister@users.noreply.github.com>
---------
Co-authored-by: Michael Kochell <6913320+mickmister@users.noreply.github.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
It was a good decision in hindsight to keep the public module as 0.x
because this would have been a breaking change again.
https://mattermost.atlassian.net/browse/MM-53032
```release-note
Changed the Go module path from github.com/mattermost/mattermost-server/server/v8 to github.com/mattermost/mattermost/server/v8.
For the public facing module, it's path is also changed from github.com/mattermost/mattermost-server/server/public to github.com/mattermost/mattermost/server/public
```
https://mattermost.atlassian.net/browse/MM-52079
```release-note
We upgrade the module version to 8.0. The new module path is github.com/mattermost-server/server/v8.
```
Co-authored-by: Doug Lauder <wiggin77@warpmail.net>
