mirror of
https://github.com/mattermost/mattermost.git
synced 2026-02-03 20:40:00 -05:00
8e4cadbc88
* initial commit for POC of Plugin Bridge * Updates * POC for plugin bridge * Updates from collaboration * Fixes * Refactor Plugin Bridge to use HTTP/REST instead of RPC - Remove ExecuteBridgeCall hook and Context.SourcePluginId - Implement HTTP-based bridge using existing PluginHTTP infrastructure - Add CallPlugin API method with endpoint parameter instead of method name - Update CallPluginBridge to construct HTTP POST requests - Add proper headers: Mattermost-User-Id, Mattermost-Plugin-ID - Use 'com.mattermost.server' as plugin ID for core server calls - Update ai.go to use REST endpoint /inter-plugin/v1/completion - Add comprehensive spec documentation in server/spec.md - Add MIGRATION_GUIDE.md for plugin developers - Fix 401/404 issues by setting correct headers and URL paths * Improve Plugin Bridge security and architecture - Create ServeInternalPluginRequest for internal plugin calls (core + plugin-to-plugin) - Move header-setting logic from CallPluginBridge to ServeInternalPluginRequest - Improve separation of concerns: business logic vs HTTP transport - Add security documentation explaining header protection Security Improvements: - ServeInternalPluginRequest is NOT exposed as HTTP route (internal only) - Headers (Mattermost-User-Id, Mattermost-Plugin-ID) are set by trusted server code - External requests cannot spoof these headers (stripped by servePluginRequest) - Core calls use 'com.mattermost.server' as plugin ID for authorization - Plugin-to-plugin calls use real plugin ID (enforced by server) Backward Compatibility: - Keep ServeInterPluginRequest for existing API.PluginHTTP callers (deprecated) - All tests pass Docs: - Update spec.md with security model explanation - Update MIGRATION_GUIDE.md with correct header usage examples * Space * cursor please stop creating markdown files * Fix style * Fix i18n, linter * REMOVE MARKDOWN * Remove CallPlugin method from plugin API interface Per review feedback, this method is no longer needed. Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com> * Remove CallPlugin method implementation from PluginAPI Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com> * fixes * Add AI OpenAPI spec * fix openapi spec * Use agents client (#34225) * Use agents client * Remove default agent * Fixes * fix: modify system prompts to ensure JSON is being returned * Base implementation for recaps working * small fixes * Adjustments * remove webapp changes * Add feature flags for rewrites and ai bridge, clean up * Remove comments that aren't helpful * Fix i18n * Remove rewrites * Fix tests * Fix i18n * adjust i18n again * Add back translations * Remove leftover mock code * remove model file * Changes from PR review * Make the real substitutions * Include a basic invokation of the client with noop to ensure build works * more fix * Remove unneeded change * Updates from review * Fixes * Remove some logic from rewrites to clean up branch * Use v1.5.0 of agents plugin * A bunch more additions for general UX flow * Add missing files * Add mocks * Fixes for vet-api, i18n, build, types, etc * One more linter fix * Fix i18n and some tests * Refactors and cleanup in backend code * remove rogue markdown file * fixes after refactors from backend * Add back renamed files, and add tests * More self code review * More fixes * More refactors * Fix call stack exceeded bug * Include read messages if there are no unreads * Fix test failure: use correct error message key for recap permission denied The getRecapAndCheckOwnership function was using strings.ToLower(callerName) to generate error keys, which caused 'GetRecap' to become 'getrecap' instead of the expected 'get'. Changed to use the correct static key that matches the en.json localization file. Fixes TestGetRecap/get_recap_by_non-owner test failure. Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com> * Consolidate permission errors down to a single string * Fixes for i18n, worktrees making this difficult * Fix i18n * Fix i18n once and for all (for real) (final) * Fix duplicate getAgents method in client4.ts * Remove duplicate ai state from initial_state.ts * Fix types * Fix tests * Fix return type of GetAgents and GetServices * Add tests for recaps components * Fix types * Update i18n * Fixes * Fixes * More cleanup * Revert random file * Use undefined * fix linter * Address feedback * Missed a git add * Fixes * Fix i18n * Remove fallback * Fixes for PR --------- Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com> Co-authored-by: Christopher Speller <crspeller@gmail.com> Co-authored-by: Felipe Martin <me@fmartingr.com> Co-authored-by: Mattermost Build <build@mattermost.com>
240 lines
6.9 KiB
YAML
240 lines
6.9 KiB
YAML
"/api/v4/recaps":
|
|
post:
|
|
tags:
|
|
- recaps
|
|
- ai
|
|
summary: Create a channel recap
|
|
description: >
|
|
Create a new AI-powered recap for the specified channels. The recap will
|
|
summarize unread messages in the selected channels, extracting highlights
|
|
and action items. This creates a background job that processes the recap
|
|
asynchronously. The recap is created for the authenticated user.
|
|
|
|
##### Permissions
|
|
|
|
Must be authenticated. User must be a member of all specified channels.
|
|
|
|
__Minimum server version__: 11.2
|
|
operationId: CreateRecap
|
|
requestBody:
|
|
content:
|
|
application/json:
|
|
schema:
|
|
type: object
|
|
required:
|
|
- channel_ids
|
|
- title
|
|
- agent_id
|
|
properties:
|
|
title:
|
|
type: string
|
|
description: Title for the recap
|
|
channel_ids:
|
|
type: array
|
|
items:
|
|
type: string
|
|
description: List of channel IDs to include in the recap
|
|
minItems: 1
|
|
agent_id:
|
|
type: string
|
|
description: ID of the AI agent to use for generating the recap
|
|
description: Recap creation request
|
|
required: true
|
|
responses:
|
|
"201":
|
|
description: Recap creation successful. The recap will be processed asynchronously.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/Recap"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
get:
|
|
tags:
|
|
- recaps
|
|
- ai
|
|
summary: Get current user's recaps
|
|
description: >
|
|
Get a paginated list of recaps created by the authenticated user.
|
|
|
|
##### Permissions
|
|
|
|
Must be authenticated.
|
|
|
|
__Minimum server version__: 11.2
|
|
operationId: GetRecapsForUser
|
|
parameters:
|
|
- name: page
|
|
in: query
|
|
description: The page to select.
|
|
schema:
|
|
type: integer
|
|
default: 0
|
|
- name: per_page
|
|
in: query
|
|
description: The number of recaps per page.
|
|
schema:
|
|
type: integer
|
|
default: 60
|
|
responses:
|
|
"200":
|
|
description: Recaps retrieval successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
type: array
|
|
items:
|
|
$ref: "#/components/schemas/Recap"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"/api/v4/recaps/{recap_id}":
|
|
get:
|
|
tags:
|
|
- recaps
|
|
- ai
|
|
summary: Get a specific recap
|
|
description: >
|
|
Get a recap by its ID, including all channel summaries. Only the authenticated
|
|
user who created the recap can retrieve it.
|
|
|
|
##### Permissions
|
|
|
|
Must be authenticated. Can only retrieve recaps created by the current user.
|
|
|
|
__Minimum server version__: 11.2
|
|
operationId: GetRecap
|
|
parameters:
|
|
- name: recap_id
|
|
in: path
|
|
description: Recap GUID
|
|
required: true
|
|
schema:
|
|
type: string
|
|
responses:
|
|
"200":
|
|
description: Recap retrieval successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/Recap"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
"404":
|
|
$ref: "#/components/responses/NotFound"
|
|
delete:
|
|
tags:
|
|
- recaps
|
|
- ai
|
|
summary: Delete a recap
|
|
description: >
|
|
Delete a recap by its ID. Only the authenticated user who created the recap
|
|
can delete it.
|
|
|
|
##### Permissions
|
|
|
|
Must be authenticated. Can only delete recaps created by the current user.
|
|
|
|
__Minimum server version__: 11.2
|
|
operationId: DeleteRecap
|
|
parameters:
|
|
- name: recap_id
|
|
in: path
|
|
description: Recap GUID
|
|
required: true
|
|
schema:
|
|
type: string
|
|
responses:
|
|
"200":
|
|
description: Recap deletion successful
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/StatusOK"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
"404":
|
|
$ref: "#/components/responses/NotFound"
|
|
"/api/v4/recaps/{recap_id}/read":
|
|
post:
|
|
tags:
|
|
- recaps
|
|
- ai
|
|
summary: Mark a recap as read
|
|
description: >
|
|
Mark a recap as read by the authenticated user. This updates the recap's
|
|
read status and timestamp.
|
|
|
|
##### Permissions
|
|
|
|
Must be authenticated. Can only mark recaps created by the current user as read.
|
|
|
|
__Minimum server version__: 11.2
|
|
operationId: MarkRecapAsRead
|
|
parameters:
|
|
- name: recap_id
|
|
in: path
|
|
description: Recap GUID
|
|
required: true
|
|
schema:
|
|
type: string
|
|
responses:
|
|
"200":
|
|
description: Recap marked as read successfully
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/Recap"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
"404":
|
|
$ref: "#/components/responses/NotFound"
|
|
"/api/v4/recaps/{recap_id}/regenerate":
|
|
post:
|
|
tags:
|
|
- recaps
|
|
- ai
|
|
summary: Regenerate a recap
|
|
description: >
|
|
Regenerate a recap by its ID. This creates a new background job to
|
|
regenerate the AI-powered recap with the latest messages from the
|
|
specified channels.
|
|
|
|
##### Permissions
|
|
|
|
Must be authenticated. Can only regenerate recaps created by the current user.
|
|
|
|
__Minimum server version__: 11.2
|
|
operationId: RegenerateRecap
|
|
parameters:
|
|
- name: recap_id
|
|
in: path
|
|
description: Recap GUID
|
|
required: true
|
|
schema:
|
|
type: string
|
|
responses:
|
|
"200":
|
|
description: Recap regeneration initiated successfully
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/Recap"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"403":
|
|
$ref: "#/components/responses/Forbidden"
|
|
"404":
|
|
$ref: "#/components/responses/NotFound"
|
|
|