@rubytech/taskmaster 1.0.64 → 1.0.65

package/dist/control-ui/index.html

@@ -6,8 +6,8 @@
     <title>Taskmaster Control</title>
     <meta name="color-scheme" content="dark light" />
     <link rel="icon" type="image/png" href="./favicon.png" />
-    <script type="module" crossorigin src="./assets/index-BPvR6pln.js"></script>
-    <link rel="stylesheet" crossorigin href="./assets/index-mweBpmCT.css">
+    <script type="module" crossorigin src="./assets/index-o5Xs9S4u.js"></script>
+    <link rel="stylesheet" crossorigin href="./assets/index-DmifehTc.css">
   </head>
   <body>
     <taskmaster-app></taskmaster-app>

package/dist/gateway/config-reload.js

@@ -7,6 +7,7 @@ const DEFAULT_RELOAD_SETTINGS = {
 };
 const BASE_RELOAD_RULES = [
     { prefix: "access", kind: "none" },
+    { prefix: "publicChat", kind: "none" },
     { prefix: "apiKeys", kind: "none" },
     { prefix: "gateway.remote", kind: "none" },
     { prefix: "gateway.reload", kind: "none" },

package/dist/gateway/control-ui.js

@@ -345,3 +345,176 @@ export function handleBrandIconRequest(req, res, opts) {
     serveFile(res, filePath);
     return true;
 }
+/**
+ * Serve `/public/chat` — the same SPA but with public-chat flags injected.
+ */
+export function handlePublicChatHttpRequest(req, res, opts) {
+    const urlRaw = req.url;
+    if (!urlRaw)
+        return false;
+    const url = new URL(urlRaw, "http://localhost");
+    const pathname = url.pathname;
+    if (!pathname.startsWith("/public/"))
+        return false;
+    // Static asset passthrough (JS/CSS/images served from /public/assets/*)
+    if (pathname.startsWith("/public/assets/")) {
+        const root = resolveControlUiRoot();
+        if (!root) {
+            respondNotFound(res);
+            return true;
+        }
+        const rel = pathname.slice("/public/".length);
+        if (!isSafeRelativePath(rel)) {
+            respondNotFound(res);
+            return true;
+        }
+        const filePath = path.join(root, rel);
+        if (!filePath.startsWith(root)) {
+            respondNotFound(res);
+            return true;
+        }
+        if (fs.existsSync(filePath) && fs.statSync(filePath).isFile()) {
+            serveFile(res, filePath);
+            return true;
+        }
+        respondNotFound(res);
+        return true;
+    }
+    if (req.method !== "GET" && req.method !== "HEAD") {
+        res.statusCode = 405;
+        res.setHeader("Content-Type", "text/plain; charset=utf-8");
+        res.end("Method Not Allowed");
+        return true;
+    }
+    // Only /public/chat (the SPA route)
+    if (pathname !== "/public/chat" && !pathname.startsWith("/public/chat/")) {
+        // /public/widget.js is handled separately
+        if (pathname === "/public/widget.js")
+            return false;
+        respondNotFound(res);
+        return true;
+    }
+    const config = opts?.config;
+    if (!config?.publicChat?.enabled) {
+        respondNotFound(res);
+        return true;
+    }
+    const root = resolveControlUiRoot();
+    if (!root) {
+        res.statusCode = 503;
+        res.setHeader("Content-Type", "text/plain; charset=utf-8");
+        res.end("Control UI assets not found.");
+        return true;
+    }
+    const indexPath = path.join(root, "index.html");
+    if (!fs.existsSync(indexPath)) {
+        respondNotFound(res);
+        return true;
+    }
+    const identity = resolveAssistantIdentity({ cfg: config });
+    const avatarValue = resolveAssistantAvatarUrl({
+        avatar: identity.avatar,
+        basePath: "",
+    }) ?? identity.avatar;
+    const authMode = config.publicChat.auth ?? "anonymous";
+    const cookieTtlDays = config.publicChat.cookieTtlDays ?? 30;
+    const brandName = config.ui?.brand?.name;
+    const brandIconUrl = resolveBrandIconUrl(config.ui?.brand?.icon, root);
+    const accentColor = config.ui?.seamColor;
+    const raw = fs.readFileSync(indexPath, "utf8");
+    const injected = injectControlUiConfig(raw, {
+        basePath: "",
+        assistantName: identity.name,
+        assistantAvatar: avatarValue,
+        brandName,
+        brandIconUrl,
+        accentColor,
+    });
+    // Inject public-chat globals
+    const publicScript = `<script>` +
+        `window.__TASKMASTER_PUBLIC_CHAT__=true;` +
+        `window.__TASKMASTER_PUBLIC_CHAT_CONFIG__=${JSON.stringify({ auth: authMode, cookieTtlDays })};` +
+        `</script>`;
+    const headClose = injected.indexOf("</head>");
+    const withPublic = headClose !== -1
+        ? `${injected.slice(0, headClose)}${publicScript}${injected.slice(headClose)}`
+        : `${publicScript}${injected}`;
+    res.setHeader("Content-Type", "text/html; charset=utf-8");
+    res.setHeader("Cache-Control", "no-cache");
+    res.end(withPublic);
+    return true;
+}
+/** Widget script content — self-contained JS for embedding. */
+const WIDGET_SCRIPT = `(function(){
+  "use strict";
+  var cfg={server:""};
+  var isOpen=false;
+  var btn,overlay,iframe;
+
+  function init(opts){
+    if(opts&&opts.server) cfg.server=opts.server.replace(/\\/$/,"");
+    build();
+  }
+
+  function build(){
+    var css=document.createElement("style");
+    css.textContent=[
+      ".tm-widget-btn{position:fixed;bottom:20px;right:20px;width:60px;height:60px;",
+      "border-radius:50%;background:#0078ff;color:#fff;border:none;cursor:pointer;",
+      "box-shadow:0 4px 12px rgba(0,0,0,.25);z-index:999999;font-size:28px;",
+      "display:flex;align-items:center;justify-content:center;transition:transform .2s}",
+      ".tm-widget-btn:hover{transform:scale(1.1)}",
+      ".tm-widget-overlay{position:fixed;bottom:90px;right:20px;width:400px;height:600px;",
+      "max-width:calc(100vw - 40px);max-height:calc(100vh - 110px);",
+      "border-radius:12px;overflow:hidden;box-shadow:0 8px 30px rgba(0,0,0,.3);",
+      "z-index:999998;display:none;background:#1a1a2e}",
+      ".tm-widget-overlay.open{display:block}",
+      ".tm-widget-iframe{width:100%;height:100%;border:none}",
+      "@media(max-width:480px){",
+      ".tm-widget-overlay{bottom:0;right:0;width:100vw;height:100vh;max-width:100vw;",
+      "max-height:100vh;border-radius:0}}",
+    ].join("");
+    document.head.appendChild(css);
+
+    btn=document.createElement("button");
+    btn.className="tm-widget-btn";
+    btn.textContent="\\uD83D\\uDCAC";
+    btn.setAttribute("aria-label","Chat");
+    btn.onclick=toggle;
+    document.body.appendChild(btn);
+
+    overlay=document.createElement("div");
+    overlay.className="tm-widget-overlay";
+    iframe=document.createElement("iframe");
+    iframe.className="tm-widget-iframe";
+    iframe.src=cfg.server+"/public/chat";
+    overlay.appendChild(iframe);
+    document.body.appendChild(overlay);
+  }
+
+  function toggle(){
+    isOpen=!isOpen;
+    overlay.classList.toggle("open",isOpen);
+    btn.textContent=isOpen?"\\u2715":"\\uD83D\\uDCAC";
+  }
+
+  window.Taskmaster={init:init};
+})();`;
+/**
+ * Serve `/public/widget.js` — embeddable floating chat widget.
+ */
+export function handlePublicWidgetRequest(req, res, opts) {
+    const url = new URL(req.url ?? "/", "http://localhost");
+    if (url.pathname !== "/public/widget.js")
+        return false;
+    if (req.method !== "GET" && req.method !== "HEAD")
+        return false;
+    if (!opts?.config?.publicChat?.enabled) {
+        respondNotFound(res);
+        return true;
+    }
+    res.setHeader("Content-Type", "application/javascript; charset=utf-8");
+    res.setHeader("Cache-Control", "no-cache");
+    res.end(WIDGET_SCRIPT);
+    return true;
+}

package/dist/gateway/net.js

@@ -174,3 +174,19 @@ function isValidIPv4(host) {
 export function isLoopbackHost(host) {
     return isLoopbackAddress(host);
 }
+/**
+ * Determine whether an HTTP request originates from outside the local machine.
+ * Uses the same trusted-proxy logic as the WS handler.
+ */
+export function isExternalRequest(req, trustedProxies) {
+    const remoteAddr = req.socket.remoteAddress;
+    const forwardedFor = req.headers["x-forwarded-for"];
+    const realIp = req.headers["x-real-ip"];
+    const clientIp = resolveGatewayClientIp({
+        remoteAddr,
+        forwardedFor,
+        realIp,
+        trustedProxies,
+    });
+    return !isLocalGatewayAddress(clientIp);
+}

package/dist/gateway/protocol/client-info.js

@@ -12,6 +12,7 @@ export const GATEWAY_CLIENT_IDS = {
     TEST: "test",
     FINGERPRINT: "fingerprint",
     PROBE: "taskmaster-probe",
+    PUBLIC_CHAT: "public-chat",
 };
 // Back-compat naming (internal): these values are IDs, not display names.
 export const GATEWAY_CLIENT_NAMES = GATEWAY_CLIENT_IDS;

package/dist/gateway/protocol/schema/logs-chat.js

@@ -19,6 +19,9 @@ export const ChatHistoryParamsSchema = Type.Object({
     limit: Type.Optional(Type.Integer({ minimum: 1, maximum: 10_000 })),
     /** When set, read from this specific session transcript instead of the current one. */
     sessionId: Type.Optional(NonEmptyString),
+    /** When true, preserve envelope headers (channel, timestamp, sender metadata) on user messages.
+     *  Defaults to false (strip envelopes) for backward compatibility with the webchat UI. */
+    preserveEnvelopes: Type.Optional(Type.Boolean()),
 }, { additionalProperties: false });
 export const ChatSendParamsSchema = Type.Object({
     sessionKey: NonEmptyString,

package/dist/gateway/protocol/schema/sessions-transcript.js

@@ -1,10 +1,8 @@
 import { Type } from "@sinclair/typebox";
 export const SessionsTranscriptParamsSchema = Type.Object({
     cursors: Type.Optional(Type.Record(Type.String(), Type.Integer({ minimum: 0 }))),
-    limit: Type.Optional(Type.Integer({ minimum: 1, maximum: 1000 })),
-    maxBytesPerFile: Type.Optional(Type.Integer({ minimum: 1, maximum: 250_000 })),
+    limit: Type.Optional(Type.Integer({ minimum: 1, maximum: 10_000 })),
     agents: Type.Optional(Type.Array(Type.String())),
-    full: Type.Optional(Type.Boolean()),
 }, { additionalProperties: false });
 export const SessionsTranscriptEntrySchema = Type.Object({
     sessionId: Type.String(),

package/dist/gateway/public-chat/deliver-otp.js

@@ -0,0 +1,9 @@
+/**
+ * Deliver OTP verification codes via WhatsApp.
+ */
+import { sendMessageWhatsApp } from "../../web/outbound.js";
+export async function deliverOtp(phone, code) {
+    await sendMessageWhatsApp(phone, `Your verification code is: ${code}`, {
+        verbose: false,
+    });
+}

package/dist/gateway/public-chat/otp.js

@@ -0,0 +1,60 @@
+/**
+ * In-memory OTP store for public-chat phone verification.
+ *
+ * - 6-digit codes, 5-minute TTL
+ * - 60-second rate limit between requests per phone
+ * - Max 3 verification attempts per code
+ */
+const store = new Map();
+const OTP_TTL_MS = 5 * 60 * 1000;
+const OTP_RATE_LIMIT_MS = 60 * 1000;
+const OTP_MAX_ATTEMPTS = 3;
+function generateCode() {
+    return String(Math.floor(100_000 + Math.random() * 900_000));
+}
+export function requestOtp(phone) {
+    const existing = store.get(phone);
+    const now = Date.now();
+    if (existing && now - existing.lastRequestedAt < OTP_RATE_LIMIT_MS) {
+        return {
+            ok: false,
+            error: "rate_limited",
+            retryAfterMs: OTP_RATE_LIMIT_MS - (now - existing.lastRequestedAt),
+        };
+    }
+    const code = generateCode();
+    store.set(phone, {
+        code,
+        expiresAt: now + OTP_TTL_MS,
+        attempts: 0,
+        lastRequestedAt: now,
+    });
+    return { ok: true, code };
+}
+export function verifyOtp(phone, code) {
+    const entry = store.get(phone);
+    if (!entry)
+        return { ok: false, error: "not_found" };
+    if (Date.now() > entry.expiresAt) {
+        store.delete(phone);
+        return { ok: false, error: "expired" };
+    }
+    if (entry.attempts >= OTP_MAX_ATTEMPTS) {
+        store.delete(phone);
+        return { ok: false, error: "max_attempts" };
+    }
+    entry.attempts += 1;
+    if (entry.code !== code) {
+        return { ok: false, error: "invalid" };
+    }
+    store.delete(phone);
+    return { ok: true };
+}
+/** Remove expired entries periodically. */
+export function cleanupExpired() {
+    const now = Date.now();
+    for (const [phone, entry] of store) {
+        if (now > entry.expiresAt)
+            store.delete(phone);
+    }
+}

package/dist/gateway/public-chat/session.js

@@ -0,0 +1,45 @@
+/**
+ * Resolve public-chat session keys (anonymous and verified).
+ *
+ * The public agent is the agent handling WhatsApp DMs for the default account.
+ * Anonymous sessions use a cookie-based identifier; verified sessions use the
+ * phone number so they share the same DM session as WhatsApp.
+ */
+import { resolveDefaultAgentId } from "../../agents/agent-scope.js";
+import { normalizeAgentId } from "../../routing/session-key.js";
+/**
+ * Find the agent that handles public-facing WhatsApp DMs.
+ * Priority: binding to whatsapp DM > agent named "public" > default agent.
+ */
+export function resolvePublicAgentId(cfg) {
+    const bindings = cfg.bindings ?? [];
+    // Find agent bound to whatsapp DMs (the public-facing agent)
+    for (const binding of bindings) {
+        if (binding.match.channel === "whatsapp" &&
+            binding.match.peer?.kind === "dm" &&
+            !binding.match.peer.id) {
+            return normalizeAgentId(binding.agentId);
+        }
+    }
+    // Any whatsapp binding
+    for (const binding of bindings) {
+        if (binding.match.channel === "whatsapp") {
+            return normalizeAgentId(binding.agentId);
+        }
+    }
+    // Agent explicitly named "public"
+    const agents = cfg.agents?.list ?? [];
+    const publicAgent = agents.find((a) => a.id === "public");
+    if (publicAgent)
+        return normalizeAgentId(publicAgent.id);
+    // Fall back to default agent
+    return resolveDefaultAgentId(cfg);
+}
+/**
+ * Build the session key for a public-chat visitor.
+ * Verified users get the same key as their WhatsApp DM session for cross-channel continuity.
+ * Anonymous users get a cookie-based key.
+ */
+export function buildPublicSessionKey(agentId, identifier) {
+    return `agent:${normalizeAgentId(agentId)}:dm:${identifier.toLowerCase()}`;
+}

package/dist/gateway/server/ws-connection/message-handler.js

@@ -179,7 +179,7 @@ export function attachGatewayWsMessageHandler(params) {
                     return;
                 }
                 const roleRaw = connectParams.role ?? "operator";
-                const role = roleRaw === "operator" || roleRaw === "node" ? roleRaw : null;
+                const role = roleRaw === "operator" || roleRaw === "node" || roleRaw === "public" ? roleRaw : null;
                 if (!role) {
                     setHandshakeState("failed");
                     setCloseCause("invalid-role", {
@@ -206,6 +206,12 @@ export function attachGatewayWsMessageHandler(params) {
                         : [];
                 connectParams.role = role;
                 connectParams.scopes = scopes;
+                // Public role: skip device identity, gateway auth, and pairing entirely.
+                // Public clients get empty scopes and can only call public.* and chat.* methods.
+                const isPublicRole = role === "public";
+                if (isPublicRole) {
+                    connectParams.scopes = [];
+                }
                 const device = connectParams.device;
                 let devicePublicKey = null;
                 const hasTokenAuth = Boolean(connectParams.auth?.token);
@@ -214,7 +220,10 @@ export function attachGatewayWsMessageHandler(params) {
                 const isControlUi = connectParams.client.id === GATEWAY_CLIENT_IDS.CONTROL_UI;
                 const isSetupUi = connectParams.client.id === GATEWAY_CLIENT_IDS.SETUP_UI;
                 const allowInsecureControlUi = isControlUi && configSnapshot.gateway?.controlUi?.allowInsecureAuth === true;
-                if (hasUntrustedProxyHeaders && resolvedAuth.mode === "none") {
+                if (isPublicRole && hasUntrustedProxyHeaders && resolvedAuth.mode === "none") {
+                    // Public role from external: allowed (Funnel restriction is enforced at HTTP level).
+                }
+                else if (hasUntrustedProxyHeaders && resolvedAuth.mode === "none") {
                     setHandshakeState("failed");
                     setCloseCause("proxy-auth-required", {
                         client: connectParams.client.id,
@@ -239,7 +248,7 @@ export function attachGatewayWsMessageHandler(params) {
                     // Setup UI and insecure control-ui are allowed without device identity.
                     // When allowInsecureAuth is on, control-ui can skip device identity entirely —
                     // PIN auth still protects account access (same as setup-ui).
-                    const canSkipDevice = isSetupUi || allowInsecureControlUi || hasTokenAuth;
+                    const canSkipDevice = isPublicRole || isSetupUi || allowInsecureControlUi || hasTokenAuth;
                     if (isControlUi && !allowInsecureControlUi) {
                         const errorMessage = "control ui requires HTTPS or localhost (secure context)";
                         setHandshakeState("failed");
@@ -436,7 +445,11 @@ export function attachGatewayWsMessageHandler(params) {
                 // Setup UI is allowed without auth (limited to WhatsApp pairing methods).
                 // Insecure control-ui (allowInsecureAuth + no device identity) gets the same
                 // treatment — PIN auth is the security layer, not gateway auth.
-                if (isSetupUi || (allowInsecureControlUi && !device)) {
+                if (isPublicRole) {
+                    authOk = true;
+                    authMethod = "public";
+                }
+                else if (isSetupUi || (allowInsecureControlUi && !device)) {
                     authOk = true;
                     authMethod = isSetupUi ? "setup-ui" : "insecure-control-ui";
                 }

package/dist/gateway/server-chat.js

@@ -146,6 +146,28 @@ export function createAgentEventHandler({ broadcast, nodeSendToSession, agentRun
         // Include sessionKey so Control UI can filter tool streams per session.
         const agentPayload = sessionKey ? { ...evt, sessionKey } : evt;
         const last = agentRunSeq.get(evt.runId) ?? 0;
+        // When a tool call starts during a chat run, signal the client to show the
+        // working indicator (bouncing dots) regardless of verbose level.  Verbose
+        // controls whether tool *details* are broadcast; the working signal is about
+        // UX feedback that the agent is still active.
+        // Note: chat.send runs don't populate the registry (chatLink is null) —
+        // sessionKey alone is sufficient since it resolves via runContext.
+        if (evt.stream === "tool" && evt.data?.phase === "start" && sessionKey && !isAborted) {
+            // Include the full buffered text so the client has the complete
+            // interim message — the last streaming delta may have been suppressed
+            // by the 150ms throttle.
+            const bufferedText = chatRunState.buffers.get(clientRunId)?.trim() ?? "";
+            const workingPayload = {
+                runId: clientRunId,
+                sessionKey,
+                state: "working",
+                message: bufferedText
+                    ? { role: "assistant", content: [{ type: "text", text: bufferedText }] }
+                    : undefined,
+            };
+            broadcast("chat", workingPayload);
+            nodeSendToSession(sessionKey, "chat", workingPayload);
+        }
         if (evt.stream === "tool" && !shouldEmitToolEvents(evt.runId, sessionKey)) {
             agentRunSeq.set(evt.runId, evt.seq);
             return;

package/dist/gateway/server-http.js

@@ -5,8 +5,9 @@ import { loadConfig } from "../config/config.js";
 import { handleSlackHttpRequest } from "../slack/http/index.js";
 import { createCloudApiWebhookHandler } from "../web/providers/cloud/webhook-http.js";
 import { resolveAgentAvatar } from "../agents/identity-avatar.js";
-import { handleBrandIconRequest, handleControlUiAvatarRequest, handleControlUiHttpRequest, } from "./control-ui.js";
+import { handleBrandIconRequest, handleControlUiAvatarRequest, handleControlUiHttpRequest, handlePublicChatHttpRequest, handlePublicWidgetRequest, } from "./control-ui.js";
 import { isLicensed } from "../license/state.js";
+import { isExternalRequest } from "./net.js";
 import { extractHookToken, getHookChannelError, normalizeAgentPayload, normalizeHookHeaders, normalizeWakePayload, readJsonBody, resolveHookChannel, resolveHookDeliver, } from "./hooks.js";
 import { applyHookMappings } from "./hooks-mapping.js";
 import { handleOpenAiHttpRequest } from "./openai-http.js";
@@ -150,6 +151,25 @@ export function createGatewayHttpServer(opts) {
         if (String(req.headers.upgrade ?? "").toLowerCase() === "websocket")
             return;
         try {
+            const configSnapshot = loadConfig();
+            // Public chat routes — served before license enforcement so public visitors
+            // are never redirected to /setup.
+            if (handlePublicChatHttpRequest(req, res, { config: configSnapshot }))
+                return;
+            if (handlePublicWidgetRequest(req, res, { config: configSnapshot }))
+                return;
+            // Funnel restriction: block non-local requests from accessing non-public paths.
+            // /public/* is already handled above, so any request reaching here is non-public.
+            const trustedProxies = configSnapshot.gateway?.trustedProxies ?? [];
+            if (isExternalRequest(req, trustedProxies)) {
+                const pathname = new URL(req.url ?? "/", "http://localhost").pathname;
+                if (!pathname.startsWith("/public/")) {
+                    res.statusCode = 403;
+                    res.setHeader("Content-Type", "text/plain; charset=utf-8");
+                    res.end("Forbidden");
+                    return;
+                }
+            }
             // License enforcement: redirect browser page navigations to /setup when unlicensed.
             // Only affects GET requests for HTML pages — API calls, webhooks, and assets are unaffected.
             if (controlUiEnabled && !isLicensed() && req.method === "GET") {
@@ -173,8 +193,6 @@ export function createGatewayHttpServer(opts) {
                     }
                 }
             }
-            const configSnapshot = loadConfig();
-            const trustedProxies = configSnapshot.gateway?.trustedProxies ?? [];
             if (await handleHooksRequest(req, res))
                 return;
             if (await handleToolsInvokeHttpRequest(req, res, {

package/dist/gateway/server-methods/chat.js

@@ -11,7 +11,9 @@ import { createReplyDispatcher } from "../../auto-reply/reply/reply-dispatcher.j
 import { extractShortModelName, } from "../../auto-reply/reply/response-prefix-template.js";
 import { resolveSendPolicy } from "../../sessions/send-policy.js";
 import { createInternalHookEvent, triggerInternalHook } from "../../hooks/internal-hooks.js";
+import { loadConfig as loadConfigFn } from "../../config/config.js";
 import { INTERNAL_MESSAGE_CHANNEL } from "../../utils/message-channel.js";
+import { resolvePublicAgentId } from "../public-chat/session.js";
 import { abortChatRunById, abortChatRunsForSessionKey, isChatStopCommandText, resolveChatRunExpiresAtMs, } from "../chat-abort.js";
 import { ErrorCodes, errorShape, formatValidationErrors, validateChatAbortParams, validateChatHistoryParams, validateChatInjectParams, validateChatSendParams, } from "../protocol/index.js";
 import { loadSessionEntry, readSessionMessages, resolveSessionModelRef } from "../session-utils.js";
@@ -118,13 +120,33 @@ function broadcastChatError(params) {
     params.context.broadcast("chat", payload);
     params.context.nodeSendToSession(params.sessionKey, "chat", payload);
 }
+/**
+ * Validate that a public-role client is allowed to access the given session key.
+ * Returns an error shape if denied, null if allowed.
+ */
+function validatePublicSessionAccess(role, sessionKey) {
+    if (role !== "public")
+        return null;
+    const cfg = loadConfigFn();
+    const publicAgentId = resolvePublicAgentId(cfg);
+    const prefix = `agent:${publicAgentId}:dm:`;
+    if (!sessionKey.startsWith(prefix)) {
+        return errorShape(ErrorCodes.INVALID_REQUEST, "unauthorized session key");
+    }
+    return null;
+}
 export const chatHandlers = {
-    "chat.history": async ({ params, respond, context }) => {
+    "chat.history": async ({ params, respond, context, client }) => {
         if (!validateChatHistoryParams(params)) {
             respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, `invalid chat.history params: ${formatValidationErrors(validateChatHistoryParams.errors)}`));
             return;
         }
-        const { sessionKey, limit, sessionId: requestedSessionId, } = params;
+        const { sessionKey, limit, sessionId: requestedSessionId, preserveEnvelopes, } = params;
+        const publicError = validatePublicSessionAccess(client?.connect?.role, sessionKey);
+        if (publicError) {
+            respond(false, undefined, publicError);
+            return;
+        }
         const { cfg, storePath, entry } = loadSessionEntry(sessionKey);
         // When a specific sessionId is requested, resolve only that transcript.
         // Otherwise, stitch all previous sessions + current into one continuous history.
@@ -170,7 +192,8 @@ export const chatHandlers = {
         const requested = typeof limit === "number" ? limit : defaultLimit;
         const max = Math.min(hardMax, requested);
         const messages = rawMessages.length > max ? rawMessages.slice(-max) : rawMessages;
-        const sanitized = stripBase64ImagesFromMessages(stripEnvelopeFromMessages(messages));
+        const withoutBase64 = stripBase64ImagesFromMessages(messages);
+        const sanitized = preserveEnvelopes ? withoutBase64 : stripEnvelopeFromMessages(withoutBase64);
         // Diagnostic: log resolution details so we can trace "lost history" reports.
         const prevCount = entry?.previousSessions?.length ?? 0;
         context.logGateway.info(`chat.history: sessionKey=${sessionKey} resolvedSessionId=${sessionId ?? "none"} storePath=${storePath ?? "none"} entryExists=${!!entry} previousSessions=${prevCount} rawMessages=${rawMessages.length} sent=${sanitized.length}`);
@@ -206,12 +229,17 @@ export const chatHandlers = {
             fillerEnabled: entry?.fillerEnabled ?? null,
         });
     },
-    "chat.abort": ({ params, respond, context }) => {
+    "chat.abort": ({ params, respond, context, client }) => {
         if (!validateChatAbortParams(params)) {
             respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, `invalid chat.abort params: ${formatValidationErrors(validateChatAbortParams.errors)}`));
             return;
         }
         const { sessionKey, runId } = params;
+        const publicAbortError = validatePublicSessionAccess(client?.connect?.role, sessionKey);
+        if (publicAbortError) {
+            respond(false, undefined, publicAbortError);
+            return;
+        }
         const ops = {
             chatAbortControllers: context.chatAbortControllers,
             chatRunBuffers: context.chatRunBuffers,
@@ -256,6 +284,11 @@ export const chatHandlers = {
             return;
         }
         const p = params;
+        const publicSendError = validatePublicSessionAccess(client?.connect?.role, p.sessionKey);
+        if (publicSendError) {
+            respond(false, undefined, publicSendError);
+            return;
+        }
         const stopCommand = isChatStopCommandText(p.message);
         const normalizedAttachments = p.attachments
             ?.map((a) => ({
@@ -440,7 +473,7 @@ export const chatHandlers = {
                 Surface: INTERNAL_MESSAGE_CHANNEL,
                 OriginatingChannel: INTERNAL_MESSAGE_CHANNEL,
                 ChatType: "direct",
-                CommandAuthorized: true,
+                CommandAuthorized: client?.connect?.role !== "public",
                 MessageSid: clientRunId,
                 SenderId: clientInfo?.id,
                 SenderName: clientInfo?.displayName,