opencode-talk-bridge 0.2.8__tar.gz → 0.3.0__tar.gz

opencode_talk_bridge-0.3.0/.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,49 @@
+name: Bug report
+description: Something doesn't work as expected
+labels: ["bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for the report! **Do not paste secrets** — app passwords, tokens,
+        or full `.env` contents. For security vulnerabilities use
+        [private reporting](../../security/advisories/new) instead (see SECURITY.md).
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: What happened?
+      description: What did you do, what did you expect, what happened instead?
+      placeholder: Steps to reproduce, expected vs actual behaviour.
+    validations:
+      required: true
+  - type: input
+    id: bridge-version
+    attributes:
+      label: opencode-talk-bridge version
+      description: "Output of `opencode-talk-bridge --help` header or `pip show opencode-talk-bridge`."
+      placeholder: "0.3.0"
+    validations:
+      required: true
+  - type: input
+    id: opencode-version
+    attributes:
+      label: OpenCode version
+      description: "`opencode --version`"
+      placeholder: "1.15.11"
+    validations:
+      required: true
+  - type: input
+    id: environment
+    attributes:
+      label: OS / Python / Nextcloud
+      placeholder: "macOS 15, Python 3.12, Nextcloud 30 / Talk 20"
+    validations:
+      required: false
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant logs
+      description: "Run with `LOG_LEVEL=DEBUG`. Redact tokens, paths, and message contents you don't want public."
+      render: text
+    validations:
+      required: false

opencode_talk_bridge-0.3.0/.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security vulnerability
+    url: https://github.com/leiverkus/opencode-talk-bridge/security/advisories/new
+    about: Report security issues privately — do NOT open a public issue. See SECURITY.md.
+  - name: Question / discussion
+    url: https://github.com/leiverkus/opencode-talk-bridge/discussions
+    about: For usage questions and ideas (if Discussions is enabled).

opencode_talk_bridge-0.3.0/.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,33 @@
+name: Feature request
+description: Suggest an improvement or new capability
+labels: ["enhancement"]
+body:
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem / motivation
+      description: What are you trying to do that's hard or impossible today?
+    validations:
+      required: true
+  - type: textarea
+    id: proposal
+    attributes:
+      label: Proposed solution
+      description: What would you like to see? A new command, config option, behaviour?
+    validations:
+      required: false
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives considered
+    validations:
+      required: false
+  - type: checkboxes
+    id: scope
+    attributes:
+      label: Scope check
+      options:
+        - label: "This is about the bridge itself (not OpenCode, Nextcloud, or nextcloud-talk-core)."
+          required: true
+        - label: "It does not weaken the allowlist / permission model (or I've explained why that's safe)."
+          required: true

opencode_talk_bridge-0.3.0/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,20 @@
+<!-- Thanks for contributing! Keep PRs focused; see CONTRIBUTING.md. -->
+
+## What & why
+
+<!-- What does this change, and why? Link any issue: Fixes #123 -->
+
+## Checklist
+
+- [ ] `ruff check src tests` and `ruff format --check src tests` pass
+- [ ] `pytest` passes; new behaviour has tests (both sides mocked, no live calls)
+- [ ] CHANGELOG "Unreleased" updated if user-facing
+- [ ] Docs / `.env.example` updated if config, commands, or behaviour changed
+
+## Security model
+
+<!-- Required if this touches the allowlist, permission/question flow, or what
+gets posted to Talk. Otherwise write "n/a". -->
+
+- [ ] Does not let the bridge act on a message without an allowlist check
+- [ ] Does not post secrets or raw OpenCode/Nextcloud responses into Talk

{opencode_talk_bridge-0.2.8 → opencode_talk_bridge-0.3.0}/CHANGELOG.md

@@ -6,6 +6,27 @@ adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+## [0.3.0] - 2026-06-01
+
+v1 candidate — documentation, security, and stability hygiene (no behaviour
+changes). Still `0.x` / Beta until a live smoke test on a real instance.
+
+### Added
+- `SECURITY.md` — private vulnerability reporting, scope, and response policy.
+- README **Stability** section: the SemVer public contract from `1.0.0` (CLI
+  flags, `.env` keys, Talk commands, status JSON, forward-compatible migrations).
+- `CONTRIBUTING.md`: the live smoke test is now a **required gate before a stable
+  release**, plus a pre-1.0 checklist (incl. flipping the classifier).
+- Issue forms (`bug_report`, `feature_request`), an issue-template `config`
+  routing security reports to private advisories, and a PR template.
+
+### Changed
+- `__version__` is derived from package metadata — single source of truth in
+  `pyproject.toml` (no second bump in `__init__.py`).
+- Clarified OpenCode compatibility: **tested against 1.15.11**, expected
+  compatible with the 1.15+ HTTP API.
+- Refreshed `docs/publishing.md` for the live (post-first-publish) state.
+
 ## [0.2.8] - 2026-06-01
 
 ### Docs
@@ -170,7 +191,8 @@ Initial release.
 - `nextcloud-talk-core`, pinned to the `core-v1.0.0` git tag.
 - `httpx >= 0.27`.
 
-[Unreleased]: https://github.com/leiverkus/opencode-talk-bridge/compare/v0.2.8...HEAD
+[Unreleased]: https://github.com/leiverkus/opencode-talk-bridge/compare/v0.3.0...HEAD
+[0.3.0]: https://github.com/leiverkus/opencode-talk-bridge/compare/v0.2.8...v0.3.0
 [0.2.8]: https://github.com/leiverkus/opencode-talk-bridge/compare/v0.2.7...v0.2.8
 [0.2.7]: https://github.com/leiverkus/opencode-talk-bridge/compare/v0.2.6...v0.2.7
 [0.2.6]: https://github.com/leiverkus/opencode-talk-bridge/compare/v0.2.5...v0.2.6

opencode_talk_bridge-0.3.0/CONTRIBUTING.md

@@ -0,0 +1,101 @@
+# Contributing & maintaining
+
+## Dev setup
+
+```bash
+git clone https://github.com/leiverkus/opencode-talk-bridge.git
+cd opencode-talk-bridge
+python3 -m venv .venv && source .venv/bin/activate
+pip install -e ".[dev]"        # editable install + ruff/pytest
+```
+
+## Checks (what CI runs)
+
+```bash
+ruff check src tests           # lint
+ruff format --check src tests  # formatting (drop --check to apply)
+pytest                         # tests + coverage (pytest-cov)
+```
+
+All tests mock both sides (Talk via `nextcloud-talk-core`/httpx, OpenCode via
+mocked REST + a fake SSE stream) — **no live calls**. CI runs the matrix on
+Python 3.10–3.13. Please keep new code covered and the suite green.
+
+## Layout
+
+```
+src/opencode_talk_bridge/
+  __main__.py   CLI (--init / --check / run), signals
+  config.py     env/.env config (mandatory allowlist lives here)
+  opencode.py   OpenCode HTTP + SSE client
+  talk.py       Nextcloud Talk gateway (poll/send/edit/share, raw actorId)
+  webdav.py     WebDAV upload/download for attachments
+  bridge.py     orchestration: poll loop, SSE dispatch, prompt workers
+  pending.py    one pending interaction per conversation (perm/question/select)
+  streaming.py  live message-edit streaming
+  events.py     typed SSE event classification
+  permissions.py / commands.py / sessions.py / status.py / scheduler.py
+  stt.py / tts.py        voice (optional)
+  messages.py   i18n catalog (de/en)
+```
+
+## Conventions
+
+- **Code comments in English.** Ruff line length 110; rules in `pyproject.toml`.
+- The **`ALLOWED_USERS` allowlist is mandatory** — never add a path that lets
+  the bridge act on a message without checking `actor_id`/`actor_type`.
+- **Never post raw OpenCode HTTP responses or secrets into Talk.** HTTP errors
+  (`OpenCodeError`) get a generic user message; details go to the log only.
+- Verify external API assumptions against a live `opencode serve` (`/doc`
+  OpenAPI) rather than guessing — see `docs/smoke-test.md`.
+
+## Cutting a release
+
+Releases publish to PyPI automatically via Trusted Publishing on a version tag
+(`.github/workflows/publish.yml`). One command set:
+
+```bash
+# 1. bump the version in ONE place — pyproject.toml -> version = "X.Y.Z".
+#    (__version__ is read from the installed metadata; no second edit needed.)
+# 2. move the CHANGELOG "Unreleased" items under "## [X.Y.Z] - <date>" and add
+#    the compare links at the bottom.
+# 3. ship it:
+git commit -am "Release X.Y.Z: <summary>"
+git tag -a vX.Y.Z -m "opencode-talk-bridge X.Y.Z"
+git push origin main && git push origin vX.Y.Z      # -> publish.yml builds + publishes to PyPI
+gh release create vX.Y.Z --title "vX.Y.Z — <title>" --notes "<notes>"
+```
+
+The publish workflow **guards** that the tag matches `pyproject.toml` and runs
+`twine check`, so a version mismatch fails fast and never reaches PyPI. How
+Trusted Publishing is wired up is documented in
+[`docs/publishing.md`](docs/publishing.md).
+
+### Live smoke test (required before a *stable* release)
+
+The automated suite is entirely mocked. Before tagging a stable release
+(`1.0.0` or any later non-pre-release), complete
+[`docs/smoke-test.md`](docs/smoke-test.md) against a **real** Nextcloud Talk
+instance + `opencode serve`, and record the OpenCode version you tested. A
+`0.x` or `-rc` release may ship without it, but the install/feature surface it
+exercises (allowlist on real `actorId`, permission flow, streaming) is only
+verifiable live.
+
+### Pre-1.0 checklist
+
+When promoting to `1.0.0`:
+
+1. The live smoke test above has passed on a real instance.
+2. Bump the classifier `Development Status :: 4 - Beta` →
+   `5 - Production/Stable` in `pyproject.toml` (do this **only** at `1.0.0`, not
+   while still on `0.x`).
+3. Re-read the [Stability](README.md#stability) contract — anything you are not
+   prepared to keep stable must change *before* `1.0.0`, not after.
+4. Consider a `1.0.0rc1` (or a final `0.x`) used live for a while first, then
+   `1.0.0`.
+
+## Reporting
+
+Issues and PRs welcome. For anything touching the security model (allowlist,
+permission flow, what gets posted to Talk), please call it out explicitly in the
+PR description.

{opencode_talk_bridge-0.2.8 → opencode_talk_bridge-0.3.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: opencode-talk-bridge
-Version: 0.2.8
+Version: 0.3.0
 Summary: Drive a local OpenCode instance from Nextcloud Talk via polling — a self-hosted chat bridge for a coding agent.
 Project-URL: Homepage, https://github.com/leiverkus/opencode-talk-bridge
 Project-URL: Repository, https://github.com/leiverkus/opencode-talk-bridge
@@ -77,7 +77,8 @@ Nextcloud Talk  ──long-poll──▶  bridge  ──HTTP──▶  opencode
 - Python ≥ 3.10, macOS or Linux.
 - A Nextcloud account with **Talk** and an **app password**
   (Settings → Security → App passwords) — not your login password.
-- A running `opencode serve` (OpenCode ≥ 1.15). Default endpoint
+- A running `opencode serve`. **Tested against OpenCode 1.15.11**; expected
+  compatible with the OpenCode 1.15+ HTTP API until it changes. Default endpoint
   `http://127.0.0.1:4096`.
 
 ## Install
@@ -264,16 +265,43 @@ instance as semi-trusted infrastructure. The trust boundary and mitigations:
 - **Local-only OpenCode.** Keep `opencode serve` bound to `127.0.0.1`. If you
   expose it, secure it with `OPENCODE_USERNAME`/`OPENCODE_PASSWORD`.
 
+To report a vulnerability, see [SECURITY.md](SECURITY.md) (please don't open a
+public issue).
+
+## Stability
+
+This project follows [SemVer](https://semver.org/). **From `1.0.0`**, the
+following are the stable public contract — breaking changes to them only happen
+on a major bump:
+
+- **CLI:** the `opencode-talk-bridge` command and its flags (`--init`,
+  `--check`, `--env-file`).
+- **Configuration:** the documented `.env` keys (see [`.env.example`](.env.example))
+  and their meaning.
+- **Talk commands:** the slash-command names (`/new`, `/sessions`, …).
+- **Status file:** the JSON schema and its `state` values.
+- **State store:** SQLite migrations stay forward-compatible — upgrading never
+  requires deleting your database.
+
+**Not** covered (may change in any release): the Python module/API layout,
+exact wording of bot replies and log lines (the i18n strings), and which
+OpenCode/Nextcloud versions are supported.
+
+Pre-`1.0.0` (the current `0.x` line) these may still change between minor
+versions; pin a version you have tested.
+
 ## Development
 
 ```bash
+pip install -e ".[dev]"
 ruff check src tests
 ruff format --check src tests
 pytest
 ```
 
 All tests use mocked HTTP for both Talk and OpenCode — no live calls. CI runs
-the matrix on Python 3.10–3.13.
+the matrix on Python 3.10–3.13. Dev setup, conventions, and the (one-command)
+release process are in [CONTRIBUTING.md](CONTRIBUTING.md).
 
 ## Changelog
 

{opencode_talk_bridge-0.2.8 → opencode_talk_bridge-0.3.0}/README.md

@@ -46,7 +46,8 @@ Nextcloud Talk  ──long-poll──▶  bridge  ──HTTP──▶  opencode
 - Python ≥ 3.10, macOS or Linux.
 - A Nextcloud account with **Talk** and an **app password**
   (Settings → Security → App passwords) — not your login password.
-- A running `opencode serve` (OpenCode ≥ 1.15). Default endpoint
+- A running `opencode serve`. **Tested against OpenCode 1.15.11**; expected
+  compatible with the OpenCode 1.15+ HTTP API until it changes. Default endpoint
   `http://127.0.0.1:4096`.
 
 ## Install
@@ -233,16 +234,43 @@ instance as semi-trusted infrastructure. The trust boundary and mitigations:
 - **Local-only OpenCode.** Keep `opencode serve` bound to `127.0.0.1`. If you
   expose it, secure it with `OPENCODE_USERNAME`/`OPENCODE_PASSWORD`.
 
+To report a vulnerability, see [SECURITY.md](SECURITY.md) (please don't open a
+public issue).
+
+## Stability
+
+This project follows [SemVer](https://semver.org/). **From `1.0.0`**, the
+following are the stable public contract — breaking changes to them only happen
+on a major bump:
+
+- **CLI:** the `opencode-talk-bridge` command and its flags (`--init`,
+  `--check`, `--env-file`).
+- **Configuration:** the documented `.env` keys (see [`.env.example`](.env.example))
+  and their meaning.
+- **Talk commands:** the slash-command names (`/new`, `/sessions`, …).
+- **Status file:** the JSON schema and its `state` values.
+- **State store:** SQLite migrations stay forward-compatible — upgrading never
+  requires deleting your database.
+
+**Not** covered (may change in any release): the Python module/API layout,
+exact wording of bot replies and log lines (the i18n strings), and which
+OpenCode/Nextcloud versions are supported.
+
+Pre-`1.0.0` (the current `0.x` line) these may still change between minor
+versions; pin a version you have tested.
+
 ## Development
 
 ```bash
+pip install -e ".[dev]"
 ruff check src tests
 ruff format --check src tests
 pytest
 ```
 
 All tests use mocked HTTP for both Talk and OpenCode — no live calls. CI runs
-the matrix on Python 3.10–3.13.
+the matrix on Python 3.10–3.13. Dev setup, conventions, and the (one-command)
+release process are in [CONTRIBUTING.md](CONTRIBUTING.md).
 
 ## Changelog
 

opencode_talk_bridge-0.3.0/SECURITY.md

@@ -0,0 +1,51 @@
+# Security Policy
+
+`opencode-talk-bridge` runs AI coding-agent actions (file writes, shell commands
+via OpenCode) on your machine, triggered by chat messages in a Nextcloud Talk
+instance you may not administer. Security is therefore a primary concern — see
+the [threat model](README.md#threat-model) for the trust boundary and built-in
+mitigations (mandatory allowlist on stable user id, permission prompts, no secret
+or server-text leakage into chat).
+
+## Reporting a vulnerability
+
+**Please do not open a public issue for security problems.**
+
+Use GitHub's private vulnerability reporting:
+[**Report a vulnerability**](https://github.com/leiverkus/opencode-talk-bridge/security/advisories/new)
+(Security tab → "Report a vulnerability"). This opens a private advisory visible
+only to you and the maintainer.
+
+If private reporting is unavailable, open a minimal public issue asking the
+maintainer to open a private channel — **without** technical details.
+
+Please include: affected version, a description, reproduction steps, and the
+impact you see. A proof of concept is helpful but not required.
+
+## Scope
+
+**In scope** — the bridge's own security model:
+- allowlist bypass (acting on a message from a non-allowlisted `actorId`/`actorType`),
+- the permission/question approval flow being skippable or spoofable,
+- leakage of secrets or raw OpenCode/Nextcloud responses into a Talk message,
+- the `.env` / app password handling, the status file, or the SQLite store
+  exposing credentials.
+
+**Out of scope** — issues in dependencies or the surrounding system:
+- OpenCode itself, Nextcloud / Talk, or `nextcloud-talk-core`,
+- you exposing `opencode serve` on a public interface (keep it on `127.0.0.1`),
+- misconfiguration (e.g. an over-broad `ALLOWED_USERS`, a shared bot account).
+
+Report those to the respective upstream projects.
+
+## Supported versions
+
+This is a young project; only the **latest released version** receives security
+fixes. Pin a version you trust and upgrade promptly when an advisory is published.
+
+## Response
+
+Best effort by a small maintainer team. Expect an acknowledgement within about a
+week, and a fix or mitigation as soon as practical for confirmed, in-scope
+issues. Fixes ship as a new release with a CHANGELOG entry; credit is given
+unless you prefer otherwise.

opencode_talk_bridge-0.3.0/docs/publishing.md

@@ -0,0 +1,49 @@
+# Publishing to PyPI
+
+Releases publish automatically to [PyPI](https://pypi.org/project/opencode-talk-bridge/)
+by [`.github/workflows/publish.yml`](../.github/workflows/publish.yml) on every
+`vX.Y.Z` tag, using **Trusted Publishing (OIDC)** — no API token is stored in the
+repository.
+
+The canonical "how to cut a release" steps live in
+[CONTRIBUTING.md](../CONTRIBUTING.md#cutting-a-release). This file documents how
+the publishing is *wired up*.
+
+## How it works
+
+On a tag push the workflow:
+
+1. **guards** that the tag (`vX.Y.Z`) matches the `pyproject.toml` version —
+   fails fast on a mismatch, so nothing wrong reaches PyPI;
+2. builds the sdist + wheel and runs `twine check` (validates the README renders
+   on the PyPI page);
+3. publishes via OIDC to the `pypi` GitHub environment — no secrets.
+
+`__version__` is read from the installed package metadata, so the version has a
+single source of truth: `pyproject.toml`.
+
+## Trusted Publisher configuration (already set up)
+
+The PyPI project is configured with a Trusted Publisher pointing at this repo:
+
+| Field | Value |
+| --- | --- |
+| PyPI Project Name | `opencode-talk-bridge` |
+| Owner | `leiverkus` |
+| Repository name | `opencode-talk-bridge` |
+| Workflow name | `publish.yml` |
+| Environment name | `pypi` |
+
+To reconfigure (e.g. transfer ownership), edit it under PyPI → the project →
+*Manage → Publishing*. If you rename the workflow file or the `pypi` environment,
+update this Trusted Publisher to match, or OIDC will reject the publish.
+
+(Optional) In GitHub → Settings → Environments, give the `pypi` environment a
+required-reviewer rule so each publish needs a human approval.
+
+## Local dry run
+
+```bash
+python -m build
+python -m twine check dist/*
+```

{opencode_talk_bridge-0.2.8 → opencode_talk_bridge-0.3.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "opencode-talk-bridge"
-version = "0.2.8"
+version = "0.3.0"
 description = "Drive a local OpenCode instance from Nextcloud Talk via polling — a self-hosted chat bridge for a coding agent."
 readme = "README.md"
 requires-python = ">=3.10"

opencode_talk_bridge-0.3.0/src/opencode_talk_bridge/__init__.py

@@ -0,0 +1,15 @@
+"""opencode-talk-bridge: drive a local OpenCode instance from Nextcloud Talk.
+
+A polling bridge (no webhooks) that forwards allowlisted Talk messages to a
+local `opencode serve` HTTP API and posts the agent's replies back into the
+conversation. See README.md for the threat model and the status-file contract.
+"""
+
+from importlib.metadata import PackageNotFoundError
+from importlib.metadata import version as _version
+
+try:
+    # Single source of truth: the version declared in pyproject.toml.
+    __version__ = _version("opencode-talk-bridge")
+except PackageNotFoundError:  # running from a raw checkout without an install
+    __version__ = "0.0.0+unknown"

opencode_talk_bridge-0.3.0/tests/test_version.py

@@ -0,0 +1,12 @@
+from __future__ import annotations
+
+from importlib.metadata import version
+
+import opencode_talk_bridge
+
+
+def test_version_resolves_from_metadata():
+    # __version__ is derived from the installed distribution metadata
+    # (single source of truth = pyproject.toml), not a hardcoded literal.
+    assert opencode_talk_bridge.__version__ == version("opencode-talk-bridge")
+    assert opencode_talk_bridge.__version__ != "0.0.0+unknown"  # not the fallback

opencode_talk_bridge-0.2.8/docs/publishing.md

@@ -1,58 +0,0 @@
-# Publishing to PyPI
-
-Releases are published automatically by
-[`.github/workflows/publish.yml`](../.github/workflows/publish.yml) on every
-`vX.Y.Z` tag, using **PyPI Trusted Publishing (OIDC)** — no API token is stored
-in the repository.
-
-## One-time PyPI setup (do this once)
-
-Because the project does not exist on PyPI yet, register a **pending publisher**;
-the first tagged build will create the project and publish it.
-
-1. Create / sign in to a [PyPI](https://pypi.org/) account.
-2. Go to **Account settings → Publishing →
-   [Add a pending publisher](https://pypi.org/manage/account/publishing/)**.
-3. Fill in exactly:
-   | Field | Value |
-   | --- | --- |
-   | PyPI Project Name | `opencode-talk-bridge` |
-   | Owner | `leiverkus` |
-   | Repository name | `opencode-talk-bridge` |
-   | Workflow name | `publish.yml` |
-   | Environment name | `pypi` |
-4. Save.
-
-(Optional) In GitHub → Settings → Environments, create an environment named
-`pypi` and add a required-reviewer protection rule, so a human approves each
-publish.
-
-## Cutting a release
-
-Same flow as before — the tag now also triggers the PyPI publish:
-
-```bash
-# bump version in pyproject.toml and src/opencode_talk_bridge/__init__.py,
-# update CHANGELOG, commit, then:
-git tag -a vX.Y.Z -m "opencode-talk-bridge X.Y.Z"
-git push origin main && git push origin vX.Y.Z
-gh release create vX.Y.Z --title "…" --notes "…"   # GitHub release (separate)
-```
-
-On the tag push, the workflow:
-1. **guards** that the tag matches the `pyproject.toml` version (fails fast on a mismatch),
-2. builds the sdist + wheel and runs `twine check`,
-3. publishes to PyPI via OIDC (no secrets).
-
-After the **first** successful publish, `uv tool install opencode-talk-bridge`
-(or `pipx install opencode-talk-bridge`) works without a git URL — update the
-README install command accordingly.
-
-## Local dry run
-
-```bash
-python -m build
-python -m twine check dist/*
-```
-
-`twine check` validates that the README renders on the PyPI page.

opencode_talk_bridge-0.2.8/src/opencode_talk_bridge/__init__.py

@@ -1,8 +0,0 @@
-"""opencode-talk-bridge: drive a local OpenCode instance from Nextcloud Talk.
-
-A polling bridge (no webhooks) that forwards allowlisted Talk messages to a
-local `opencode serve` HTTP API and posts the agent's replies back into the
-conversation. See README.md for the threat model and the status-file contract.
-"""
-
-__version__ = "0.2.8"