Address channel review feedback

Author: bglusman

crates/calciforge/src/channels/matrix.rs

@@ -325,10 +325,7 @@ async fn send_matrix_message(
         }
         if status.as_u16() == 429 && attempt < MAX_RETRIES {
             let body_text = resp.text().await.unwrap_or_default();
-            let retry_ms = serde_json::from_str::<serde_json::Value>(&body_text)
-                .ok()
-                .and_then(|value| value["retry_after_ms"].as_u64())
-                .unwrap_or(1000);
+            let retry_ms = matrix_retry_after_ms(&body_text);
             tracing::debug!(
                 attempt,
                 retry_ms,
@@ -343,6 +340,17 @@ async fn send_matrix_message(
     }
 }
 
+fn matrix_retry_after_ms(body_text: &str) -> u64 {
+    const DEFAULT_RETRY_AFTER_MS: u64 = 1_000;
+    const MAX_RETRY_AFTER_MS: u64 = 30_000;
+
+    serde_json::from_str::<serde_json::Value>(body_text)
+        .ok()
+        .and_then(|value| value["retry_after_ms"].as_u64())
+        .unwrap_or(DEFAULT_RETRY_AFTER_MS)
+        .min(MAX_RETRY_AFTER_MS)
+}
+
 async fn send_matrix_outbound_message(
     homeserver: &str,
     http: &reqwest::Client,
@@ -1002,6 +1010,16 @@ mod tests {
         assert!(lookup.contains("event2049"));
     }
 
+    #[test]
+    fn test_matrix_retry_after_ms_clamps_untrusted_server_delay() {
+        assert_eq!(matrix_retry_after_ms(r#"{"retry_after_ms":250}"#), 250);
+        assert_eq!(
+            matrix_retry_after_ms(r#"{"retry_after_ms":999999999999}"#),
+            30_000
+        );
+        assert_eq!(matrix_retry_after_ms(r#"{}"#), 1_000);
+    }
+
     #[tokio::test]
     async fn matrix_loop_dispatches_allowed_message_and_sends_agent_reply() {
         use crate::config::{

crates/calciforge/src/channels/sms.rs

@@ -90,6 +90,13 @@ impl<C: Channel + ?Sized + 'static> SmsChannel<C> {
                 );
             }
             Err(e) => {
+                telemetry::reply_failed(
+                    "sms",
+                    recipient,
+                    "reply",
+                    start.elapsed().as_millis() as u64,
+                    &e,
+                );
                 warn!(recipient = %recipient, error = %e, "Text/iMessage: failed to send reply");
             }
         }
@@ -122,7 +129,7 @@ impl<C: Channel + ?Sized + 'static> SmsChannel<C> {
 
         telemetry::authorized_message("sms", &identity.id, &from, text.len(), delivery_lag_ms);
 
-        let chat_key = format!("sms-{}", identity.id);
+        let chat_key = conversation_chat_key(&identity.id, &reply_target);
 
         if self.scan_enabled() {
             let verdict = self
@@ -385,6 +392,10 @@ impl<C: Channel + ?Sized + 'static> SmsChannel<C> {
     }
 }
 
+fn conversation_chat_key(identity_id: &str, reply_target: &str) -> String {
+    format!("sms-{identity_id}-{reply_target}")
+}
+
 #[derive(Clone)]
 struct WebhookState {
     bridge: Arc<SmsChannel<ZclLinqChannel>>,
@@ -733,4 +744,96 @@ mod tests {
         assert_eq!(sent.len(), 1);
         assert_eq!(sent[0].recipient, "chat_123");
     }
+
+    #[tokio::test]
+    async fn test_conversation_ids_do_not_share_context_between_agents() {
+        let mut config = (*make_test_config()).clone();
+        config.agents = vec![
+            AgentConfig {
+                id: "librarian".to_string(),
+                kind: "artifact-cli".to_string(),
+                command: Some("/bin/sh".to_string()),
+                args: Some(vec!["-c".to_string(), "cat".to_string()]),
+                ..Default::default()
+            },
+            AgentConfig {
+                id: "critic".to_string(),
+                kind: "artifact-cli".to_string(),
+                command: Some("/bin/sh".to_string()),
+                args: Some(vec!["-c".to_string(), "cat".to_string()]),
+                ..Default::default()
+            },
+        ];
+        config.routing[0].allowed_agents = vec!["librarian".to_string(), "critic".to_string()];
+        let transport = Arc::new(MockChannel::new());
+        let bridge = dummy_bridge_with(Arc::new(config), transport.clone());
+
+        bridge
+            .bridge
+            .clone()
+            .handle_message(ChannelMessage {
+                id: "1".into(),
+                sender: "+15555550100".into(),
+                reply_target: "chat_123".into(),
+                content: "alpha private context".into(),
+                channel: "linq".into(),
+                timestamp: 0,
+                thread_ts: None,
+                interruption_scope_id: None,
+                attachments: vec![],
+            })
+            .await;
+        transport.wait_for_sent_len(1).await;
+        let first = transport.drain();
+        assert_eq!(first[0].recipient, "chat_123");
+        assert!(first[0].content.contains("alpha private context"));
+
+        bridge
+            .bridge
+            .clone()
+            .handle_message(ChannelMessage {
+                id: "2".into(),
+                sender: "+15555550100".into(),
+                reply_target: "chat_456".into(),
+                content: "!switch critic".into(),
+                channel: "linq".into(),
+                timestamp: 0,
+                thread_ts: None,
+                interruption_scope_id: None,
+                attachments: vec![],
+            })
+            .await;
+        transport.wait_for_sent_len(1).await;
+        let switch_reply = transport.drain();
+        assert_eq!(switch_reply[0].recipient, "chat_456");
+
+        bridge
+            .bridge
+            .handle_message(ChannelMessage {
+                id: "3".into(),
+                sender: "+15555550100".into(),
+                reply_target: "chat_456".into(),
+                content: "beta fresh prompt".into(),
+                channel: "linq".into(),
+                timestamp: 0,
+                thread_ts: None,
+                interruption_scope_id: None,
+                attachments: vec![],
+            })
+            .await;
+        transport.wait_for_sent_len(1).await;
+        let second = transport.drain();
+        assert_eq!(second[0].recipient, "chat_456");
+        assert!(second[0].content.contains("beta fresh prompt"));
+        assert!(
+            !second[0].content.contains("alpha private context"),
+            "chat_456 must not receive chat_123 context: {}",
+            second[0].content
+        );
+        assert!(
+            !second[0].content.contains("[Recent context:"),
+            "new conversation/agent pair should start without another chat's preamble: {}",
+            second[0].content
+        );
+    }
 }

crates/calciforge/src/channels/whatsapp.rs

@@ -91,6 +91,13 @@ impl<C: Channel + ?Sized + 'static> WhatsAppChannel<C> {
                 );
             }
             Err(e) => {
+                telemetry::reply_failed(
+                    "whatsapp",
+                    recipient,
+                    "reply",
+                    start.elapsed().as_millis() as u64,
+                    &e,
+                );
                 warn!(recipient = %recipient, error = %e, "WhatsApp: failed to send reply");
             }
         }
@@ -123,7 +130,7 @@ impl<C: Channel + ?Sized + 'static> WhatsAppChannel<C> {
 
         telemetry::authorized_message("whatsapp", &identity.id, &from, text.len(), delivery_lag_ms);
 
-        let chat_key = format!("whatsapp-{}", identity.id);
+        let chat_key = conversation_chat_key(&identity.id, &reply_target);
 
         if self.scan_enabled() {
             let verdict = self
@@ -386,6 +393,10 @@ impl<C: Channel + ?Sized + 'static> WhatsAppChannel<C> {
     }
 }
 
+fn conversation_chat_key(identity_id: &str, reply_target: &str) -> String {
+    format!("whatsapp-{identity_id}-{reply_target}")
+}
+
 const MIGRATION_TOML: &str = r#"
 [[channels]]
 kind = "whatsapp"
@@ -803,6 +814,99 @@ mod tests {
         assert_eq!(sent[0].recipient, "12345@g.us");
     }
 
+    #[tokio::test]
+    async fn test_group_targets_do_not_share_context_between_agents() {
+        let mut config = (*make_test_config(|_| {})).clone();
+        config.agents = vec![
+            AgentConfig {
+                id: "librarian".to_string(),
+                kind: "artifact-cli".to_string(),
+                command: Some("/bin/sh".to_string()),
+                args: Some(vec!["-c".to_string(), "cat".to_string()]),
+                ..Default::default()
+            },
+            AgentConfig {
+                id: "critic".to_string(),
+                kind: "artifact-cli".to_string(),
+                command: Some("/bin/sh".to_string()),
+                args: Some(vec!["-c".to_string(), "cat".to_string()]),
+                ..Default::default()
+            },
+        ];
+        config.routing[0].allowed_agents = vec!["librarian".to_string(), "critic".to_string()];
+        let config = Arc::new(config);
+        let transport = Arc::new(MockChannel::new());
+        let bridge = dummy_bridge_with(config, transport.clone());
+
+        bridge
+            .bridge
+            .clone()
+            .handle_message(ChannelMessage {
+                id: "1".into(),
+                sender: "+15555550100".into(),
+                reply_target: "group-a@g.us".into(),
+                content: "alpha private context".into(),
+                channel: "whatsapp".into(),
+                timestamp: 0,
+                thread_ts: None,
+                interruption_scope_id: None,
+                attachments: vec![],
+            })
+            .await;
+        transport.wait_for_sent_len(1).await;
+        let first = transport.drain();
+        assert_eq!(first[0].recipient, "group-a@g.us");
+        assert!(first[0].content.contains("alpha private context"));
+
+        bridge
+            .bridge
+            .clone()
+            .handle_message(ChannelMessage {
+                id: "2".into(),
+                sender: "+15555550100".into(),
+                reply_target: "group-b@g.us".into(),
+                content: "!switch critic".into(),
+                channel: "whatsapp".into(),
+                timestamp: 0,
+                thread_ts: None,
+                interruption_scope_id: None,
+                attachments: vec![],
+            })
+            .await;
+        transport.wait_for_sent_len(1).await;
+        let switch_reply = transport.drain();
+        assert_eq!(switch_reply[0].recipient, "group-b@g.us");
+
+        bridge
+            .bridge
+            .handle_message(ChannelMessage {
+                id: "3".into(),
+                sender: "+15555550100".into(),
+                reply_target: "group-b@g.us".into(),
+                content: "beta fresh prompt".into(),
+                channel: "whatsapp".into(),
+                timestamp: 0,
+                thread_ts: None,
+                interruption_scope_id: None,
+                attachments: vec![],
+            })
+            .await;
+        transport.wait_for_sent_len(1).await;
+        let second = transport.drain();
+        assert_eq!(second[0].recipient, "group-b@g.us");
+        assert!(second[0].content.contains("beta fresh prompt"));
+        assert!(
+            !second[0].content.contains("alpha private context"),
+            "group B must not receive group A context: {}",
+            second[0].content
+        );
+        assert!(
+            !second[0].content.contains("[Recent context:"),
+            "new group/agent pair should start without another group's preamble: {}",
+            second[0].content
+        );
+    }
+
     #[tokio::test]
     async fn test_handle_message_renders_artifact_fallback() {
         let mut config = (*make_test_config(|_| {})).clone();

crates/calciforge/src/config.rs

@@ -313,7 +313,9 @@ pub struct RoutingRule {
 /// For Matrix: set `homeserver`, `access_token_file`, `room_id`, and optionally `allowed_users`.
 /// For WhatsApp: set `whatsapp_session_path` and `allowed_numbers`.
 /// For Signal: set `signal_cli_url`, `signal_account`, and `allowed_numbers`.
-/// For text/iMessage: set `sms_linq_api_token_file`, `sms_from_phone`, and `allowed_numbers`.
+/// For text/iMessage: set `sms_linq_api_token_file`, `sms_from_phone`, and `allowed_numbers`;
+/// configure inbound webhooks with `sms_webhook_listen` and `sms_webhook_path`; and prefer
+/// `sms_linq_signing_secret_file` or `sms_linq_signing_secret` for webhook signature checks.
 #[derive(Debug, Clone, Deserialize, Serialize, Default)]
 pub struct ChannelConfig {
     pub kind: String,

docs/_config.yml

@@ -1,5 +1,2 @@
 title: Calciforge
 description: Keep your castle secure and moving.
-exclude:
-  - rfcs/
-  - roadmap/