Adds two new Slack actions to support unread message tracking:
- channel-info: Returns channel metadata including last_read timestamp,
unread_count, and unread_count_display. Enables bots to know what
messages they haven't processed yet.
- mark-read: Updates the bot's read cursor for a channel to a specific
timestamp. Allows bots to mark messages as processed.
Use case: AI assistants that need to catch up on missed messages after
context compaction or session restart. By tracking the read position,
they can fetch only new messages and avoid reprocessing.
Example workflow:
1. Call channel-info to get lastRead timestamp
2. Call read with after=lastRead to get unread messages
3. Process messages
4. Call mark-read with the latest message timestamp
AI-assisted: Built with Claude (Opus 4.5) via Clawdbot
Testing: Lightly tested (type-checked, not runtime tested)
CLI backends (claude-cli etc) don't emit streaming assistant events,
causing TUI to show "(no output)" despite correct processing. Now emits
assistant event with final text before lifecycle end so server-chat
buffer gets populated for WebSocket clients.
- Add resumeArgs to DEFAULT_CLAUDE_BACKEND for proper --resume flag usage
- Fix gateway not preserving cliSessionIds/claudeCliSessionId in nextEntry
- Add test for CLI session ID preservation in gateway agent handler
- Update docs with new resumeArgs default
* fix(gateway): prevent auth bypass when behind unconfigured reverse proxy
When proxy headers (X-Forwarded-For, X-Real-IP) are present but
gateway.trustedProxies is not configured, the gateway now treats
connections as non-local. This prevents a scenario where all proxied
requests appear to come from localhost and receive automatic trust.
Previously, running behind nginx/Caddy without configuring trustedProxies
would cause isLocalClient=true for all external connections, potentially
bypassing authentication and auto-approving device pairing.
The gateway now logs a warning when this condition is detected, guiding
operators to configure trustedProxies for proper client IP detection.
Also adds documentation for reverse proxy security configuration.
* fix: harden reverse proxy auth (#1795) (thanks @orlyjamie)
---------
Co-authored-by: orlyjamie <orlyjamie@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
