Skip to content

feat: private chat global admin + manual verification + bug fixes#5

Merged
Rlin1027 merged 2 commits intomainfrom
manual-verify-and-fix
Mar 4, 2026
Merged

feat: private chat global admin + manual verification + bug fixes#5
Rlin1027 merged 2 commits intomainfrom
manual-verify-and-fix

Conversation

@Rlin1027
Copy link
Copy Markdown
Owner

@Rlin1027 Rlin1027 commented Mar 4, 2026
edited
Loading

Summary

  • Private Chat Global Admin: Admin can manage all groups via Telegram DM — cross-group messaging, prompt editing, knowledge search, image generation, and 15+ admin commands
  • Security hardening: Path traversal prevention (SAFE_FOLDER_RE), timing-safe secret comparison (safeCompare), type validation on all tool args
  • Manual verification: 26/29 test cases passed via Playwright on Telegram Web (3 skipped: require second account)
  • Bug fix — knowledge search misfire: Narrowed search_knowledge tool description to prevent Gemini from routing general questions (e.g. "現在幾點") to the knowledge base
  • Bug fix — binary content indexing: Added MIME type blocklist + looksLikeBinary() heuristic to prevent .docx/.xlsx binary garbage from being indexed

Test plan

  • npm run typecheck — passes
  • npm test — 66 plugin tests pass, full suite passes
  • Manual verification: 26/29 scenarios via Playwright (see docs/ADMIN-CHAT-TEST-PLAN.md)
  • Smoke test: send "現在幾點" in a group with Drive knowledge — should NOT trigger knowledge search
  • Smoke test: re-index a .docx file — should return [Binary file — cannot extract text] instead of garbage

🤖 Generated with Claude Code

Rlin1027 and others added 2 commits March 4, 2026 18:45
@Rlin1027 @claude
test: manual verification 26/29 pass + fix google_search conflict
ccd3ea4 
Execute ADMIN-CHAT-TEST-PLAN.md via Playwright on Telegram Web:
- 26/29 tests pass, 3 skipped (need second Telegram account)
- Fix: google_search + Function Calling cannot coexist in API Key mode
- Update test plan with execution results and skip reasons

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Rlin1027 @claude
fix: prevent knowledge search misfire and binary content indexing
a2b92dd 
1. Narrow search_knowledge tool description so Gemini won't route
   general questions (e.g. "現在幾點") to the knowledge base.
2. Block binary MIME types (.docx/.xlsx/.pptx/images/etc.) from being
   extracted as text, and add looksLikeBinary() safety net for unknown
   types that slip through (detects null bytes and ZIP magic bytes).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Rlin1027 Rlin1027 merged commit b39fe5a into main Mar 4, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Rlin1027