Move sentBlockMediaUrls recording from before sends to after successful
delivery completion. If a block send throws, the URL is not recorded,
so final fallback delivery retains the media attachment instead of
incorrectly deduplicating it.
Add regression tests for both success-path dedup and failure-path
media preservation.
Addresses ClawSweeper P2: block-failure → final-media-loss.
Non-streaming Telegram delivers each MEDIA: attachment twice — once
from the media-only block reply and once from the final reply. Track
media URLs sent via block replies and filter duplicates from final
replies.
Closes#78372
Fixes#77656.
Summary:
- Carry chat turn-source metadata through approved async host=node replays.
- Bind trusted backend replay to node, command, session, agent, and chat target metadata instead of transient WebSocket connection ids.
- Cover Telegram and WeCom-style reconnect replay plus denial cases with gateway, websocket, and agent tests.
- Carry the current-main CLI help assertion fix needed to clear exact-head CI after the rebase.
Verification:
- pnpm test src/gateway/node-invoke-system-run-approval.test.ts src/gateway/server.node-invoke-approval-bypass.test.ts src/agents/bash-tools.exec-host-node.test.ts -- --reporter=verbose
- pnpm test src/cli/channel-auth.test.ts src/cli/plugins-cli.policy.test.ts src/cli/command-registration-policy.test.ts -- --reporter=verbose
- pnpm check:changed
- GitHub CI passed on d1392a873c
- ClawSweeper re-review completed on the approval replay head
Summary:
- Preserve AcpRuntimeError detail across the ACP lifecycle boundary.
- Redact non-Error lifecycle failure strings and add gateway/agent propagation coverage.
- Align rebased CLI command-hint formatting with current main.
Verification:
- pnpm check:test-types
- pnpm test src/acp/runtime/errors.test.ts src/agents/command/attempt-execution.error-propagation.test.ts src/gateway/server.agent.gateway-server-agent-b.test.ts
- CI exact head c96d63298b green
Co-authored-by: Jordan Baker <23538+hexsprite@users.noreply.github.com>
Host-local media sends were rejecting ZIP attachments with the error
'Host-local media sends only allow buffer-verified images, audio, video,
PDF, and Office documents (got application/zip)'.
This adds application/zip to the HOST_READ_ALLOWED_DOCUMENT_MIMES set,
enabling agents to send ZIP files via the message tool. ZIP files are
validated by file-type magic bytes detection, ensuring they are genuine
archives rather than disguised executables.
Fixes#78057 (regression from v2026.4.23 to v2026.5.2).
