Keep explicit session-key normalization on loaded channel plugins so
unknown provider contexts pass through without cold-loading bundled channel
runtimes. This preserves active plugin behavior and removes the slow
unknown-provider test path.
* fix(cron): preserve untrusted awareness event labels
Keep isolated cron awareness summaries untrusted when they are promoted into the main session, and forward explicit trust downgrades through the gateway cron wrapper. Add focused regression coverage for both paths.
* changelog: note cron awareness untrusted-label preservation (#68210)
* fix(feishu): resolve card-action chat type before dispatch
* changelog: resolve card-action chat type before dispatch (#68201)
* address review: prefer chat_mode over chat_type, add error-path tests
- Swap resolution order to check chat_mode (conversation type) before
chat_type (privacy classification), since Feishu's chat_type can
return "private" for private group chats which would be wrongly
classified as p2p.
- Treat "topic" as group semantics in the normalizer.
- Add comment explaining the field semantics and why "private" maps
to "p2p" (safe-failure direction).
- Add two error-path tests: API returns non-zero code, and API throws.
* map chat_type=public to group in normalizer
Feishu's chat_type can return "public" for public group chats.
Without this mapping the fallback resolver would miss it and default
to p2p, routing a group card action through DM handling.
* address Aisle: cache chat-type lookups and scrub log output
- Add a 30-minute TTL cache for chatId -> chatType so repeated card
actions on the same chat skip the Feishu API call.
- Strip chatId, event.token, and raw error strings from log messages;
use err.message instead of String(err) to avoid leaking stack traces
or HTTP internals from the Feishu SDK.
* prune expired chat-type cache entries
Add pruneChatTypeCache() called on each lookup so expired entries are
evicted and the cache stays bounded in long-running processes.
* address Aisle: scope cache by account, cap size, sanitize logs
- Key cache by accountId:chatId to prevent cross-account contamination.
- Cap cache at 5000 entries and evict oldest when exceeded.
- Sanitize response.msg and err.message with CR/LF stripping and
length cap before logging to prevent log injection.
