Fix Slack thread bootstrap replaying the bot's own prior turns into new sessions and duplicating the thread-starter prompt block.
Narrows first-turn context seeding to exclude only the current Slack bot's own starter/history entries, so self-authored turns no longer pollute new session prompts while preserving human and third-party bot context
Removes the redundant plain-text starter prelude in runPreparedReply() that doubled thread-starter content when no ThreadHistoryBody was present
Fixes concurrent manager creation races that caused SafeOpenErrors during session export.
Deduplicates in-flight manager creation so only one full QMD manager arms per agent/config at a time, eliminating the concurrent exportSessions() collisions that triggered path changed during write errors
Resolves and snapshots runtime inputs before cache reuse, replacing stale managers atomically when workspace/config changes, and aborting queued export work promptly on close()
Ollama chat models already support image inputs (extensions/ollama/src/stream.ts
extracts image parts and forwards them via the Ollama API), but the ollama
plugin did not register a MediaUnderstandingProvider. The image tool's provider
registry therefore had no 'ollama' entry, so requests like
`imageModel: 'ollama/qwen2.5vl:7b'` failed to resolve and fell back to
unrelated providers.
Register ollamaMediaUnderstandingProvider with:
- capabilities: ['image']
- describeImage/describeImages wired to the shared core helpers (reuses the
same pi-ai complete path Ollama chat already goes through)
- no defaultModels or autoPriority: Ollama vision support depends on which
model the user has pulled, so we don't pick a canonical default and don't
auto-steal image duty from configured providers.
Fixes#69071 (and supersedes #60280).
Greptile/Codex review follow-ups on #69817:
- Narrow skipA2AFlow from target-only detection to a combined check that
the caller is the parent of the target (new
isRequesterParentOfBackgroundAcpSession helper). Under
tools.sessions.visibility=all a non-parent sender can see the same
oneshot ACP session; the previous guard would have suppressed their
only follow-up delivery path. With requester ownership required, those
senders continue through the normal A2A flow.
- When the A2A flow is skipped, return delivery.status="skipped" instead
of "pending" so the parent LLM does not wait for a second result that
will never arrive.
- Add unit tests for resolveAcpSessionInteractionMode and
isRequesterParentOfBackgroundAcpSession covering both the new
ownership gate and the existing target-type branches.
The A2A ping-pong + announce flow in runSessionsSendA2AFlow treats the
send target as a peer agent and echoes replies back and forth between
requester and target. When the target is an ACP child spawned by the
requester, this creates an infinite loop: the parent is woken with the
child's reply, generates a user-facing response, and has that response
forwarded back to the child as a new user message — effectively granting
the child an implicit sessions_send capability back to the parent.
ACP children already report their results through the
[Internal task completion event] announcement path, so no A2A flow is
needed when the send target is a parent-owned background ACP session.
Detect this case via isParentOwnedBackgroundAcpSession and short-circuit
startA2AFlow before runSessionsSendA2AFlow is invoked.
* fix(exec): block heredoc parameter expansion
* chore(changelog): note heredoc parameter expansion fix
* fix(exec): tighten heredoc expansion guardrails
* fix(exec): reject continued heredoc expansions
* fix(exec): buffer heredoc continuation chunks
* fix(exec): harden heredoc continuation parsing
* fix(exec): cap heredoc continuation chunks
* fix(exec): reject continued heredoc param expansion across delimiter
Bash splices `$VAR\\<newline>REST` into `$VARREST` inside an
unquoted heredoc body even when the continued physical line matches the
heredoc delimiter; the heredoc only terminates at EOF with a warning.
The analyzer previously shifted the pending heredoc the moment a line
equaled the delimiter, so a payload like `cat <<KEY\n$OPENAI_API_\\\nKEY`
passed allowlist review while the runtime would expand and print
$OPENAI_API_KEY.
Mirror bash's splicing: only treat a delimiter-matching line as the
terminator when no continuation chunks are pending, otherwise append it
to the logical line and evaluate it through the expansion check. The
tail handler does the same splice + expansion check before falling back
to "unterminated heredoc".
