Add reasoningDefault support under agents.defaults and preserve the existing per-agent/session/inline override order.
Includes authorization gating for configured reasoning state, /status coverage, config schema/docs baseline updates, and regression tests for the reply and status paths. Also carries the related cron startup-run preservation fix and CI test stabilization needed for this PR branch.
Validated locally with pnpm check:changed, the focused Vitest bundle for touched gateway/cron/auto-reply/plugin-sdk/tooling tests, pnpm config:docs:check, and git diff --check. GitHub checks are green on the merged head; Greptile latest visible review is 4/5 with no P0/P1 findings.
Bias group-chat prompt composition toward using subagents for tool-heavy work, keeping maintainer-channel responsiveness higher.\n\nValidated locally with focused prompt/auto-reply tests before opening the PR.
* fix: Discord read/search timeout, session-key fallback, and gateway execution mode
- Add 15s timeout to readMessagesDiscord and searchMessagesDiscord so they
fail fast instead of hanging indefinitely (#73431)
- Fall back to CommandTargetSessionKey in dispatchReplyFromConfig when
SessionKey is empty, so Discord inbound message:received hooks fire
reliably (#73431, refs #33038)
- Add resolveExecutionMode to Discord channel actions routing read/search
through gateway timeout path, matching Telegram's pattern (#73431)
* fix: move timeout to fetch layer, drop send.messages wrapper
Inject AbortSignal.timeout into the Discord proxy-request-client fetch
wrapper so every Discord REST call gets a 15s timeout at the HTTP level.
This replaces the Promise.race wrapper in send.messages.ts — cleaner,
covers all calls, and actually aborts the TCP connection.
* fix: remove unused callerController variable in proxy-request-client test
* fix: remove unnecessary mergeAbortSignal helper
Rewrites the always-on reply handling so group/channel rooms default to message-tool-visible output, while `messages.groupChat.visibleReplies: \"automatic\"` preserves legacy auto-posting.\n\nThanks @scoootscooob.
* fix(export): fix broken template placeholders in session export HTML
The {{MARKED_JS}}, {{HIGHLIGHT_JS}}, and {{JS}} placeholders in the
export HTML template were split across multiple lines by a code
formatter, turning them into JS block statements instead of template
tokens. The generateHtml() function uses .replace('{{MARKED_JS}}', ...)
which requires contiguous strings, so the vendor JS and app code were
never injected — producing a 2MB HTML file that opens with styles and
session data but renders blank (no JS to parse/display the data).
Fix: collapse placeholders to single-line {{TOKEN}} format and add
prettier-ignore comments to prevent re-formatting.
Introduced in 9d403fd.
* fix(export): use function replacers for vendor JS injection
String.replace() interprets $ sequences ($&, $$, $', etc.) in
replacement strings. The minified vendor libraries (highlight.min.js,
marked.min.js) and the template JS contain literal $ characters that
get mutated during injection — e.g. $& becomes the matched placeholder
text, $$ becomes a single $.
Fix: use arrow function replacers for JS content so replacement text
is injected verbatim without $ interpretation. CSS and session data
use string replacers since they don't contain problematic $ patterns.
Flagged by Codex review (P2).
* ci: retrigger checks
* fix(export-session): restore inline export scripts
---------
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
