Merge branch 'fix/docker-build-issues' into 'main'

Fix Docker-in-Docker connectivity for GitLab CI

See merge request digiresilience/link/link-stack!23

.gitlab-ci.yml

@@ -20,11 +20,13 @@ build-all:
     - turbo build
 
 .docker-build:
-  image: registry.gitlab.com/digiresilience/link/link-stack/buildx:${CI_COMMIT_REF_NAME}
+  image: registry.gitlab.com/digiresilience/link/link-stack/buildx:main
   services:
     - docker:dind
   stage: docker-build
   variables:
+    DOCKER_HOST: tcp://docker:2375
+    DOCKER_TLS_CERTDIR: ""
     DOCKER_TAG: ${CI_COMMIT_SHORT_SHA}
     BUILD_CONTEXT: .
   only:
@@ -37,11 +39,13 @@ build-all:
     - docker push ${DOCKER_NS}:${DOCKER_TAG}
 
 .docker-release:
-  image: registry.gitlab.com/digiresilience/link/link-stack/buildx:${CI_COMMIT_REF_NAME}
+  image: registry.gitlab.com/digiresilience/link/link-stack/buildx:main
   services:
     - docker:dind
   stage: docker-release
   variables:
+    DOCKER_HOST: tcp://docker:2375
+    DOCKER_TLS_CERTDIR: ""
     DOCKER_TAG: ${CI_COMMIT_SHORT_SHA}
     DOCKER_TAG_NEW: ${CI_COMMIT_REF_NAME}
   only:
@@ -195,8 +199,8 @@ zammad-docker-build:
     PNPM_HOME: "/pnpm"
   before_script:
     - export PATH="$PNPM_HOME:$PATH"
-  script:
     - corepack enable && corepack prepare pnpm@9.15.4 --activate
+  script:
     - pnpm add -g turbo
     - pnpm install --frozen-lockfile
     - turbo build --force --filter @link-stack/zammad-addon-*
@@ -218,8 +222,8 @@ zammad-standalone-docker-build:
     PNPM_HOME: "/pnpm"
   before_script:
     - export PATH="$PNPM_HOME:$PATH"
-  script:
     - corepack enable && corepack prepare pnpm@9.15.4 --activate
+  script:
     - pnpm add -g turbo
     - pnpm install --frozen-lockfile
     - turbo build --force --filter @link-stack/zammad-addon-*

README.md

@@ -20,3 +20,4 @@ We use [Turborepo](https://turbo.build) to manage development and building of th
 To run a single package:
 
 - `turbo dev --filter @link-stack/link`
+

apps/bridge-frontend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-stack/bridge-frontend",
-  "version": "3.3.0",
+  "version": "3.3.5",
   "type": "module",
   "scripts": {
     "dev": "next dev",
@@ -20,7 +20,7 @@
     "@mui/x-license": "^7",
     "@link-stack/bridge-common": "workspace:*",
     "@link-stack/bridge-ui": "workspace:*",
-    "next": "15.5.4",
+    "next": "15.5.9",
     "next-auth": "^4.24.11",
     "react": "19.2.0",
     "react-dom": "19.2.0",

apps/bridge-migrations/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-stack/bridge-migrations",
-  "version": "3.3.0",
+  "version": "3.3.5",
   "type": "module",
   "scripts": {
     "migrate:up:all": "tsx migrate.ts up:all",

apps/bridge-whatsapp/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-stack/bridge-whatsapp",
-  "version": "3.3.0",
+  "version": "3.3.5",
   "main": "build/main/index.js",
   "author": "Darren Clarke <darren@redaranj.com>",
   "license": "AGPL-3.0-or-later",
@@ -11,7 +11,7 @@
     "@hapipal/toys": "^4.0.0",
     "@link-stack/bridge-common": "workspace:*",
     "@link-stack/logger": "workspace:*",
-    "@whiskeysockets/baileys": "^6.7.21",
+    "@whiskeysockets/baileys": "6.7.21",
     "hapi-pino": "^13.0.0",
     "link-preview-js": "^3.1.0"
   },

apps/bridge-whatsapp/src/service.ts

@@ -26,11 +26,7 @@ export default class WhatsappService extends Service {
   connections: { [key: string]: any } = {};
   loginConnections: { [key: string]: any } = {};
 
-  static browserDescription: [string, string, string] = [
+  static browserDescription: [string, string, string] = ["Bridge", "Chrome", "2.0"];
-    "Bridge",
-    "Chrome",
-    "2.0",
-  ];
 
   constructor(server: Server, options: never) {
     super(server, options);
@@ -47,7 +43,7 @@ export default class WhatsappService extends Service {
     }
 
     // Prevent path traversal by checking for suspicious patterns
-    if (id.includes('..') || id.includes('/') || id.includes('\\')) {
+    if (id.includes("..") || id.includes("/") || id.includes("\\")) {
       throw new Error(`Path traversal detected in bot ID: ${id}`);
     }
 
@@ -102,20 +98,14 @@ export default class WhatsappService extends Service {
       auth: state,
       generateHighQualityLinkPreview: false,
       msgRetryCounterMap,
-      shouldIgnoreJid: (jid) =>
+      shouldIgnoreJid: (jid) => isJidBroadcast(jid) || isJidStatusBroadcast(jid),
-        isJidBroadcast(jid) || isJidStatusBroadcast(jid),
     });
     let pause = 5000;
 
     socket.ev.process(async (events) => {
       if (events["connection.update"]) {
         const update = events["connection.update"];
-        const {
+        const { connection: connectionState, lastDisconnect, qr, isNewLogin } = update;
-          connection: connectionState,
-          lastDisconnect,
-          qr,
-          isNewLogin,
-        } = update;
         if (qr) {
           logger.info("got qr code");
           const botDirectory = this.getBotDirectory(botID);
@@ -130,8 +120,7 @@ export default class WhatsappService extends Service {
           logger.info("opened connection");
         } else if (connectionState === "close") {
           logger.info({ lastDisconnect }, "connection closed");
-          const disconnectStatusCode = (lastDisconnect?.error as any)?.output
+          const disconnectStatusCode = (lastDisconnect?.error as any)?.output?.statusCode;
-            ?.statusCode;
           if (disconnectStatusCode === DisconnectReason.restartRequired) {
             logger.info("reconnecting after got new login");
             await this.createConnection(botID, server, options);
@@ -174,10 +163,7 @@ export default class WhatsappService extends Service {
       const verifiedFile = `${directory}/verified`;
       if (fs.existsSync(verifiedFile)) {
         const { version, isLatest } = await fetchLatestBaileysVersion();
-        logger.info(
+        logger.info({ version: version.join("."), isLatest }, "using WA version");
-          { version: version.join("."), isLatest },
-          "using WA version",
-        );
 
         await this.createConnection(botID, this.server, {
           browser: WhatsappService.browserDescription,
@@ -188,10 +174,7 @@ export default class WhatsappService extends Service {
     }
   }
 
-  private async queueMessage(
+  private async queueMessage(botID: string, webMessageInfo: proto.IWebMessageInfo) {
-    botID: string,
-    webMessageInfo: proto.IWebMessageInfo,
-  ) {
     const {
       key: { id, fromMe, remoteJid },
       message,
@@ -204,11 +187,9 @@ export default class WhatsappService extends Service {
         "Message field",
       );
     }
-    const isValidMessage =
+    const isValidMessage = message && remoteJid !== "status@broadcast" && !fromMe;
-      message && remoteJid !== "status@broadcast" && !fromMe;
     if (isValidMessage) {
-      const { audioMessage, documentMessage, imageMessage, videoMessage } =
+      const { audioMessage, documentMessage, imageMessage, videoMessage } = message;
-        message;
       const isMediaMessage =
         audioMessage || documentMessage || imageMessage || videoMessage;
 
@@ -288,10 +269,7 @@ export default class WhatsappService extends Service {
     }
   }
 
-  private async queueUnreadMessages(
+  private async queueUnreadMessages(botID: string, messages: proto.IWebMessageInfo[]) {
-    botID: string,
-    messages: proto.IWebMessageInfo[],
-  ) {
     for await (const message of messages) {
       await this.queueMessage(botID, message);
     }
@@ -334,10 +312,7 @@ export default class WhatsappService extends Service {
     }
   }
 
-  async register(
+  async register(botID: string, callback?: AuthCompleteCallback): Promise<void> {
-    botID: string,
-    callback?: AuthCompleteCallback,
-  ): Promise<void> {
     const { version } = await fetchLatestBaileysVersion();
     await this.createConnection(
       botID,
@@ -355,7 +330,10 @@ export default class WhatsappService extends Service {
     attachments?: Array<{ data: string; filename: string; mime_type: string }>,
   ): Promise<void> {
     const connection = this.connections[botID]?.socket;
-    const recipient = `${phoneNumber.replace(/\D+/g, "")}@s.whatsapp.net`;
+    const digits = phoneNumber.replace(/\D+/g, "");
+    // LIDs are 15+ digits, phone numbers with country code are typically 10-14 digits
+    const suffix = digits.length > 14 ? "@lid" : "@s.whatsapp.net";
+    const recipient = `${digits}${suffix}`;
 
     // Send text message if provided
     if (message) {
@@ -368,7 +346,9 @@ export default class WhatsappService extends Service {
       const MAX_TOTAL_SIZE = getMaxTotalAttachmentSize();
 
       if (attachments.length > MAX_ATTACHMENTS) {
-        throw new Error(`Too many attachments: ${attachments.length} (max ${MAX_ATTACHMENTS})`);
+        throw new Error(
+          `Too many attachments: ${attachments.length} (max ${MAX_ATTACHMENTS})`,
+        );
       }
 
       let totalSize = 0;
@@ -378,20 +358,26 @@ export default class WhatsappService extends Service {
         const estimatedSize = (attachment.data.length * 3) / 4;
 
         if (estimatedSize > MAX_ATTACHMENT_SIZE) {
-          logger.warn({
+          logger.warn(
+            {
               filename: attachment.filename,
               size: estimatedSize,
-            maxSize: MAX_ATTACHMENT_SIZE
+              maxSize: MAX_ATTACHMENT_SIZE,
-          }, 'Attachment exceeds size limit, skipping');
+            },
+            "Attachment exceeds size limit, skipping",
+          );
           continue;
         }
 
         totalSize += estimatedSize;
         if (totalSize > MAX_TOTAL_SIZE) {
-          logger.warn({
+          logger.warn(
+            {
               totalSize,
-            maxTotalSize: MAX_TOTAL_SIZE
+              maxTotalSize: MAX_TOTAL_SIZE,
-          }, 'Total attachment size exceeds limit, skipping remaining');
+            },
+            "Total attachment size exceeds limit, skipping remaining",
+          );
           break;
         }
 

apps/bridge-worker/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-stack/bridge-worker",
-  "version": "3.3.0",
+  "version": "3.3.5",
   "type": "module",
   "main": "build/main/index.js",
   "author": "Darren Clarke <darren@redaranj.com>",

apps/link/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-stack/link",
-  "version": "3.3.0",
+  "version": "3.3.5",
   "type": "module",
   "scripts": {
     "dev": "next dev -H 0.0.0.0",
@@ -31,7 +31,7 @@
     "graphql-request": "^7.2.0",
     "ioredis": "^5.8.1",
     "mui-chips-input": "^6.0.0",
-    "next": "15.5.4",
+    "next": "15.5.9",
     "next-auth": "^4.24.11",
     "react": "19.2.0",
     "react-cookie": "^8.0.1",

docker-compose.bridge-dev.yml

@@ -1,67 +0,0 @@
-version: '3.8'
-
-services:
-  zammad-railsserver:
-    volumes:
-      # Controllers
-      - ${PWD}/packages/zammad-addon-bridge/src/app/controllers/channels_cdr_signal_controller.rb:/opt/zammad/app/controllers/channels_cdr_signal_controller.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/app/controllers/channels_cdr_voice_controller.rb:/opt/zammad/app/controllers/channels_cdr_voice_controller.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/app/controllers/channels_cdr_whatsapp_controller.rb:/opt/zammad/app/controllers/channels_cdr_whatsapp_controller.rb:ro
-      
-      # Models
-      - ${PWD}/packages/zammad-addon-bridge/src/app/models/channel/driver/cdr_signal.rb:/opt/zammad/app/models/channel/driver/cdr_signal.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/app/models/channel/driver/cdr_whatsapp.rb:/opt/zammad/app/models/channel/driver/cdr_whatsapp.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/app/models/ticket/article/enqueue_communicate_cdr_signal_job.rb:/opt/zammad/app/models/ticket/article/enqueue_communicate_cdr_signal_job.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/app/models/ticket/article/enqueue_communicate_cdr_whatsapp_job.rb:/opt/zammad/app/models/ticket/article/enqueue_communicate_cdr_whatsapp_job.rb:ro
-      
-      # Jobs
-      - ${PWD}/packages/zammad-addon-bridge/src/app/jobs/communicate_cdr_signal_job.rb:/opt/zammad/app/jobs/communicate_cdr_signal_job.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/app/jobs/communicate_cdr_whatsapp_job.rb:/opt/zammad/app/jobs/communicate_cdr_whatsapp_job.rb:ro
-      
-      # Policies
-      - ${PWD}/packages/zammad-addon-bridge/src/app/policies/controllers/channels_cdr_signal_controller_policy.rb:/opt/zammad/app/policies/controllers/channels_cdr_signal_controller_policy.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/app/policies/controllers/channels_cdr_voice_controller_policy.rb:/opt/zammad/app/policies/controllers/channels_cdr_voice_controller_policy.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/app/policies/controllers/channels_cdr_whatsapp_controller_policy.rb:/opt/zammad/app/policies/controllers/channels_cdr_whatsapp_controller_policy.rb:ro
-      
-      # Config - initializers
-      - ${PWD}/packages/zammad-addon-bridge/src/config/initializers/cdr_signal.rb:/opt/zammad/config/initializers/cdr_signal.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/config/initializers/cdr_whatsapp.rb:/opt/zammad/config/initializers/cdr_whatsapp.rb:ro
-      
-      # Config - routes
-      - ${PWD}/packages/zammad-addon-bridge/src/config/routes/channel_cdr_signal.rb:/opt/zammad/config/routes/channel_cdr_signal.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/config/routes/channel_cdr_voice.rb:/opt/zammad/config/routes/channel_cdr_voice.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/config/routes/channel_cdr_whatsapp.rb:/opt/zammad/config/routes/channel_cdr_whatsapp.rb:ro
-      
-      # Database migrations
-      - ${PWD}/packages/zammad-addon-bridge/src/db/addon/bridge/20210525091356_cdr_signal_channel.rb:/opt/zammad/db/addon/bridge/20210525091356_cdr_signal_channel.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/db/addon/bridge/20210525091357_cdr_voice_channel.rb:/opt/zammad/db/addon/bridge/20210525091357_cdr_voice_channel.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/db/addon/bridge/20210525091358_cdr_whatsapp_channel.rb:/opt/zammad/db/addon/bridge/20210525091358_cdr_whatsapp_channel.rb:ro
-      
-      # Lib files
-      - ${PWD}/packages/zammad-addon-bridge/src/lib/cdr_signal.rb:/opt/zammad/lib/cdr_signal.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/lib/cdr_signal_api.rb:/opt/zammad/lib/cdr_signal_api.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/lib/cdr_whatsapp.rb:/opt/zammad/lib/cdr_whatsapp.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/lib/cdr_whatsapp_api.rb:/opt/zammad/lib/cdr_whatsapp_api.rb:ro
-
-  # Also map to scheduler for background jobs
-  zammad-scheduler:
-    volumes:
-      # Models
-      - ${PWD}/packages/zammad-addon-bridge/src/app/models/channel/driver/cdr_signal.rb:/opt/zammad/app/models/channel/driver/cdr_signal.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/app/models/channel/driver/cdr_whatsapp.rb:/opt/zammad/app/models/channel/driver/cdr_whatsapp.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/app/models/ticket/article/enqueue_communicate_cdr_signal_job.rb:/opt/zammad/app/models/ticket/article/enqueue_communicate_cdr_signal_job.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/app/models/ticket/article/enqueue_communicate_cdr_whatsapp_job.rb:/opt/zammad/app/models/ticket/article/enqueue_communicate_cdr_whatsapp_job.rb:ro
-      
-      # Jobs
-      - ${PWD}/packages/zammad-addon-bridge/src/app/jobs/communicate_cdr_signal_job.rb:/opt/zammad/app/jobs/communicate_cdr_signal_job.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/app/jobs/communicate_cdr_whatsapp_job.rb:/opt/zammad/app/jobs/communicate_cdr_whatsapp_job.rb:ro
-      
-      # Config - initializers
-      - ${PWD}/packages/zammad-addon-bridge/src/config/initializers/cdr_signal.rb:/opt/zammad/config/initializers/cdr_signal.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/config/initializers/cdr_whatsapp.rb:/opt/zammad/config/initializers/cdr_whatsapp.rb:ro
-      
-      # Lib files
-      - ${PWD}/packages/zammad-addon-bridge/src/lib/cdr_signal.rb:/opt/zammad/lib/cdr_signal.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/lib/cdr_signal_api.rb:/opt/zammad/lib/cdr_signal_api.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/lib/cdr_whatsapp.rb:/opt/zammad/lib/cdr_whatsapp.rb:ro
-      - ${PWD}/packages/zammad-addon-bridge/src/lib/cdr_whatsapp_api.rb:/opt/zammad/lib/cdr_whatsapp_api.rb:ro

docker/zammad/Dockerfile

@@ -56,9 +56,6 @@ RUN sed -i "s/'flattened'/'flat_object'/g" /opt/zammad/lib/search_index_backend.
 RUN touch db/schema.rb && \
     ZAMMAD_SAFE_MODE=1 DATABASE_URL=postgresql://zammad:/zammad bundle exec rake assets:precompile
 
-# Run additional setup for addons
-RUN bundle exec rails runner /opt/zammad/contrib/link/setup.rb || true
-
 # Clean up build artifacts
 RUN rm -rf tmp/cache node_modules/.cache
 ARG EMBEDDED=false
@@ -78,6 +75,14 @@ RUN if [ "$EMBEDDED" = "true" ] ; then \
     echo "}" >> /opt/zammad/contrib/nginx/zammad.conf; \
 fi
 
+
+# Modify entrypoint to install packages and run migrations at runtime
+RUN sed -i '/^[[:space:]]*# es config/a\
+  echo "Installing addon packages..."\n\
+  bundle exec rails runner /opt/zammad/contrib/link/setup.rb\n\
+  bundle exec rake zammad:package:migrate\n\
+  ' /docker-entrypoint.sh
+
 FROM zammad/zammad-docker-compose:${ZAMMAD_VERSION} AS runner
 USER root
 
@@ -88,37 +93,7 @@ RUN apt-get update && \
     rm -rf /var/lib/apt/lists/* && \
     npm install -g pnpm
 
-# Copy only the modified/added files from builder
-# Copy addon files that were installed
-COPY --from=builder --chown=zammad:zammad /opt/zammad/app/frontend/apps/desktop/pages/ticket/components/TicketDetailView/ /opt/zammad/app/frontend/apps/desktop/pages/ticket/components/TicketDetailView/
-COPY --from=builder --chown=zammad:zammad /opt/zammad/app/frontend/shared/entities/ticket-article/action/plugins/ /opt/zammad/app/frontend/shared/entities/ticket-article/action/plugins/
-COPY --from=builder --chown=zammad:zammad /opt/zammad/db/addon/ /opt/zammad/db/addon/
-COPY --from=builder --chown=zammad:zammad /opt/zammad/app/assets/ /opt/zammad/app/assets/
-COPY --from=builder --chown=zammad:zammad /opt/zammad/app/controllers/*cdr* /opt/zammad/app/controllers/
-COPY --from=builder --chown=zammad:zammad /opt/zammad/app/jobs/*cdr* /opt/zammad/app/jobs/
-COPY --from=builder --chown=zammad:zammad /opt/zammad/app/models/channel/driver/*cdr* /opt/zammad/app/models/channel/driver/
-COPY --from=builder --chown=zammad:zammad /opt/zammad/app/models/ticket/article/*cdr* /opt/zammad/app/models/ticket/article/
-COPY --from=builder --chown=zammad:zammad /opt/zammad/app/policies/controllers/*cdr* /opt/zammad/app/policies/controllers/
-COPY --from=builder --chown=zammad:zammad /opt/zammad/config/initializers/*cdr* /opt/zammad/config/initializers/
-COPY --from=builder --chown=zammad:zammad /opt/zammad/config/routes/*cdr* /opt/zammad/config/routes/
-COPY --from=builder --chown=zammad:zammad /opt/zammad/lib/cdr* /opt/zammad/lib/
-# CRITICAL: Copy modified search_index_backend.rb with OpenSearch fix
-COPY --from=builder --chown=zammad:zammad /opt/zammad/lib/search_index_backend.rb /opt/zammad/lib/search_index_backend.rb
-COPY --from=builder --chown=zammad:zammad /opt/zammad/public/assets/images/icons/*cdr* /opt/zammad/public/assets/images/icons/
-COPY --from=builder --chown=zammad:zammad /opt/zammad/app/views/mailer/ticket_create/ /opt/zammad/app/views/mailer/ticket_create/
-COPY --from=builder --chown=zammad:zammad /opt/zammad/public/assets/images/logo* /opt/zammad/public/assets/images/
-
-# Copy the nginx config if embedded mode was used
-COPY --from=builder --chown=zammad:zammad /opt/zammad/contrib/nginx/zammad.conf /opt/zammad/contrib/nginx/zammad.conf
-
-# Copy the link setup scripts and addons
-COPY --from=builder --chown=zammad:zammad /opt/zammad/contrib/link/ /opt/zammad/contrib/link/
-
-# CRITICAL: Copy compiled assets that include our CoffeeScript changes
-# The builder stage compiles assets at line 47, we must copy them to runner
-COPY --from=builder --chown=zammad:zammad /opt/zammad/public/assets/ /opt/zammad/public/assets/
-
-# Copy the modified entrypoint script
-COPY --from=builder /docker-entrypoint.sh /docker-entrypoint.sh
-
 USER zammad
+COPY --from=builder --chown=zammad:zammad ${ZAMMAD_DIR} ${ZAMMAD_DIR}
+COPY --from=builder /usr/local/bundle /usr/local/bundle
+COPY --from=builder /docker-entrypoint.sh /docker-entrypoint.sh

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-stack",
-  "version": "3.3.0",
+  "version": "3.3.5",
   "description": "Link from the Center for Digital Resilience",
   "scripts": {
     "dev": "dotenv -- turbo dev",

packages/bridge-common/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-stack/bridge-common",
-  "version": "3.3.0",
+  "version": "3.3.5",
   "main": "build/main/index.js",
   "type": "module",
   "author": "Darren Clarke <darren@redaranj.com>",

packages/bridge-ui/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-stack/bridge-ui",
-  "version": "3.3.0",
+  "version": "3.3.5",
   "scripts": {
     "build": "tsc -p tsconfig.json"
   },
@@ -11,7 +11,7 @@
     "@mui/material": "^6",
     "@mui/x-data-grid-pro": "^7",
     "kysely": "0.27.5",
-    "next": "15.5.4",
+    "next": "15.5.9",
     "react": "19.2.0",
     "react-dom": "19.2.0",
     "react-qr-code": "^2.0.18"

packages/eslint-config/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-stack/eslint-config",
-  "version": "3.3.0",
+  "version": "3.3.5",
   "description": "amigo's eslint config",
   "main": "index.js",
   "author": "Abel Luck <abel@guardianproject.info>",

packages/jest-config/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-stack/jest-config",
-  "version": "3.3.0",
+  "version": "3.3.5",
   "description": "",
   "main": "index.js",
   "author": "Abel Luck <abel@guardianproject.info>",

packages/logger/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-stack/logger",
-  "version": "3.3.0",
+  "version": "3.3.5",
   "description": "Shared logging utility for Link Stack monorepo",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",

packages/signal-api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-stack/signal-api",
-  "version": "3.3.0",
+  "version": "3.3.5",
   "type": "module",
   "main": "build/index.js",
   "exports": {

packages/typescript-config/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-stack/typescript-config",
-  "version": "3.3.0",
+  "version": "3.3.5",
   "description": "Shared TypeScript config",
   "license": "AGPL-3.0-or-later",
   "author": "Abel Luck <abel@guardianproject.info>",

packages/ui/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-stack/ui",
-  "version": "3.3.0",
+  "version": "3.3.5",
   "description": "",
   "scripts": {
     "build": "tsc -p tsconfig.json"
@@ -11,7 +11,7 @@
     "@mui/material": "^6",
     "@mui/x-data-grid-pro": "^7",
     "@mui/x-license": "^7",
-    "next": "15.5.4",
+    "next": "15.5.9",
     "react": "19.2.0",
     "react-dom": "19.2.0"
   },

packages/zammad-addon-bridge/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@link-stack/zammad-addon-bridge",
   "displayName": "Bridge",
-  "version": "3.3.0",
+  "version": "3.3.5",
   "description": "An addon that adds CDR Bridge channels to Zammad.",
   "scripts": {
     "build": "node '../zammad-addon-common/dist/build.js'",

packages/zammad-addon-common/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-stack/zammad-addon-common",
-  "version": "3.3.0",
+  "version": "3.3.5",
   "description": "",
   "bin": {
     "zpm-build": "./dist/build.js",

packages/zammad-addon-hardening/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@link-stack/zammad-addon-hardening",
   "displayName": "Hardening",
-  "version": "3.3.0",
+  "version": "3.3.5",
   "description": "A Zammad addon that hardens a Zammad instance according to CDR's needs.",
   "scripts": {
     "build": "node '../zammad-addon-common/dist/build.js'",

packages/zammad-addon-hardening/src/config/initializers/transaction_notification_no_attachments.rb

@@ -1,79 +0,0 @@
-# frozen_string_literal: true
-
-# Monkey patch Transaction::Notification to prevent attachments from being
-# included in ticket notification emails for security/privacy reasons.
-#
-# This overrides the send_notification_email method to always pass an empty
-# attachments array instead of article.attachments_inline.
-
-module TransactionNotificationNoAttachments
-  def send_notification_email(user:, ticket:, article:, changes:, current_user:, recipients_reason:)
-    template = case @item[:type]
-               when 'create'
-                 'ticket_create'
-               when 'update'
-                 'ticket_update'
-               when 'reminder_reached'
-                 'ticket_reminder_reached'
-               when 'escalation'
-                 'ticket_escalation'
-               when 'escalation_warning'
-                 'ticket_escalation_warning'
-               when 'update.merged_into', 'update.received_merge'
-                 'ticket_update_merged'
-               when 'update.reaction'
-                 'ticket_article_update_reaction'
-               else
-                 raise "unknown type for notification #{@item[:type]}"
-               end
-
-    # HARDENING: Always use empty attachments array to prevent leaking sensitive files
-    original_attachment_count = article&.attachments_inline&.count || 0
-    attachments = []
-
-    if original_attachment_count > 0
-      Rails.logger.info "[HARDENING] Stripped #{original_attachment_count} attachment(s) from notification email for ticket ##{ticket.id}"
-    end
-
-    NotificationFactory::Mailer.notification(
-      template:    template,
-      user:        user,
-      objects:     {
-        ticket:       ticket,
-        article:      article,
-        recipient:    user,
-        current_user: current_user,
-        changes:      changes,
-        reason:       recipients_reason[user.id],
-      },
-      message_id:  "<notification.#{DateTime.current.to_fs(:number)}.#{ticket.id}.#{user.id}.#{SecureRandom.uuid}@#{Setting.get('fqdn')}>",
-      references:  ticket.get_references,
-      main_object: ticket,
-      attachments: attachments,
-    )
-    Rails.logger.debug { "sent ticket email notification to agent (#{@item[:type]}/#{ticket.id}/#{user.email})" }
-  rescue Channel::DeliveryError => e
-    status_code = begin
-      e.original_error.response.status.to_i
-    rescue
-      raise e
-    end
-
-    if Transaction::Notification::SILENCABLE_SMTP_ERROR_CODES.any? { |elem| elem.include? status_code }
-      Rails.logger.info do
-        "could not send ticket email notification to agent (#{@item[:type]}/#{ticket.id}/#{user.email}) #{e.original_error}"
-      end
-
-      return
-    end
-
-    raise e
-  end
-end
-
-# Apply the monkey patch after Rails initialization when all classes are loaded
-Rails.application.config.after_initialize do
-  Rails.logger.info '[HARDENING] Loading TransactionNotificationNoAttachments monkey patch...'
-  Transaction::Notification.prepend(TransactionNotificationNoAttachments)
-  Rails.logger.info '[HARDENING] TransactionNotificationNoAttachments monkey patch successfully applied - email attachments will be stripped from notifications'
-end

set_channel_setting.rb

@@ -1,10 +0,0 @@
-#!/usr/bin/env ruby
-
-require '/opt/zammad/config/boot'
-require '/opt/zammad/config/application'
-
-Rails.application.initialize!
-
-# Reset to default (empty = allow all channels)
-Setting.set('cdr_link_allowed_channels', '')
-puts "Setting 'cdr_link_allowed_channels' has been reset to default (empty = allow all channels)"