* feat(tools): add background and parallel execution to delegate tool
Add three new execution modes to the delegate tool:
- background: when true, spawns the sub-agent in a background tokio task
and returns a task_id immediately. Results are persisted to
workspace/delegate_results/{task_id}.json.
- parallel: accepts an array of agent names, runs them all concurrently
with the same prompt, and returns all results when complete.
- action parameter with check_result/list_results/cancel_task support
for managing background task lifecycle.
Cascade control: background sub-agents use child CancellationToken
derived from the parent, enabling cancel_all_background_tasks() to
abort all running background agents when the parent session ends.
Existing synchronous delegation flow is fully preserved (opt-in only).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(tools): validate task_id as UUID to prevent path traversal in delegate tool
The check_result and cancel_task actions accept a user-provided task_id
that is used directly in filesystem path construction. A malicious
task_id like "../../etc/passwd" could read or overwrite arbitrary files.
Since task_ids are always generated as UUIDs internally, this adds UUID
format validation before any filesystem operations, rejecting invalid
task_id values with a clear error message.
Also updates existing tests to use valid UUID-format task_ids and adds
dedicated path traversal rejection tests.
* fix: add missing attachments field to wati ChannelMessage after media pipeline merge
* fix(channels): add missing attachments field to voice_wake and lark
---------
Co-authored-by: Giulio V <vannini.gv@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
eb09ccb52d