From 6174d70ee8ea9d5d498b7c9ba5e219eee75b99bc Mon Sep 17 00:00:00 2001 From: zlc Date: Thu, 4 Jun 2026 18:15:26 +0000 Subject: [PATCH 1/2] docs: add Mattermost edit_post 403 troubleshooting to Hyperflux Gateway guide MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When the bot role lacks Edit Own Posts (edit_post), the worker's update_post edit of the placeholder post returns 403 (api.context.permissions.app_error) and the bot stays on "Thinking, please wait…". Document the symptom, log signature, root cause and the System Scheme -> Posts permission fix, plus a prerequisite note. Co-Authored-By: Claude Opus 4.8 (1M context) --- ...Deploy_Hyperflux_Gateway_for_Mattermost.md | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/docs/en/solutions/How_to_Deploy_Hyperflux_Gateway_for_Mattermost.md b/docs/en/solutions/How_to_Deploy_Hyperflux_Gateway_for_Mattermost.md index 0dec64ee8..8000f3e3f 100644 --- a/docs/en/solutions/How_to_Deploy_Hyperflux_Gateway_for_Mattermost.md +++ b/docs/en/solutions/How_to_Deploy_Hyperflux_Gateway_for_Mattermost.md @@ -19,6 +19,7 @@ Prepare the following before deployment: - A reachable Mattermost service URL. - A Mattermost administrator account with permission to access **System Console**. - A running Hyperflux environment. +- The bot role must have the **Edit Own Posts (`edit_post`)** permission. Otherwise the streaming reply (which edits a placeholder post) fails and the answer stays on "Thinking, please wait…". See *Troubleshoot common issues*. - A Kubernetes cluster where Hyperflux Gateway can be installed. - The Hyperflux Gateway release bundle that contains `install-k8s.sh`, `uninstall-k8s.sh`, `install.env`, and `image-metadata.json`. @@ -280,6 +281,40 @@ Verify that the following Mattermost setting is enabled: System Console -> Integrations -> Integration Management -> Enable Bot Account Creation ``` +**The bot stays on "Thinking, please wait…" and the answer never appears** + +Symptom: after a user sends a message, the bot posts a placeholder ("Thinking, please wait…"), but the placeholder is never replaced with the real answer. + +Worker log signature: + +```text +POST /api/v4/posts -> 201 Created # placeholder created +PUT /api/v4/posts/{post_id} -> 403 Forbidden # editing the placeholder is rejected +error id: api.context.permissions.app_error +``` + +Root cause: the gateway streams answers by first creating a placeholder post and then editing that post once the answer is ready. In Mattermost, `create_post` and `edit_post` are independent permissions, so the placeholder can be created successfully while the edit returns 403. The bot role is missing the **Edit Own Posts (`edit_post`)** permission. + +> Note: recent Mattermost versions moved "Allow users to edit their messages" out of `System Console -> Site Configuration -> Posts` into the permission scheme, so it is no longer found under Posts. + +Resolution: grant the edit permission to the bot role in the Mattermost permission scheme. + +1. Open the permission scheme (use the corresponding Team Override Scheme if one is in effect): + +```text +System Console -> User Management -> Permissions -> System Scheme +``` + +2. Under the **Posts / Manage Posts** group, enable: + +- **Edit Posts (`edit_post`)** — required so the worker can edit its own placeholder post. +- **Edit Others' Posts (`edit_others_posts`)** if the placeholder author differs from the editor. +- Confirm the permission is enabled for the role the bot belongs to (All Members, Channel Admin, and so on). + +3. Do not set **Edit Time Limit** too low: a long model response can exceed the limit and also cause a 403 on edit. + +Verification: manually edit one of the bot account's own recent messages, then send a new message to the bot and confirm the placeholder is replaced by the final answer. Menu locations vary slightly between Mattermost versions; rely on "permission scheme / System Scheme -> Posts". Reference: [Mattermost Advanced permissions](https://docs.mattermost.com/administration-guide/onboard/advanced-permissions.html). + **The bot replies multiple times** This usually means multiple listeners are connected to Mattermost at the same time. Keep the WebSocket listener deployment single-threaded and verify the worker count configuration. From ff50df586c329d1c0acd2c0cd8429dc7c3ffc9ca Mon Sep 17 00:00:00 2001 From: zlc Date: Fri, 5 Jun 2026 03:24:04 +0000 Subject: [PATCH 2/2] docs: clarify edit_post is the "edit own posts" permission (review feedback) CodeRabbit: avoid implying edit_post grants editing all posts. Label it as the "edit your own posts" permission; edit_others_posts stays separate. Co-Authored-By: Claude Opus 4.8 (1M context) --- .../solutions/How_to_Deploy_Hyperflux_Gateway_for_Mattermost.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/solutions/How_to_Deploy_Hyperflux_Gateway_for_Mattermost.md b/docs/en/solutions/How_to_Deploy_Hyperflux_Gateway_for_Mattermost.md index 8000f3e3f..ee1e6c113 100644 --- a/docs/en/solutions/How_to_Deploy_Hyperflux_Gateway_for_Mattermost.md +++ b/docs/en/solutions/How_to_Deploy_Hyperflux_Gateway_for_Mattermost.md @@ -307,7 +307,7 @@ System Console -> User Management -> Permissions -> System Scheme 2. Under the **Posts / Manage Posts** group, enable: -- **Edit Posts (`edit_post`)** — required so the worker can edit its own placeholder post. +- **Edit Posts** (`edit_post`, the "edit your own posts" permission) — required so the worker can edit its own placeholder post. - **Edit Others' Posts (`edit_others_posts`)** if the placeholder author differs from the editor. - Confirm the permission is enabled for the role the bot belongs to (All Members, Channel Admin, and so on).