t1385.10: Add Nextcloud Talk bot integration subagent

[marcusquinn]

Summary

• Adds .agents/services/communications/nextcloud-talk.md covering the Nextcloud Talk Bot API (webhook-based, OCC CLI registration)
• Covers: DM/room messaging, reactions, markdown support, webhook configuration with HMAC-SHA256 verification, access control via Nextcloud user ID allowlists, runner dispatch integration, and native Matterbridge bridging
• Privacy/security section: self-hosted data sovereignty, E2E encryption for 1:1 calls, no third-party metadata collection, self-hosted push proxy option, AGPL-3.0 open-source

Closes #2757

[coderabbitai]

Warning

Rate limit exceeded

@alex-solovyev has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 29 minutes and 26 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 7e385b9 and 446034936480fa4f467f06d925f3bb1280d69a97.

📒 Files selected for processing (3)

• .agents/AGENTS.md
• .agents/services/communications/nextcloud-talk.md
• .agents/subagent-index.toon

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/nextcloud-talk-doc

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 113 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Tue Mar 3 04:59:42 UTC 2026: Code review monitoring started
Tue Mar 3 04:59:42 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 113

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 113
• VULNERABILITIES: 0

Generated on: Tue Mar 3 04:59:45 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request adds a new subagent for integrating with Nextcloud Talk bots. It provides detailed documentation and configuration instructions for setting up a bot that can interact with Nextcloud Talk through webhooks, offering features like messaging, reactions, and integration with other services like Matterbridge. The subagent emphasizes privacy and security by leveraging Nextcloud's self-hosting capabilities and encryption options.

Highlights

• New Subagent: Introduces a new subagent for Nextcloud Talk bot integration, enabling interaction with Nextcloud Talk via a webhook-based Bot API.
• Key Features: Covers DM/room messaging, reactions, markdown support, webhook configuration with HMAC-SHA256 verification, access control via Nextcloud user ID allowlists, runner dispatch integration, and native Matterbridge bridging.
• Privacy and Security: Highlights self-hosted data sovereignty, E2E encryption for 1:1 calls, no third-party metadata collection, self-hosted push proxy option, and AGPL-3.0 open-source licensing.

Changelog

• .agents/services/communications/nextcloud-talk.md
  • Added documentation for Nextcloud Talk bot integration subagent.

Activity

• The pull request introduces a new documentation file detailing the setup and configuration of a Nextcloud Talk bot integration.
• The documentation covers bot registration, webhook configuration, message formatting, access control, runner dispatch integration, and Matterbridge integration.
• It also includes sections on privacy, security, and troubleshooting.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[gemini-code-assist]

Code Review

This pull request introduces a new subagent definition for Nextcloud Talk integration. The documentation is comprehensive, covering architecture, setup, security, and usage examples. My review focuses on improving the robustness of the provided bash script examples. I've suggested changes to the signature verification and user allowlist functions to make them more resilient to edge cases and safer in practice.

_{Note: Security Review has been skipped due to the limited scope of the PR.}

[gemini-code-assist]

The use of awk '{print $2}' to extract the HMAC signature is a bit fragile as it assumes the signature will always be the second space-separated field in the openssl dgst output. While this is often true, the output format can vary between openssl versions or configurations. A more robust approach is to extract the last field, for instance using sed 's/.* //' which will work regardless of the number of fields before the signature.

Suggested change

	expected=$(printf '%s%s' "$random_header" "$body" | openssl dgst -sha256 -hmac "$secret" -hex | awk '{print $2}')
	expected=$(printf '%s%s' "$random_header" "$body" | openssl dgst -sha256 -hmac "$secret" -hex | sed 's/.* //')

[gemini-code-assist]

The current implementation of check_allowed uses a for loop over a space-separated string, which relies on word splitting. This is not fully robust as it could fail if user IDs contain spaces or other characters present in IFS. A safer and more concise method is to check for the substring within a comma-delimited list. This avoids word splitting issues and also prevents partial matches (e.g., a user 'dev' matching 'developer1'). The function's exit code will correctly reflect the result of the check.

Suggested change

	check_allowed() {
	local sender="$1"
	local user
	for user in ${ALLOWED_USERS//,/ }; do
	if [ "$user" = "$sender" ]; then
	return 0
	fi
	done
	return 1
	}
	check_allowed() {
	local sender="$1"
	# This safely checks if the sender is in the comma-separated ALLOWED_USERS list.
	[[ ",${ALLOWED_USERS}," == *",${sender},"* ]]
	}

[alex-solovyev]

This PR was superseded by the batch merge in PR #2771 (feat: t1385 — add 11 chat platform integration agents), which merged all the content from this branch. Closing as the content is already in main.