MM-68364: Truncate oversized GitHub plugin DM posts to avoid silent drops

[nang2049]

Summary

This PR truncates the message body in the central CreateBotDMPost helper before sending. The cap uses model.PostMessageMaxRunesV2 to preserve UTF-8 boundaries and truncated messages get a _… message truncated_ marker so users know to check GitHub for the full content.

Ticket Link

https://mattermost.atlassian.net/browse/MM-68364

Change Impact: 🟡 Medium

Reasoning: The change introduces truncation logic to a widely-used central utility function (CreateBotDMPost) that handles GitHub webhook notifications and event-triggered DM messages. While the modification is backward-compatible and well-tested, its broad usage across notification flows and potential impact on user-facing messaging necessitates medium-level scrutiny.

Regression Risk: Low-to-Medium. The truncation logic only activates when messages exceed model.PostMessageMaxRunesV2; shorter messages pass through unchanged. The function signature remains identical, so callers are unaffected. However, the change affects every DM post created by the plugin (webhook notifications, account management notifications, API responses), and incorrect truncation or UTF-8 boundary violations could silently alter message content. The new test coverage for truncatePostMessage mitigates this with explicit tests for multibyte characters and rune boundary preservation.

QA Recommendation: Manual testing should verify that: (1) oversized GitHub webhook messages (e.g., long issue descriptions, PR review comments) are properly truncated with the marker and remain readable, (2) multibyte UTF-8 characters (emojis, non-Latin scripts) are not corrupted during truncation, and (3) normal-sized messages are unaffected. Automated test coverage is good; manual QA can be brief and focused on message boundary cases. Rollback risk is low due to backward compatibility.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: efd1775a-c71f-4d8d-903c-4c91bbecef32

📥 Commits

Reviewing files that changed from the base of the PR and between c1fde58 and 18a5bfc.

📒 Files selected for processing (2)

• server/plugin/plugin.go
• server/plugin/plugin_test.go

---

📝 Walkthrough

Walkthrough

This PR adds message truncation to bot direct messages. When a bot DM exceeds model.PostMessageMaxRunesV2 runes, the plugin now truncates it and appends a truncation marker ("\n\n_… message truncated_"). A new truncatePostMessage helper provides rune-safe truncation, with tests verifying behavior across message lengths and UTF-8 boundaries.

Changes

Message Truncation for Bot DMs

Layer / File(s)	Summary
Core Implementation server/plugin/plugin.go (lines 18, 971–985)	Added truncatePostMessage(message string) string helper that uses utf8.RuneCountInString to detect oversized messages, returns the original if within limits, and truncates to fit with a truncation marker appended. Imported unicode/utf8 for rune-safe counting.
Integration server/plugin/plugin.go (lines 961–963)	Updated CreateBotDMPost to call truncatePostMessage(message) before setting post.Message, ensuring all bot DM content is truncated when needed.
Tests server/plugin/plugin_test.go (lines 6–10, 379–408)	Added imports for strings and unicode/utf8. Added TestTruncatePostMessage with subtests covering short messages (unchanged), exact-limit messages (unchanged), oversized ASCII (verifies rune bound and truncation suffix), and oversized multibyte (verifies rune bound, UTF-8 validity, and suffix).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🐰 Whiskers twitch—another message flies,
Too many runes! We truncate with sighs,
Snip, snip—and a marker appears:
"… message truncated"—all cheers! ✂️✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: implementing message truncation for GitHub plugin DM posts to prevent silent drops, which directly aligns with the changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch MM-68364-truncate-long-dm-posts

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[avasconcelos114]

Great improvement 👍 👍