fix: enable readfile liquid tag in workflow args

src/config.ts

@@ -550,6 +550,13 @@
       const results = await registry.import(source, { basePath, validate: true });
       for (const result of results) {
         if (!result.valid && result.errors) {
+          // Check if error is just "already exists" - skip silently
+          // This allows multiple workflows to import the same dependency
+          const isAlreadyExists = result.errors.every(e => e.message.includes('already exists'));
+          if (isAlreadyExists) {
+            logger.debug(`Workflow from '${source}' already imported, skipping`);
+            continue;
+          }
           const errors = result.errors.map(e => `  ${e.path}: ${e.message}`).join('\n');
           throw new Error(`Failed to import workflow from '${source}':\n${errors}`);
         }

src/frontends/slack-frontend.ts

@@ -93,6 +93,8 @@
         const ev = (env && env.payload) || env;
         // For chat-style AI checks, post direct replies into the Slack thread
         await this.maybePostDirectReply(ctx, ev.checkId, ev.result).catch(() => {});
+        // Post execution failure notices when a check completes with fatal issues
+        await this.maybePostExecutionFailure(ctx, ev.checkId, ev.result).catch(() => {});
       })
     );
     this.subs.push(
@@ -260,7 +262,6 @@
     checkId?: string
   ): Promise<void> {
     if (this.errorNotified) return;
-    if (!this.isTelemetryEnabled(ctx)) return;
     const slack = this.getSlack(ctx);
     if (!slack) return;
     const payload = this.getInboundSlackPayload(ctx);
@@ -273,9 +274,11 @@
     if (checkId) text += `\nCheck: ${checkId}`;
     if (message) text += `\n${message}`;
 
-    const traceInfo = this.getTraceInfo();
-    if (traceInfo?.traceId) {
-      text += `\n\n\`trace_id: ${traceInfo.traceId}\``;
+    if (this.isTelemetryEnabled(ctx)) {
+      const traceInfo = this.getTraceInfo();
+      if (traceInfo?.traceId) {
+        text += `\n\n\`trace_id: ${traceInfo.traceId}\``;
+      }
     }
 
     const formattedText = formatSlackText(text);
@@ -288,17 +291,55 @@
     this.errorNotified = true;
   }
 
+  private isExecutionFailureIssue(issue: any): boolean {
+    const ruleId = String(issue?.ruleId || '');
+    const msg = String(issue?.message || '');
+    const msgLower = msg.toLowerCase();
+    return (
+      ruleId.endsWith('/error') ||
+      ruleId.includes('/execution_error') ||
+      ruleId.includes('timeout') ||
+      ruleId.includes('sandbox_runner_error') ||
+      msgLower.includes('timed out') ||
+      msg.includes('Command execution failed')
+    );
+  }
+
+  private async maybePostExecutionFailure(
+    ctx: FrontendContext,
+    checkId: string,
+    result: { issues?: any[] }
+  ): Promise<void> {
+    try {
+      if (this.errorNotified) return;
+      const cfg: any = ctx.config || {};
+      const checkCfg: any = cfg.checks?.[checkId];
+      if (!checkCfg) return;
+      if (checkCfg.criticality === 'internal') return;
+      const issues = (result as any)?.issues;
+      if (!Array.isArray(issues) || issues.length === 0) return;
+
+      const failureIssue = issues.find(issue => this.isExecutionFailureIssue(issue));
+      if (!failureIssue) return;
+
+      const msg =
+        typeof failureIssue.message === 'string' && failureIssue.message.trim().length > 0
+          ? failureIssue.message.trim()
+          : `Execution failed (${String(failureIssue.ruleId || 'unknown')})`;
+      await this.maybePostError(ctx, 'Check failed', msg, checkId);
+    } catch {}
+  }
+
   private async ensureAcknowledgement(ctx: FrontendContext): Promise<void> {
     if (this.acked) return;
     const ref = this.getInboundSlackEvent(ctx);
     if (!ref) return;
     const slack = this.getSlack(ctx);
     if (!slack) return;
-    // Skip ack for bot messages to avoid loops
+    // Skip ack for our own bot messages to avoid loops (allow other bots)
     try {
       const payload = this.getInboundSlackPayload(ctx);
       const ev: any = payload?.event;
-      if (ev?.subtype === 'bot_message') return;
       // If we can resolve bot user id, skip if the sender is the bot
       try {
         const botId = await slack.getBotUserId?.();

src/index.ts

@@ -516,12 +516,13 @@ async function handleEvent(
   }
 
   // Check if this is a bot comment that we should skip
+  // Only skip Visor's own bot accounts and comments with Visor markers
+  // Allow other bots to trigger Visor for integration purposes
   const comment: CommentLike | undefined = context.event?.comment;
   const shouldSkipBotComment =
     comment &&
     (comment.user?.login === 'visor[bot]' ||
       comment.user?.login === 'github-actions[bot]' ||
-      comment.user?.type === 'Bot' ||
       (comment.body && comment.body.includes('<!-- visor-comment-id:')));
 
   // Extract context for reactions
@@ -984,11 +985,9 @@ async function handleIssueComment(
   }
 
   // Prevent recursion: skip if comment is from visor itself
-  // Check both comment author && content markers
+  // Only skip Visor's own bot accounts, allow other bots to trigger Visor
   const isVisorBot =
-    comment.user?.login === 'visor[bot]' ||
-    comment.user?.login === 'github-actions[bot]' ||
-    comment.user?.type === 'Bot';
+    comment.user?.login === 'visor[bot]' || comment.user?.login === 'github-actions[bot]';
 
   const hasVisorMarkers =
     comment.body &&

src/providers/command-check-provider.ts

@@ -1145,6 +1145,12 @@
           isTimeout = true;
         }
       }
+      // Fallback: detect timeout based on error message text
+      if (!isTimeout && error instanceof Error) {
+        if (/timed out/i.test(error.message)) {
+          isTimeout = true;
+        }
+      }
 
       // Extract stderr from the error if available (child_process errors include stdout/stderr)
       let stderrOutput = '';

src/providers/workflow-check-provider.ts

@@ -13,6 +13,7 @@
 import { generateHumanId } from '../utils/human-id';
 // eslint-disable-next-line no-restricted-imports -- needed for Liquid type
 import { Liquid } from 'liquidjs';
+import { createExtendedLiquid } from '../liquid-extensions';
 
 /**
  * Provider that executes workflows as checks
@@ -26,7 +27,7 @@
     super();
     this.registry = WorkflowRegistry.getInstance();
     this.executor = new WorkflowExecutor();
-    this.liquid = new Liquid();
+    this.liquid = createExtendedLiquid();
   }
 
   getName(): string {
@@ -792,26 +793,26 @@
     if (rawData.imports && Array.isArray(rawData.imports)) {
       const configDir = path.dirname(resolved);
       for (const source of rawData.imports) {
-        try {
-          const results = await this.registry.import(source, {
-            basePath: configDir,
-            validate: true,
-          });
-          for (const result of results) {
-            if (!result.valid && result.errors) {
-              const errors = result.errors.map((e: any) => `  ${e.path}: ${e.message}`).join('\n');
-              throw new Error(`Failed to import workflow from '${source}':\n${errors}`);
+        const results = await this.registry.import(source, {
+          basePath: configDir,
+          validate: true,
+        });
+        for (const result of results) {
+          if (!result.valid && result.errors) {
+            // Check if error is just "already exists" - skip silently
+            // This allows multiple workflows to import the same dependency
+            const isAlreadyExists = result.errors.every((e: any) =>
+              e.message.includes('already exists')
+            );
+            if (isAlreadyExists) {
+              logger.debug(`Workflow from '${source}' already imported, skipping`);
+              continue;
             }
-          }
-          logger.info(`Imported workflows from: ${source}`);
-        } catch (err: any) {
-          // If the workflow already exists, log a warning but don't fail
-          if (err.message?.includes('already exists')) {
-            logger.debug(`Workflow from '${source}' already imported, skipping`);
-          } else {
-            throw err;
+            const errors = result.errors.map((e: any) => `  ${e.path}: ${e.message}`).join('\n');
+            throw new Error(`Failed to import workflow from '${source}':\n${errors}`);
           }
         }
+        logger.info(`Imported workflows from: ${source}`);
       }
     }
 

src/slack/socket-runner.ts

@@ -165,22 +165,46 @@
 
   private async handleMessage(raw: string): Promise<void> {
     let env: any;
     try {
       env = JSON.parse(raw);
     } catch {
+      if (process.env.VISOR_DEBUG === 'true') {
+        logger.debug('[SlackSocket] Dropping non-JSON payload');
+      }
       return;
     }
     if (env.type === 'hello') return;
     if (env.envelope_id) this.send({ envelope_id: env.envelope_id }); // ack ASAP
-    if (env.type !== 'events_api' || !env.payload) return;
+    if (env.type !== 'events_api' || !env.payload) {
+      if (process.env.VISOR_DEBUG === 'true') {
+        logger.debug(`[SlackSocket] Dropping non-events payload: type=${String(env.type || '-')}`);
+      }
+      return;
+    }
     const p = env.payload;
     const ev = p.event || {};
     const type = ev.type as string;
+    const subtype = ev.subtype as string | undefined;
+
+    // Ensure botUserId is available for mention detection when possible
+    try {
+      await this.ensureClient();
+    } catch {}
 
-    // Ignore bot messages and edited/changed events to prevent loops
-    if (ev.subtype && ev.subtype !== 'thread_broadcast') return;
-    if (ev.bot_id) return;
-    if (this.botUserId && ev.user && String(ev.user) === String(this.botUserId)) return;
+    // Ignore edited/changed events to prevent loops
+    if (subtype && subtype !== 'thread_broadcast' && subtype !== 'bot_message') {
+      if (process.env.VISOR_DEBUG === 'true') {
+        logger.debug(`[SlackSocket] Dropping subtype=${subtype}`);
+      }
+      return;
+    }
+    // Only skip our own bot messages, allow other bots to trigger Visor
+    if (this.botUserId && ev.user && String(ev.user) === String(this.botUserId)) {
+      if (process.env.VISOR_DEBUG === 'true') {
+        logger.debug('[SlackSocket] Dropping self-bot message');
+      }
+      return;
+    }
 
     // Info-level receipt log for observability
     try {
@@ -196,30 +220,62 @@
     } catch {}
 
     // Gating: mentions / DM vs channel
     const channelId = String(ev.channel || '');
-    const isDmLike = channelId.startsWith('D') || channelId.startsWith('G');
+    // Only treat 1:1 DMs (D*) as DM-like; private channels/MPIMs (G*) require mentions.
+    const isDmLike = channelId.startsWith('D');
+    const text = String(ev.text || '');
+    const hasBotMention = !!this.botUserId && text.includes(`<@${String(this.botUserId)}>`);
 
-    // In public channels (C*), only react to app_mention events so we don't
-    // trigger on every message in a thread. In DMs/MPIMs we allow plain
-    // message events when mentions=all.
+    // In public (C*) and private (G*) channels, require an explicit bot mention
+    // so we don't trigger on every message in a thread.
+    // In 1:1 DMs we allow plain message events when mentions=all.
     if (!isDmLike) {
-      if (type !== 'app_mention') return;
+      if (!hasBotMention) {
+        if (process.env.VISOR_DEBUG === 'true') {
+          logger.debug(
+            `[SlackSocket] Dropping channel message: type=${type} hasBotMention=${hasBotMention}`
+          );
+        }
+        return;
+      }
     } else {
-      if (this.mentions === 'direct' && type !== 'app_mention') return;
+      if (this.mentions === 'direct' && type !== 'app_mention' && !hasBotMention) {
+        if (process.env.VISOR_DEBUG === 'true') {
+          logger.debug(
+            `[SlackSocket] Dropping DM message: type=${type} hasBotMention=${hasBotMention}`
+          );
+        }
+        return;
+      }
     }
     // Gating: threads (accept root messages by treating ts as thread root)
     const rootOrThread = ev.thread_ts || ev.ts || ev.event_ts;
-    if (this.threads === 'required' && !rootOrThread) return;
+    if (this.threads === 'required' && !rootOrThread) {
+      if (process.env.VISOR_DEBUG === 'true') {
+        logger.debug('[SlackSocket] Dropping message: threads required but no thread_ts');
+      }
+      return;
+    }
     // channel allowlist
-    if (!this.matchesAllowlist(ev.channel)) return;
+    if (!this.matchesAllowlist(ev.channel)) {
+      if (process.env.VISOR_DEBUG === 'true') {
+        logger.debug(`[SlackSocket] Dropping message: channel not in allowlist`);
+      }
+      return;
+    }
 
     // Deduplicate duplicate events (e.g., message + app_mention with same ts)
     try {
       const key = `${String(ev.channel || '-')}:${String(ev.ts || ev.event_ts || '-')}`;
       const now = Date.now();
       for (const [k, t] of this.processedKeys.entries())
         if (now - t > 10000) this.processedKeys.delete(k);
-      if (this.processedKeys.has(key)) return;
+      if (this.processedKeys.has(key)) {
+        if (process.env.VISOR_DEBUG === 'true') {
+          logger.debug(`[SlackSocket] Dropping duplicate event key=${key}`);
+        }
+        return;
+      }
       this.processedKeys.set(key, now);
     } catch {}
 

src/state-machine/dispatch/stats-manager.ts

@@ -9,6 +9,7 @@
     return (
       ruleId.endsWith('/error') ||
       ruleId.includes('/execution_error') ||
+      ruleId.includes('timeout') ||
       ruleId.endsWith('_fail_if')
     );
   });

src/state-machine/states/level-dispatch.ts

@@ -966,6 +966,7 @@
         return (
           ruleId.endsWith('/error') || // System errors
           ruleId.includes('/execution_error') || // Command failures
+          ruleId.includes('timeout') || // Timeouts
           ruleId.endsWith('_fail_if') // fail_if triggered
         );
       });
@@ -1112,6 +1113,7 @@
               return (
                 ruleId.endsWith('/error') ||
                 ruleId.includes('/execution_error') ||
+                ruleId.includes('timeout') ||
                 ruleId.endsWith('_fail_if')
               );
             });
@@ -2912,6 +2914,7 @@
  * Fatal issues are those indicating the check itself failed to execute properly:
  * - ruleId ends with '/error' (system errors, exceptions)
  * - ruleId contains '/execution_error' (command failures)
+ * - ruleId contains 'timeout' (timeouts)
  * - ruleId ends with '_fail_if' (fail_if condition triggered)
  *
  * Regular error/critical severity issues (e.g., security vulnerabilities found in code)
@@ -2928,6 +2931,7 @@
     return (
       ruleId.endsWith('/error') || // System errors
       ruleId.includes('/execution_error') || // Command failures
+      ruleId.includes('timeout') || // Timeouts
       (ruleId.endsWith('_fail_if') && ruleId !== 'global_fail_if') // check-level fail_if only
     );
   });
@@ -2995,6 +2999,7 @@
       return (
         ruleId.endsWith('/error') || // System errors, exceptions
         ruleId.includes('/execution_error') || // Command failures
+        ruleId.includes('timeout') || // Timeouts
         (ruleId.endsWith('_fail_if') && ruleId !== 'global_fail_if') // check-level fail_if only
       );
     });
@@ -3129,7 +3134,7 @@
     }
 
     // Use extended Liquid with our custom filters/tags
     const liquid = createExtendedLiquid({
       trimTagLeft: false,
       trimTagRight: false,
       trimOutputLeft: false,