Two new workspace-level ability flags (broadcast_enabled, talk_to_user_enabled)
with full backend enforcement, MCP tool, and canvas UI:
- Migration: adds broadcast_enabled (default false) and talk_to_user_enabled
(default true) columns to workspaces table
- PATCH /workspaces/:id/abilities (AdminAuth) toggles either flag independently
- POST /workspaces/:id/broadcast (WorkspaceAuth) fans out a broadcast_receive
activity_log entry + WS BROADCAST_MESSAGE event to all non-removed peers;
requires broadcast_enabled=true on the sender
- AgentMessageWriter checks talk_to_user_enabled; returns ErrTalkToUserDisabled
which surfaces as HTTP 403 on /notify and the send_message_to_user MCP tool
- broadcast_message MCP tool added to registry + a2a_tools_messaging.py
- Canvas ChatTab shows "Agent is not enabled to chat with you" banner with
Enable button when talkToUserEnabled=false on the workspace node
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
hongming-codex-laptop
026d1c5fae