fix: remove visitor token from visitors.info endpoint

[dionisio-bot]

Backport of #40501

[changeset-bot]

🦋 Changeset detected

Latest commit: 1a2d36c

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 40 packages

Name	Type
@rocket.chat/meteor	Patch
@rocket.chat/core-typings	Patch
@rocket.chat/rest-typings	Patch
@rocket.chat/uikit-playground	Patch
@rocket.chat/api-client	Patch
@rocket.chat/apps	Patch
@rocket.chat/core-services	Patch
@rocket.chat/cron	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/fuselage-ui-kit	Patch
@rocket.chat/gazzodown	Patch
@rocket.chat/http-router	Patch
@rocket.chat/livechat	Patch
@rocket.chat/model-typings	Patch
@rocket.chat/ui-avatar	Patch
@rocket.chat/ui-client	Patch
@rocket.chat/ui-contexts	Patch
@rocket.chat/ui-voip	Patch
@rocket.chat/web-ui-registration	Patch
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/abac	Patch
@rocket.chat/federation-matrix	Patch
@rocket.chat/license	Patch
@rocket.chat/media-calls	Patch
@rocket.chat/omnichannel-services	Patch
@rocket.chat/pdf-worker	Patch
@rocket.chat/presence	Patch
rocketchat-services	Patch
@rocket.chat/models	Patch
@rocket.chat/network-broker	Patch
@rocket.chat/omni-core-ee	Patch
@rocket.chat/mock-providers	Patch
@rocket.chat/ui-video-conf	Patch
@rocket.chat/instance-status	Patch
@rocket.chat/omni-core	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[cubic-dev-ai]

1 issue found across 3 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="apps/meteor/app/livechat/server/api/lib/visitors.ts">

<violation number="1" location="apps/meteor/app/livechat/server/api/lib/visitors.ts:9">
P2: Excluding `token` here changes the endpoint response shape, but the typed contract still returns `ILivechatVisitor` (which requires `token`). Update the REST response type for `/v1/livechat/visitors.info` to match the projected data.

(Based on your team's feedback about keeping API typings aligned with runtime endpoint behavior.) [FEEDBACK_USED]</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Re-trigger cubic}

[cubic-dev-ai]

P2: Excluding token here changes the endpoint response shape, but the typed contract still returns ILivechatVisitor (which requires token). Update the REST response type for /v1/livechat/visitors.info to match the projected data.

(Based on your team's feedback about keeping API typings aligned with runtime endpoint behavior.)

View Feedback

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At apps/meteor/app/livechat/server/api/lib/visitors.ts, line 9:

<comment>Excluding `token` here changes the endpoint response shape, but the typed contract still returns `ILivechatVisitor` (which requires `token`). Update the REST response type for `/v1/livechat/visitors.info` to match the projected data.

(Based on your team's feedback about keeping API typings aligned with runtime endpoint behavior.) </comment>

<file context>
@@ -6,7 +6,7 @@ import { callbacks } from '../../../../../server/lib/callbacks';
 
 export async function findVisitorInfo({ visitorId }: { visitorId: IVisitor['_id'] }) {
-	const visitor = await LivechatVisitors.findOneEnabledById(visitorId);
+	const visitor = await LivechatVisitors.findOneEnabledById(visitorId, { projection: { token: 0 } });
 	if (!visitor) {
 		throw new Error('visitor-not-found');
</file context>

[github-actions]

📦 Docker Image Size Report

📈 Changes

Service	Current	Baseline	Change	Percent
sum of all images	1.1GiB	1.1GiB	+1.3MiB
rocketchat	357MiB	295MiB	+62MiB
omnichannel-transcript-service	132MiB	143MiB	-12MiB
queue-worker-service	132MiB	143MiB	-12MiB
ddp-streamer-service	126MiB	136MiB	-9.8MiB
account-service	113MiB	121MiB	-8.4MiB
authorization-service	111MiB	121MiB	-11MiB
presence-service	111MiB	120MiB	-9.8MiB

📊 Historical Trend

---
config:
  theme: "dark"
  xyChart:
    width: 900
    height: 400
---
xychart
  title "Image Size Evolution by Service (Last 30 Days + This PR)"
  x-axis ["04/07 23:08", "04/08 22:53", "04/09 21:19", "04/10 19:00", "04/13 20:49", "04/14 21:34", "04/15 23:36", "04/16 23:06", "04/17 23:54", "04/20 22:03", "04/21 02:43", "04/22 23:32", "04/23 19:23", "04/24 20:12", "04/27 21:07", "04/28 17:53", "04/29 23:30", "04/30 21:58", "05/01 03:17", "05/04 23:47", "05/05 23:54", "05/06 23:38", "05/07 19:16", "05/08 23:25", "05/11 23:38", "05/12 20:56", "05/13 20:48", "05/14 22:19", "05/15 20:08", "05/16 03:18", "05/16 15:03 (PR)"]
  y-axis "Size (GB)" 0 --> 0.5
  line "account-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.11]
  line "authorization-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.11]
  line "ddp-streamer-service" [0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.12]
  line "omnichannel-transcript-service" [0.13, 0.13, 0.13, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.13]
  line "presence-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.11]
  line "queue-worker-service" [0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.14, 0.13]
  line "rocketchat" [0.40, 0.31, 0.31, 0.31, 0.31, 0.31, 0.32, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.29, 0.35]

Loading

Statistics (last 30 days):

• 📊 Average: 1.4GiB
• ⬇️ Minimum: 1.4GiB
• ⬆️ Maximum: 1.6GiB
• 🎯 Current PR: 1.1GiB

ℹ️ About this report

This report compares Docker image sizes from this build against the develop baseline.

• Tag: pr-40581
• Baseline: develop
• Timestamp: 2026-05-16 15:03:49 UTC
• Historical data points: 30

---

Updated: Sat, 16 May 2026 15:03:50 GMT

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (release-8.0.6@77cf99b). Learn more about missing BASE report.

Additional details and impacted files

@@               Coverage Diff                @@
##             release-8.0.6   #40581   +/-   ##
================================================
  Coverage                 ?   70.71%           
================================================
  Files                    ?     3168           
  Lines                    ?   109517           
  Branches                 ?    19639           
================================================
  Hits                     ?    77448           
  Misses                   ?    30031           
  Partials                 ?     2038           

Flag	Coverage Δ
e2e	60.20% <ø> (?)
e2e-api	47.59% <ø> (?)
unit	71.80% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.