Skip to content

feat: expose CC and BCC recipients in message API#242

Merged
wesm merged 4 commits intowesm:mainfrom
danshapiro:expose-cc-bcc-in-api
Apr 7, 2026
Merged

feat: expose CC and BCC recipients in message API#242
wesm merged 4 commits intowesm:mainfrom
danshapiro:expose-cc-bcc-in-api

Conversation

@danshapiro
Copy link
Copy Markdown
Contributor

@danshapiro danshapiro commented Apr 3, 2026

Summary

  • The message_recipients table already stores cc and bcc recipient types from Gmail sync (215K CC rows, 4.5K BCC rows in production), but the API only returned to recipients
  • Adds cc and bcc fields to MessageSummary (omitted from JSON when empty)
  • Populates them via the existing batchGetRecipients / getRecipients helpers for both list and detail endpoints
  • Refactors ListMessages to use batchPopulate (like SearchMessages already does) to avoid duplicating batch-loading logic

Test plan

  • All existing tests pass (go test ./internal/store/... ./internal/api/...)
  • Verify CC/BCC appears in /api/v1/messages list response for messages with CC recipients
  • Verify CC/BCC appears in /api/v1/messages/{id} detail response
  • Verify messages without CC/BCC omit the fields (omitempty)

🤖 Generated with Claude Code

@claude
feat: expose CC and BCC recipients in message API responses
c6db1dc 
The message_recipients table already stores cc and bcc recipient types
from Gmail sync (215K CC rows, 4.5K BCC rows), but the API only
returned "to" recipients. This adds cc and bcc fields to
MessageSummary and populates them via the existing batchGetRecipients
and getRecipients helpers.

Also refactors ListMessages to use batchPopulate (like SearchMessages
already does) to avoid duplicating the batch-loading logic.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@roborev-ci
Copy link
Copy Markdown

roborev-ci bot commented Apr 3, 2026

roborev: Combined Review (c6db1dc)

Verdict: No medium-or-higher findings; the change looks clean.

The reviewed changes consistently appear to safely extend message API responses to include cc and bcc recipients in both single-message and batched retrieval paths, with no concrete correctness or security issues identified.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

wesm and others added 3 commits April 6, 2026 16:18
@wesm @claude
test: add tests for CC/BCC in message API responses
4c673b0 
Cover both store layer (GetMessage, ListMessages populate CC/BCC from
message_recipients) and API handler layer (CC/BCC present in JSON when
populated, omitted via omitempty when empty).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@wesm @claude
test: assert CC/BCC values and add BCC to ListMessages test
3c9edeb 
Address review findings: ListMessages test now exercises BCC path,
and CC assertions check actual email values (order-insensitive) instead
of only slice length.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@wesm @claude
test: use slices.Equal for exact CC assertion
4023c2c 
Sort + compare exact slices instead of set-membership checks, which
would not catch duplicate-address regressions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@roborev-ci
Copy link
Copy Markdown

roborev-ci bot commented Apr 7, 2026

roborev: Combined Review (4023c2c)

Verdict: No medium-or-higher issues found in this change.

The reviewed changes add cc/bcc recipient exposure to message API responses and update retrieval/test coverage accordingly. Across the combined reviews, no Medium, High, or Critical findings were identified.

Residual note: exposing bcc is an intentional API-surface change, so its sensitivity still depends on the existing authentication/authorization model rather than any new control introduced here.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@wesm wesm merged commit b2e89c6 into wesm:main Apr 7, 2026
4 checks passed
@danshapiro
Copy link
Copy Markdown
Contributor Author

danshapiro commented Apr 7, 2026 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@danshapiro @wesm