fix(signal): align validation rules and add toggle_platform support

Frontend validation (ChannelSettingCard.tsx):
- Update E.164 regex to /^\+[1-9]\d{5,13}$/ for true E.164 compliance
- Enforce 7-15 digits total (6-14 after '+'), first digit 1-9
- Update error message and help text to reflect correct range

Backend validation (target.rs):
- Change is_valid_e164 to require 6-14 digits after '+' (7-15 total)
- normalize_signal_target: Reuse is_valid_e164() for bare digit validation
- parse_signal_target_parts: Add empty segment checks to all match arms
  - Reject empty uuid, group_id, phone, instance, or single segments
  - Prevents invalid targets like 'uuid:' or 'signal:work:'

API state (state.rs):
- Add signal_permissions field to ApiState
- Add set_signal_permissions() method for hot-reload support

toggle_platform (messaging.rs):
- Add Signal case to toggle_platform for runtime adapter start/stop
- Support both default and named Signal instances
- Update existing ArcSwap pointee instead of creating new one when permissions exist

send_message_to_another_channel:
- parse_implicit_signal_shorthand: Use is_valid_e164() for strict validation
- Add specific error messages for each validation failure case
- Add early error for ambiguous Signal adapter selection when multiple
  named instances exist without a default, preventing broadcast() failure
- Fix adapter resolution to distinguish default 'signal' from named adapters

Tests (messaging.rs):
- Update E.164 tests for 6-14 digit range (7-15 total)

Author: ibhagwan

interface/src/components/ChannelSettingCard.tsx

@@ -648,12 +648,12 @@ export function AddInstanceCard({platform, isDefault, onCancel, onCreated}: AddI
 				setMessage({text: "Account phone number is required", type: "error"});
 				return;
 			}
-			// Basic E.164 validation (frontend)
+			// Basic E.164 validation (frontend) - match backend rules
 			const account = credentialInputs.signal_account.trim();
-			const e164Regex = /^\+\d{7,}$/;
+			const e164Regex = /^\+[1-9]\d{5,13}$/;
 			if (!e164Regex.test(account)) {
 				setMessage({
-					text: "Account must be in E.164 format: + followed by 7+ digits (e.g., +1234567890)",
+					text: "Account must be in E.164 format: + followed by 6-14 digits, first digit 1-9 (e.g., +1234567890)",
 					type: "error"
 				});
 				return;
@@ -973,7 +973,7 @@ export function AddInstanceCard({platform, isDefault, onCancel, onCreated}: AddI
 								onKeyDown={(e) => { if (e.key === "Enter") handleSave(); }}
 							/>
 							<p className="mt-1 text-xs text-ink-faint">
-								Your Signal phone number in E.164 format (+ followed by 7+ digits)
+								Your Signal phone number in E.164 format (+ followed by 6-14 digits)
 							</p>
 						</div>
 					</>

src/api/messaging.rs

@@ -34,6 +34,7 @@ pub(super) struct MessagingStatusResponse {
     email: PlatformStatus,
     webhook: PlatformStatus,
     twitch: PlatformStatus,
+    signal: PlatformStatus,
     instances: Vec<AdapterInstanceStatus>,
 }
 
@@ -194,7 +195,9 @@ pub(super) async fn messaging_status(
 ) -> Result<Json<MessagingStatusResponse>, StatusCode> {
     let config_path = state.config_path.read().await.clone();
 
-    let (discord, slack, telegram, email, webhook, twitch, instances) = if config_path.exists() {
+    let (discord, slack, telegram, email, webhook, twitch, signal, instances) = if config_path
+        .exists()
+    {
         let content = tokio::fs::read_to_string(&config_path)
             .await
             .map_err(|error| {
@@ -519,7 +522,7 @@ pub(super) async fn messaging_status(
             });
 
         // Signal status and instances
-        let _signal_status = doc
+        let signal_status = doc
             .get("messaging")
             .and_then(|m| m.get("signal"))
             .map(|s| {
@@ -592,6 +595,7 @@ pub(super) async fn messaging_status(
             email_status,
             webhook_status,
             twitch_status,
+            signal_status,
             instances,
         )
     } else {
@@ -605,7 +609,8 @@ pub(super) async fn messaging_status(
             default.clone(),
             default.clone(),
             default.clone(),
-            default,
+            default.clone(),
+            default.clone(),
             Vec::new(),
         )
     };
@@ -617,6 +622,7 @@ pub(super) async fn messaging_status(
         email,
         webhook,
         twitch,
+        signal,
         instances,
     }))
 }
@@ -1161,6 +1167,76 @@ pub(super) async fn toggle_platform(
                         }
                     }
                 }
+                "signal" => {
+                    if let Some(signal_config) = &new_config.messaging.signal {
+                        if !signal_config.http_url.is_empty() && !signal_config.account.is_empty() {
+                            let permissions = {
+                                let perms_guard = state.signal_permissions.read().await;
+                                match perms_guard.as_ref() {
+                                    Some(existing) => {
+                                        // Update existing ArcSwap pointee
+                                        let perms = crate::config::SignalPermissions::from_config(
+                                            signal_config,
+                                        );
+                                        existing.store(std::sync::Arc::new(perms));
+                                        existing.clone()
+                                    }
+                                    None => {
+                                        drop(perms_guard);
+                                        let perms = crate::config::SignalPermissions::from_config(
+                                            signal_config,
+                                        );
+                                        let arc_swap = std::sync::Arc::new(
+                                            arc_swap::ArcSwap::from_pointee(perms),
+                                        );
+                                        state.set_signal_permissions(arc_swap.clone()).await;
+                                        arc_swap
+                                    }
+                                }
+                            };
+                            let instance_dir = state.instance_dir.load();
+                            let tmp_dir = instance_dir.join("tmp");
+                            let adapter = crate::messaging::signal::SignalAdapter::new(
+                                "signal",
+                                &signal_config.http_url,
+                                &signal_config.account,
+                                signal_config.ignore_stories,
+                                permissions,
+                                tmp_dir,
+                            );
+                            if let Err(error) = manager.register_and_start(adapter).await {
+                                tracing::error!(%error, "failed to start signal adapter on toggle");
+                            }
+                        }
+
+                        for instance in signal_config
+                            .instances
+                            .iter()
+                            .filter(|instance| instance.enabled)
+                        {
+                            let runtime_key = crate::config::binding_runtime_adapter_key(
+                                "signal",
+                                Some(instance.name.as_str()),
+                            );
+                            let permissions = std::sync::Arc::new(arc_swap::ArcSwap::from_pointee(
+                                crate::config::SignalPermissions::from_instance_config(instance),
+                            ));
+                            let instance_dir = state.instance_dir.load();
+                            let tmp_dir = instance_dir.join("tmp");
+                            let adapter = crate::messaging::signal::SignalAdapter::new(
+                                runtime_key,
+                                &instance.http_url,
+                                &instance.account,
+                                instance.ignore_stories,
+                                permissions,
+                                tmp_dir,
+                            );
+                            if let Err(error) = manager.register_and_start(adapter).await {
+                                tracing::error!(%error, adapter = %instance.name, "failed to start named signal adapter on toggle");
+                            }
+                        }
+                    }
+                }
                 _ => {}
             }
         }
@@ -1877,20 +1953,20 @@ mod tests {
 
     #[test]
     fn test_is_valid_e164_valid_numbers() {
-        // Valid E.164 numbers (minimum 7 digits after +)
+        // Valid E.164 numbers (6-14 digits after +, 7-15 total)
         assert!(is_valid_e164("+1234567890"));
-        assert!(is_valid_e164("+1234567")); // Exactly 7 digits
+        assert!(is_valid_e164("+123456")); // Minimum: 6 digits after +
         assert!(is_valid_e164("+14155552671"));
-        assert!(is_valid_e164("+123456789012345")); // Many digits
+        assert!(is_valid_e164("+12345678901234")); // Maximum: 14 digits after +
     }
 
     #[test]
     fn test_is_valid_e164_invalid_numbers() {
         // Missing +
         assert!(!is_valid_e164("1234567890"));
 
-        // Too short (less than 7 digits)
-        assert!(!is_valid_e164("+123456"));
+        // Too short (less than 6 digits after +)
+        assert!(!is_valid_e164("+12345"));
         assert!(!is_valid_e164("+123"));
 
         // Empty or just +
@@ -1907,11 +1983,11 @@ mod tests {
         assert!(!is_valid_e164("+1234567890 "));
 
         // First digit is 0 (E.164 requires 1-9)
-        assert!(!is_valid_e164("+01234567"));
+        assert!(!is_valid_e164("+0123456"));
         assert!(!is_valid_e164("+01234567890"));
 
-        // Too long (more than 15 digits)
+        // Too long (more than 14 digits after +)
+        assert!(!is_valid_e164("+123456789012345"));
         assert!(!is_valid_e164("+1234567890123456"));
-        assert!(!is_valid_e164("+12345678901234567"));
     }
 }

src/api/state.rs

@@ -3,7 +3,9 @@
 use crate::agent::channel::ChannelState;
 use crate::agent::cortex_chat::CortexChatSession;
 use crate::agent::status::StatusBlock;
-use crate::config::{Binding, DefaultsConfig, DiscordPermissions, RuntimeConfig, SlackPermissions};
+use crate::config::{
+    Binding, DefaultsConfig, DiscordPermissions, RuntimeConfig, SignalPermissions, SlackPermissions,
+};
 use crate::conversation::worker_transcript::{ActionContent, TranscriptStep};
 use crate::cron::{CronStore, Scheduler};
 use crate::llm::LlmManager;
@@ -96,6 +98,8 @@ pub struct ApiState {
     pub discord_permissions: RwLock<Option<Arc<ArcSwap<DiscordPermissions>>>>,
     /// Shared reference to the Slack permissions ArcSwap (same instance used by the adapter and file watcher).
     pub slack_permissions: RwLock<Option<Arc<ArcSwap<SlackPermissions>>>>,
+    /// Shared reference to the Signal permissions ArcSwap (same instance used by the adapter and file watcher).
+    pub signal_permissions: RwLock<Option<Arc<ArcSwap<SignalPermissions>>>>,
     /// Shared reference to the bindings ArcSwap (same instance used by the main loop and file watcher).
     pub bindings: RwLock<Option<Arc<ArcSwap<Vec<Binding>>>>>,
     /// Shared messaging manager for runtime adapter addition.
@@ -316,6 +320,7 @@ impl ApiState {
             secrets_store: ArcSwap::from_pointee(None),
             discord_permissions: RwLock::new(None),
             slack_permissions: RwLock::new(None),
+            signal_permissions: RwLock::new(None),
             bindings: RwLock::new(None),
             messaging_manager: RwLock::new(None),
             provider_setup_tx,
@@ -786,6 +791,11 @@ impl ApiState {
         *self.slack_permissions.write().await = Some(permissions);
     }
 
+    /// Share the Signal permissions ArcSwap with the API so reads get hot-reloaded values.
+    pub async fn set_signal_permissions(&self, permissions: Arc<ArcSwap<SignalPermissions>>) {
+        *self.signal_permissions.write().await = Some(permissions);
+    }
+
     /// Share the bindings ArcSwap with the API so reads get hot-reloaded values.
     pub async fn set_bindings(&self, bindings: Arc<ArcSwap<Vec<Binding>>>) {
         *self.bindings.write().await = Some(bindings);

src/messaging/target.rs

@@ -275,12 +275,12 @@ fn normalize_email_target(raw_target: &str) -> Option<String> {
 /// Requirements:
 /// - Must start with '+'
 /// - First digit after '+' must be 1-9 (not 0)
-/// - Minimum 7 digits total
-/// - Maximum 15 digits total (E.164 standard)
+/// - Minimum 7 digits total (6 after '+')
+/// - Maximum 15 digits total (14 after '+', E.164 standard)
 /// - All characters after '+' must be ASCII digits
 pub fn is_valid_e164(phone: &str) -> bool {
     if let Some(digits) = phone.strip_prefix('+') {
-        if digits.len() < 7 || digits.len() > 15 {
+        if digits.len() < 6 || digits.len() > 14 {
             return false;
         }
         // First digit must be 1-9 (not 0)
@@ -334,9 +334,12 @@ fn normalize_signal_target(raw_target: &str) -> Option<String> {
         return Some(format!("uuid:{target}"));
     }
 
-    // Check if it's a bare phone number (7+ digits required for E.164)
-    if target.chars().all(|c| c.is_ascii_digit()) && target.len() >= 7 {
-        return Some(format!("+{target}"));
+    // Check if it's a bare phone number (E.164 format)
+    if target.chars().all(|c| c.is_ascii_digit()) {
+        let with_plus = format!("+{target}");
+        if is_valid_e164(&with_plus) {
+            return Some(with_plus);
+        }
     }
 
     None
@@ -400,60 +403,68 @@ fn extract_signal_adapter_from_channel_id(channel_id: &str) -> String {
 pub fn parse_signal_target_parts(parts: &[&str]) -> Option<BroadcastTarget> {
     match parts {
         // Default adapter: signal:uuid:xxx, signal:group:xxx, signal:e164:+xxx, signal:+xxx
-        ["uuid", uuid] => Some(BroadcastTarget {
+        ["uuid", uuid] if !uuid.is_empty() => Some(BroadcastTarget {
             adapter: "signal".to_string(),
             target: format!("uuid:{uuid}"),
         }),
-        ["group", group_id] => Some(BroadcastTarget {
+        ["group", group_id] if !group_id.is_empty() => Some(BroadcastTarget {
             adapter: "signal".to_string(),
             target: format!("group:{group_id}"),
         }),
         // Use normalize_signal_target for phone/e164 to ensure consistent parsing
-        ["e164", phone] => {
-            normalize_signal_target(&format!("e164:{phone}")).map(|target| BroadcastTarget {
+        ["e164", phone] if !phone.is_empty() => normalize_signal_target(&format!("e164:{phone}"))
+            .map(|target| BroadcastTarget {
                 adapter: "signal".to_string(),
                 target,
-            })
-        }
-        [phone] if phone.starts_with('+') => {
-            normalize_signal_target(phone).map(|target| BroadcastTarget {
+            }),
+        [phone] if phone.starts_with('+') && !phone.is_empty() => normalize_signal_target(phone)
+            .map(|target| BroadcastTarget {
+                adapter: "signal".to_string(),
+                target,
+            }),
+        // Single-part targets: delegate to normalize_signal_target for bare UUIDs/phones
+        [single] if !single.is_empty() => {
+            normalize_signal_target(single).map(|target| BroadcastTarget {
                 adapter: "signal".to_string(),
                 target,
             })
         }
-        // Single-part targets: delegate to normalize_signal_target for bare UUIDs/phones
-        [single] => normalize_signal_target(single).map(|target| BroadcastTarget {
-            adapter: "signal".to_string(),
-            target,
-        }),
         // Named adapter: signal:instance:uuid:xxx, signal:instance:group:xxx
-        [instance, "uuid", uuid] => Some(BroadcastTarget {
-            adapter: format!("signal:{instance}"),
-            target: format!("uuid:{uuid}"),
-        }),
-        [instance, "group", group_id] => Some(BroadcastTarget {
-            adapter: format!("signal:{instance}"),
-            target: format!("group:{group_id}"),
-        }),
+        [instance, "uuid", uuid] if !instance.is_empty() && !uuid.is_empty() => {
+            Some(BroadcastTarget {
+                adapter: format!("signal:{instance}"),
+                target: format!("uuid:{uuid}"),
+            })
+        }
+        [instance, "group", group_id] if !instance.is_empty() && !group_id.is_empty() => {
+            Some(BroadcastTarget {
+                adapter: format!("signal:{instance}"),
+                target: format!("group:{group_id}"),
+            })
+        }
         // Named adapter: signal:instance:e164:+xxx - use normalize_signal_target
-        [instance, "e164", phone] => {
+        [instance, "e164", phone] if !instance.is_empty() && !phone.is_empty() => {
             normalize_signal_target(&format!("e164:{phone}")).map(|target| BroadcastTarget {
                 adapter: format!("signal:{instance}"),
                 target,
             })
         }
         // Named adapter: signal:instance:+xxx - use normalize_signal_target
-        [instance, phone] if phone.starts_with('+') => {
+        [instance, phone]
+            if !instance.is_empty() && phone.starts_with('+') && !phone.is_empty() =>
+        {
             normalize_signal_target(phone).map(|target| BroadcastTarget {
                 adapter: format!("signal:{instance}"),
                 target,
             })
         }
         // Named adapter with single-part target: delegate to normalize_signal_target
-        [instance, single] => normalize_signal_target(single).map(|target| BroadcastTarget {
-            adapter: format!("signal:{instance}"),
-            target,
-        }),
+        [instance, single] if !instance.is_empty() && !single.is_empty() => {
+            normalize_signal_target(single).map(|target| BroadcastTarget {
+                adapter: format!("signal:{instance}"),
+                target,
+            })
+        }
         _ => None,
     }
 }