Coming soon: (APIv4) Mattermost Post-Intercept

Post-Intercept is a new feature under development that enables a host of plug-in use cases for reviewing and augmenting user messages prior to their saving into the database.

We’re sharing an early discussion about the feature for feedback and questions from the community as we build out the system.

  • Like where we’re going? Click the :heart: icon below.
  • Have questions, feedback or suggestions? Please reply!

Here’s the talk:

Discussion with Corey Hulen, co-founder of the Mattermost open source project, on upcoming “Post Intercept” support that enables server-side plug-ins to intercept posts from users, analyze and manipulate their contents before saving to the database.

Examples of Use cases:

CONFIRM USE OF RESTRICTED TERMS - Auto-detect “restricted words” (curse words, mentions of secret projects, cryptographic keys, etc.) and confirm with users they are purposefully using those terms in the channel they have chosen before posting to the database.

AUTO-CENSOR - Detect any information in the format of a encryption key, phone number, social security number, healthcare patient identifier or other sensitive data, have the ability to automatically replace the text with censored text, such as “[AUTO-REMOVED TEXT SUSPECTED OF BEING ENCRYPTION KEY]”

AUTO-LINK - Automatically embellish keywords and phrases with links or other metadata. For example if an organization uses a custom protocol such as “foo://” auto-links can be created to redirect to call that internal system. As another example a plug-in could be built to detect Stock Ticket symbols in a certain format, such as $MSFT or $FB, and replace the reference with a hyperlink or embedded markdown with real time information about the stock to be included in the post.


Ian Tien: Alright. So, tell me about this new plugin. What with this new post intercept feature? What is that about?

Corey Hulen: You’ll be able to intercept a post on creation or on update and during that interception you can do one of two things: you can outright reject the message, saying I’m not going to let this get stored, or you can rewrite the message.

Corey Hulen: So as an example, let’s say you wanted to link some little piece of text to Jira or something, so you could search for the piece of word like, “MM-a number,” and then auto-link that to a Jira ticket or whatever. This will give you the ability to do that.

Ian Tien: Could you write a plugin that would turn swear words into non-swear words?

Corey Hulen: Yes, or you could write a plugin that auto-corrects your grammar or capitalizes the first sentence. Basically, the sky’s the limit. I think the real power here is being able to sightly detect and rewrite the message. “Oh, I meant to format this as an agenda. Oh, let me just auto add this hashtag.”

Ian Tien: Or, if we have some AI plugin that recognizes this is- So, in a high secure organization maybe someone accidentally mentioned a code word that they shouldn’t have mentioned and it shouldn’t go to database because there’s permanent- It can intercept it before it goes to database because you’re not allowed to leave anything to the database in some of these environments. So, this plugin option can intercept that. How do I use that plugin option? Is that API based? How do I actually physically-

Corey Hulen: It’s API based. So, it’s a backend plugin, typically written in Go that you can upload to the server. That plugin has a well-defined API interface that you code to. If you code to that face, you can easily get these messages, or we basically call you in a workflow where it allows you to intercept a message and either allow the message to continue, rewrite it, or reject it.

Ian Tien: That’s awesome. Is there going to be a sample code for this?

Corey Hulen: Yeah. The hope is to write a bunch of sample plugins around this.

Ian Tien: This is awesome. Yeah. What’s this thing called? Is there a name for it yet?

Corey Hulen: Post interception … I don’t know if there’s a name for it. Post interception probably.

Ian Tien: Any thoughts on a cool name for this post-interception.

Lindsay Brock: I think that’s a descriptive name. I don’t know. I think it’s good to have it clear, so yeah.
Ian Tien: Okay. So this is the post-interception feature. Is it a plugin? Is it a feature or is it a plugin architecture? What do you call this? It’s an API for post-interception.

Corey Hulen: Yeah. It’s an API that your plugin can implement and then take advantage of this pipeline basically. And the goal is to add more and more of these throughout the code base. So, where we know there’s really strong desire for integration points, we’ll add in these pluggable API pipelines.

Ian Tien: When does this ship?

Corey Hulen: This will ship probably … The initial version of it’s still all in beta and we’re going to probably change the APIs a little bit. The initial version of it’s going to ship in the June timeframe.

Ian Tien: Is gonna be a part of API v4?

Corey Hulen: Yes.

Ian Tien: And it’ll be marked experimental at first?

Corey Hulen: Yes. Technically, everything in the plugin stuff is still marked beta, so we still … And we know there’s stuff that we’re gonna want to change that’s gonna be breaking changes.

Ian Tien: Okay, here’s my ask. Are you okay, if instead of going into a mattermost channel that’s not web searchable, we post on forum.mattermost and let people give feedback there, so it can be searchable and web-discoverable?

Corey Hulen: Yeah. You mean about this feature?

Ian Tien: Yeah.

Corey Hulen: Yeah, we can.

Ian Tien: Post intercept. Who’s the owner on the dev site for this feature?

Corey Hulen: Christopher Speller.

Ian Tien: Okay, got it.

Corey Hulen: I mean, the ABC team’s kinda owning it, because it’s … I think, it’s kind of everyone providing-

Ian Tien: All right. I’m excited about this. It’s called the post intercept … What’s it called? The post intercept API?

Corey Hulen: Post intercept API, yep.

Ian Tien: Post intercept API, that will let you write plugins, server side plugins in something like Golang- Is it Golang or can you use RPC? Or is it just all Golang?

Corey Hulen: Technically you can do any language, but I mean the ones that we have samples for will be Go, so those will be the easiest. Let me clarify, you can intercept the post before save, you can intercept the post before update, and then you can just get post messages, so after the save occurs you can get a hook that calls out and does something so you can have some extra action items. So you might still want to let it save into the database, but then not stop the save but do something afterwards. So there’s that for save and update. So there’s pre-hooks for save and update and then there’s post-hooks for save and update.

Ian Tien: Okay, so then one scenario would be, “Hey! You got a warning message, are you sure you want to say this? This could be something that you are not allowed to say in this system that is totally recorded.” And you could override that and after it saves then the IT admin or some supervisor can actually get the message like, "Hey they said that there was a warning here and they said it was okay to save and they’ve saved it. Any example would be, “That looks like a production key.” “No, that’s my handle” or something or “That’s just a [inaudible 00:05:23].” And then someone’s actually gonna get a notification if they detect something that looks like a production.

Corey Hulen: Yep.

Ian Tien: Okay, so the post intercept API that can be used from a plugins … You heard it here first.

Corey Hulen: Yes.


Great addition to the lists of features, looking forward to the possibilities something like this opens.

Is there a place with sample projects around yet?

Hi @avasconcelos114!

Here are links to two samples (in beta):

  1. Auto-censoring profanity filter:
  2. Auto-linking: