Mirrors/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-23 17:53:45 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
ad181b2361ba417acc7f295b0c199aec02588f2a
openclaw/extensions/slack/src
History
Agustin Rivera 1c35795fce fix(slack): align interaction auth with allowlists (#66028) 
* fix(slack): align interaction auth with allowlists

* fix(slack): address review followups

* fix(slack): preserve explicit owners with wildcard

* chore: append Claude comments resolution worklog

* fix(slack): harden interaction auth with default-deny, mandatory actor binding, and channel type validation

- Add interactiveEvent flag to authorizeSlackSystemEventSender for stricter
  interactive control authorization
- Default-deny when no allowFrom or channel users are configured for
  interactive events (block actions, modals)
- Require expectedSenderId for all interactive event types; block actions
  pass Slack-verified userId, modals pass metadata-embedded userId
- Reject ambiguous channel types for interactive events to prevent DM
  authorization bypass via channel-type fallback
- Add comprehensive test coverage for all new behaviors

* fix(slack): scope interactive owner/allowFrom enforcement to interactive paths only

* fix(slack): preserve no-channel interactive default

* Update context-engine-maintenance test

* chore: remove USER.md worklog artifact

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* changelog: note Slack interactive auth allowlist alignment (#66028)

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Devin Robison <drobison@nvidia.com>
2026-04-13 20:38:11 -06:00
..
http
perf(plugins): trim channel boundary core imports
2026-04-08 08:52:52 +01:00
monitor
fix(slack): align interaction auth with allowlists (#66028)
2026-04-13 20:38:11 -06:00
account-inspect.ts
refactor: dedupe account name normalization
2026-04-07 06:07:13 +01:00
account-surface-fields.ts
accounts.runtime.ts
accounts.test.ts
accounts.ts
refactor: dedupe account name normalization
2026-04-07 06:07:13 +01:00
action-runtime.runtime.ts
action-runtime.test.ts
fix: pass resolved Slack download tokens (#62097) (thanks @martingarramon)
2026-04-08 05:44:23 +01:00
action-runtime.ts
fix(slack): forward resolved botToken to downloadSlackFile
2026-04-08 05:44:23 +01:00
action-threading.test.ts
fix(discord): add batched reply mode
2026-04-05 21:15:29 +01:00
action-threading.ts
refactor: dedupe messaging lowercase helpers
2026-04-07 15:53:50 +01:00
actions.blocks.test.ts
actions.download-file.test.ts
actions.read.test.ts
actions.runtime.ts
actions.ts
perf: avoid heavy reply runtime imports
2026-04-11 01:18:11 +01:00
approval-auth.test.ts
approval-auth.ts
refactor(plugin-sdk): split runtime helper seams
2026-04-04 08:53:19 +01:00
approval-handler.runtime.test.ts
Feat: Add Active Memory recall plugin (#63286)
2026-04-09 11:27:37 -05:00
approval-handler.runtime.ts
fix(approval): split discord and slack runtime seams
2026-04-10 09:08:28 +01:00
approval-native.test.ts
perf: skip bundled session fallback on hot paths
2026-04-11 01:18:11 +01:00
approval-native.ts
fix(cycles): repair broken type surfaces
2026-04-11 13:42:17 +01:00
blocks-fallback.test.ts
blocks-fallback.ts
blocks-input.test.ts
blocks-input.ts
blocks-render.ts
refactor: dedupe messaging trimmed readers
2026-04-08 01:36:39 +01:00
blocks.test-helpers.ts
channel-actions.ts
channel-api.ts
refactor(extensions): split channel runtime helper seams
2026-04-04 07:39:53 +01:00
channel-migration.test.ts
channel-migration.ts
refactor: dedupe messaging lowercase helpers
2026-04-07 15:53:50 +01:00
channel-type.test.ts
style(extensions): format channel integration updates
2026-04-04 06:02:37 +01:00
channel-type.ts
refactor: dedupe messaging trimmed readers
2026-04-08 01:36:39 +01:00
channel.setup.ts
channel.test.ts
Slack: treat ACP block text as visible output (#62858)
2026-04-08 16:33:43 -04:00
channel.ts
Slack: treat ACP block text as visible output (#62858)
2026-04-08 16:33:43 -04:00
client.test.ts
fix: honor Slack Socket Mode env proxies (#62878) (thanks @mjamiv)
2026-04-08 05:38:45 +01:00
client.ts
fix: honor Slack Socket Mode env proxies (#62878) (thanks @mjamiv)
2026-04-08 05:38:45 +01:00
config-schema.ts
config-ui-hints.ts
Slack: clarify native streaming config hint
2026-04-08 00:58:00 -04:00
directory-config.ts
refactor: dedupe messaging lowercase helpers
2026-04-07 15:53:50 +01:00
directory-live.ts
refactor: dedupe messaging trimmed readers
2026-04-08 01:36:39 +01:00
doctor-contract.ts
fix(ci): restore plugin sdk doctor boundaries
2026-04-07 06:49:15 +01:00
doctor.test.ts
refactor: dedupe mutable allowlist doctor warnings
2026-04-06 19:24:42 +01:00
doctor.ts
refactor: dedupe mutable allowlist doctor warnings
2026-04-06 19:24:42 +01:00
draft-stream.test.ts
draft-stream.ts
refactor: dedupe channel runtime error formatting
2026-04-07 02:03:34 +01:00
exec-approvals.test.ts
exec-approvals.ts
refactor: dedupe messaging trimmed readers
2026-04-08 01:36:39 +01:00
format.test.ts
format.ts
group-policy.test.ts
chore(plugins): drop dead channel test any suppressions
2026-04-06 15:45:18 +01:00
group-policy.ts
refactor(extensions): split channel runtime helper seams
2026-04-04 07:39:53 +01:00
index.ts
interactive-dispatch.ts
interactive-replies.test.ts
interactive-replies.ts
refactor: dedupe messaging lowercase helpers
2026-04-07 15:53:50 +01:00
limits.ts
message-action-dispatch.test.ts
message-action-dispatch.ts
message-actions.test.ts
message-actions.ts
refactor: dedupe string readers
2026-04-07 05:06:54 +01:00
message-tool-schema.ts
modal-metadata.test.ts
modal-metadata.ts
refactor: dedupe plugin string helpers
2026-04-07 02:03:33 +01:00
monitor.test-helpers.ts
perf: avoid heavy reply runtime imports
2026-04-11 01:18:11 +01:00
monitor.test.ts
test(slack): pass isThreadReply in genuine-thread test scenario
2026-04-06 14:38:51 +01:00
monitor.threading.missing-thread-ts.test.ts
test: isolate slack thread-ts recovery
2026-04-09 02:43:29 +01:00
monitor.tool-result.test.ts
refactor: simplify extension conversions
2026-04-11 01:37:23 +01:00
monitor.ts
outbound-adapter.test.ts
outbound-adapter.ts
refactor: dedupe channel extension readers
2026-04-07 08:40:34 +01:00
outbound-hooks.test.ts
test: narrow hook and inbound context assertions
2026-04-07 09:18:59 +01:00
outbound-payload.test-harness.ts
fix(plugins): keep test helpers out of contract barrels (#63311)
2026-04-08 22:59:05 +01:00
outbound-payload.test.ts
fix(plugins): keep test helpers out of contract barrels (#63311)
2026-04-08 22:59:05 +01:00
probe.test.ts
test: speed up channel probe tests
2026-04-07 13:37:01 +01:00
probe.ts
refactor: dedupe probe error formatting
2026-04-07 02:03:34 +01:00
reply-blocks.ts
resolve-allowlist-common.test.ts
resolve-allowlist-common.ts
resolve-channels.test.ts
resolve-channels.ts
refactor: dedupe messaging lowercase helpers
2026-04-07 15:53:50 +01:00
resolve-users.test.ts
resolve-users.ts
refactor: dedupe messaging lowercase helpers
2026-04-07 15:53:50 +01:00
runtime-api.ts
refactor(extensions): split channel runtime helper seams
2026-04-04 07:39:53 +01:00
runtime.ts
refactor(extensions): split channel runtime helper seams
2026-04-04 07:39:53 +01:00
scopes.ts
refactor: dedupe channel helper readers
2026-04-07 10:37:39 +01:00
secret-contract.ts
chore(lint): clear extension lint regressions and add #63416 changelog
2026-04-08 17:17:29 -07:00
security-audit.ts
refactor: dedupe security audit helper coercion
2026-04-06 19:36:01 +01:00
security-doctor.ts
send.blocks.test.ts
send.runtime.ts
send.ts
lint: enable small oxlint rules
2026-04-11 02:15:21 +01:00
send.upload.test.ts
fix(plugins): clean fourth channel lint batch
2026-04-06 14:42:09 +01:00
sent-thread-cache.test.ts
sent-thread-cache.ts
perf(plugins): narrow boundary compile import surfaces
2026-04-08 08:52:52 +01:00
setup-core.ts
refactor: simplify provider channel conversions
2026-04-11 01:08:23 +01:00
setup-surface.test.ts
test: speed up setup surface tests
2026-04-07 13:16:49 +01:00
setup-surface.ts
fix: remove bundled channel startup reentry
2026-04-04 15:39:12 +01:00
shared-interactive.test.ts
shared.test.ts
shared.ts
refactor: register channel bootstrap capabilities
2026-04-05 09:13:48 +01:00
stream-mode.test.ts
stream-mode.ts
refactor: dedupe slack matrix venice lowercase helpers
2026-04-07 15:12:31 +01:00
streaming-compat.ts
refactor: dedupe messaging lowercase helpers
2026-04-07 15:53:50 +01:00
streaming.ts
target-parsing.ts
refactor(extensions): split channel runtime helper seams
2026-04-04 07:39:53 +01:00
targets.test.ts
targets.ts
refactor(extensions): split channel runtime helper seams
2026-04-04 07:39:53 +01:00
threading-tool-context.test.ts
threading-tool-context.ts
refactor: dedupe channel extension readers
2026-04-07 08:40:34 +01:00
threading.test.ts
fix(discord): add batched reply mode
2026-04-05 21:15:29 +01:00
threading.ts
token.ts
truncate.ts
types.ts