feat(slack): consolidated Slack adapter improvements — 7 community PRs salvaged#6809
Merged
Conversation
1. gateway/platforms/slack.py: Replace check-then-set TOCTOU race on _approval_resolved with atomic dict.pop(). Two concurrent button clicks could both pass the guard before either set it to True, causing double resolve_gateway_approval — which can resolve the WRONG queued approval when multiple are pending for the same session. 2. hermes_state.py: Add WARNING log and proper fallbacks when json.loads fails on tool_calls (→ []), reasoning_details (→ None), and codex_reasoning_items (→ None). Previously, failures were silently swallowed: tool_calls stayed as a raw string (iterating yields characters, not objects), and reasoning fields were simply missing from the dict. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Approval button clicks (Block Kit actions in Slack, CallbackQuery in Telegram) bypass the normal message authorization flow in gateway/run.py. Any workspace/group member who can see the approval message could click Approve to authorize dangerous commands. Read SLACK_ALLOWED_USERS / TELEGRAM_ALLOWED_USERS env vars directly in the approval handlers. When an allowlist is configured and the clicking user is not in it, the click is silently ignored (Slack) or answered with an error (Telegram). Wildcard '*' permits all users. When no allowlist is configured, behavior is unchanged (open access). Based on the idea from PR #6735 by maymuneth, reimplemented to use the existing env-var-based authorization system rather than a nonexistent _allowed_user_ids adapter attribute.
…pport
Port the mention gating pattern from Telegram, Discord, WhatsApp, and
Matrix adapters to the Slack platform adapter.
- Add _slack_require_mention() with explicit-false parsing and env var
fallback (SLACK_REQUIRE_MENTION)
- Add _slack_free_response_channels() with env var fallback
(SLACK_FREE_RESPONSE_CHANNELS)
- Replace hardcoded mention check with configurable gating logic
- Bridge slack config.yaml settings to env vars
- Bridge free_response_channels through the generic platform bridging loop
- Add 26 tests covering config parsing, env fallback, gating logic
Config usage:
slack:
require_mention: false
free_response_channels:
- "C0AQWDLHY9M"
Default behavior unchanged: channels require @mention (backward compatible).
Based on PR #5885 by dorukardahan, cherry-picked and adapted to current main.
Fixes blockquote > escaping, edit_message raw markdown, ***bold italic*** handling, HTML entity double-escaping (&amp;), Wikipedia URL parens truncation, and step numbering format. Also adds format_message to the tool-layer _send_to_platform for consistent formatting across all delivery paths. Changes: - Protect Slack entities (<@user>, <https://...|label>, <!here>) from escaping passes - Protect blockquote > markers before HTML entity escaping - Unescape-before-escape for idempotent HTML entity handling - ***bold italic*** → *_text_* conversion (before **bold** pass) - URL regex upgraded to handle balanced parentheses - mrkdwn:True flag on chat_postMessage payloads - format_message applied in edit_message and send_message_tool - 52 new tests (format, edit, streaming, splitting, tool chunking) - Use reversed(dict) idiom for placeholder restoration Based on PR #3715 by dashed, cherry-picked onto current main.
Three modes: "none" (default, backward-compatible), "mentions" (accept
bot messages only when they @mention us), "all" (accept all bot messages
except our own, to prevent echo loops).
Configurable via:
slack:
allow_bots: mentions
Or env var: SLACK_ALLOW_BOTS=mentions
Self-message guard always active regardless of mode.
Based on PR #3200 by Mibayy, adapted to current main with config.yaml
bridging support.
- Treat mpim (multi-party IM / group DM) channels as DMs — no @mention required, continuous session like 1:1 DMs - Only add 👀/✅ reactions when bot is directly addressed (DM or @mention). In listen-all channels (require_mention=false) reacting to every message would be noisy. Based on PR #4633 by gunpowder-client-vm, adapted to current main.
…hing - Add _ThreadContextCache dataclass for caching fetched context (60s TTL) - Add exponential backoff retry for conversations.replies 429 rate limits (Tier 3, ~50 req/min) - Only fetch context when no active session exists (guard at call site) to prevent duplication across turns - Hoist bot_uid lookup outside the per-message loop - Clearer header text for injected thread context Based on PR #6162 by jarvisxyz, cherry-picked onto current main.
This was referenced Apr 9, 2026
This was referenced Apr 13, 2026
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Consolidated salvage of 7 community PRs into a single branch, bringing major improvements to the Slack adapter. Each contributor's commit preserves their authorship.
Changes (by contributor)
Security
dict.pop()to prevent double-click races on approval buttons. Also adds proper JSON fallbacks in state DB instead of barepass.SLACK_ALLOWED_USERS/TELEGRAM_ALLOWED_USERSon approval button clicks. Button clicks bypass normal message auth flow, so any workspace member could previously approve dangerous commands.Core UX
slack.require_mention: falseandslack.free_response_channels: [C123...]. Includes env var fallback and 26 tests.***bold italic***, HTML entity double-escaping, URL parentheses truncation, step numbering). Addsformat_message()to edit and tool paths. 52 new tests.none(default),mentions,all. Self-message guard always active.Enhancements
conversations.replies429 rate limits.Test Results
PRs to close after merge