fix(slack): prevent Zod default groupPolicy from breaking multi-account config by ZetiMente · Pull Request #17579 · openclaw/openclaw

ZetiMente · 2026-02-15T23:03:27Z

Summary

Moves .default("allowlist") from SlackAccountSchema to SlackConfigSchema so Zod only injects the default at the top-level config, not into individual account entries.
Fixes multi-account Slack configs silently dropping all channel messages (DMs still worked, @mentions in channels did not).

Root Cause

SlackAccountSchema has groupPolicy: GroupPolicySchema.optional().default("allowlist"). When Zod parses an account entry like { botToken: "...", appToken: "..." }, it injects groupPolicy: "allowlist" into the output — even though the user never specified it.

mergeSlackAccountConfig then does { ...base, ...account }, so the account's phantom "allowlist" overrides the user's top-level groupPolicy: "open". With "allowlist" active and no channels explicitly listed, isSlackChannelAllowedByPolicy returns false for every channel message.

This affects any config that uses the channels.slack.accounts object, even with a single account.

The developer's intent was probably "default to secure" — which is reasonable. The mistake was putting that default on the account schema instead of the top-level schema. The right place for "default to secure if nobody says anything" is SlackConfigSchema, because that's the one that represents the user's actual top-level config. Individual account entries are meant to inherit from that, and Zod defaults break the inheritance by filling in keys that should have stayed undefined.

The Fix

- // SlackAccountSchema
- groupPolicy: GroupPolicySchema.optional().default("allowlist"),
+ // SlackAccountSchema — no default, so accounts don't poison the merge
+ groupPolicy: GroupPolicySchema.optional(),

  // SlackConfigSchema.safeExtend — default lives here now
+ groupPolicy: GroupPolicySchema.optional().default("allowlist"),

Test Plan

All 149 existing Slack tests pass (pnpm test -- --grep slack)
Live-tested on Raspberry Pi running OpenClaw v2026.2.14 with two Slack bot accounts in socket mode
Confirmed DMs work for both accounts
Confirmed @mentions in channels work for both accounts
Confirmed non-mentioned messages in channels are correctly skipped
Single-account top-level config (no accounts object) continues to work as before

Fixes #17507
Related: #5626, #16522

cc @thewilloftheshadow (Slack subsystem) @gumadeiras (multi-agent)

🤖 AI-assisted: This bug was diagnosed and fixed by Claude Opus 4.6 (Anthropic) in a live demo session with @ZetiMente. Fully tested on a live instance.

Greptile Summary

Fixes a bug where Zod's .default("allowlist") on SlackAccountSchema.groupPolicy caused a phantom default to be injected into every parsed account entry, overriding the user's top-level groupPolicy during the shallow merge ({ ...base, ...account }) in mergeSlackAccountConfig. This silently broke channel message delivery for multi-account Slack configs.

Removed .default("allowlist") from SlackAccountSchema so account entries no longer get a phantom groupPolicy injected
Added .default("allowlist") to SlackConfigSchema via safeExtend so the secure default still applies at the top-level config
The same bug pattern exists in other providers (Discord, Telegram, Signal, IRC, iMessage, BlueBubbles) — all have .default("allowlist") on their account schemas and use the same shallow merge, but were not addressed in this PR

Confidence Score: 4/5

The Slack fix is correct and safe to merge, though the same bug exists in other providers.
The change is minimal, well-reasoned, and correctly fixes the Slack-specific issue. The author reports all 149 existing tests pass and the fix was live-tested. Deducting a point because the same Zod default-on-account-schema bug is present in 6 other providers (Discord, Telegram, Signal, IRC, iMessage, BlueBubbles) that use the identical merge pattern, and this PR does not address them.
Other account schemas in src/config/zod-schema.providers-core.ts (DiscordAccountSchema line 275, TelegramAccountSchemaBase line 108, SignalAccountSchemaBase line 657, IrcAccountSchemaBase line 745, IMessageAccountSchemaBase line 805, BlueBubblesAccountSchemaBase line 897) have the same latent bug.

_{Last reviewed commit: fc243e3}

_{(1/5) You can manually trigger the agent by mentioning @greptileai in a comment!}

greptile-apps

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

greptile-apps · 2026-02-17T01:52:55Z

Additional Comments (1)

src/config/zod-schema.providers-core.ts
Same bug exists in other providers. DiscordAccountSchema still has groupPolicy: GroupPolicySchema.optional().default("allowlist") (line 275), and DiscordConfigSchema inherits it via .extend() without overriding. The merge in mergeDiscordAccountConfig ({ ...base, ...account }) will exhibit the same phantom-default override behavior described in this PR for Slack.

The same pattern also appears in TelegramAccountSchemaBase (line 108), SignalAccountSchemaBase (line 657), IrcAccountSchemaBase (line 745), IMessageAccountSchemaBase (line 805), and BlueBubblesAccountSchemaBase (line 897) — all have .default("allowlist") on the account schema, and all use the same { ...base, ...account } shallow merge. Consider applying the same fix (move the default to the *ConfigSchema only) to these providers as well.

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/config/zod-schema.providers-core.ts
Line: 275:275

Comment:
**Same bug exists in other providers.** `DiscordAccountSchema` still has `groupPolicy: GroupPolicySchema.optional().default("allowlist")` (line 275), and `DiscordConfigSchema` inherits it via `.extend()` without overriding. The merge in `mergeDiscordAccountConfig` (`{ ...base, ...account }`) will exhibit the same phantom-default override behavior described in this PR for Slack.

The same pattern also appears in `TelegramAccountSchemaBase` (line 108), `SignalAccountSchemaBase` (line 657), `IrcAccountSchemaBase` (line 745), `IMessageAccountSchemaBase` (line 805), and `BlueBubblesAccountSchemaBase` (line 897) — all have `.default("allowlist")` on the account schema, and all use the same `{ ...base, ...account }` shallow merge. Consider applying the same fix (move the default to the `*ConfigSchema` only) to these providers as well.

How can I resolve this? If you propose a fix, please make it concise.

openclaw-barnacle · 2026-02-22T04:06:47Z

This pull request has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

ZetiMente · 2026-02-23T17:22:18Z

Fixed all the CI issues.

…nt config When `SlackAccountSchema` has `groupPolicy: GroupPolicySchema.optional().default("allowlist")`, Zod injects `groupPolicy: "allowlist"` into every parsed account entry — even when the user never specified it. `mergeSlackAccountConfig` then does `{ ...base, ...account }`, so the account's phantom "allowlist" silently overrides the user's top-level "open". With `groupPolicy: "allowlist"` active and no channels explicitly listed, ALL channel messages are dropped by `isSlackChannelAllowedByPolicy`. The fix moves `.default("allowlist")` from `SlackAccountSchema` to `SlackConfigSchema`, so the default only applies to the top-level config — not to individual account entries that get shallow-merged on top of it. Fixes openclaw#17507 Related: openclaw#5626, openclaw#16522 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

gumadeiras · 2026-02-23T17:35:45Z

Merged via squash.

Prepared head SHA: 7d2da57
Merge commit: ce1f12f

Thanks @ZetiMente!

@gumadeiras