fix(slack): treat HTTP mode accounts as configured [AI-assisted] by liuxiaopai-ai · Pull Request #30571 · openclaw/openclaw

liuxiaopai-ai · 2026-03-01T11:06:39Z

Summary

Describe the problem and fix in 2–5 bullets:

Problem: Slack HTTP/webhook mode could be silently skipped because Slack account configuration status required appToken for all modes.
Why it matters: HTTP mode only needs botToken + signingSecret, so valid webhook setups were marked unconfigured and never started.
What changed: Added mode-aware Slack account configuration checks (socket requires appToken; http requires signingSecret) and reused this logic in runtime snapshots.
What did NOT change (scope boundary): No changes to Slack monitor startup internals, webhook routing logic, or schema validation rules.

Change Type (select all)

Scope (select all touched areas)

Linked Issue/PR

User-visible / Behavior Changes

Slack accounts configured with mode: "http" now show as configured when botToken and signingSecret are present, even without appToken.
This allows Slack HTTP/webhook providers to start instead of being silently skipped.

Security Impact (required)

New permissions/capabilities? (No)
Secrets/tokens handling changed? (No)
New/changed network calls? (No)
Command/tool execution surface changed? (No)
Data access scope changed? (No)
If any Yes, explain risk + mitigation:

Repro + Verification

Environment

OS: macOS
Runtime/container: Node + pnpm local dev
Model/provider: N/A
Integration/channel (if any): Slack
Relevant config (redacted): channels.slack.mode=http, botToken=xoxb-*, signingSecret=*

Steps

Configure Slack with mode: "http", botToken, and signingSecret, without appToken.
Resolve Slack account config via channel plugin.
Check plugin isConfigured and buildAccountSnapshot().configured.

Expected

HTTP mode should be considered configured.

Actual

Before fix: unconfigured (false) because appToken was always required.
After fix: configured (true) for HTTP mode; socket mode still requires appToken.

Evidence

Attach at least one:

Failing test/log before + passing after
Trace/log snippets
Screenshot/recording
Perf numbers (if relevant)
Added tests in extensions/slack/src/channel.test.ts:
- HTTP mode (botToken + signingSecret) is configured.
- Socket mode without appToken remains unconfigured.
Local verification:
- pnpm oxfmt --check extensions/slack/src/channel.ts extensions/slack/src/channel.test.ts CHANGELOG.md
- pnpm oxlint --type-aware extensions/slack/src/channel.ts extensions/slack/src/channel.test.ts
- pnpm vitest extensions/slack/src/channel.test.ts
- pnpm vitest src/config/slack-http-config.test.ts

Human Verification (required)

What you personally verified (not just CI), and how:

Verified scenarios:
- HTTP mode config state flips to configured without appToken when signingSecret is present.
- Socket mode still reports unconfigured without appToken.
Edge cases checked:
- No botToken still reports unconfigured.
- Existing schema tests for HTTP signingSecret requirements still pass.
What you did not verify:
- Live Slack webhook roundtrip in external Slack workspace.

Compatibility / Migration

Backward compatible? (Yes)
Config/env changes? (No)
Migration needed? (No)
If yes, exact upgrade steps:

Failure Recovery (if this breaks)

How to disable/revert this change quickly:
- Revert this PR commit.
Files/config to restore:
- extensions/slack/src/channel.ts
Known bad symptoms reviewers should watch for:
- Slack socket mode unexpectedly marked configured without appToken.

Risks and Mitigations

List only real risks for this PR. Add/remove entries as needed. If none, write None.

Risk: Mode detection regression if config mode resolution changes.
- Mitigation: Added explicit tests for both HTTP and socket mode behavior.

AI-assisted: yes (implemented and validated locally with human review).

greptile-apps · 2026-03-01T11:12:34Z

Greptile Summary

This PR fixes a critical bug where Slack HTTP/webhook mode was silently skipped because configuration checks required appToken for all modes, even though HTTP mode only needs botToken + signingSecret.

Key Changes:

Added isSlackAccountConfigured() helper with mode-aware validation logic
Socket mode requires: botToken + appToken (unchanged behavior)
HTTP mode requires: botToken + signingSecret (new, correct behavior)
Applied this logic consistently across isConfigured, describeAccount, and buildAccountSnapshot
Added tests verifying both HTTP and socket mode configuration checks

Issue Found:

src/channels/plugins/onboarding/slack.ts:220 still uses old logic and will report HTTP mode as unconfigured in onboarding status

Confidence Score: 4/5

This PR is safe to merge with one consistency issue that should be addressed in a follow-up
The core fix is correct and well-tested. Socket mode behavior is preserved (backward compatible), and HTTP mode now properly recognizes valid configurations. However, the onboarding adapter at src/channels/plugins/onboarding/slack.ts:220 still uses the old logic, which will cause inconsistent status reporting between onboarding and runtime. This doesn't break functionality but creates a confusing UX.
Pay attention to src/channels/plugins/onboarding/slack.ts - it uses the same configuration check pattern but wasn't updated in this PR

_{Last reviewed commit: 8368fbd}

greptile-apps

_{3 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

greptile-apps · 2026-03-01T11:12:42Z

Additional Comments (1)

src/channels/plugins/onboarding/slack.ts
Onboarding status still uses old logic - should also be mode-aware

slackOnboardingAdapter.getStatus still checks botToken && appToken, so HTTP mode accounts will show as "needs tokens" in onboarding even though they're properly configured and working.

Consider applying the same mode-aware logic here or importing isSlackAccountConfigured from the channel plugin.

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/channels/plugins/onboarding/slack.ts
Line: 220

Comment:
Onboarding status still uses old logic - should also be mode-aware

`slackOnboardingAdapter.getStatus` still checks `botToken && appToken`, so HTTP mode accounts will show as "needs tokens" in onboarding even though they're properly configured and working.

Consider applying the same mode-aware logic here or importing `isSlackAccountConfigured` from the channel plugin.

How can I resolve this? If you propose a fix, please make it concise.

aisle-research-bot · 2026-03-01T15:00:08Z

🔒 Aisle Security Analysis

✅ We scanned this PR and did not find any security vulnerabilities.

_{Aisle supplements but does not replace security review.}

Analyzed PR: #30571 at commit 010b19c

Takhoffman · 2026-03-01T15:00:27Z

PR #30571 - fix(slack): treat HTTP mode accounts as configured [AI-assisted] (#30571)

Merged via squash.

Merge commit: 4da4cc9
Verified: pnpm build, pnpm check, pnpm test:macmini
Changes made:
M\tCHANGELOG.md
M\textensions/slack/src/channel.test.ts
M\textensions/slack/src/channel.ts
Why these changes were made:
Fix Slack HTTP-mode account readiness checks so webhook-mode accounts with botToken + signingSecret are recognized as configured, while socket mode still requires appToken.
Changelog: CHANGELOG.md updated=true required=true opt_out=false

Thanks @liuxiaopai-ai!

@liuxiaopai-ai

…nclaw#30571) thanks @liuxiaopai-ai Cherry-pick of upstream 4da4cc9.

@liuxiaopai-ai