Skip to content

Slack: drop Socket Mode events with mismatched api_app_id#889

Closed
roshanasingh4 wants to merge 1 commit intoopenclaw:mainfrom
roshanasingh4:fix/slack-api-app-id-filter
Closed

Slack: drop Socket Mode events with mismatched api_app_id#889
roshanasingh4 wants to merge 1 commit intoopenclaw:mainfrom
roshanasingh4:fix/slack-api-app-id-filter

Conversation

@roshanasingh4
Copy link
Copy Markdown
Contributor

@roshanasingh4 roshanasingh4 commented Jan 14, 2026

Fixes a failure mode where a gateway can process Slack Socket Mode events that belong to a different Slack app (same workspace), if tokens are ever mismatched.

What changed

  • Capture bot token identity via auth.test (team_id + api_app_id).
  • Drop inbound events when the Socket Mode envelope body.api_app_id or body.team_id does not match.
  • Emit a clear error when the bot token api_app_id disagrees with the app token's embedded app id (xapp-…-Axxxx-…).

Tests

  • Added a unit test to ensure mismatched events are dropped.

Refs: #828

@roshanasingh4 roshanasingh4 mentioned this pull request Jan 14, 2026
Closed
@roshanasingh4 roshanasingh4 force-pushed the fix/slack-api-app-id-filter branch from 9f10b55 to c706717 Compare January 14, 2026 04:52
@steipete steipete self-assigned this Jan 14, 2026
steipete added a commit that referenced this pull request Jan 14, 2026
@steipete @roshanasingh4
fix(slack): drop mismatched Socket Mode events (#889)
dadef27 
Filter Slack Socket Mode events by api_app_id/team_id.
Refs: #828
Contributor: @roshanasingh4

Co-authored-by: Roshan Singh <roshanasingh4@users.noreply.github.com>
@steipete
Copy link
Copy Markdown
Contributor

steipete commented Jan 14, 2026

Landed on main as dadef27 (squash, rebased on latest main).

  • Filters Slack Socket Mode events by api_app_id/team_id to avoid cross-app processing.
  • Fixup: message event handler refactor bug (use event consistently).
  • Changelog updated.
  • Verified: pnpm lint + pnpm build + pnpm test.

Original PR tip: c706717.

Thanks @roshanasingh4!

@steipete steipete closed this Jan 14, 2026
zooqueen pushed a commit to hanzoai/bot that referenced this pull request Mar 6, 2026
@steipete @roshanasingh4
fix(slack): drop mismatched Socket Mode events (openclaw#889)
8b4ae4f 
Filter Slack Socket Mode events by api_app_id/team_id.
Refs: openclaw#828
Contributor: @roshanasingh4

Co-authored-by: Roshan Singh <roshanasingh4@users.noreply.github.com>
lovewanwan pushed a commit to lovewanwan/openclaw that referenced this pull request Apr 28, 2026
@steipete @roshanasingh4
fix(slack): drop mismatched Socket Mode events (openclaw#889)
a287d11 
Filter Slack Socket Mode events by api_app_id/team_id.
Refs: openclaw#828
Contributor: @roshanasingh4

Co-authored-by: Roshan Singh <roshanasingh4@users.noreply.github.com>
This was referenced May 3, 2026
Merged
Open
github-actions Bot pushed a commit to Desicool/openclaw that referenced this pull request May 9, 2026
@steipete @roshanasingh4
fix(slack): drop mismatched Socket Mode events (openclaw#889)
8253f7f 
Filter Slack Socket Mode events by api_app_id/team_id.
Refs: openclaw#828
Contributor: @roshanasingh4

Co-authored-by: Roshan Singh <roshanasingh4@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@steipete steipete

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@roshanasingh4 @steipete