Closed
Conversation
Detailed plan covering architecture, config, module structure, security considerations, and open questions for adding Slack as a new messaging platform frontend alongside Telegram. https://claude.ai/code/session_01A6hKTjyT5yywNUDEfWP6Ly
Add complete Slack bot frontend mirroring the existing Telegram integration: - Socket Mode (default) and Events API support - Thread-based replies with Block Kit interactive UI - SlackConfirmer for approve/deny buttons via oneshot channels - All slash commands via /athena (help, status, plan, implement, ghosts, memories, dispatch, model, models, review, explain, watch, search, alerts) - Planning interview state machine with Block Kit buttons - Streaming response via chat.update with 800ms throttle - File download/upload support - Pulse delivery to Slack channels - Per-channel rate limiting and authorization Also broadens feature gates from telegram-only to any(telegram, slack) in core.rs, session_review.rs, pulse.rs, and llm.rs. https://claude.ai/code/session_01A6hKTjyT5yywNUDEfWP6Ly
Port 7 remaining commands from Telegram: - /knobs: display all runtime knobs - /mood: detailed mood state with energy bar - /jobs: list scheduled cron jobs - /session: current session info (turns, tokens, context) - /cli: switch CLI tool with interactive Block Kit buttons - /set: modify runtime knobs - /cli_model: show/switch CLI model override Add interactive Block Kit buttons for planning interview: - Constraints step: timeline, scope, no-constraints, skip buttons - Output step: checklist, spec, draft buttons - Summary step: confirm, edit, cancel buttons - Post-generation: implement, refine, done buttons Also broadens mood.rs energy()/modifier() feature gates to any(telegram, slack). https://claude.ai/code/session_01A6hKTjyT5yywNUDEfWP6Ly
Covers Slack app creation, OAuth scopes, Socket Mode and Events API configuration, channel access control, all 21 slash commands, features overview, and troubleshooting tips. https://claude.ai/code/session_01A6hKTjyT5yywNUDEfWP6Ly
Fixes from security review: CRITICAL: - Add is_authorized check to handle_slash_command (was missing, allowing any channel to execute admin commands) - Add is_authorized check to handle_interaction_event (was missing, allowing unauthorized channels to approve/deny confirmations) HIGH: - Add rate limiting to handle_app_mention (was unprotected) - Add rate limiting to handle_slash_command (was unprotected) MEDIUM: - Harden escape_mrkdwn to neutralize *_~` formatting chars, preventing mrkdwn injection in reflected user content - Replace all user-facing error messages with generic text, log full errors server-side via tracing::error to prevent leaking internal paths/details - Fix potential panics from &id[..8] slicing on short IDs, use get(..8).unwrap_or() instead - Cap stream_buffer at 100KB to prevent OOM from unbounded LLM streaming responses https://claude.ai/code/session_01A6hKTjyT5yywNUDEfWP6Ly
- Merge conflict: Cargo.lock regenerated with slack-morphism added, ort pinned to rc.11 - Fix AthenaError→SparksError and AthenaCore→SparksCore renames from main - Critical: run_events_api now returns an error (was silently non-functional) - Fix: rate limiting keyed per user+channel instead of per channel - Remove unused ImplementContext struct and implementing HashMap - Fix: planning_value_label used consistently in handle_planning_quick_select - Fix: tracing::info! instead of eprintln! for Slack startup message - Add: Serialize derive to SlackConfig - Add: CI jobs for cargo check/test --features slack - Add: is_authorized precedence comment for allow_all vs allowed_channels All 417 tests pass (391 base + 26 Slack-feature tests). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…tegration Slack fixes (from second review pass): - SparksError::Denied distinct from Cancelled (deny vs timeout) - render_review_mrkdwn / render_search_results_mrkdwn / render_alert_rules_mrkdwn in session_review.rs — Teams/Slack get native format instead of fragile HTML→mrkdwn conversion - dispatch_to_core_with_followup unified (dispatch_to_core now forwards to it) - Makefile: add slack/teams build targets Teams integration (--features teams, Bot Framework REST API): - JWT RS256 signature verification via Microsoft JWKS endpoint (jsonwebtoken crate) - serviceUrl validation against known Bot Framework domains before outbound calls - Tenant authorization (allowed_tenants / allow_all_tenants, same precedence as Slack) - Rate limiting per user+conversation (not per conversation alone) - Adaptive Cards for confirmations and planning interview (5-step flow) - All commands: help, status, run, plan, memory, review, explain, search, alerts, health - PlanningStep state machine enforced in handle_planning_invoke - LazyLock regex for @mention stripping (not compiled per-message) - Tenant auth applied to both message and invoke (Adaptive Card action) paths - Bearer token cache with 60s pre-expiry window - Cleanup task for stale confirmations and planning sessions - 16 unit tests, 435 tests total passing (includes slack + telegram) - CI: cargo check/test --features teams in maintainability.yml - docs/teams-setup.md: Azure Bot registration, ngrok tunneling, all config fields - config.example.toml: [teams] section with all defaults documented Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Hygiene check forbids glob imports (use X::*) outside of test code. Replace `use slack_morphism::prelude::*` with an explicit list of the 34 types actually used in this file. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Collaborator
Author
|
Superseded by #84, which includes all changes from this PR plus: TLS fix (root cause of slash commands not responding), SPARKS_SLACK_* secrets registry integration, 6 regression tests, complete Athena→Sparks rebrand across 27 files, and CI hygiene fix. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds two new frontends to Sparks: Slack (Socket Mode) and Microsoft Teams (Bot Framework REST API), both behind feature flags.
Closes #
Changes
Slack (
--features slack)slack-morphism(Socket Mode + planned Events API stub → now returns clear error)help,status,run,plan,memory,review,explain,search,alertsSparksError::DeniedvsCancelled)allowed_channels/allow_alldocs/slack-setup.mdTeams (
--features teams)jsonwebtokencrate)serviceUrlvalidation against known Bot Framework domains before any outbound callsallowed_tenants/allow_all_tenants)docs/teams-setup.mdType of Change
Pre-PR Checklist
cargo check -qpasses with no warningscargo check -q --features telegrampassescargo check -q --features slackpassescargo check -q --features teamspassescargo check -q --features slack,teams,telegrampassescargo test -q --features slack,teams,telegrampasses (435 tests)python3 scripts/wiring_check.py— all 10 checks passCHANGELOG.mdupdated under[Unreleased]Related Issues / PRs
Two review passes performed on each integration (Slack reviewed twice, Teams reviewed twice) with all critical and major issues resolved before merge.