feat(slack): reusable custom bot credentials, slack_v2 block (preview), redesigned trigger#5323
Conversation
Add assistant:write, app_mentions:read, and im:history to the Slack bot OAuth scopes so the Set Assistant Status / Title / Suggested Prompts tools (assistant.threads.*) work with users' existing Slack credentials — no new app or credentials required. Restore the action_assistant trigger capability (scope assistant:write) in the manifest generator. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01WpeT8J5yVCrrNQB9Hzm9uS
…e, add channel-id input
|
The latest updates on your projects. Learn more about Vercel for GitHub. |
PR SummaryHigh Risk Overview Adds Slack trigger redesign ( Minor: webhook Reviewed by Cursor Bugbot for commit 58d2851. Bugbot is set up for automated code reviews on this repo. Configure here. |
Greptile SummaryThis PR adds the redesigned Slack integration path and reusable custom bot credentials. The main changes are:
Confidence Score: 5/5This looks safe to merge.
Important Files Changed
Reviews (15): Last reviewed commit: "fix(slack): 409 on custom-bot name colli..." | Re-trigger Greptile |
# Conflicts: # apps/sim/blocks/blocks/slack.ts # apps/sim/lib/webhooks/deploy.ts # packages/db/migrations/meta/0253_snapshot.json # packages/db/migrations/meta/_journal.json # scripts/check-api-validation-contracts.ts
|
@greptile review |
…oken for reaction text + file downloads
|
@greptile review — addressed the three findings: (1) unmapped/unselected events now drop instead of bypassing the Operations filter, (2) formatInput resolves the OAuth bot token for slack_app webhooks so reaction-message text works, (3) re-added the includeFiles toggle + token resolution so native file downloads work. |
…token via credential owner not execution actor
|
@greptile review — addressed both: empty operation selection now fires nothing (no match-all), and the OAuth token is resolved via the credential owner (not the execution actor) so it works in shared workspaces. |
…r channel picker over stale manual ids
…ull event catalog
|
@greptile review |
|
@greptile review |
A teammate deploying a trigger wired to a shared Slack credential isn't the credential owner; refreshAccessTokenIfNeeded only loads tokens for the owning user. Resolve the account owner first, mirroring the runtime formatInput path.
|
@greptile review |
# Conflicts: # apps/sim/lib/webhooks/deploy.ts # packages/db/migrations/meta/0258_snapshot.json # packages/db/migrations/meta/_journal.json
- nullable webhook.path coalesced at correlation/payload/tiktok boundaries - slack dispatch delegates to staging's dispatchResolvedWebhookTarget (shared preprocess/deployment/filter/enqueue lifecycle), keeping the skip-reason diagnostics; route tests reworked around that seam - api-validation route baseline 924 -> 926
|
@greptile review |
…oks on routing transitions - a bot credential id is semi-public (embedded in Slack Request URLs), so the custom deploy branch now rejects credentials outside the workflow's workspace - needsRecreation also compares path/routingKey, so a row from an older routing model can't survive redeploy as a stale delivery surface
|
@greptile review |
…rning the existing credential The service-account dedupe matches on displayName, which defaults to the Slack team name — shared by every bot in that workspace. A second unnamed bot create returned the first credential as success, orphaning the new id already pasted into the Slack Request URL. Same-id replays stay idempotent; different-id collisions now fail loudly so the wizard prompts for a distinct name.
|
@greptile review |
…e/description edits - PUT credential route now returns the Atlassian provider code (providerErrorCode -> code) so reconnect failures map to specific token/domain messages, matching create - Google/Atlassian reconnect send + seed displayName/description (parity with Slack); edits are no longer silently discarded, and empty fields don't clobber existing values
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using default effort and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 470e3c5. Configure here.
…ks on reconnect - the setup wizard now requires a bot name (canAdvance), so the credential name, manifest app name, and uniqueness key all use the user's choice instead of the shared Slack team-name fallback that collided for a second bot in one workspace - reconnect that changes the bot user id (recreated Slack app) now updates the bot_user_id cached in each bound webhook's providerConfig, so reaction self-drop keeps working instead of letting the bot's own reactions re-enter

Summary
slack_oauth): single event per trigger block with contextual filters (source/channels/threads/emoji/name), full event catalog, interaction events (block_actions/view_submission) with optional action/callback id filter/api/webhooks/slack/custom/{credentialId}across triggers and actionsslack_v2block: same operations as v1, adds credential-based Custom Bot auth alongside Sim OAuth; hosts the new triggerslack_v2+ the custom-bot setup surfaces ship behind the block-visibility flag (PREVIEW_BLOCKS=slack_v2/ AppConfig); v1 + legacyslack_webhooktrigger stay the GA path until v2 GAsresolveServiceAccountToken) — unknown providers fail loudly instead of silently attempting a Google JWTType of Change
Testing
Tested manually end-to-end with a custom bot (create, trigger fan-out, assistant DMs, reconnect).
bun run lint:check,bun run check:api-validation:strict,bun run check:migrations origin/staging, and the Slack/credential/visibility test suites (280+ tests) pass.Checklist