Skip to content
This repository was archived by the owner on Feb 21, 2026. It is now read-only.

feat: add Slack channel support#3

Closed
Peyton-Spencer wants to merge 1 commit intomainfrom
feat/slack-channel
Closed

feat: add Slack channel support#3
Peyton-Spencer wants to merge 1 commit intomainfrom
feat/slack-channel

Conversation

@Peyton-Spencer
Copy link
Copy Markdown

@Peyton-Spencer Peyton-Spencer commented Feb 11, 2026

Summary

  • Add SlackChannel implementation using @slack/bolt Socket Mode (WebSocket, no public URL needed)
  • Workspace-level shared context across Slack channels (mirrors Discord's server-level pattern)
  • Full feature parity with Discord: image attachments, bot mention translation, DM auto-trigger, share_request tool, JID-based routing (slack:{channelId} / slack:dm:{channelId})
  • Setup skill at .claude/skills/add-slack/SKILL.md with prerequisites, OAuth scopes, event subscriptions, and troubleshooting

Files changed

  • New: src/channels/slack.ts, .claude/skills/add-slack/SKILL.md
  • Modified: package.json, src/config.ts, src/types.ts, src/db.ts, src/index.ts, src/ipc.ts, src/container-runner.ts, src/task-scheduler.ts, container/agent-runner/src/index.ts, container/agent-runner/src/ipc-mcp-stdio.ts

Test plan

  • bun run build compiles cleanly
  • Add SLACK_BOT_TOKEN + SLACK_APP_TOKEN to .env, restart — verify "Slack bot connected via Socket Mode" in logs
  • Send @BotName hello in a Slack channel — verify message stored in DB
  • Register a Slack channel via main agent — verify group folder + CLAUDE.md created
  • Verify workspace backfill — check servers/{workspace-slug}/CLAUDE.md exists
  • Trigger share_request from Slack agent — verify it appears in WhatsApp
  • React on WhatsApp to approve — verify main agent wakes up and fulfills
  • Cross-group send_message to Slack channel — verify delivery
  • Rebuild container: container builder stop && container builder rm && container builder start && ./container/build.sh

🤖 Generated with Claude Code

@Peyton-Spencer @claude
feat: add Slack channel support (#3)
25c3401 
Add Slack as a secondary channel using Socket Mode (WebSocket, no public
URL). Mirrors the Discord pattern: workspace-level shared context,
JID-based routing, image attachments, share_request tool integration.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions
Copy link
Copy Markdown

github-actions bot commented Feb 11, 2026

This PR adds a skill while also modifying source code. A skill PR should not change source files—the skill should contain instructions for Claude to follow. See /convert-to-docker for an example.

If you're fixing a bug or simplifying code, please submit that as a separate PR.

See CONTRIBUTING.md for details.

@Peyton-Spencer
Copy link
Copy Markdown
Author

Peyton-Spencer commented Feb 12, 2026

CI Failure Analysis

The CI check is failing because this PR violates the repository's contribution guidelines by mixing two types of changes:

  1. Source code changes: Adding Slack channel support (src/channels/slack.ts, config changes, etc.)
  2. Skill file: Adding setup instructions (.claude/skills/add-slack/SKILL.md)

According to CONTRIBUTING.md, skill PRs should only contain instructions for Claude to follow, not modify source files.

Solution

This PR should be split into two separate PRs:

PR 1: Slack Channel Implementation

  • All source code changes (src/channels/slack.ts, config.ts, types.ts, etc.)
  • Package.json dependencies
  • Container runner changes
  • Remove the .claude/skills/add-slack/ directory

PR 2: Slack Setup Skill

  • Only the .claude/skills/add-slack/SKILL.md file
  • Should be submitted after PR 1 is merged
  • Contains instructions for Claude to help users set up Slack

I'll work on creating these split PRs now.

@Peyton-Spencer Peyton-Spencer mentioned this pull request Feb 12, 2026
Closed
9 tasks
@Peyton-Spencer
Copy link
Copy Markdown
Author

Peyton-Spencer commented Feb 12, 2026

Closing in favor of split PRs per CONTRIBUTING.md:

This ensures compliance with the guideline that skill PRs should not modify source files.

@Peyton-Spencer Peyton-Spencer mentioned this pull request Feb 14, 2026
Merged
3 tasks
Peyton-Spencer pushed a commit that referenced this pull request Feb 14, 2026
@nanoclaw @claude @Peyton-Spencer
fix: add transaction support to deleteTask and SQL injection safety c…
0f32a4b 
…omment

Database improvements from stability audit:

1. **Transaction Support for deleteTask (MEDIUM)**
   - Wrap DELETE operations in explicit transaction
   - Ensures both child and parent deletions succeed atomically
   - Prevents partial deletion leaving orphaned task_run_logs

2. **SQL Injection Safety Documentation (HIGH)**
   - Add security comment to updateTask explaining safety assumptions
   - Document that field names are hardcoded (not user-controlled)
   - Warn future maintainers about SQL injection risks if logic changes

Impact:
- Prevents database corruption from partial task deletions
- Documents security assumptions for future code reviewers
- Hardens codebase against accidental SQL injection introduction

Related:
- Audit report: nanoclaw-stability-audit-2026-02-14.md
- Issues #3, #12 from stability audit

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Peyton-Spencer added a commit that referenced this pull request Feb 14, 2026
@Peyton-Spencer @nanoclaw @claude
fix: Critical stability improvements from 2026-02-14 audit (#19)
5507abf 
* fix: stability quick wins from 2026-02-14 audit

Implements three critical stability fixes identified in the audit:

1. **Unhandled Promise Rejection Handler (CRITICAL)**
   - Add process.on('unhandledRejection') to prevent crashes
   - Logs rejections instead of exiting to maintain service uptime
   - Prevents complete service outage from uncaught promise errors

2. **WhatsApp Event Listener Memory Leak (CRITICAL)**
   - Store event handlers and remove them before reconnection
   - Prevents exponential handler accumulation on reconnects
   - Fixes memory leak leading to eventual OOM crashes

3. **Group Folder Path Traversal (MEDIUM)**
   - Validate folder names with regex (alphanumeric + _ -)
   - Verify resolved paths stay within groups directory
   - Prevents malicious group registration from writing to arbitrary paths

Impact:
- Prevents process crashes from unhandled rejections
- Fixes production memory leak in WhatsApp channel
- Hardens security against path traversal attacks

Related:
- Audit report: nanoclaw-stability-audit-2026-02-14.md
- Issues #1, #4, #16 from stability audit

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* fix: add transaction support to deleteTask and SQL injection safety comment

Database improvements from stability audit:

1. **Transaction Support for deleteTask (MEDIUM)**
   - Wrap DELETE operations in explicit transaction
   - Ensures both child and parent deletions succeed atomically
   - Prevents partial deletion leaving orphaned task_run_logs

2. **SQL Injection Safety Documentation (HIGH)**
   - Add security comment to updateTask explaining safety assumptions
   - Document that field names are hardcoded (not user-controlled)
   - Warn future maintainers about SQL injection risks if logic changes

Impact:
- Prevents database corruption from partial task deletions
- Documents security assumptions for future code reviewers
- Hardens codebase against accidental SQL injection introduction

Related:
- Audit report: nanoclaw-stability-audit-2026-02-14.md
- Issues #3, #12 from stability audit

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

---------

Co-authored-by: NanoClaw Agent <nanoclaw@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Peyton-Spencer