Skip to content

feat(gateway): enforce allowed_channel_ids on outbound emit (with DM exemption)#1884

Open
kgabryje wants to merge 1 commit into
mainfrom
gateway-emit-allowlist
Open

feat(gateway): enforce allowed_channel_ids on outbound emit (with DM exemption)#1884
kgabryje wants to merge 1 commit into
mainfrom
gateway-emit-allowlist

Conversation

@kgabryje

Copy link
Copy Markdown
Member

What

agor_gateway_emit_message (proactive outbound Slack) now honors the gateway channel's allowed_channel_ids whitelist. #1851 enforced the allowlist on the reaction/file-upload write tools but left the emit path unconstrained — this extends the same policy to emit, reusing the same isSlackWriteTargetAllowed helper so the semantics (including the DM exemption) stay identical.

How

The nuance: emit's target is not always a channel id — it can be a channel name (resolved via conversations.list) or a user email (resolved to a DM via users.lookupByEmail + conversations.open), while the allowlist operates on concrete conversation ids. So enforcement happens in GatewayService.emitMessage after target resolution, right before sendSlackMessage:

Denials happen before any Slack send and before the outbound audit row is written.

Tests

New gateway.test.ts block covering: channel-id target outside the allowlist → denied; channel-name target resolving to a non-allowlisted id → denied (the resolution-order crux); email→DM target → allowed despite an allowlist; allowlisted channel → allowed; no allowlist → any target allowed.

🤖 Generated with Claude Code

…exemption)

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@kgabryje kgabryje added ai-reviewed-gpt-5-6-sol Reviewed by Codex GPT-5.6-sol ai-reviewed-claude-fable-5 Reviewed by Claude Fable 5 labels Jul 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ai-reviewed-claude-fable-5 Reviewed by Claude Fable 5 ai-reviewed-gpt-5-6-sol Reviewed by Codex GPT-5.6-sol

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants