fix(slack): Carry canonical actor identity#523
Draft
dcramer wants to merge 7 commits into
Draft
Conversation
Resolve Slack requester identity from Slack profile data before it reaches runtime requester context, plugin hooks, and Git commit attribution. Stop carrying raw Slack ids as display names from edited-message ingress and resume paths. Require GitHub coauthor attribution to have a resolved requester name and email instead of inventing fallback identity. Fixes #522 Co-Authored-By: GPT-5 Codex <codex@openai.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Refuse slash-command credential work without a real Slack requester id and stop promoting Slack ids into display metadata at Slack form ingress. Sanitize scheduler creator metadata before persistence, prompt rendering, and operational reports so scheduled runs retain audit ids without treating them as active user profile fields. Refs #522 Co-Authored-By: GPT-5 Codex <codex@openai.com>
dcramer
changed the title
Resolve Slack message actor identity before queued work reaches runtime and persist only the bound actor fields into conversation memory. Keep adapter display fallbacks and legacy raw Slack ids from becoming requester names in prompts, logs, or persisted history. Refs #522 Co-Authored-By: GPT-5 Codex <codex@openai.com>
dcramer
changed the title
Delete fallback identity construction after actor normalization and fail closed for synthetic slash-command actor ids. Keep conversation display fallback local to rendering so the message actor service only owns identity binding. Refs #522 Co-Authored-By: GPT-5 Codex <codex@openai.com>
Treat synthetic unknown requester fields as absent in scheduler creator metadata and GitHub coauthor attribution. Keep scheduler task creation from persisting unknown creator ids, and deny git commit coauthor injection when the display name is unresolved. Refs #522 Co-Authored-By: GPT-5 Codex <codex@openai.com>
dcramer
changed the title
Update the Slack resume integration expectation to match canonical requester profile lookup instead of stale persisted display hints. Refs #522 Co-Authored-By: GPT-5 Codex <codex@openai.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 7dd9c30. Configure here.
Reject synthetic Slack slash command requester ids before link or unlink flows can bind credentials. Keep scheduler operational reports from aborting when persisted task creator metadata is already invalid; report the invalid metadata instead of inventing actor identity. Refs #522 Co-Authored-By: GPT-5 Codex <codex@openai.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Slack actor attribution now flows from canonical Slack actor ids and Slack profile lookups instead of adapter display fallbacks. Live turns, queued mailbox processing, edited messages, OAuth/timeout resumes, scheduler creator metadata, plugin hooks, and Git commit attribution now either carry real actor context or fail closed when real actor fields are required.
Canonical Message Actors
Slack mailbox records require an actor id before persistence, and restored queued messages bind a resolved per-message actor identity before runtime handling. Conversation memory persists and renders from that canonical binding, while legacy raw Slack ids stay audit-only as actor ids instead of becoming author display names.
No Synthetic Identity
Requester normalization, slash-command ingress, scheduler creator metadata, and GitHub commit coauthor attribution now treat synthetic
unknownvalues as absent. The remaining accepted unresolved shape is an audit-only Slack actor id; display names and emails must come from resolved actor/profile data.Requester-Sensitive Side Effects
Runtime requester context, trusted plugin hooks, scheduler creator metadata, and Git commit coauthors use normalized Slack actor identity. Scheduled runs remain system-actor executions; creator data is sanitized audit metadata, not an active-user identity substitute.
Fixes #522