fix(security): gate slash/control commands

2026-05-08 02:01:25 +00:00 · 2026-01-17 06:49:17 +00:00
parent 7ed55682b7
commit 6a3ed5c850
22 changed files with 758 additions and 203 deletions
--- a/src/slack/monitor/message-handler/prepare.ts
+++ b/src/slack/monitor/message-handler/prepare.ts
@@ -19,6 +19,7 @@ import { resolveAgentRoute } from "../../../routing/resolve-route.js";
 import { resolveThreadSessionKeys } from "../../../routing/session-key.js";
 import { resolveMentionGating } from "../../../channels/mention-gating.js";
 import { resolveConversationLabel } from "../../../channels/conversation-label.js";
+import { resolveCommandAuthorizedFromAuthorizers } from "../../../channels/command-gating.js";

 import type { ResolvedSlackAccount } from "../../accounts.js";
 import { reactSlackMessage } from "../../actions.js";
@@ -238,7 +239,13 @@ export async function prepareSlackMessage(params: {
          userName: senderName,
        })
      : false;
-  const commandAuthorized = ownerAuthorized || channelCommandAuthorized;
+  const commandAuthorized = resolveCommandAuthorizedFromAuthorizers({
+    useAccessGroups: ctx.useAccessGroups,
+    authorizers: [
+      { configured: allowFromLower.length > 0, allowed: ownerAuthorized },
+      { configured: channelUsersAllowlistConfigured, allowed: channelCommandAuthorized },
+    ],
+  });

  if (
    allowTextCommands &&
--- a/src/slack/monitor/slash.ts
+++ b/src/slack/monitor/slash.ts
@@ -20,6 +20,7 @@ import {
 } from "../../pairing/pairing-store.js";
 import { resolveAgentRoute } from "../../routing/resolve-route.js";
 import { resolveConversationLabel } from "../../channels/conversation-label.js";
+import { resolveCommandAuthorizedFromAuthorizers } from "../../channels/command-gating.js";

 import type { ResolvedSlackAccount } from "../accounts.js";

@@ -293,15 +294,21 @@ export function registerSlackMonitorSlashCommands(params: {
        id: command.user_id,
        name: senderName,
      });
-      if (isRoomish && ctx.useAccessGroups && !(ownerAllowed || channelUserAllowed)) {
-        await respond({
-          text: "You are not authorized to use this command.",
-          response_type: "ephemeral",
-        });
-        return;
-      }
      if (isRoomish) {
-        commandAuthorized = ctx.useAccessGroups ? ownerAllowed || channelUserAllowed : true;
+        commandAuthorized = resolveCommandAuthorizedFromAuthorizers({
+          useAccessGroups: ctx.useAccessGroups,
+          authorizers: [
+            { configured: effectiveAllowFromLower.length > 0, allowed: ownerAllowed },
+            { configured: channelUsersAllowlistConfigured, allowed: channelUserAllowed },
+          ],
+        });
+        if (ctx.useAccessGroups && !commandAuthorized) {
+          await respond({
+            text: "You are not authorized to use this command.",
+            response_type: "ephemeral",
+          });
+          return;
+        }
      }

      if (commandDefinition && supportsInteractiveArgMenus) {