fix(slack): propagate mediaLocalRoots through Slack send path

Restore Slack local file upload parity with CVE-era local media allowlist enforcement by threading `mediaLocalRoots` through the Slack send call chain. - pass `ctx.mediaLocalRoots` from Slack channel action adapter into `handleSlackAction` - add and forward `mediaLocalRoots` in Slack action context/send path - pass `mediaLocalRoots` into `sendMessageSlack` for upload allowlist enforcement - add changelog entry with attribution for this behavior fix Co-authored-by: 2233admin <1497479966@qq.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-05-10 08:32:43 +00:00 · 2026-03-06 09:52:49 +11:00
parent a0b731e2ce
commit 7830366f3c
4 changed files with 10 additions and 1 deletions
--- a/src/agents/tools/slack-actions.ts
+++ b/src/agents/tools/slack-actions.ts
@@ -50,6 +50,8 @@ export type SlackActionContext = {
  replyToMode?: "off" | "first" | "all";
  /** Mutable ref to track if a reply was sent (for "first" mode). */
  hasRepliedRef?: { value: boolean };
+  /** Allowed local media directories for file uploads. */
+  mediaLocalRoots?: readonly string[];
 };

 /**
@@ -209,6 +211,7 @@ export async function handleSlackAction(
        const result = await sendSlackMessage(to, content ?? "", {
          ...writeOpts,
          mediaUrl: mediaUrl ?? undefined,
+          mediaLocalRoots: context?.mediaLocalRoots,
          threadTs: threadTs ?? undefined,
          blocks,
        });