mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-10 00:33:31 +00:00
Slack onboarding: improve token help note with manifest option (openclaw#30846) thanks @yzhong52
Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: yzhong52 <3712071+yzhong52@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
This commit is contained in:
Tak Hoffman
@@ -84,6 +84,7 @@ Docs: https://docs.openclaw.ai
|
|||||||
### Fixes
|
### Fixes
|
||||||
|
|
||||||
- Docs/Slack manifest scopes: add missing DM/group-DM bot scopes (`im:read`, `im:write`, `mpim:read`, `mpim:write`) to the Slack app manifest example so DM setup guidance is complete. (#29999) Thanks @JcMinarro.
|
- Docs/Slack manifest scopes: add missing DM/group-DM bot scopes (`im:read`, `im:write`, `mpim:read`, `mpim:write`) to the Slack app manifest example so DM setup guidance is complete. (#29999) Thanks @JcMinarro.
|
||||||
|
- Slack/Onboarding token help: update setup text to include the “From manifest” app-creation path and current install wording for obtaining the `xoxb-` bot token. (#30846) Thanks @yzhong52.
|
||||||
- Slack/Bot attachment-only messages: when `allowBots: true`, bot messages with empty `text` now include non-forwarded attachment `text`/`fallback` content so webhook alerts are not silently dropped. (#27616)
|
- Slack/Bot attachment-only messages: when `allowBots: true`, bot messages with empty `text` now include non-forwarded attachment `text`/`fallback` content so webhook alerts are not silently dropped. (#27616)
|
||||||
- Slack/Inbound media auth + HTML guard: keep Slack auth headers on forwarded shared attachment image downloads, and reject login/error HTML payloads (while allowing expected `.html` uploads) when resolving Slack media so auth failures do not silently pass as files. (#18642)
|
- Slack/Inbound media auth + HTML guard: keep Slack auth headers on forwarded shared attachment image downloads, and reject login/error HTML payloads (while allowing expected `.html` uploads) when resolving Slack media so auth failures do not silently pass as files. (#18642)
|
||||||
- Slack/Security ingress mismatch guard: drop slash-command and interaction payloads when app/team identifiers do not match the active Slack account context (including nested `team.id` interaction payloads), preventing cross-app or cross-workspace payload injection into system-event handling. (#29091) Thanks @Solvely-Colin.
|
- Slack/Security ingress mismatch guard: drop slash-command and interaction payloads when app/team identifiers do not match the active Slack account context (including nested `team.id` interaction payloads), preventing cross-app or cross-workspace payload injection into system-event handling. (#29091) Thanks @Solvely-Colin.
|
||||||
|
|||||||
@@ -99,9 +99,9 @@ async function noteSlackTokenHelp(prompter: WizardPrompter, botName: string): Pr
|
|||||||
const manifest = buildSlackManifest(botName);
|
const manifest = buildSlackManifest(botName);
|
||||||
await prompter.note(
|
await prompter.note(
|
||||||
[
|
[
|
||||||
"1) Slack API → Create App → From scratch",
|
"1) Slack API → Create App → From scratch or From manifest (with the JSON below)",
|
||||||
"2) Add Socket Mode + enable it to get the app-level token (xapp-...)",
|
"2) Add Socket Mode + enable it to get the app-level token (xapp-...)",
|
||||||
"3) OAuth & Permissions → install app to workspace (xoxb- bot token)",
|
"3) Install App to workspace to get the xoxb- bot token",
|
||||||
"4) Enable Event Subscriptions (socket) for message events",
|
"4) Enable Event Subscriptions (socket) for message events",
|
||||||
"5) App Home → enable the Messages tab for DMs",
|
"5) App Home → enable the Messages tab for DMs",
|
||||||
"Tip: set SLACK_BOT_TOKEN + SLACK_APP_TOKEN in your env.",
|
"Tip: set SLACK_BOT_TOKEN + SLACK_APP_TOKEN in your env.",
|
||||||
|
|||||||
Reference in New Issue
Block a user