Skip to content

Feature: Safe mode (redirect send→draft) and background/detach mode for draft editor #80

Description

@TheOutdoorProgrammer

Feature 1: Safe Mode — Redirect message sendmessage draft

Problem

When an AI agent has access to agent-slack, there's always a risk it will call message send directly, posting a message to Slack without human review. Even with careful skill instructions telling the agent to prefer draft, agents don't always follow instructions — especially across different models, prompt configurations, or when reasoning under pressure.

Today the only mitigation is prompt engineering ("always use draft, never use send"), which is fundamentally unreliable. There's no way to enforce this at the tool level.

Proposed Solution

A safe mode configuration (env var and/or CLI flag) that intercepts message send and redirects it to message draft instead:

# Env var
export AGENT_SLACK_SAFE_MODE=1
agent-slack message send "#general" "hello"  # → silently opens draft editor instead

# Or CLI flag
agent-slack --safe-mode message send "#general" "hello"  # → opens draft editor

# Or config file
# ~/.config/agent-slack/config.json
# { "safe_mode": true }

Behavior when safe mode is active:

  • message send → opens draft editor with the provided text pre-filled (same as message draft <target> <text>)
  • message edit → could either block with an error or open draft with the new text
  • message delete → block with an error explaining safe mode is active
  • All read operations (get, list, search, etc.) → unchanged
  • message react add/remove → up to you, these feel low-risk but could be gated too

Output should clearly indicate the redirect happened, e.g.:

⚠ Safe mode active: redirecting "send" → "draft editor"
Opening draft editor...

This way the human is always in the loop for any message that goes out.

Why Not Just Use Skill Instructions?

My skill config says "NEVER use agent-slack message send". But:

  1. Models don't always follow instructions (especially smaller/faster models)
  2. Different agent frameworks have different prompt adherence
  3. A belt-and-suspenders approach is standard security practice
  4. Some orgs may want to enforce this as policy, not just guidance

Feature 2: Background/Detach Mode for Draft Editor

Problem

The message draft command opens a browser-based WYSIWYG editor and blocks the shell until the user sends or closes it. This is great for humans, but causes problems when invoked by an AI agent:

  1. Agent timeout: The AI agent's shell tool has a timeout (typically 2 minutes). If the user is composing a message and takes longer, the command times out from the agent's perspective.
  2. Overlay on timeout: When the command times out, many agent UIs throw up a "command failed" overlay/modal that covers the browser window with the draft editor still open underneath. The user then has to manually dismiss the overlay (sometimes via browser dev tools / inspect element to remove the blocking DOM node) to get back to their draft.
  3. Lost context: After timeout, the agent loses track of the draft session and can't report success/failure back to the user.

Proposed Solution

A --background or --detach flag (or env var) that makes the draft command:

  1. Launch the browser editor
  2. Print the editor URL to stdout
  3. Return immediately (exit 0) instead of waiting for the user to send
# Flag
agent-slack message draft "#general" "here's what I think" --background

# Env var (useful for agent configurations)
export AGENT_SLACK_DRAFT_BACKGROUND=1
agent-slack message draft "#general" "here's what I think"

Expected output:

{
  "status": "draft_opened",
  "editor_url": "http://localhost:PORT/draft/...",
  "message": "Draft editor opened in browser. Send when ready."
}

This way the agent's command completes immediately (no timeout), the browser editor stays open for the user to review/edit/send at their leisure, and there's no overlay/timeout issue.

Alternative: Auto-detect Non-Interactive Environment

If the tool could detect it's running in a non-TTY/non-interactive shell (which is always the case for AI agents), it could automatically use background mode:

# If stdin is not a TTY, auto-detach
if [ ! -t 0 ]; then
  # background mode automatically
fi

This would be a nice default behavior without requiring explicit flags.


Combined: The Ideal AI Agent Setup

With both features, an agent's environment would look like:

export AGENT_SLACK_SAFE_MODE=1           # send → draft redirect
export AGENT_SLACK_DRAFT_BACKGROUND=1    # draft returns immediately

This means:

  • Any message send call → opens draft editor → returns immediately
  • Any message draft call → opens draft editor → returns immediately
  • The human is always in the loop
  • No agent timeouts
  • No browser overlay issues

Context

I'm using agent-slack with OpenCode. My agent skill instructions say to always use draft instead of send, but agents don't always comply. And even when they do use draft, the blocking behavior causes timeouts that result in a broken UI experience (overlay covering the draft editor, requiring inspect-element to dismiss).

These two features would make agent-slack significantly safer and more reliable for AI agent use cases.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions