feat: safe mode — redirect send to draft editor, block edit/delete#106
Open
TheOutdoorProgrammer wants to merge 1 commit into
Open
feat: safe mode — redirect send to draft editor, block edit/delete#106TheOutdoorProgrammer wants to merge 1 commit into
TheOutdoorProgrammer wants to merge 1 commit into
Conversation
Adds an enforced human-in-the-loop mode (AGENT_SLACK_SAFE_MODE env var or global --safe-mode flag) for AI agent environments: - message send is redirected to the browser draft editor with the text and thread context pre-filled; output includes safe_mode/redirected_from markers and a stderr warning. Flags the editor cannot represent (--attach, --blocks, --schedule, --schedule-in, --reply-broadcast) are rejected instead of silently dropped, and the CI direct-send shortcut is blocked so safe mode cannot be bypassed with CI=1. - message edit and message delete are blocked with a clear error. - Read operations and reactions are unchanged. Implements feature 1 of stablyai#80.
Contributor
|
gonna take a look in these two days :-) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
AGENT_SLACK_SAFE_MODEenv var (1/true/yes/on) or a global--safe-modeflagmessage sendis redirected to the browser draft editor andmessage edit/message deleteare blockedChanges
Skill instructions like "always use draft, never send" are guidance an agent can ignore. Safe mode enforces the policy at the tool level so nothing posts to Slack without human review.
src/cli/safe-mode.ts(new):isSafeModeEnabled()(env var + CLI flag),safeModeBlockedError(), andredirectSendToDraft(). The redirect opens the draft editor with the send text and thread context pre-filled, prints a stderr warning, and marks the JSON output with"safe_mode": trueand"redirected_from": "send". Send flags the editor cannot represent (--attach,--blocks,--schedule,--schedule-in,--reply-broadcast) are rejected with an explicit error instead of being silently dropped. The CI direct-send shortcut in the draft path is also blocked, soCI=1cannot bypass safe mode.src/cli/message-command.ts: wires the redirect intosendand the blocks intoedit/delete. Read operations and reactions are unchanged (reactions felt low-risk; easy to gate later if desired).src/index.ts: registers the global--safe-modeflag.test/safe-mode.test.ts(new): 22 tests covering env var parsing, flag override, unsupported-flag rejection (individually and combined), the CI guard, and the redirect payload/draft invocation via an injected draft function.skills/agent-slack/references/commands.mdnotes onsend/edit/delete, and aSKILL.mdmention so agents know the behavior exists.Verified manually: env var and flag both block
edit/delete(exit 1),sendwith unsupported flags errors, andsendwith plain text opens the draft editor pre-filled with the warning on stderr. Full suite passes (261 tests), typecheck clean, lint warnings unchanged from baseline.