Preserve Slack artifact identity across corrections#2134
Conversation
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
Here's a visual recap of what changed: Open the full interactive recap |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
There was a problem hiding this comment.
Builder reviewed your changes and found 3 potential issues 🟡
Review Details
Incremental Code Review Summary
The latest commit addresses the three prior findings: marker payloads now use dot-safe base64url encoding, continuation persistence has been added after confirmed delivery, and the org-secret concern is covered in the updated continuation/auth flow. I verified those changes and resolved the three prior review threads. New review found remaining delivery-state and presentation issues in asynchronous and misconfigured-provider paths. This remains Standard risk because these paths affect duplicate sends, participant-visible history, and correction replay.
New Findings
🟡 MEDIUM — A continuation that was successfully delivered can be redelivered if thread persistence fails afterward, because the persistence exception enters the generic reschedule path.
🟡 MEDIUM — Several adapters still return no receipt on missing credentials, and the webhook handler treats that as a completed run rather than a delivery failure with fallback/retry handling.
🟡 MEDIUM — The HMAC marker is appended to A2A final response text and then forwarded verbatim through continuation adapters, exposing an opaque machine marker in user-facing Slack/Telegram replies and persisted delivery text.
🧪 Browser testing: Skipped — PR changes integration/backend logic, tests, skills, and changelog files without user-facing browser UI impact.

Summary
Verification
Manual QA gate
The real Slack correction story remains a post-deploy test because this workspace has no preview Slack bot or webhook environment:
#test-content-app.No production data was mutated while preparing this PR.
Scope separation
BuilderSync publication, preview relay, hosted authorization, and Builder UI work remain exclusively in #2130. This PR contains exactly the 14 Slack/Content correction paths.