fix(integrations): allow listing Slack DM/user remote dirs within event scope

[kjgbot]

Symptom

Inbox error:

Error invoking remote method 'integrations:list-remote-dir': Error: Integration remote directory is outside this project integration scope

It fired whenever a Slack DM / per-user message event arrived (e.g. .integrations/slack/users/U0ADJH4P83T/messages/<ts>/meta.json) and the renderer tried to list or read that remote directory.

Root cause

• integrations:list-remote-dir → IntegrationsManager.listRemoteDirectory (and readRemoteFile) gate the requested path against listableRemoteMountPaths(), which is the discovery path + canonical channel mount paths for each visible integration.
• Slack DM/user paths are event-subscribed via a separate glob set when DM listening is enabled — SLACK_DM_EVENT_GLOBS = /slack/channels/D*/**, /slack/users/*/messages/** (see integration-event-bridge.ts).
• Those DM/user roots are not in the canonical channel mount set, so the scope guard rejected every delivered DM/user event the UI tried to open.

Fix

Recognize the exact event-subscribed Slack DM roots and permit list/read of them only when DM listening is on for a visible Slack integration — without widening scope to non-DM channels.

• isSlackDmListablePath() — pure predicate matching /slack/users/** and /slack/channels/D*/** (Slack's D-prefixed DM channel-id convention, which a plain root path can't express).
• slackListenDms() is now exported; slackDmListingEnabledForProject() gates the predicate so the relaxation applies only when DM listening is actually enabled.
• Applied the gate in readRemoteFile, listRemoteDirectory, and the directory-entry filter. The existing mount-path guards are otherwise unchanged.

Tests

• vitest (integrations.test.ts): reading /slack/users/<id>/messages/<ts>/meta.json succeeds with DM listening on, and is still rejected with DM listening off (proving the gate is scoped to the flag, not a blanket loosening).
• node --test (integration-remote-paths.test.ts): unit coverage for isSlackDmListablePath, including D* DM channels and rejection of non-DM Slack / other-provider / discovery paths.
• Full integration-event-bridge suite (75) and integrations suite (30) pass.

🤖 Generated with Claude Code

[codeant-ai]

Your free trial PR review limit of 300 PRs has been reached. Please upgrade your plan to continue using CodeAnt AI.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

This PR extends the integrations manager to permit access to Slack direct-message and user-message paths when a project's Slack integration has DM listening enabled, using a new path predicate and project-level DM configuration check applied to file reads and directory listings.

Changes

Slack DM Access Control

Layer / File(s)	Summary
DM Path Detection Contract and Tests src/main/integration-remote-paths.ts, src/main/__tests__/integration-remote-paths.test.ts	New isSlackDmListablePath() recognizes Slack user-message routes (/slack/users/*/...) and DM-channel routes (/slack/channels/D*/...); tests verify DM patterns are matched and non-DM patterns are rejected.
DM Listening Check Export and Mock src/main/integration-event-bridge.ts, src/main/integrations.test.ts	slackListenDms() is exported from integration-event-bridge.ts to enable integration-level DM listening queries; test mocking integrates the check with scope flags.
DM Access Control in Remote Operations src/main/integrations.ts	Imports DM helpers, adds slackDmListingEnabledForProject() to check project-level DM status, and extends readRemoteFile() and listRemoteDirectory() to allow DM paths when project DM listening is enabled, even outside regular mount-path scopes.
DM Access Control Tests src/main/integrations.test.ts	Tests readRemoteFile() for Slack DM paths: reads succeed when scope.listenDms is enabled, and fail with scope error when disabled.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• AgentWorkforce/pear#154: Both PRs change Slack DM opt-in/scoping behavior by centering on slackListenDms (including integration-event-bridge.ts changes) and restricting which Slack DM/user message paths/contexts are considered listable or readable, so the changes are directly related at the Slack DM handling code level.
• AgentWorkforce/pear#156: Both PRs expand Slack DM support by coordinating on the canonical DM path patterns and listenDms behavior—main PR adds isSlackDmListablePath/scope gating for DM list/read in integrations.ts, while the retrieved PR updates the Slack DM event glob logic and public exports in integration-event-bridge.ts.

Poem

🐰 A rabbit hops through Slack with glee,
DM paths now flow so free,
When listening's on, the messages sing,
Cross projects and scopes, every DM ring!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: allowing Slack DM/user remote directory listing within event scope, directly reflecting the fix described in the PR.
Description check	✅ Passed	The description is well-structured and comprehensively related to the changeset, detailing the symptom, root cause, fix approach, and test coverage for the Slack DM/user path scope issue.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/slack-dm-remote-dir-scope

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[agent-relay-code]

pr-reviewer could not complete review for #186 in AgentWorkforce/pear.
The review harness exited with code 1.
No review was posted; this needs operator attention.

[gemini-code-assist]

Code Review

This pull request enables listing and reading Slack direct-message (DM) and per-user message paths when DM listening is enabled, even if they fall outside the canonical channel mount paths. This is implemented via a new isSlackDmListablePath helper and checking the project's DM listening status. The review feedback suggests simplifying the path segment parsing in isSlackDmListablePath by removing a redundant trailing slash replacement.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

The .replace(/\/+$/, '') call is redundant because .split('/') followed by .filter(Boolean) already discards any empty segments, including those resulting from trailing slashes. Removing it simplifies the code and slightly improves performance.

Suggested change

	const segments = (remotePath || '').trim().replace(/\/+$/, '').split('/').filter(Boolean)
	const segments = (remotePath || '').trim().split('/').filter(Boolean)

[agent-relay-code]

ℹ️ pr-reviewer: review only — no file changes were applied to the PR (nothing to commit after review). The notes below are advisory and were not pushed.

pr-reviewer could not complete review for #186 in AgentWorkforce/pear.
The review harness exited with code 1.
No review was posted; this needs operator attention.

[agent-relay-code]

pr-reviewer could not complete review for #186 in AgentWorkforce/pear.
The review harness exited with code 1.
No review was posted; this needs operator attention.

[agent-relay-code]

ℹ️ pr-reviewer: review only — no file changes were applied to the PR (nothing to commit after review). The notes below are advisory and were not pushed.

pr-reviewer could not complete review for #186 in AgentWorkforce/pear.
The review harness exited with code 1.
No review was posted; this needs operator attention.

[agent-relay-code]

pr-reviewer could not complete review for #186 in AgentWorkforce/pear.
The review harness exited with code 1.
No review was posted; this needs operator attention.

[agent-relay-code]

ℹ️ pr-reviewer: review only — no file changes were applied to the PR (nothing to commit after review). The notes below are advisory and were not pushed.

pr-reviewer could not complete review for #186 in AgentWorkforce/pear.
The review harness exited with code 1.
No review was posted; this needs operator attention.

[agent-relay-code]

pr-reviewer could not complete review for #186 in AgentWorkforce/pear.
The review harness exited with code 1.
No review was posted; this needs operator attention.

[agent-relay-code]

ℹ️ pr-reviewer: review only — no file changes were applied to the PR (nothing to commit after review). The notes below are advisory and were not pushed.

pr-reviewer could not complete review for #186 in AgentWorkforce/pear.
The review harness exited with code 1.
No review was posted; this needs operator attention.

[agent-relay-code]

pr-reviewer could not complete review for #186 in AgentWorkforce/pear.
The review harness exited with code 1.
No review was posted; this needs operator attention.

[agent-relay-code]

ℹ️ pr-reviewer: review only — no file changes were applied to the PR (nothing to commit after review). The notes below are advisory and were not pushed.

pr-reviewer could not complete review for #186 in AgentWorkforce/pear.
The review harness exited with code 1.
No review was posted; this needs operator attention.

[agent-relay-code]

pr-reviewer could not complete review for #186 in AgentWorkforce/pear.
The review harness exited with code 1.
No review was posted; this needs operator attention.

[agent-relay-code]

ℹ️ pr-reviewer: review only — no file changes were applied to the PR (nothing to commit after review). The notes below are advisory and were not pushed.

pr-reviewer could not complete review for #186 in AgentWorkforce/pear.
The review harness exited with code 1.
No review was posted; this needs operator attention.