Skip to content

feat(nodes): add Slack Events source node#1591

Open
kgarg2468 wants to merge 2 commits into
rocketride-org:developfrom
kgarg2468:feat/RR-1590-slack-events-node
Open

feat(nodes): add Slack Events source node#1591
kgarg2468 wants to merge 2 commits into
rocketride-org:developfrom
kgarg2468:feat/RR-1590-slack-events-node

Conversation

@kgarg2468

@kgarg2468 kgarg2468 commented Jul 15, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Add slack, a source node that receives authenticated Slack Events API callbacks at /slack/events.
  • Route app mentions and channel, private-channel, and direct-message events to the text lane.
  • Route reaction_added events to the json lane while retaining the complete Slack envelope as native entry metadata.
  • Add bounded queueing, event-ID deduplication, Slack retry support, graceful shutdown, documentation, an example pipeline, and a native Slack icon.

Type

feature (new pipeline source node) + docs + tests

What changed

  • Added the Slack Events source-node implementation and service schema.
  • Added HMAC-SHA256 request verification with a five-minute timestamp freshness window.
  • Added authenticated Slack URL verification handling.
  • Added these supported routes:
    • app_mentiontext
    • message.channelstext
    • message.groupstext
    • message.imtext
    • reaction_addedjson
  • Ignore authenticated bot/app messages to prevent feedback loops.
  • Added a bounded in-memory queue with 503 responses when intake is saturated, allowing Slack to retry.
  • Added process-local event-ID deduplication with configurable TTL.
  • Added graceful queue draining and recovery from individual downstream pipe failures.
  • Added examples/slack-events.pipe, connecting text and JSON outputs to response nodes.
  • Added setup, security, delivery-behavior, limitations, and troubleshooting documentation.

Why this feature fits this codebase

The implementation follows RocketRide's existing source-node endpoint lifecycle and response-lane patterns. It is node-local and additive: no shared package or engine changes are included in this PR.

The JSON output uses the engine's existing JSON-lane support from #1297.

Security and delivery behavior

  • Requests are verified against the exact raw request body before JSON parsing.
  • Invalid signatures return 401.
  • Malformed authenticated JSON returns 400.
  • Unavailable or saturated intake returns 503, allowing Slack to retry.
  • Duplicate event IDs are acknowledged without being emitted again.
  • Signing secrets can be supplied through the secure node field or SLACK_SIGNING_SECRET.
  • The example pipeline contains no credential values.
  • The node makes no outbound Slack API calls.

Queueing and deduplication are intentionally process-local and non-durable. Accepted events can be lost after abrupt process termination, and restarting the process clears deduplication state.

Testing

  • Tests added or updated — 67 Slack tests covering signatures, routing, deduplication, queue behavior, endpoint responses, pipe failures, startup, and shutdown.
  • Tested locally — 67 Slack tests passed; Ruff and formatting checks passed.
  • Live canvas E2E — delivered a real Slack message through the text lane and a real reaction through the json lane with no canvas errors or warnings.
  • Security scan — Gitleaks found no secrets in the node, tests, or example pipeline.
  • Docs added — README includes setup, supported events, security behavior, delivery semantics, limitations, troubleshooting, upstream links, and generated parameter markers.
  • ./builder nodes:docs-generate refreshed generated docs — invoked through nodes:build, but skipped because the workspace was on a detached HEAD.
  • ./builder nodes:test passes — the Slack suite passes, but the final unfiltered repository run reported unrelated provider-dependent failures outside this node.
  • ./builder nodes:test-full passes — reported unrelated Gretel anonymization failures; no Slack tests failed.
  • ./builder nodes:test-contracts passes — 304 passed.

Checklist

  • Commit messages follow conventional commits.
  • No secrets or credentials included.
  • Wiki not applicable — documentation is included in the node README with generated marker blocks.
  • Breaking changes documented — none; this is purely additive.

Release note

Slack reaction events require the JSON-lane engine support merged in #1297. That support is present on develop but was added after the current server-v3.3.0 public release. Public availability therefore requires the next server release containing #1297.

Linked Issue

Closes #1590

Summary by CodeRabbit

  • New Features
    • Added a Slack Events source with authenticated /slack/events webhook intake.
    • Routes supported Slack messages to text outputs and reactions to json outputs.
    • Added in-process event deduplication, bounded queueing/backpressure, and configurable queueCapacity and dedupTtlSeconds.
    • Filters bot/app-generated events and supports Slack URL verification challenges.
  • Documentation
    • Added comprehensive Slack Events node documentation, configuration schema, and troubleshooting guidance.
    • Included an example pipeline configuration for the Slack Events source.
  • Tests
    • Added extensive endpoint, routing, and signature/deduplication test coverage.

Add slack, an ingress source node that authenticates Slack Events API callbacks and routes approved message and reaction events into RocketRide pipelines. It follows the existing source endpoint and response-lane patterns.

- Verify request signatures and timestamp freshness before parsing
- Route message text and reaction JSON with bounded queueing and deduplication
- Add documentation, a native Slack icon, an example pipeline, and focused tests

Tests: 61 Slack tests and 304 contract tests passed; live Cursor canvas verification delivered a Slack message and reaction without errors.
@github-actions github-actions Bot added docs Documentation module:nodes Python pipeline nodes labels Jul 15, 2026
@github-actions

Copy link
Copy Markdown
Contributor
🤖 Internal: Discord sync marker

Auto-managed by the Discord notification workflow. Stores the linked Discord message ID and forum thread ID. Do not edit or delete.

@coderabbitai

coderabbitai Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

Adds a Slack Events source node that verifies callbacks, classifies supported events, deduplicates and queues deliveries, emits text or JSON lanes, manages signing-secret lifecycle, and includes configuration, tests, documentation, and an example pipeline.

Changes

Slack Events source

Layer / File(s) Summary
Service contract and package wiring
nodes/src/nodes/slack/services.json, nodes/src/nodes/slack/__init__.py, nodes/src/nodes/slack/IInstance.py, nodes/src/nodes/slack/requirements.txt
Defines node metadata, configuration schema, output lanes, runtime mapping, package exports, base instance, and FastAPI dependency.
Signature, deduplication, and event classification
nodes/src/nodes/slack/slack_events.py, nodes/test/slack/test_queue_dedup.py, nodes/test/slack/test_routing.py
Adds Slack HMAC verification, signing-secret resolution, TTL event deduplication, typed routing, bot filtering, and message/reaction classification with tests.
Signing-secret lifecycle
nodes/src/nodes/slack/IGlobal.py, nodes/test/slack/test_signature.py
Loads secrets from configuration or environment fallback, validates missing values with warnings, transfers runtime state, and clears it during teardown.
HTTP intake, queue delivery, and shutdown
nodes/src/nodes/slack/IEndpoint.py, nodes/test/slack/test_endpoint.py, nodes/test/slack/__init__.py
Implements the callback route, request validation, URL verification, bounded queueing, asynchronous pipe delivery, monitoring, lifecycle handling, and shutdown behavior.
Documentation and example pipeline
nodes/src/nodes/slack/README.md, examples/slack-events.pipe
Documents configuration and runtime behavior and adds pipeline wiring for Slack text and JSON lanes.

Estimated code review effort: 4 (Complex) | ~45 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Slack
  participant IEndpoint
  participant Queue
  participant PipeTarget
  Slack->>IEndpoint: POST /slack/events
  IEndpoint->>IEndpoint: Verify signature and classify event
  IEndpoint->>Queue: Enqueue routed event
  Queue->>IEndpoint: Consume event
  IEndpoint->>PipeTarget: Write text or JSON entry
Loading

Suggested reviewers: jmaionchi, rod-christensen, stepmikhaylov

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Linked Issues check ✅ Passed The PR covers the Slack Events source, routing, signature checks, queueing, deduplication, shutdown, docs, tests, and example pipeline required by #1590.
Out of Scope Changes check ✅ Passed The changes are confined to the Slack source node, its tests/docs, and the example pipeline; no unrelated scope is evident.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is concise and accurately summarizes the main change: adding a Slack Events source node.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 7

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@examples/slack-events.pipe`:
- Around line 10-12: Remove the extraneous google property from the slack node
configuration, leaving only the supported dedupTtlSeconds, queueCapacity, and
signingSecret parameters.

In `@nodes/src/nodes/slack/IEndpoint.py`:
- Around line 48-55: Add PEP 257-compliant docstrings to the IEndpoint class and
its lifecycle/entry-point methods _startup, _shutdown, _run, and scanObjects,
describing each symbol’s purpose and behavior while preserving the existing
implementation.
- Around line 48-176: Add concise PEP 257 docstrings to the IEndpoint class and
its lifecycle entry points, including _startup, _shutdown, _run, and
scanObjects, while preserving behavior. Also document the IGlobal class and its
lifecycle methods in nodes/src/nodes/slack/IGlobal.py lines 29-46; both files
require documentation-only changes.
- Line 121: Update the delivery flow around _consumer_task and _emit_event so
in-flight asyncio.to_thread work remains tracked and is awaited before
_shutdown() tears down the pipe, even when the 5-second drain timeout cancels
the consumer task. Alternatively, make _emit_event pipe writes cooperatively
stoppable before teardown, while preserving shutdown completion semantics. Add a
regression test covering a blocked _emit_event that outlives the drain timeout.
- Around line 56-60: Update _request_handler to avoid calling request.body()
before enforcing a Slack payload size limit. Read the request stream
incrementally with a hard byte cap, stop buffering when the limit is exceeded,
and return HTTP 413; otherwise assemble the bounded raw body and continue the
existing verify_slack_signature flow.

In `@nodes/src/nodes/slack/requirements.txt`:
- Line 1: Update the fastapi dependency declaration in requirements.txt to
require the safe minimum version >=0.111.0, preventing resolution of vulnerable
older Starlette versions while preserving the existing dependency.

In `@nodes/src/nodes/slack/slack_events.py`:
- Around line 105-127: Update classify_event to validate inner_type and the
message channel_type as strings before hash-based operations. Guard the
inner_type membership checks against non-string values, and only call
_MESSAGE_TYPES.get when inner.get('channel_type') is a string; otherwise reject
or leave the event unrouted without raising TypeError.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 5bccfd60-cd2f-432a-b9b5-aaa20a44c4c0

📥 Commits

Reviewing files that changed from the base of the PR and between f41afb5 and 476b715.

⛔ Files ignored due to path filters (1)
  • nodes/src/nodes/slack/slack-events.svg is excluded by !**/*.svg
📒 Files selected for processing (14)
  • examples/slack-events.pipe
  • nodes/src/nodes/slack/IEndpoint.py
  • nodes/src/nodes/slack/IGlobal.py
  • nodes/src/nodes/slack/IInstance.py
  • nodes/src/nodes/slack/README.md
  • nodes/src/nodes/slack/__init__.py
  • nodes/src/nodes/slack/requirements.txt
  • nodes/src/nodes/slack/services.json
  • nodes/src/nodes/slack/slack_events.py
  • nodes/test/slack/__init__.py
  • nodes/test/slack/test_endpoint.py
  • nodes/test/slack/test_queue_dedup.py
  • nodes/test/slack/test_routing.py
  • nodes/test/slack/test_signature.py

Comment thread examples/slack-events.pipe Outdated
Comment thread nodes/src/nodes/slack/IEndpoint.py
Comment thread nodes/src/nodes/slack/IEndpoint.py
Comment thread nodes/src/nodes/slack/IEndpoint.py
Comment thread nodes/src/nodes/slack/IEndpoint.py Outdated
Comment thread nodes/src/nodes/slack/requirements.txt
Comment thread nodes/src/nodes/slack/slack_events.py
Bound public callback bodies, reject malformed hash keys, document node lifecycle symbols, and keep in-flight pipe delivery tracked through shutdown. Clean the example configuration and add regression coverage for request limits and shutdown races.

Tests: 67 Slack tests and 304 node contract tests passed; ruff, formatting, and gitleaks passed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

docs Documentation module:nodes Python pipeline nodes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feat(nodes): add Slack Events source node

1 participant