openclaw - 💡(How to fix) Fix [Bug]: Slack accounts: dmPolicy "open" ignored in authorizeSlackDirectMessage, DMs silently dropped

Bug type

Behavior bug (incorrect output/state without crash)

Beta release blocker

No

Summary

Slack accounts: dmPolicy "open" is ignored, causing Socket Mode DMs to be silently dropped

Steps to reproduce

1. Configure Slack Socket Mode using the channels.slack.accounts object instead of top-level channels.slack.botToken / appToken.

2. Set DM access to open at both root and account level:

   channels.slack.dmPolicy = "open" channels.slack.dm.enabled = true channels.slack.dm.policy = "open"

   channels.slack.accounts.soltea.dmPolicy = "open" channels.slack.accounts.soltea.dm.enabled = true channels.slack.accounts.soltea.dm.policy = "open"

3. Add a Slack binding for that account:

   { "agentId": "main", "match": { "channel": "slack", "accountId": "soltea" } }

4. Start OpenClaw.

5. Confirm the Slack provider starts and Socket Mode connects:

   [slack] [soltea] starting provider [slack] socket mode connected

6. Send a DM to the Slack bot from a user who is not explicitly listed in allowFrom.

7. Observe that the raw Slack message event is received and Bolt enters app.event("message"), but the message is not dispatched to the agent and no reply is sent.

8. Add a diagnostic log around prepareSlackMessage() / authorizeSlackInboundMessage().

9. Observe that prepareSlackMessage() returns null because authorizeSlackInboundMessage() returns no authorization.

Expected behavior

When dmPolicy is set to "open" for a Slack account, direct messages from any Slack user should be authorized without requiring allowFrom or pairing.

For a Socket Mode Slack account configured under channels.slack.accounts.<accountId>, an inbound DM should be processed and dispatched to the matched agent binding, for example:

{ "agentId": "main", "match": { "channel": "slack", "accountId": "soltea" } }

dmPolicy: "open" should behave as open access for DMs, not as “deny unless allowlisted”.

Actual behavior

With the same Slack app and tokens, the Socket Mode connection succeeds and Slack delivers the DM event.

Observed logs/diagnostics:

• The Slack account starts:

  [slack] [soltea] starting provider [slack] socket mode connected

• The raw SocketModeReceiver receives the DM event:

  event.type = "message" event.channel_type = "im" event.user = "<slack-user-id>" event.channel = "<dm-channel-id>"

• Bolt enters the OpenClaw message handler:

  [slack-handler] message entered { "event_type": "message", "channel_type": "im", "channel": "<dm-channel-id>", "user": "<slack-user-id>" }

• However, the message is not dispatched to the agent and no reply is sent.

Additional diagnostic logging showed:

prepareSlackMessage() returned null because authorization was null.

Root cause found in authorizeSlackDirectMessage():

if (allowMatch.allowed) return true;

if (params.ctx.dmPolicy === "pairing") {
  ...
  return false;
}

await params.onUnauthorized(...)
return false;

### OpenClaw version

2026.5.22

### Operating system

Linux

### Install method

Container runtime: Podman

### Model

deepseek/deepseek-v4-pro

### Provider / routing chain

openclaw -> slack api

### Additional provider/model setup details


Image: ghcr.io/openclaw/openclaw:2026.5.22
Slack plugin: @openclaw/slack installed as external plugin

### Logs, screenshots, and evidence

```shell

Impact and severity

No response

Additional information

I was able to confirm this is not a Slack delivery / Socket Mode problem.

Diagnostics showed:

1. Slack SocketModeReceiver receives the raw DM event.
2. Bolt enters app.event("message").
3. prepareSlackMessage() returns null.
4. The reason is that authorizeSlackInboundMessage() gets no authorization.
5. The authorization failure happens because authorizeSlackDirectMessage() does not handle dmPolicy === "open".

Relevant code path:

if (allowMatch.allowed) return true;

if (params.ctx.dmPolicy === "pairing") {
  ...
  return false;
}

await params.onUnauthorized({
  allowMatchMeta,
  senderName
});
return false;