feat(create-slack-app): read API keys from shell env before prompting#62
Draft
mwbrooks wants to merge 1 commit into
Draft
feat(create-slack-app): read API keys from shell env before prompting#62mwbrooks wants to merge 1 commit into
mwbrooks wants to merge 1 commit into
Conversation
Step 4c now probes for the required provider key in the developer's
shell environment first and only falls back to AskUserQuestion when
it's missing. When the env var is present, the value is passed through
to slack env set by reference ("$VAR"), so the literal key never lands
in the chat transcript.
Tightens the "do not echo" guard to also forbid printenv, echo $VAR,
and slack env list — all of which would leak the value.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This pull request lets the
create-slack-appskill pick up the AI provider API key from the developer's shell environment instead of always prompting for it in chat.ANTHROPIC_API_KEY,OPENAI_API_KEY) with a non-echoing check before invokingAskUserQuestion.slack env setby reference ("$ANTHROPIC_API_KEY"), so Bash expands it at run time and the literal key never lands in the chat transcript.AskUserQuestionprompt still runs — with a one-line note telling the developer they can export the variable ahead of time to skip the prompt in future sessions.echo $VAR,printenv, andslack env list, all of which would print the stored value.Motivated by demo recordings and screen-shared sessions where the existing flow would render an API key in plaintext in the visible transcript.
Testing
ANTHROPIC_API_KEYexported in the shell, runcreate-slack-appagainst an agent template (e.g.bolt-python-starter-agentwith theclaude-agent-sdksubdir) and confirm:AskUserQuestionprompt fires for the key.AskUserQuestionprompt still fires.slack env setsucceeds with the pasted value.