fix(slack): request reactions:read in OAuth URL, drop im:history

[waleedlatif1]

Summary

Reconciles the Slack OAuth scope set with Slack Marketplace reviewer feedback (June 2):

• Add reactions:read — it was configured in the Slack app settings (and powers the reaction trigger) but missing from the OAuth URL, which the reviewer flagged.
• Remove im:history — a bot can't be added to a human-to-human DM, so im:history only powers the App Home Messages tab (now disabled). Our "Read Messages from a DM" justification didn't hold; per the reviewer, the scope is removed.

im:write / im:read are retained (opening/identifying a DM to send a message), and were not flagged.

Note: also remove im:history from the Slack app dashboard bot scopes to match.

Type of Change

• Bug fix

Testing

biome passes. Scope-only change.

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		Jun 3, 2026 2:10am

[cursor]

PR Summary

Medium Risk
OAuth scope changes require reconnects and may affect DM history expectations; marketplace/dashboard scope alignment is operationally sensitive but code change is small.

Overview
Aligns Slack OAuth and user-facing errors with Marketplace scope feedback.

The Slack connect flow now requests reactions:read (matching app settings / reaction triggers) and drops im:history from the OAuth scope list. im:write and im:read stay for opening and targeting DMs to send messages.

The read-messages API missing_scope message is updated to tell users to reconnect for channels:history / groups:history only, and that reading DM history is not supported with the Sim bot.

^{Reviewed by Cursor Bugbot for commit 0543dcc. Configure here.}

[greptile-apps]

Greptile Summary

This PR reconciles Sim's Slack OAuth scope set following Slack Marketplace reviewer feedback: reactions:read is added (it was in the app settings powering the reaction trigger but missing from the OAuth URL), and im:history is removed (the scope was unjustified since the Sim bot cannot be added to human-to-human DMs). The companion error message in the read-messages route is updated to reflect the new limitation accurately.

• oauth.ts: Removes im:history and appends reactions:read to the Slack OAuth scope array.
• route.ts: Rewrites the missing_scope error message to tell users that DM history reading is unsupported rather than instructing them to reconnect with im:history.
• capabilities.ts (unchanged, context only): The manifest generator for user-owned Slack bots retains im:history under the DM trigger capability — this is a separate, correct use-case for bots that legitimately need to receive message.im events.

Confidence Score: 5/5

Safe to merge — both changed files contain correct, minimal scope adjustments with no logic changes beyond an error message rewrite.

The diff is two targeted changes: a scope array update in the OAuth config and an error message string update. The scope removal and addition are both well-justified and consistent with the rest of the codebase.

No files require special attention. apps/sim/lib/oauth/utils.ts (not in the diff) is worth a one-line follow-up to add the reactions:read description.

Important Files Changed

Filename	Overview
apps/sim/lib/oauth/oauth.ts	Removes im:history and adds reactions:read to Slack's OAuth scope list — a clean, targeted scope reconciliation.
apps/sim/app/api/tools/slack/read-messages/route.ts	Updates the missing_scope error message to accurately reflect that im:history is no longer requested, making the user-facing message consistent with the new OAuth scope set.

_{Reviews (2): Last reviewed commit: "chore(slack): update read-messages missi..." | Re-trigger Greptile}

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 0543dcc. Configure here.}