From 03458507941c4e31826bc07693d708bee6e52718 Mon Sep 17 00:00:00 2001 From: "codegen-sh[bot]" <131295404+codegen-sh[bot]@users.noreply.github.com> Date: Thu, 18 Sep 2025 18:54:31 +0000 Subject: [PATCH] Add data scope and audit trail info to Slack security docs - Added Data Scope and Context section explaining thread vs single message context - Added Audit Trail section with link to Recents page for administrators - Addresses common security questions about Slack integration data handling Co-authored-by: jay --- docs/integrations/slack.mdx | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/integrations/slack.mdx b/docs/integrations/slack.mdx index 987ebb24c..b55805c76 100644 --- a/docs/integrations/slack.mdx +++ b/docs/integrations/slack.mdx @@ -118,10 +118,19 @@ The Codegen Slack integration requires the following permissions to function eff - **Data Retention:** Outside of the LLM API interactions, message content is retained by Codegen solely for the purpose of displaying it within the Codegen user interface. - **Metadata from Private Channels:** When messages from private Slack channels are processed, Codegen does not expose private metadata, such as the original author's name or username, in the Codegen web app. Private channel names are anonymized and displayed as "Private channel" to non-members. +**Data Scope and Context:** + +- **Thread Context:** When Codegen is mentioned inside a thread, it will pull context from the entire thread, including the messages sent and media shared within that thread. +- **Single Message Context:** When Codegen is mentioned outside of a thread, it will only be scoped to the specific message in which it is mentioned. + **User Permissions and Access Control:** Codegen's actions on connected repositories are governed by the permissions of the user who initiated the interaction via Slack. The bot itself does not have independent permissions to repositories. Access to repositories and the ability to trigger actions are determined by the Codegen user's authenticated account and their associated repository permissions. We recommend configuring channel access carefully during installation to ensure the Codegen integration for Slack is only present in channels where its use is appropriate. +**Audit Trail:** + +Administrators can access a comprehensive audit trail through the [Recents page](https://codegen.com/recents) in the Codegen web app. This provides detailed logs of when and by whom Codegen was invoked in Slack, with filtering capabilities by integration, user, and other parameters. + **Privacy Policy:** For complete details on how we collect, use, and protect your data, please review our [Privacy Policy](https://www.codegen.com/privacy-policy).