Block Secrets in Slack Messages
Blocks Slack send-message tool calls whose message body looks like it contains a secret — API keys, passwords, tokens, or PEM-formatted private keys.
Blocks Slack send-message tool calls whose message body looks like it contains a secret — API keys, passwords, tokens, or PEM-formatted private keys.
A curated bundle of policies for instant-messaging MCP servers (Slack today; Microsoft Teams and Discord planned). The goal is a sensible default posture for any organization fronting an IM tool through the DTwo gateway: prevent secret leaks, redact sensitive data, and keep audit trails clean.
| Policy | App | Direction | Purpose |
|---|---|---|---|
| block-secrets | slack | ingress | Deny Slack send-message calls whose body looks like a secret (API key, password, token, private key). |
Policy bodies live under
apps/. This page only links to them — see the top-level README for the rationale.
Bundle membership is declared in each policy's policy.md frontmatter (the policy lists bundles: ["im-messaging"]). This page is a human-readable landing page; the generated manifest.json is the machine-readable source of truth. There is intentionally no separate bundle.json artifact — one source of metadata avoids drift.
The bundle's policies are designed to compose cleanly on the same ingress pipeline. None of them conflict with the others, and each is default allow := false only for the narrow concern it addresses (i.e., they don't accidentally deny tools they don't know about).
org_id, groups, etc.) vary by deployment. Add these as separate policies in your gateway.apps/teams/block-secrets, …) once a stable Teams MCP server lands in the catalog.*-search-messages / *-conversations-history tools across IM apps.