fix(slack): drop mismatched Socket Mode events (#889)

Filter Slack Socket Mode events by api_app_id/team_id.
Refs: #828
Contributor: @roshanasingh4

Co-authored-by: Roshan Singh <roshanasingh4@users.noreply.github.com>

src/slack/monitor/provider.ts

@@ -18,6 +18,13 @@ import { registerSlackMonitorSlashCommands } from "./slash.js";
 
 import type { MonitorSlackOpts } from "./types.js";
 
+function parseApiAppIdFromAppToken(raw?: string) {
+  const token = raw?.trim();
+  if (!token) return undefined;
+  const match = /^xapp-\d-([a-z0-9]+)-/i.exec(token);
+  return match?.[1]?.toUpperCase();
+}
+
 export async function monitorSlackProvider(opts: MonitorSlackOpts = {}) {
   const cfg = opts.config ?? loadConfig();
 
@@ -81,14 +88,23 @@ export async function monitorSlackProvider(opts: MonitorSlackOpts = {}) {
 
   let botUserId = "";
   let teamId = "";
+  let apiAppId = "";
+  const expectedApiAppIdFromAppToken = parseApiAppIdFromAppToken(appToken);
   try {
     const auth = await app.client.auth.test({ token: botToken });
     botUserId = auth.user_id ?? "";
     teamId = auth.team_id ?? "";
+    apiAppId = (auth as { api_app_id?: string }).api_app_id ?? "";
   } catch {
     // auth test failing is non-fatal; message handler falls back to regex mentions.
   }
 
+  if (apiAppId && expectedApiAppIdFromAppToken && apiAppId !== expectedApiAppIdFromAppToken) {
+    runtime.error?.(
+      `slack token mismatch: bot token api_app_id=${apiAppId} but app token looks like api_app_id=${expectedApiAppIdFromAppToken}`,
+    );
+  }
+
   const ctx = createSlackMonitorContext({
     cfg,
     accountId: account.accountId,
@@ -97,6 +113,7 @@ export async function monitorSlackProvider(opts: MonitorSlackOpts = {}) {
     runtime,
     botUserId,
     teamId,
+    apiAppId,
     historyLimit,
     sessionScope,
     mainKey,