Greptile Summary

This PR extends Slack's SLACK_USER_TOKEN support across three areas: it adds the env key to the shell-env allowlist in src/config/io.ts, expands the slackConfigured detection in the audit module to cover userToken at the config, per-account, and environment levels, and exports resolveSlackUserToken from the Slack public index. New account-resolution tests verify env fallback for the default account (with whitespace trimming), config-over-env precedence, and non-default account isolation.

• src/config/io.ts: SLACK_USER_TOKEN added to SHELL_ENV_EXPECTED_KEYS — consistent with SLACK_BOT_TOKEN/SLACK_APP_TOKEN.
• src/security/audit-extra.async.ts: userToken coverage added at all three tiers of the slackConfigured check (top-level secret input, per-account secret input, process.env), keeping the logic parity with botToken/appToken.
• src/security/audit.test.ts: The existing "flags extensions without plugins.allow" test now correctly saves, clears, and restores SLACK_USER_TOKEN in its try/finally block — no positive audit path test for SLACK_USER_TOKEN → critical severity, but this is a minor gap since the accounts.test.ts covers token resolution thoroughly.
• src/slack/accounts.test.ts: Three new well-structured tests with a proper afterEach teardown.
• src/slack/index.ts: resolveSlackUserToken cleanly added to the existing token export line.

Confidence Score: 5/5

• This PR is safe to merge — all changes are additive, consistent with existing patterns, and accompanied by targeted tests.
• All changes are mechanical extensions of established patterns (adding a new token type alongside two existing ones). The audit logic, config allowlist, and account resolution are updated consistently. Test coverage in accounts.test.ts is thorough for the new token-resolution behavior. The only minor gap is that no audit test exercises the SLACK_USER_TOKEN → critical-severity path, but this doesn't affect correctness.
• No files require special attention.

_{Last reviewed commit: 5fb517a}