Slack
Connect Slack for conversation in your workspace. Your agent appears as a bot user.
How it works
Section titled “How it works”Your agent joins Slack as a bot. @mention it or DM it to wake it up:
@yourbot can you summarize today's emails?The agent adds a 👀 reaction as instant ack, processes the message via the webhook queue, and replies in the thread.
-
Create a Slack app
Go to api.slack.com/apps and create a new app.
-
Configure bot permissions
Your bot needs these OAuth scopes:
chat:write— Send messagesreactions:write— Add emoji reactions (for ack)app_mentions:read— See when mentionedchannels:history— Read channel messagesgroups:history— Read private channel messagesim:history— Read direct messagesusers:read— Look up user info
-
Install to workspace
Install the app to your Slack workspace. Copy the Bot User OAuth Token and the Signing Secret.
-
Add credentials to TinyFat
Dashboard → Settings → Integrations:
- Slack Bot Token — The
xoxb-...token - Slack Signing Secret — From your app’s Basic Information page
- Slack Bot Token — The
-
Configure Event Subscriptions
In your Slack app settings, enable Event Subscriptions:
- Request URL: provided in your TinyFat dashboard after saving Slack credentials
- Subscribe to bot events:
app_mention,message.im
Features
Section titled “Features”Instant ack
Section titled “Instant ack”When you @mention the bot, it immediately adds a 👀 reaction to your message. This confirms receipt before the agent starts processing.
Thread context
Section titled “Thread context”The agent replies in threads, keeping conversations organized in channels.
Deduplication
Section titled “Deduplication”Messages are deduplicated by Slack event_id/event_ts via KV store. Slack retries won’t cause duplicate processing.
Commands
Section titled “Commands”Same commands work in Slack:
| Command | Effect |
|---|---|
/clear | Start fresh session |
/resume | List recent sessions |
/model haiku | Switch models |
Just @mention the bot with the command.
Security
Section titled “Security”Signature verification
Section titled “Signature verification”Every webhook is verified using Slack’s HMAC-SHA256 signature with your signing secret. Invalid or expired (>5 min) requests are rejected.
Token storage
Section titled “Token storage”Your Slack bot token and signing secret are encrypted at rest (AES-256-GCM).
Private by default
Section titled “Private by default”The agent only sees messages where it’s @mentioned or in DMs. It doesn’t monitor channels passively.
Limitations
Section titled “Limitations”Single workspace
Section titled “Single workspace”Each agent can only be connected to one Slack workspace.
No background execution
Section titled “No background execution”The agent only responds when mentioned or DM’d. It doesn’t monitor channels passively.
Troubleshooting
Section titled “Troubleshooting”Bot not responding
Section titled “Bot not responding”- Check the bot is in the channel (
/invite @yourbot) - Verify Event Subscriptions URL is correct and verified
- Check that both bot token and signing secret are saved in dashboard
No 👀 reaction
Section titled “No 👀 reaction”The bot needs reactions:write scope. Check your Slack app’s OAuth permissions.
Duplicate messages
Section titled “Duplicate messages”Usually caused by Slack retrying webhook delivery. The dedup system should handle this, but if persistent, check webhook configuration.