Slack — ARX Docs

Overview¶

The Slack connector integrates with the Slack Web API for messaging, channel management, file sharing, and user group administration. It supports 42 operations across 8 API families: Messages, Channels, Users, Files, Usergroups, Reminders, Bookmarks, and Reactions.

In addition to general Slack automation, this connector serves as the primary human-in-the-loop (HITL) approval channel for the ARX platform (INV-002). It provides dedicated methods for sending rich approval request notifications with interactive approve/deny buttons and posting decision results as thread replies.

All operations are policy-evaluated and audit-logged through the ARX BaseConnector.execute() pipeline before reaching the Slack API.

Connector class: SlackConnector Module: app.connectors.slack

Prerequisites¶

Requirement	Details
Slack workspace	A Slack workspace where the bot will operate
Bot OAuth token	A `xoxb-` token from a Slack App with appropriate scopes
Scopes	`channels:history`, `channels:read`, `channels:manage`, `channels:join`, `chat:write`, `files:read`, `files:write`, `pins:write`, `reactions:write`, `reminders:read`, `reminders:write`, `usergroups:read`, `usergroups:write`, `users:read`, `users:read.email`, `users.profile:read`, `bookmarks:read`, `bookmarks:write`
Vault path	Store `bot_token` in the ARX vault

Required Vault Credentials¶

{
  "bot_token": "xoxb-1234567890-abcdef..."
}

SDK Usage¶

from app.connectors.slack import SlackConnector

slack = SlackConnector(agent_id="agent-001", org_id="org-acme")

# Post a message
await slack.post_message(
    channel="#sec-alerts",
    text="New critical alert: Lateral movement detected on host DC01",
)

# Post a threaded reply with Block Kit
await slack.post_message(
    channel="#sec-alerts",
    text="Enrichment complete",
    thread_ts="1234567890.123456",
)

# Send an approval request (HITL)
await slack.send_approval_request(
    channel="#sec-approvals",
    approval_id=uuid.uuid4(),
    agent_name="soc-agent-01",
    operation="users:deactivate",
    connector="okta",
    risk_score=85,
    action_detail={"userId": "00u123", "reason": "compromised credentials"},
)

# List channels and manage membership
channels = await slack.list_channels()
await slack.invite_to_channel(channel="C0123ABC", users=["U456DEF"])

# Manage user groups
groups = await slack.list_usergroups(include_users=True)
await slack.update_usergroup_members(usergroup="S0123XYZ", users=["U1", "U2", "U3"])

Operations¶

Messages (10 operations)¶

Operation	Method	Path	Risk	Description
`messages:read`	GET	`/conversations.history`	LOW	Get message history for a channel
`messages:write`	POST	`/chat.postMessage`	LOW	Post a message to a channel
`messages:update`	POST	`/chat.update`	LOW	Update an existing message
`messages:delete`	POST	`/chat.delete`	MEDIUM	Delete a message from a channel
`messages:schedule`	POST	`/chat.scheduleMessage`	LOW	Schedule a message for future delivery
`messages:react`	POST	`/reactions.add`	LOW	Add an emoji reaction to a message
`messages:unreact`	POST	`/reactions.remove`	LOW	Remove an emoji reaction from a message
`messages:pin`	POST	`/pins.add`	LOW	Pin a message to a channel
`messages:unpin`	POST	`/pins.remove`	LOW	Unpin a message from a channel
`messages:thread_replies`	GET	`/conversations.replies`	LOW	Get threaded replies for a message

Channels (11 operations)¶

Operation	Method	Path	Risk	Description
`channels:read`	GET	`/conversations.list`	LOW	List channels the bot can access
`channels:read_detail`	GET	`/conversations.info`	LOW	Get detailed channel information
`channels:create`	POST	`/conversations.create`	MEDIUM	Create a new channel
`channels:archive`	POST	`/conversations.archive`	HIGH	Archive a channel (hides from active list)
`channels:unarchive`	POST	`/conversations.unarchive`	MEDIUM	Unarchive a previously archived channel
`channels:invite`	POST	`/conversations.invite`	MEDIUM	Invite a user to a channel
`channels:kick`	POST	`/conversations.kick`	MEDIUM	Remove a user from a channel
`channels:rename`	POST	`/conversations.rename`	MEDIUM	Rename a channel
`channels:set_topic`	POST	`/conversations.setTopic`	LOW	Set the topic for a channel
`channels:set_purpose`	POST	`/conversations.setPurpose`	LOW	Set the purpose/description for a channel
`channels:join`	POST	`/conversations.join`	LOW	Join a public channel

Users (5 operations)¶

Operation	Method	Path	Risk	Description
`users:read`	GET	`/users.list`	LOW	List all workspace users
`users:read_detail`	GET	`/users.info`	LOW	Get detailed user information
`users:read_profile`	GET	`/users.profile.get`	LOW	Get a user's profile fields
`users:lookup_email`	GET	`/users.lookupByEmail`	LOW	Look up a user by their email address
`users:read_presence`	GET	`/users.getPresence`	LOW	Get a user's current presence status

Files (4 operations)¶

Operation	Method	Path	Risk	Description
`files:write`	POST	`/files.uploadV2`	MEDIUM	Upload a file to Slack
`files:read`	GET	`/files.list`	LOW	List files shared in the workspace
`files:delete`	POST	`/files.delete`	MEDIUM	Delete a file from Slack
`files:read_detail`	GET	`/files.info`	LOW	Get detailed file information

Usergroups (5 operations)¶

Operation	Method	Path	Risk	Description
`usergroups:read`	GET	`/usergroups.list`	LOW	List user groups in the workspace
`usergroups:create`	POST	`/usergroups.create`	MEDIUM	Create a new user group
`usergroups:update`	POST	`/usergroups.update`	MEDIUM	Update an existing user group
`usergroups:read_members`	GET	`/usergroups.users.list`	LOW	List members of a user group
`usergroups:update_members`	POST	`/usergroups.users.update`	MEDIUM	Update the member list of a user group

Reminders (2 operations)¶

Operation	Method	Path	Risk	Description
`reminders:create`	POST	`/reminders.add`	LOW	Create a reminder for a user
`reminders:read`	GET	`/reminders.list`	LOW	List reminders for the authenticated user

Bookmarks (2 operations)¶

Operation	Method	Path	Risk	Description
`bookmarks:read`	GET	`/bookmarks.list`	LOW	List bookmarks for a channel
`bookmarks:create`	POST	`/bookmarks.add`	LOW	Add a bookmark to a channel

Reactions (1 operation -- legacy alias)¶

Operation	Method	Path	Risk	Description
`reactions:write`	POST	`/reactions.add`	LOW	Add an emoji reaction to a message (alias for `messages:react`)

Note: The reactions:write operation is a legacy alias that maps to the same endpoint as messages:react. Prefer messages:react in new policies.

Risk Classifications¶

Level	Operations	Rationale
LOW	All read operations, posting messages, reactions, pins, bookmarks, reminders, set topic/purpose, join channel	Non-destructive; safe for autonomous execution
MEDIUM	Create/rename channels, file upload/delete, message deletion, user group management, channel invite/kick, unarchive	Modifies workspace state but is generally reversible
HIGH	`channels:archive`	Archives a channel, disrupting team workflows; may require HITL approval

Policy Examples¶

Alert notification bot -- post messages and reactions only¶

- name: slack-alert-bot
  connector: slack
  operations:
    - "messages:write"
    - "messages:react"
    - "messages:thread_replies"
    - "messages:read"
    - "channels:read*"
    - "users:read*"
    - "users:lookup_email"
  risk_max: low
  approval: none

HITL approval channel bot¶

- name: slack-hitl-approval
  connector: slack
  operations:
    - "messages:write"
    - "messages:update"
    - "messages:react"
    - "messages:thread_replies"
    - "messages:read"
    - "channels:read*"
    - "users:read*"
    - "users:lookup_email"
  risk_max: low
  approval: none
  description: "Used by the approval queue to send and update HITL notifications"

Full workspace management with archive approval¶

- name: slack-workspace-admin
  connector: slack
  operations:
    - "messages:*"
    - "channels:*"
    - "users:*"
    - "files:*"
    - "usergroups:*"
    - "reminders:*"
    - "bookmarks:*"
  risk_max: high
  approval:
    medium: auto
    high: hitl
  hitl_channel: "#slack-admin-approvals"