Docs

Slack integration

Slack integration is optional but recommended. Last Light uses two independent Slack features that you can enable one at a time.

  1. Socket Mode chat — the bot listens for messages and @mentions, classifies intent, and runs the in-process chat skill to reply. Every Slack thread becomes a growing, DB-backed conversation that resumes the same Claude Agent SDK session on every turn, so context stays coherent across hours or days.
  2. OAuth dashboard login — the admin dashboard offers "Login with Slack" via OpenID Connect. You can restrict login to one workspace so only your team can see execution history.

Create the Slack app

Go to api.slack.com/apps and click Create New AppFrom scratch.

Enable Socket Mode chat

In the app's settings, do the following:

  1. Socket Mode → enable it. Create an App-Level Token with the connections:write scope. Copy the xapp-... value — that's SLACK_APP_TOKEN.
  2. OAuth & Permissions → add Bot Token Scopes:
    • app_mentions:read
    • chat:write
    • im:history, im:read, im:write
    • channels:history, groups:history
    • commands (if you want /approve, /reject slash commands)
  3. Install to Workspace. After install, copy the Bot User OAuth Token (xoxb-...) — that's SLACK_BOT_TOKEN.
  4. Event Subscriptions → subscribe to bot events:
    • message.im — direct messages
    • app_mention — @mentions in channels
  5. Slash Commands (optional) → create /approve, /reject, /status, /reset pointing at your app (Socket Mode handles the request URL).

Add the tokens to .env (or secrets/.env in production):

SLACK_BOT_TOKEN=xoxb-...
SLACK_APP_TOKEN=xapp-...

Optional restrictions and routing:

SLACK_ALLOWED_USERS=U01ABC,U02DEF  # Comma-separated user IDs allowed to interact
SLACK_DELIVERY_CHANNEL=C01XYZ      # Channel for cron health reports

Restart the harness. You should see a [slack] Connected log line, and DM'ing the bot should get a reply. Every conversation shows up on the dashboard's Chat Sessions tab.

The chat skill is intentionally not overridden with Haiku in CLAUDE_MODELS — Haiku tends to refuse MCP tool calls on the assumption it lacks permission, which creates false "I can't do that" replies. Leave it on Sonnet.

Enable OAuth dashboard login

The dashboard can optionally let your team log in with Slack via OpenID Connect. Back in the Slack app settings:

  1. OAuth & Permissions → User Token Scopes → add openid, email, profile. (These are user scopes, separate from the bot scopes above.)
  2. Redirect URLs → add exactly: https://your-host/admin/api/oauth/slack/callback (or http://localhost:8644/... for local dev).
  3. Basic Information → copy the Client ID and Client Secret.

Add the following to .env:

SLACK_OAUTH_CLIENT_ID=...
SLACK_OAUTH_CLIENT_SECRET=...
SLACK_OAUTH_REDIRECT_URI=https://your-host/admin/api/oauth/slack/callback
SLACK_ALLOWED_WORKSPACE=T01ABCDEF   # Optional: restrict to one team_id or domain

With these set, the dashboard login page shows a "Login with Slack" button alongside the password login (or instead of it, if you don't set ADMIN_PASSWORD).

← Previous Production deploy