Archiet + Slack — internal notifications and slash commands done right

Slack integration starts as a one-line Incoming Webhook for posting alerts. Then you want slash commands. Then OAuth so each customer connects their own workspace. Then signed-request verification so attackers can't spoof commands. Then per-channel routing rules. By the time it's production-ready, the integration is a small subsystem. When you generate a codebase with Slack as your notifications channel, Archiet wires both shapes — internal Incoming Webhook for ops alerts, and a full OAuth app scaffold if your PRD mentions per-customer Slack integration.

What gets generated

Internal alerts via Incoming Webhook

# app/services/slack_notifier.py
def post_alert(channel_url, text, blocks=None):
    payload = {"text": text}
    if blocks:
        payload["blocks"] = blocks
    try:
        requests.post(channel_url, json=payload, timeout=10)
    except Exception as e:
        logger.warning("Slack post failed: %s", e)
        # Non-fatal — alerts shouldn't crash the request

Used by ops paths: webhook-failure alerts, deploy notifications, error-rate spikes (when wired to Sentry), customer-signup notifications.

Slash commands with signed-request verification

@slack_bp.route("/slack/commands", methods=["POST"])
def handle_command():
    if not _verify_slack_signature(request):
        return jsonify({"error": "invalid signature"}), 401
    command = request.form.get("command")
    user_id = request.form.get("user_id")
    handler = SLASH_COMMAND_HANDLERS.get(command)
    if handler:
        return handler(request.form)
    return jsonify({"text": f"Unknown command: {command}"}), 200

def _verify_slack_signature(req):
    timestamp = req.headers.get("X-Slack-Request-Timestamp", "")
    if abs(time.time() - int(timestamp)) > 60 * 5:
        return False  # replay protection
    sig_basestring = f"v0:{timestamp}:{req.get_data(as_text=True)}".encode()
    expected = "v0=" + hmac.new(
        current_app.config["SLACK_SIGNING_SECRET"].encode(),
        sig_basestring,
        hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(expected, req.headers.get("X-Slack-Signature", ""))

OAuth app (when per-customer Slack is in your PRD)

Full OAuth scaffold: install URL, callback handler, token storage, refresh-token rotation. Each customer connects their own workspace; the platform stores their bot token encrypted at rest. Channel routing per workspace.

Block Kit message builders

Generated app/services/slack_blocks.py includes builders for common message shapes — alert with action buttons, customer-signup card, deploy notification, error-rate spike — so you don't hand-write Block Kit JSON.

What ships in `docs/`

docs/decisions/ADR-0013-slack-integration.md — incoming-webhook-only vs full-OAuth, with the trigger for moving to OAuth
docs/setup/slack-app-setup.md — step-by-step for creating the Slack app, getting credentials, configuring scopes
docs/runbooks/slack-failure.md — what to do when posts aren't landing

Environment variables generated

SLACK_BOT_TOKEN=xoxb-...                   # for internal use, single workspace
SLACK_SIGNING_SECRET=...                   # for slash command verification
SLACK_OPS_WEBHOOK_URL=https://hooks.slack.com/services/...   # ops alerts channel
# If OAuth app:
SLACK_CLIENT_ID=...
SLACK_CLIENT_SECRET=...
SLACK_REDIRECT_URI=https://your-domain.com/api/oauth/slack/callback

Slack documentation references

Internal links

Sentry integration — error-rate alerts often route to Slack
Internal tools use case

CTA

Try it — free plan, no credit card. archiet.com.

Generate a codebase with Slack wired (internal webhook + OAuth scaffold), decide if that's the integration shape you'd ship.

Archiet + Slack — internal notifications and slash commands done right

What gets generated

Internal alerts via Incoming Webhook

# app/services/slack_notifier.py def post_alert(channel_url, text, blocks=None): payload = {"text": text} if blocks: payload["blocks"] = blocks try: requests.post(channel_url, json=payload, timeout=10) except Exception as e: logger.warning("Slack post failed: %s", e) # Non-fatal — alerts shouldn't crash the request

Used by ops paths: webhook-failure alerts, deploy notifications, error-rate spikes (when wired to Sentry), customer-signup notifications.

Slash commands with signed-request verification

@slack_bp.route("/slack/commands", methods=["POST"]) def handle_command(): if not _verify_slack_signature(request): return jsonify({"error": "invalid signature"}), 401 command = request.form.get("command") user_id = request.form.get("user_id") handler = SLASH_COMMAND_HANDLERS.get(command) if handler: return handler(request.form) return jsonify({"text": f"Unknown command: {command}"}), 200 def _verify_slack_signature(req): timestamp = req.headers.get("X-Slack-Request-Timestamp", "") if abs(time.time() - int(timestamp)) > 60 * 5: return False # replay protection sig_basestring = f"v0:{timestamp}:{req.get_data(as_text=True)}".encode() expected = "v0=" + hmac.new( current_app.config["SLACK_SIGNING_SECRET"].encode(), sig_basestring, hashlib.sha256 ).hexdigest() return hmac.compare_digest(expected, req.headers.get("X-Slack-Signature", ""))

OAuth app (when per-customer Slack is in your PRD)

Block Kit message builders

What ships in docs/

docs/decisions/ADR-0013-slack-integration.md — incoming-webhook-only vs full-OAuth, with the trigger for moving to OAuth

docs/setup/slack-app-setup.md — step-by-step for creating the Slack app, getting credentials, configuring scopes

docs/runbooks/slack-failure.md — what to do when posts aren't landing

Environment variables generated

SLACK_BOT_TOKEN=xoxb-... # for internal use, single workspace SLACK_SIGNING_SECRET=... # for slash command verification SLACK_OPS_WEBHOOK_URL=https://hooks.slack.com/services/... # ops alerts channel # If OAuth app: SLACK_CLIENT_ID=... SLACK_CLIENT_SECRET=... SLACK_REDIRECT_URI=https://your-domain.com/api/oauth/slack/callback

Archiet + Slack — internal notifications and slash commands done right

What gets generated

Internal alerts via Incoming Webhook

Slash commands with signed-request verification

OAuth app (when per-customer Slack is in your PRD)

Block Kit message builders

What ships in `docs/`

Environment variables generated

Slack documentation references

Internal links

CTA

Generate the codebase.

Archiet + Slack — internal notifications and slash commands done right

What gets generated

Internal alerts via Incoming Webhook

Slash commands with signed-request verification

OAuth app (when per-customer Slack is in your PRD)

Block Kit message builders

What ships in `docs/`

Environment variables generated

Slack documentation references

Internal links

CTA

Generate the codebase.

What gets generated

Internal alerts via Incoming Webhook

Slash commands with signed-request verification

OAuth app (when per-customer Slack is in your PRD)

Block Kit message builders

What ships in docs/

Environment variables generated

Slack documentation references

Internal links

CTA

Generate the codebase.

What gets generated

Internal alerts via Incoming Webhook

Slash commands with signed-request verification

OAuth app (when per-customer Slack is in your PRD)

Block Kit message builders

What ships in docs/

Environment variables generated

Slack documentation references

Internal links

CTA

Generate the codebase.

What ships in `docs/`

What ships in `docs/`