Overview
rousseau slack runs the Slack bridge in Socket Mode. Slack Socket Mode is a bidirectional outbound WebSocket — the daemon dials Slack, Slack sends event payloads down the socket, the daemon replies via chat.postMessage. No public HTTP surface is exposed, which is why this transport works in Podman/Quadlet with Network=pasta and no port bindings.
Source: internal/cli/slack.go. Transport: internal/transport/slack/.
Synopsis
rousseau slack [--app-token <xapp>] [--bot-token <xoxb>] [--bot-user-id <UXXX>] [--allow <UXXX>...]
Flags
| Flag | Type | Default | Effect |
|---|---|---|---|
--app-token |
string | slack.app_token |
xapp-* app-level token (Socket Mode WebSocket). |
--bot-token |
string | slack.bot_token |
xoxb-* bot token (posting). |
--bot-user-id |
string | slack.bot_user_id |
Bot user ID (e.g. U0ABC123) for own-message loop prevention. |
--allow |
[]string | slack.allowlist |
Restrict inbound to these Slack user IDs. |
--config |
string | inherits from root | Path to the YAML config file. |
Config keys respected
internal/config/config.go SlackConfig:
| Key | Type | Default | Effect |
|---|---|---|---|
slack.app_token |
string | empty | xapp-* app-level token. |
slack.bot_token |
string | empty | xoxb-* bot token. |
slack.bot_user_id |
string | empty | Bot user id. |
slack.reply_header |
string | empty | Prefix on outbound messages. |
slack.allowlist |
[]string | empty | Slack user IDs permitted. |
Allowlist syntax
Slack user IDs (U… for humans, W… for enterprise/grid, B… for bots) as strings:
slack:
allowlist:
- "U0ABC1234"
- "U0XYZ5678"
Channel allowlisting is not implemented — filter by the sender's user id instead.
Environment variables
| Variable | Effect |
|---|---|
ROUSSEAU_SLACK_APP_TOKEN |
Overrides app token. |
ROUSSEAU_SLACK_BOT_TOKEN |
Overrides bot token. |
ROUSSEAU_SLACK_BOT_USER_ID |
Overrides bot user id. |
Startup sequence
- Resolve tokens from flag/env/config; fail if either app or bot token is empty.
- Default
claudecli.permission_modetobypassPermissions. - Open session store, build agent wiring.
slack.New— Socket Mode client.wiring.startCron— cron deliveries viachat.postMessage.- WebSocket loop until context cancelled.
Exit codes
| Code | Meaning |
|---|---|
| 0 | Clean context cancellation. |
| 1 | Missing tokens, WebSocket failure, provider/store error. |
| 130 | SIGINT. |
Worked examples
# From flags
rousseau slack \
--app-token "xapp-1-…" \
--bot-token "xoxb-2-…" \
--bot-user-id "U0ABC1234" \
--allow "U0XYZ5678"
# From config
cat > ~/.config/rousseau/config.yaml <<'EOF'
slack:
app_token: "xapp-1-…"
bot_token: "xoxb-2-…"
bot_user_id: "U0ABC1234"
allowlist:
- "U0XYZ5678"
EOF
rousseau slack
Common failure modes
invalid_auth— token typo or wrong scope. Verify withcurl -H "Authorization: Bearer $token" https://slack.com/api/auth.test.missing_scope— bot token is missingchat:write. Update in the app manifest.socket_mode_disabled— Socket Mode is off. Enable it in the app config.- Bot answers itself — set
--bot-user-idcorrectly. - Silent inbound drops — sender user id not on the allowlist.