GBrain Dashboard
Browse Notes
New Note
Edit: github-backup/docs/15-slack-activation-runbook.md
Cancel
Note Content (Markdown)
# Slack Activation Runbook ## Current Decision Use the existing Slack app `Easier` in the `Easier` workspace. - Workspace: `Easier` - Team ID: `T08FCV1LKLL` - App ID: `A0AKL5X9K47` - Bot user ID after reinstall: `U0AL1KJG9BL` - Human allowlist seed: Anthony Stratton, `U08FCV1MB9S` - First channel: private `int-agentops` - First behaviour: mention-only replies, internal channel only ## Model Account Reality ChatGPT and Claude web subscriptions are useful for human work, but server-side Slack Hermes needs API-backed inference. OpenAI documents ChatGPT and API billing as separate systems, and Anthropic documents Claude.ai subscriptions and API Console usage as separate products. Recommended first broker: - `openrouter` as the default text broker for model routing and cost control. - Direct native provider keys later where a workflow truly benefits from them: Gemini for video analysis, OpenAI for image/dev/Codex-like work, Anthropic for higher-end copy/planning/listening, Grok/X.ai only if social-listening quality beats cheaper alternatives. Do not start the Slack gateway until an API key with spend controls exists. ## Live Slack App State Completed on 2026-05-28: - Added and reinstalled bot scopes: - `app_mentions:read` - `channels:history` - `channels:join` - `channels:read` - `chat:write` - `chat:write.public` - `commands` - `groups:history` - `groups:read` - `users:read` - Verified `auth.test`, `users.list`, and `conversations.list` using the bot token. - Generated app-level token `hermes-socket` with `connections:write`. - Stored `SLACK_BOT_TOKEN`, `SLACK_APP_TOKEN`, `SLACK_ALLOWED_USERS=U08FCV1MB9S`, and mention-only Slack defaults in `/srv/easier-hermes/data/.env`. - Enabled Socket Mode. - Enabled Event Subscriptions and saved `app_mention`. - Installed the Python Slack runtime at `/srv/easier-hermes/runtime/venv`. - Installed `/etc/systemd/system/easier-hermes-gateway.service`; it is disabled and inactive. - Confirmed `int-agentops` does not yet exist. Not completed: - Private channel `int-agentops` still needs to be created and the app invited. - `SLACK_ALLOWED_CHANNELS` and `SLACK_HOME_CHANNEL` still need the private channel ID. - Model API key and model selection are still missing. - Optional passive-reading events (`message.groups` and later `message.channels`) are not enabled. This is intentional until the first private channel is working mention-only. ## Minimal Slack UI Steps Remaining 1. In Slack, create private channel `int-agentops`. 2. Invite `@Easier` to `int-agentops`. 3. Record the channel ID in: - `SLACK_ALLOWED_CHANNELS` - `SLACK_HOME_CHANNEL` 4. Add `OPENROUTER_API_KEY` and choose the first `HERMES_MODEL`. 5. Start the gateway. ## VM Environment Update `/srv/easier-hermes/data/.env`: ```bash SLACK_BOT_TOKEN=xoxb-... # present on VM SLACK_APP_TOKEN=xapp-... # present on VM SLACK_ALLOWED_USERS=U08FCV1MB9S SLACK_ALLOWED_CHANNELS=<int-agentops-channel-id> SLACK_HOME_CHANNEL=<int-agentops-channel-id> SLACK_HOME_CHANNEL_NAME=int-agentops SLACK_REQUIRE_MENTION=true SLACK_STRICT_MENTION=true OPENROUTER_API_KEY=sk-or-... HERMES_INFERENCE_PROVIDER=openrouter HERMES_MODEL=<chosen-openrouter-model> ``` Never place these values in the repo or the vault. ## Runtime Install ```bash cd /srv/easier-hermes/ops sudo bash deployment/scripts/install-hermes-venv.sh sudo cp deployment/systemd/easier-hermes-gateway.service /etc/systemd/system/ sudo systemctl daemon-reload ``` This is already complete on the GCE host. Dry check: ```bash sudo systemctl cat easier-hermes-gateway sudo systemctl status easier-hermes-gateway --no-pager ``` Start only after Slack app token, channel ID and model API key are present: ```bash sudo systemctl start easier-hermes-gateway sudo journalctl -u easier-hermes-gateway -n 80 --no-pager ``` ## Safety Defaults - No DMs. - No client channels in the initial allowlist. - No file scopes. - No `groups:write` or channel-management scope. - No delete/spend/send actions from Hermes without a later approval pattern. - Digest raw material into the vault; do not store raw Fathom transcripts, ad creatives or Google Drive artifacts on the VM by default.
Save Changes