Appearance
Slack integration
Liminal connects to Slack through hosted OAuth on vireondynamics.com — users never paste Slack tokens into .env.
This is a harness integration only (Settings → Integrations). It is not used for website account login.
Connect
- Run Liminal web UI or desktop.
- Settings → Integrations → Slack → Connect.
- Complete Slack consent in the browser tab.
- Close the tab when you see Connected — tokens are stored under
~/.liminal/oauth/slack/.
Or: connect_provider({ provider: "slack" }) after OAuth is on disk.
Direct OAuth (recommended if scopes stay missing via Vireon)
Slack user tokens require user_scope= on oauth/v2/authorize — not bot scope=. If hosted connect keeps returning a thin token, use direct loopback OAuth:
Slack app → OAuth & Permissions → Redirect URL:
http://127.0.0.1:38476/oauth/slack/callbackAdd to
.env(desktop bundle copies this file):SLACK_OAUTH_CLIENT_ID=... SLACK_OAUTH_CLIENT_SECRET=...Register all user token scopes from the table below on the Slack app.
Set
SLACK_OAUTH_DIRECT=1in.env, then Disconnect + Connect Slack (hosted Vireon is the default).
Read vs write
- Read + write (default): list channels, read history, post messages (
slack_post_messageis approval-gated). - Read only: channels, history, users — no posting.
Agent tools
| Tool | Purpose |
|---|---|
slack_list_channels | Public/private channels |
slack_list_dms | Open DM channels |
slack_list_users | Workspace members |
slack_open_dm | Open DM with a user (returns channel id) |
slack_get_channel_history | Recent messages in a channel |
slack_get_thread_replies | Replies in a thread |
slack_search_messages | Search workspace messages |
slack_post_message | Post to a channel (approval required) |
slack_reply_in_thread | Reply in a thread (approval required) |
slack_add_reaction | Add emoji reaction (approval required) |
slack_upload_file | Upload a small text file (approval required) |
With lazy loading: activate_tool_family({ family: "slack" }).
Disable with AGENT_SLACK_REST=0.
Operator setup (Vireon — one time)
Slack API → Create New App → From scratch.
OAuth & Permissions → add Redirect URL:
https://www.vireondynamics.com/connect/slack/callbackUser Token Scopes (not bot scopes) — harness requests these explicitly via
scopes=on the connect URL. Names match Slack method docs user-token scopes:Harness tool / API User scopes slack_list_channels,slack_list_dmschannels:read,groups:read,im:read,mpim:readslack_list_usersusers:readslack_get_channel_history,slack_get_thread_replieschannels:history,groups:history,im:history,mpim:historyslack_search_messagessearch:readslack_post_message,slack_reply_in_threadchat:writeslack_add_reactionreactions:writeslack_open_dmchannels:write,groups:write,im:write,mpim:writeslack_upload_filefiles:writeRead+write OAuth request (17 scopes): all rows above.
Vercel env:
SLACK_OAUTH_CLIENT_ID,SLACK_OAUTH_CLIENT_SECRET.Vireon
/connect/slackhandler must pass harnessuser_scope(orscopes) query param through to Slack asuser_scope=onhttps://slack.com/oauth/v2/authorize. Passing botscope=only does not grant user-token permissions.Register every scope in the table on the Slack app under OAuth & Permissions → User Token Scopes, then reinstall / have users reconnect.