Integration · chat
Secure Slack for AI
Channel-aware access, DM exclusion by default, ephemeral-message handling, and per-workspace policy enforcement for AI clients connected to Slack.
Why Slack needs PortEden
What goes wrong when you connect Slack to AI
- A bot token with channels:history and groups:history reads every message in every channel the bot is in — including #leadership-private and #board-prep if anyone ever invited the bot for a one-off task.
- DMs (im:history) and group DMs (mpim:history) are some of the most sensitive content in any company. An agent that requests these scopes pulls performance conversations, salary negotiations, and HR escalations into the model context.
- Slack's search.messages API returns matches across every accessible channel — a single AI 'find the contract terms' query can surface legal threads from channels the user didn't even know existed.
What you can control
Channel allowlist / denylist
- · Pin agents to a specific channel allowlist (#support, #engineering-public).
- · Always-deny patterns for channels matching #leadership-*, #legal-*, #hr-*, #board-* regardless of the bot's membership.
DM and ephemeral message exclusion
- · DMs (im) and group DMs (mpim) are denied by default. Opt-in per agent if the workflow legitimately requires it.
- · Ephemeral messages (visible only to specific users) are stripped from history responses.
Content redaction
- · Strip URLs, email addresses, and 16-digit number patterns (PAN) from message text before returning.
- · File-share message redaction: keep the message body, strip the file URL — agent can't follow it.
Set up in 5 minutes
1
Install PortEden CLI
npx @porteden/cli or download the binary. Slack connector works on macOS, Linux, Windows.
2
Install the Slack app
porteden slack connect opens the Slack OAuth flow. Requests minimum scopes by default (channels:history, channels:read); add groups:history if your policy needs private-channel coverage.
3
Define channel and content policy
~/.porteden/slack.yaml — set channel_allowlist, channel_denylist, dm_mode (deny by default), and content_filters.
4
Verify with audit log
porteden audit tail --tool slack shows every Slack Web API call the agent makes with channel, user, and rule fired.
Compatible AI clients
ClaudeChatGPTGeminiCopilotCursor
Frameworks this integration touches
GDPR (employee communications)Workplace privacyTrade-secret protection
Frequently Asked Questions
Does PortEden need to be invited to every Slack channel?
Only to the channels you want the agent to access. The Slack app installs at the workspace level, but channel-level access is controlled by which channels the bot is a member of plus your PortEden allowlist. Inviting the bot but excluding the channel via PortEden = effectively deny.
Can we block DMs entirely even though the bot token has access?
Yes — DMs and group DMs default to denied in the policy. The bot may have im:history at the OAuth layer but PortEden intercepts and blocks before the data is returned to the agent. Per-agent opt-in for workflows that genuinely need DM context.
How does this compare to Slack's own AI Access Apps controls?
Slack's controls operate at the app-install layer (which workspace, which scopes). PortEden adds per-request, per-channel, per-content enforcement at the API boundary. They compose: Slack controls who the app is; PortEden controls what the app actually does.
What about Slack Connect channels with external organizations?
Slack Connect channels are flagged in the API response. PortEden's default policy is to deny Slack Connect channels for AI agents (external party + AI context = unbounded data sharing). Override per-channel via slack_connect_allowlist.
Does this work with Enterprise Grid?
Yes. Enterprise Grid workspaces are treated as a unit — one PortEden Slack connection covers all workspaces in the grid. Per-workspace policy overrides supported.