Skip to content
PulseStream

Slack Integration

The Slack integration connects your PulseStream workspace to a Slack workspace. Once connected, you can list open incidents, query cluster health, and run AI-powered namespace investigations without leaving Slack.

What works today:

  • Slash commands: /pulsestream incidents, /pulsestream status, /pulsestream connect, /pulsestream investigate
  • Routing rules: route incident notifications to different channels based on severity, priority, or labels
  • Test notification: validate that the bot can post to your configured channel
  • Acknowledge incidents from Slack notification cards

Coming soon: Proactive incident notifications — automatic push to Slack when PulseStream detects a new incident.

Prerequisites

Section titled “Prerequisites”
  • A PulseStream workspace with an active agent connection
  • Admin access to your PulseStream workspace (to connect integrations)
  • Permission to install apps in your Slack workspace, or a Slack admin who can approve the installation

Connect Slack

Section titled “Connect Slack”
  1. In PulseStream, go to Settings → Integrations → Slack.
  2. Click Connect Slack.
  3. You are redirected to Slack’s OAuth authorization page. Review the requested permissions and click Allow.
  4. After authorization, Slack redirects back to PulseStream. The settings page shows your connected Slack workspace name and the connection timestamp.

The bot is installed with the following scopes:

ScopeWhy it’s needed
chat:writePost messages and notifications to channels
commandsReceive /pulsestream slash commands
channels:readList public channels for the channel selector
groups:readList private channels the bot has been invited to

Configure the default channel

Section titled “Configure the default channel”

The default channel receives test notifications. It also serves as the fallback for any future proactive notifications that do not match a routing rule.

  1. After connecting, the Default Channel dropdown shows all channels the bot can access.
  2. Select the channel you want to use (for example, #incidents or #alerts).
  3. Click Save.

To verify the bot can post, click Send Test Notification. A sample incident card appears in the selected channel within a few seconds. If you see an error about the bot not being in the channel, run /invite @PulseStream in that channel and try again.

Set up routing rules

Section titled “Set up routing rules”

Routing rules let you send incidents to different channels based on severity, priority, or labels. Rules are evaluated in priority order (lower number = evaluated first). The first matching rule wins; unmatched incidents fall back to the default channel.

Add a rule

Section titled “Add a rule”
  1. Under Routing Rules, click Add Rule.
  2. Configure the match conditions:
    • Min Severity: critical, high, medium, or low. Incidents at or above this severity match the rule. Leave blank to match any severity.
    • Min Priority: An integer from 1 (highest) to 5 (lowest). Incidents with a priority number equal to or lower than this threshold match. Leave blank to match any priority.
    • Required Labels: A JSON object of key-value pairs. All specified labels must be present on the incident. Leave blank to match any labels.
  3. Select the Destination Channel.
  4. Set Rule Priority (the evaluation order — lower numbers run first). Default is 100.
  5. Click Save Rule.

Example configurations

Section titled “Example configurations”

Page #critical-alerts for any critical incident:

FieldValue
Min Severitycritical
Min Priority(blank)
Required Labels(blank)
Destination Channel#critical-alerts
Rule Priority10

Route production namespace incidents to #prod-incidents:

FieldValue
Min Severity(blank)
Min Priority(blank)
Required Labels{"namespace": "production"}
Destination Channel#prod-incidents
Rule Priority20

Send everything else to #general-alerts: Set the default channel to #general-alerts. Incidents that match no rule are delivered there.

Delete a rule

Section titled “Delete a rule”

Click the trash icon next to any rule in the routing rules table. Deletion is immediate and permanent.

Slash commands

Section titled “Slash commands”

All slash commands follow Slack’s immediate-acknowledge pattern: PulseStream responds within 3 seconds with a loading message, then delivers the full result asynchronously (within 30 seconds for most commands).

/pulsestream incidents

Section titled “/pulsestream incidents”

Lists all currently open and investigating incident groups in your workspace.

/pulsestream incidents

PulseStream fetches incident groups from your connected agent and formats them as a Block Kit message showing each group’s title, severity, affected service, and a View button linking to the PulseStream dashboard.

If no incidents are open, the response confirms the all-clear.

/pulsestream status

Section titled “/pulsestream status”

Returns a summary of your cluster’s current health.

/pulsestream status

The response shows:

  • Agent connection status (online/offline) and version
  • Number of monitored namespaces
  • Number of tracked services
  • Count of open incident groups

PulseStream returns an immediate response with what it knows from in-memory state, then updates the message with live counts fetched via RPC from your agent (if the agent is online).

/pulsestream investigate

Section titled “/pulsestream investigate”

Runs an AI-powered investigation against a namespace and posts the result as a thread reply.

/pulsestream investigate <namespace> <question>

Examples:

/pulsestream investigate production why is the payments service returning 500s?
/pulsestream investigate staging what changed in the last hour?

How it works:

  1. PulseStream posts a loading message to the channel.
  2. In the background, PulseStream sends your question to the analysis engine for the specified namespace.
  3. The AI response is posted as a thread reply under the loading message.
  4. You can ask follow-up questions by @mentioning the bot in the thread. Each mention triggers a new investigation turn using the same conversation context.

The investigation uses the same AI engine as the PulseStream dashboard chat. Response time depends on cluster complexity and analysis depth; expect 15–60 seconds for a full response.

/pulsestream connect

Section titled “/pulsestream connect”

Generates a link for the current Slack user to link their Slack account to their PulseStream account.

/pulsestream connect

The response is ephemeral (only visible to you). Click the link and complete the connection in PulseStream. Once linked, actions you take in Slack (such as acknowledging an incident) are attributed to your PulseStream identity.

This is optional. Unlinked users can still use all slash commands. Acknowledgments from unlinked users are attributed to their Slack display name.

/pulsestream help

Section titled “/pulsestream help”

Returns the list of available commands. Also displayed when an unrecognized subcommand is typed.

/pulsestream help

Acknowledge from Slack

Section titled “Acknowledge from Slack”

When proactive notifications are enabled (coming soon), incident cards posted to Slack include an Acknowledge button. Clicking it:

  1. Updates the card in Slack to show “Acknowledged by @username at HH:MM”.
  2. Posts a thread reply confirming the acknowledgment.

If your Slack account is linked to a PulseStream user via /pulsestream connect, the acknowledgment is attributed to your PulseStream identity. Otherwise it is attributed to your Slack display name.

Security

Section titled “Security”

Webhook signature verification

Section titled “Webhook signature verification”

Every request from Slack to PulseStream is verified using HMAC-SHA256 before any processing occurs.

PulseStream verifies:

  1. The X-Slack-Request-Timestamp header is within 5 minutes of the current time (replay attack protection).
  2. The X-Slack-Signature header matches HMAC-SHA256(signing_secret, "v0:{timestamp}:{body}") using constant-time comparison.

Requests that fail verification are rejected with HTTP 401. Requests older than 5 minutes are rejected regardless of signature validity.

Token storage

Section titled “Token storage”

Bot tokens (xoxb-) are encrypted at rest using envelope encryption (KMS-backed with a Fernet fallback). Tokens are never stored in plaintext. The OAuth state parameter used during the connection flow is HMAC-signed and expires after 10 minutes.

Rate limiting

Section titled “Rate limiting”

Webhook endpoints are rate-limited at 60 requests per minute per source IP. This protects against brute-force signature verification attempts.

Bot permissions

Section titled “Bot permissions”

The integration requests only the scopes it needs (listed in Connect Slack). The bot cannot read message history, access DMs, or modify workspace settings.

Disconnect Slack

Section titled “Disconnect Slack”
  1. Go to Settings → Integrations → Slack.
  2. Click Disconnect.
  3. Confirm the disconnect.

Disconnecting removes the stored bot token and all routing rules. Slash commands in Slack will return “PulseStream is not connected to this Slack workspace.” The PulseStream bot is not automatically removed from your Slack workspace — remove it manually from your Slack workspace’s Manage Apps settings if needed.

Troubleshooting

Section titled “Troubleshooting”

”The PulseStream bot is not in this channel”

Section titled “”The PulseStream bot is not in this channel””

The bot cannot post to channels it has not been invited to. In Slack, go to the target channel and run:

/invite @PulseStream

Then retry the test notification.

Slash command returns no response after the loading message

Section titled “Slash command returns no response after the loading message”

The background task timed out or the agent is offline. Check agent connectivity:

  1. Run /pulsestream status — if the agent shows as offline, the RPC calls used by slash commands will fail.
  2. In PulseStream, go to Settings → Agent and verify the agent is connected.
  3. If the agent is connected but commands still time out, check your agent logs for RPC errors.

”PulseStream is not connected to this Slack workspace”

Section titled “”PulseStream is not connected to this Slack workspace””

The PulseStream workspace connected to this Slack workspace is a different PulseStream workspace than expected, or the connection was removed. Go to Settings → Integrations → Slack in PulseStream and reconnect.

OAuth callback fails with “OAuth state expired”

Section titled “OAuth callback fails with “OAuth state expired””

The OAuth state parameter expires after 10 minutes. If you took more than 10 minutes to complete the authorization in Slack, start the OAuth flow again from Settings → Integrations → Slack → Connect Slack.

Routing rules are configured but test notification goes to the default channel

Section titled “Routing rules are configured but test notification goes to the default channel”

The test notification always goes to the default channel — it does not evaluate routing rules. Routing rules apply to incident notifications triggered by your agent. To verify routing rule logic, review the rule conditions and confirm the incident’s severity, priority, and labels match the intended rule.

Coming soon

Section titled “Coming soon”

Proactive incident notifications. When PulseStream detects a new incident or a severity escalation, it will automatically push a notification to the matching Slack channel based on your routing rules — no manual command required. The infrastructure for this is built; it will be enabled in an upcoming release.

MCP Setup Investigate incidents from Claude Code or Cursor using MCP tools.
Quick Start Get PulseStream running from agent installation to first incident.