Slack Bot Approval Requests with Policy Enforcement

Le problème

Build a policy-enforced approval bot for Slack. Employees request approvals via Slack message; the bot validates against Corules policy and routes to the correct approver or rejects with explanation.

Étapes de configuration

1. 1

   Create a Slack App with slash command /approve and event subscriptions for app_mention

2. 2

   Parse the approval request from the Slack payload (amount, category, requester identity)

3. 3

   Map Slack user ID to a Corules actor ID via your identity provider

4. 4

   Call Corules Gate 2 validate with the parsed request context

5. 5

   Reply in the Slack thread with the outcome and audit reference; route escalations to a manager DM

Exemple de code

// Node.js: Slack slash command handler with Corules validation
app.command('/approve', async ({ command, ack, respond }) => {
  await ack();

  const { amount, category, purpose } = parseCommand(command.text);
  const actorJwt = await resolveSlackUserToJwt(command.user_id);

  const result = await guardrail.validate({
    useCase: 'expense_approval',
    actor: actorJwt,
    context: {
      amount: parseFloat(amount),
      category,
      business_purpose: purpose,
      receipt_present: false, // Slack request — receipt uploaded separately
    },
    decision: { approve: true },
    idempotencyKey: `slack-${command.trigger_id}`,
  });

  switch (result.outcome) {
    case 'ALLOW':
      await respond(`✅ Approved. Audit: ${result.audit_id}`);
      break;
    case 'ESCALATE':
      await notifyManager(result.escalation_context);
      await respond(`⏳ Routed to your manager. Audit: ${result.audit_id}`);
      break;
    case 'BLOCK':
      const reason = result.violations[0].explanation;
      await respond(`🚫 Blocked: ${reason}`);
      break;
  }
});

Frequently Asked Questions