Slack bot that summarises threads with Claude

Resume bullet (when finished)

“Built a Slack bot that listens to thread mentions, summarises long discussions using Claude with anchored citations, runs the summarisation in <8s p95, deployed to Fly.io with full secret rotation + per-workspace rate limiting.”

Locked tech stack

No "choose your language" — analysis paralysis kills completion. Follow the stack to the letter on your first build.

Milestones (7 · ~28h)

1. M1~4h

   Slack OAuth + 'hello world' bot

   Bot installs into a workspace, responds 'hi' to @mention. Tokens stored encrypted in Postgres.

   CHECK BEFORE MOVING ON:

   • Why is bot token (`xoxb-`) different from user token (`xoxp-`)?
   • What does Slack do if you mishandle the OAuth state parameter?
   $ git commit -m "feat: Slack OAuth + echo bot"
2. M2~3h

   Thread fetcher — pull last 200 messages from any thread

   Slack `conversations.replies` API call. Handles pagination + rate limits cleanly.

   CHECK BEFORE MOVING ON:

   • What's the 200-msg limit hiding from you, and how do you detect it?
   • How does Slack's rate-limit header differ from the standard `Retry-After`?
   $ git commit -m "feat(slack): paginated thread fetcher"
3. M3~6h

   Claude summary with anchored citations

   Build a prompt that asks Claude to summarise + cite specific messages by timestamp. Output validated to contain N citations.

   CHECK BEFORE MOVING ON:

   • Why citations instead of free-text summary?
   • What anti-hallucination check do you bake in before returning?
   $ git commit -m "feat(ai): anchored-citation summarisation"
4. M4~4h

   Per-workspace rate + cost cap

   20 summaries/hour/workspace; $5/day/workspace ceiling. Friendly 'limit reached' message.

   CHECK BEFORE MOVING ON:

   • Why per-workspace and not per-user?
   • What's the simplest way to track $-cost without weighing every token?
   $ git commit -m "feat: workspace rate + cost limits"
5. M5~4h

   Async event handling — <8s response budget

   Slack requires 3s ack. Bot acks immediately, processes async, sends summary as a thread reply. p95 < 8s.

   CHECK BEFORE MOVING ON:

   • What's the Slack 3-second rule and how does asynchrony help?
   • Where does most of the 8s actually go?
   $ git commit -m "feat: async event flow + p95 budget"
6. M6~3h

   Multi-tenant secret rotation

   Workspace tokens encrypted at rest via Fernet (key in env). Token re-fetch path when Slack rotates.

   CHECK BEFORE MOVING ON:

   • Why encrypt at rest when the DB is already private?
   • What's the fallback if a workspace's token expires mid-flight?
   $ git commit -m "security: Fernet token encryption + rotation"
7. M7~4h

   Deploy + observability

   Fly.io deploy with `fly secrets`. Per-workspace metric counters (summaries, tokens, cost). One Grafana panel.

   CHECK BEFORE MOVING ON:

   • Why per-workspace metrics matter when you have one customer?
   • What's the fastest path from 'bot crashed' to 'I know why'?
   $ git commit -m "ops: Fly.io deploy + per-workspace metrics"

60-second demo storyboard

What you say in the recruiter screen when they ask "tell me about your latest project." Practice it out loud.

1. 0-5s: 'I built a Slack bot that summarises long threads with Claude — anchored citations, not free text.'
2. 5-25s: Live demo in a real (or recorded) workspace — long thread → @bot → 15 sec → summary with [1][2][3] cites linking back to specific messages.
3. 25-40s: Show the rate + cost limits in the metrics dashboard.
4. 40-55s: Walk one security decision (encryption-at-rest of tokens, why).
5. 55-60s: 'Repo link, deployment URL, would love to hear how you'd handle longer threads.'

STAR talking points for behavioral round

Production references — how grown-up systems do this

Self-review rubric (before you claim done)