A multi-workspace SaaS Slack app for managing team rotas with automatic rotation scheduling.
- 🔄 Automatic rotation scheduling using RRULE (Daily, Weekly, Biweekly, Monthly)
- 📱 Manage rotas via Slack Bot Home tab
- 🎨 Customizable Block Kit message templates
- 👥 Multi-workspace support
- 🔔 Scheduled notifications to channels (hourly cron job)
- ⚙️ Full CRUD operations for rota management
- 🔒 Secure request verification (HMAC SHA256 signatures)
- 📊 Assignment tracking and history
- 🔁 Automatic retry logic with exponential backoff
- 📝 Comprehensive logging (file + console)
- 🛠️ Admin endpoints for manual scheduler control
- Backend: Express.js
- Database: MongoDB with Mongoose
- Slack Integration: Direct Slack Web API calls with axios
- Scheduling: node-cron + RRULE
- Logging: Winston (file rotation + console)
- Containerization: Docker & Docker Compose
- Node.js 18+
- MongoDB 7.0+
- Docker & Docker Compose (optional)
- Slack App credentials
git clone <repository-url>
cd vibe-rotasnpm installCopy .env.example to .env and fill in your Slack app credentials:
cp .env.example .envRequired environment variables:
SLACK_CLIENT_ID- Your Slack app client IDSLACK_CLIENT_SECRET- Your Slack app client secretSLACK_SIGNING_SECRET- Your Slack app signing secretMONGODB_URI- MongoDB connection stringENCRYPTION_KEY- 32-character key for encrypting tokens
- Go to api.slack.com/apps
- Create a new app or use an existing one
- Configure OAuth & Permissions with required scopes
- Enable Socket Mode (recommended) or configure Request URL
- Subscribe to bot events
- Install app to your workspace
npm run devThe server will start on http://localhost:3000 with hot reload enabled.
# Check for linting issues
npm run lint
# Auto-fix linting issues
npm run lint:fixnpm start# Build and start all services
npm run docker:up
# View logs
npm run docker:logs
# Stop services
npm run docker:downDocker Compose will start:
- MongoDB on port 27017
- Express API on port 3000
vibe-rotas/
├── src/
│ ├── index.js # Express server entry point
│ ├── config/
│ │ ├── database.js # MongoDB connection
│ │ └── slack.js # Slack app config
│ ├── models/ # Mongoose models
│ ├── controllers/ # Route controllers
│ ├── services/ # Business logic
│ ├── views/
│ │ └── blocks/ # Block Kit UI templates
│ ├── middleware/ # Express middleware
│ └── utils/ # Utility functions
├── docker-compose.yml # Docker services config
├── Dockerfile # Container image
├── .env.example # Environment variables template
└── package.json # Dependencies and scripts
GET /- Landing page with install buttonGET /health- Health check endpointGET /slack/install- Start OAuth installation flowGET /slack/oauth_redirect- OAuth callback endpoint
POST /slack/events- Slack events endpoint (HMAC verified)POST /slack/actions- Interactive components endpoint (HMAC verified)
GET /admin/scheduler/status- Get scheduler statusPOST /admin/scheduler/run- Manually trigger schedulerPOST /admin/scheduler/retry- Retry failed notifications
The app implements several security best practices:
- Request Verification: All Slack requests are verified using HMAC SHA256 signatures
- Replay Attack Prevention: Requests older than 5 minutes are rejected
- Secure Token Storage: OAuth tokens stored in MongoDB
- Environment Variables: Sensitive credentials never committed to source
See docs/SLACK_VERIFICATION.md for detailed security information.
The scheduler runs automatically every hour to check active rotas and send notifications:
- Schedule: Every hour on the hour (configurable with cron)
- Retry Job: Every 6 hours for failed notifications
- Assignment Tracking: All assignments saved to MongoDB
- Duplicate Prevention: Won't send multiple notifications for same day
- Logging: Comprehensive logs in
logs/directory
See docs/SCHEDULER.md for complete scheduler documentation.
See plan.md for the full implementation plan.
ISC