A Python-based Slack bot using HTTP mode with the Slack Bolt framework that integrates with Google Gemini 2.5 Flash via OpenAI's client library.
- Install the required dependencies:
pip install -r requirements.txtThe main dependencies are:
slack-bolt>=1.18.0- Slack Bot frameworkopenai>=1.0.0- OpenAI client library (used to connect to Gemini via OpenAI-compatible endpoint)
-
Configure environment variables (see Configuration section below)
-
Run the bot:
python app.pyTag the bot in any channel to get a response:
@botname What's the weather like today?
The bot will respond to mentions with Gemini-generated responses. Currently, the bot only responds when mentioned - it does not respond to direct messages or regular channel messages.
The following environment variables must be set:
SLACK_BOT_TOKEN: Your Slack bot token (starts withxoxb-)SLACK_SIGNING_SECRET: Your Slack signing secret for HTTP mode webhook verificationGOOGLE_API_KEY: Your Google API key for Gemini API access
The following environment variables can be set to override defaults:
DISCOUNT_CODE: The secret discount code to guard (default:4b0daf70118becc1)
The system prompt is defined in prompt.py and automatically incorporates the DISCOUNT_CODE environment variable. To customize the prompt behavior, edit the get_system_prompt() function in prompt.py.
You can set environment variables in several ways:
- Using a
.envfile (create in the project root):
SLACK_BOT_TOKEN=xoxb-your-bot-token-here
SLACK_SIGNING_SECRET=your-signing-secret-here
GOOGLE_API_KEY=your-google-api-key-here
DISCOUNT_CODE=MYSECRET
- Using export commands (Linux/macOS):
export SLACK_BOT_TOKEN=xoxb-your-bot-token-here
export SLACK_SIGNING_SECRET=your-signing-secret-here
export GOOGLE_API_KEY=your-google-api-key-here- Using environment variables in your deployment platform (Heroku, Railway, etc.)
To use this bot, you need to configure your Slack app with the following:
Go to api.slack.com/apps → Your App → OAuth & Permissions → Scopes and add these Bot Token Scopes:
app_mentions:read(Essential for mentions)chat:write(Essential for sending messages)channels:read(To read channel info)groups:read(For private channels)im:read(For DMs)mpim:read(For group DMs)
Go to Event Subscriptions → Enable Events → Subscribe to bot events and add:
app_mention(Essential! This is the only event the bot currently responds to)
Request URL: Set this to your deployed app URL + /slack/events (e.g., https://your-app.ondigitalocean.app/slack/events)
- HTTP Mode: Bot runs as a web server and receives events via webhooks (more production-ready than Socket Mode)
- The bot only responds to
@mentionsin channels - it does not respond to direct messages or regular channel messages - Error handling is included for both Slack API and Gemini API failures
- The Gemini system prompt includes a secret guarding mechanism to protect the discount code
- Uses Google's OpenAI-compatible endpoint for cleaner integration
- If required environment variables are missing, the bot will raise an error on startup
- Public URL Required: Your app needs to be publicly accessible for Slack to send webhooks
To use this bot, you need a Google API key for Gemini:
- Go to Google AI Studio
- Create a new API key
- Set it as the
GOOGLE_API_KEYenvironment variable
For HTTP mode, you need the signing secret:
- Go to api.slack.com/apps → Your App
- Go to Basic Information → App Credentials
- Copy the Signing Secret
- Set it as the
SLACK_SIGNING_SECRETenvironment variable
This bot is designed as a prompt injection challenge where the goal is to try to extract the secret discount code from the Gemini model despite the system prompt's instructions to guard it.