OpenCode Slack Integration - Deployment Checklist
Date: 2026-01-31
Project: opencode-slack-integration
Environment: k8s lab (lab.ctoaas.co)
Steel Thread: OpenCode permission.ask → Gateway → Slack
Pre-Deployment Checklist
☐ 1. Verify Slack App Configuration
Location: https://api.slack.com/apps
- Socket Mode enabled
- App-level token created (starts with
xapp-) - Bot token created (starts with
xoxb-) - Event subscriptions configured:
-
message.im -
app_mention
-
- Bot token scopes:
-
chat:write -
im:history -
app_mentions:read
-
Notes:
App name: ___________________________________
Bot token (xoxb-...): _______________________
App token (xapp-...): _______________________
☐ 2. Add Secrets to Central Secret Store
Secret name: slack-opencode-integration
Required properties:
-
bot_token= (your xoxb- token) -
app_token= (your xapp- token)
Verification command:
# TODO: Add your secret store verification command here
# Example: vault kv get secret/slack-opencode-integrationNotes:
☐ 3. Verify GitHub Registry Access
Namespaces that need ghcr.io access:
-
ai-dev(for gateway image pull) -
code-server(for codev image pull)
Check secret exists:
kubectl get secret gh-docker-registry-creds -n ai-dev
kubectl get secret gh-docker-registry-creds -n code-serverOutput:
☐ 4. Verify Shared PVC Exists
PVC: code-server-storage in code-server namespace
kubectl get pvc code-server-storage -n code-server
kubectl describe pvc code-server-storage -n code-serverExpected:
- Access mode: ReadWriteMany
- Status: Bound
Output:
Component 1: LGTM Observability Stack
☐ 1.1 Deploy LGTM
Command:
cd repos/k8s-lab/components/lgtm
kubectl apply -k .Timestamp: _______________
Output:
☐ 1.2 Verify LGTM Deployment
Commands:
kubectl get pods -n lgtm
kubectl get svc -n lgtm
kubectl get ingress -n lgtmExpected:
- Pod:
lgtm-xxxRunning - Service:
lgtmClusterIP (ports 3000, 3100, 4317, 4318) - Ingress:
lgtm.lab.ctoaas.co
Output:
☐ 1.3 Access Grafana UI
URL: https://lgtm.lab.ctoaas.co
Credentials: admin / admin
- Login successful
- Loki data source available
- Can query logs
Notes:
Component 2: OpenCode Slack Gateway
☐ 2.1 Build Gateway Image
Command:
cd repos/ai-dev/services/gateway
task buildExpected tag: 0.1.0-dev (from VERSION file)
Timestamp: _______________
Output:
☐ 2.2 Verify Image Push
Command:
# Check image exists in ghcr.io
docker pull ghcr.io/craigedmunds/opencode-slack-gateway:0.1.0-devOutput:
☐ 2.3 Deploy Gateway via ArgoCD
Step 1: Apply ArgoCD Application
cd repos/k8s-lab
kubectl apply -k other-seeds/Output:
Step 2: Sync Application
argocd app sync ai-devOutput:
☐ 2.4 Verify Gateway Deployment
Commands:
kubectl get pods -n ai-dev
kubectl get svc -n ai-dev
kubectl get externalsecret -n ai-devExpected:
- Pod:
opencode-slack-gateway-xxxRunning - Service:
opencode-slack-gatewayClusterIP port 8000 - ExternalSecret:
slack-tokensSecretSynced=True
Output:
☐ 2.5 Check Gateway Logs
Command:
kubectl logs -n ai-dev deployment/opencode-slack-gateway --tail=50Look for:
- “Socket Mode connected” or similar
- No error messages about missing secrets
- No crash loops
Output:
☐ 2.6 Verify Slack Connection
In gateway logs, look for:
- Socket Mode initialization
- Connection to Slack
- Listening for events
Notes:
Component 3: Codev with Bridge Plugin
☐ 3.1 Build Codev Image (Auto-fetches Plugin!)
Command:
cd repos/k8s-lab/components/codev
task build TAG=1.0.28-devExpected:
- Fetches bridge plugin from ai-dev repo automatically
- Builds multi-arch image
- Pushes to ghcr.io
- Cleans up plugin from build context
Timestamp: _______________
Output:
☐ 3.2 Verify Plugin Fetch
Look for in build output:
- ”📦 Fetching bridge plugin from ai-dev repo…”
- ”✅ Bridge plugin copied to build context”
- Plugin installation during Docker build
- ”🧹 Bridge plugin cleaned from build context”
Notes:
☐ 3.3 Update Kustomization
File: repos/k8s-lab/components/codev/kustomization.yaml
Change:
images:
- name: ghcr.io/craigedmunds/codev
newTag: 1.0.28-dev # Update this line- File updated
☐ 3.4 Deploy Updated Codev
Command:
cd repos/k8s-lab/components/codev
kubectl apply -k .Output:
☐ 3.5 Verify Codev Deployment
Commands:
kubectl get pods -n code-server
kubectl rollout status deployment/codev -n code-serverExpected:
- New pod with updated image
- Old pod terminated
- Rollout successful
Output:
☐ 3.6 Check Codev Logs
Command:
kubectl logs -n code-server deployment/codev --tail=50Look for:
- No errors during startup
- OpenCode initialized
- Agent farm started
Output:
☐ 3.7 Verify Bridge Plugin Loaded
Command:
kubectl exec -it -n code-server deployment/codev -- npm list -g | grep opencodeExpected:
- Bridge plugin should be listed
Output:
☐ 3.8 Verify GATEWAY_URL Environment Variable
Command:
kubectl exec -it -n code-server deployment/codev -- env | grep GATEWAY_URLExpected:
GATEWAY_URL=http://opencode-slack-gateway.ai-dev.svc.cluster.local:8000
Output:
Post-Deployment: Initialize State Repo
☐ 4.1 Clone ai-dev-state Repo to PVC
Command:
kubectl exec -it -n ai-dev deployment/opencode-slack-gateway -- /bin/bash -c \
"cd /workspace && git clone https://github.com/craigedmunds/ai-dev-state.git"Output:
☐ 4.2 Verify State Repo
Command:
kubectl exec -it -n ai-dev deployment/opencode-slack-gateway -- ls -la /workspace/ai-dev-stateExpected:
- Repository cloned successfully
- .git directory present
Output:
☐ 4.3 Verify Codev Can See State Repo
Command:
kubectl exec -it -n code-server deployment/codev -- ls -la /home/coder/src/ai-dev-stateExpected:
- Same repository visible (shared PVC)
Output:
Testing the Steel Thread
☐ 5.1 Send Test Message to Slack Bot
Action:
- Open Slack
- DM your bot
- Send message:
@bot-name test
Timestamp: _______________
Expected behavior:
- Bot should respond (even if just acknowledging)
Actual behavior:
☐ 5.2 Monitor Gateway Logs
Command:
kubectl logs -n ai-dev deployment/opencode-slack-gateway -fLook for:
- Incoming message from Slack
- Request forwarded to OpenCode
- Response sent back to Slack
Output:
☐ 5.3 Monitor Codev Logs
Command:
kubectl logs -n code-server deployment/codev -fLook for:
- Permission request received from bridge plugin
- Question posted to Slack via gateway
- Response received from user
Output:
☐ 5.4 Check Logs in Grafana
URL: https://lgtm.lab.ctoaas.co
Queries to try:
{namespace="ai-dev"}
{namespace="code-server"}
{app="opencode-slack-gateway"}
Findings:
Troubleshooting Guide
Issue: Gateway Pod Not Starting
Check secrets:
kubectl get externalsecret -n ai-dev
kubectl describe externalsecret slack-tokens -n ai-dev
kubectl get secret slack-tokens -n ai-devFindings:
Issue: Bridge Plugin Not Loaded
Verify plugin in image:
kubectl exec -it -n code-server deployment/codev -- ls -la /tmp/opencode-bridgeFindings:
Issue: Slack Not Receiving Messages
Check Socket Mode connection in gateway logs:
kubectl logs -n ai-dev deployment/opencode-slack-gateway | grep -i "socket"Findings:
Issue: PVC Access Problems
Test write from gateway:
kubectl exec -it -n ai-dev deployment/opencode-slack-gateway -- touch /workspace/test-gatewayTest read from codev:
kubectl exec -it -n code-server deployment/codev -- ls /home/coder/src/test-gatewayFindings:
Rollback Procedures
Rollback Gateway
argocd app rollback ai-dev
# OR
kubectl rollout undo deployment/opencode-slack-gateway -n ai-devTimestamp: _______________
Notes:
Rollback Codev
kubectl rollout undo deployment/codev -n code-serverTimestamp: _______________
Notes:
Success Criteria
- LGTM stack deployed and accessible
- Gateway pod running and connected to Slack
- Codev pod running with bridge plugin loaded
- Shared PVC accessible by both pods
- ai-dev-state repo cloned and visible
- Test message sent to Slack bot
- Gateway received message from Slack
- Bridge plugin forwarded request to gateway
- Logs visible in Grafana
Final Notes
Deployment completed: _______________
Overall status: _______________
Issues encountered:
Next steps:
Reference Links
- Architecture:
.ai/projects/ai-dev/opencode-slack-integration/architecture.md - PR #1: https://github.com/craigedmunds/ai-dev/pull/1
- Full Guide:
.ai/projects/ai-dev/opencode-slack-integration/k8s-deployment-guide.md - LGTM: https://lgtm.lab.ctoaas.co
- Slack API: https://api.slack.com/apps