Approval delivery · Free for 1 agent

Approve AI agent tool calls from Slack

When the MCP gateway pauses a tool call awaiting approval, a Block Kit message lands in your on-call channel with Approve / Deny buttons. One tap, the agent retries, the grant is consumed atomically. The message updates with who decided what and when. Self-installed Slack app — bot token and signing secret encrypted server-side with a KMS-wrapped DEK.

Get startedWhy agents need this

How it works

1.

Agent fires a sensitive tool

MCP gateway rule says github.delete_repo requires approval. The call blocks server-side.

2.

Slack message posted to your channel

Block Kit message with agent name, tool, params summary, and two action buttons: Approve (primary) and Deny (danger).

3.

Admin taps Approve / Deny

Slack POSTs to /v1/slack-webhook/interactivity. Signature verified against the per-org signing secret. Tool call marked decided atomically.

4.

Message updates + agent retries

The Slack message rewrites to ✅ Approved by @user (or denied). Buttons disappear. Agent retries, the grant is consumed exactly once via Postgres FOR UPDATE SKIP LOCKED.

One-time Slack setup

  1. 1. Create a Slack app. Go to api.slack.com/apps Create New AppFrom scratch. Name it "secr Approvals" or similar, pick your workspace.
  2. 2. Add bot scopes. OAuth & Permissions → add chat:write under Bot Token Scopes.
  3. 3. Enable interactivity. Interactivity & Shortcuts → toggle on → Request URL: https://api.secr.dev/v1/slack-webhook/interactivity
  4. 4. Install to workspace. Install App → Install to Workspace → Allow. Copy the Bot User OAuth Token (starts with xoxb-).
  5. 5. Copy the signing secret. Basic Information → App Credentials → Signing Secret. Reveal and copy it.
  6. 6. Invite the bot to your approval channel. In Slack, /invite @secrapprovals (or whatever you named the app) in the channel. Right-click the channel name → Copy link; the channel ID is the last path segment (starts with C).
  7. 7. Paste into the secr dashboard. Dashboard → Integrations → Slack → New. Paste the bot token, signing secret, and channel ID. Done.

secr validates the token against Slack's auth.test and confirms the bot can see the channel via conversations.info before saving. If either fails you get an actionable error, not a stored-but-broken integration.

Why a native Slack app, not just a webhook?

You can already get approval notifications in Slack via the webhook story: forward mcp.approval_required events to a Slack incoming webhook, render a card, done. That works.

What an incoming webhook can't do is interactive buttons that decide the call. Block Kit buttons require a registered Slack app with a Request URL Slack will POST to when a user clicks — that's the whole point of this integration. With a webhook, your admin has to leave Slack, open the secr dashboard, and click Approve there. With the native app, it's a tap in the channel they're already watching.

Same trade-off as Telegram approvals, different rail. Pick whichever your team already lives in.

Read next

Tap-to-approve AI agent tool calls

Slack app, channel of your choice, encrypted server-side. Free for 1 AI agent — no card.

Create your accountHow agent governance works