Skip to main content

Documentation Index

Fetch the complete documentation index at: https://slackhive.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

The Settings page is only visible to superadmins. It has three tabs: General (platform branding), Users (accounts and roles), and Authentication (Slack OAuth — superadmin only).

General — platform branding

The General tab lets superadmins rebrand the dashboard. Useful for white-labeling an internal deployment.
FieldWhat it controlsDefault
App nameProduct name in the sidebar header and page titlesSlackHive
TaglineOne-line subtitle under the app nameAI agent teams on Slack
Logo URLReplace the default logo with your own image URL(built-in logo)
Dashboard titleHeading on the home pageWelcome to SlackHive
  1. Go to Settings → General
  2. Edit any field
  3. Click Save
  4. Reload to see the new branding
Changes apply instantly for all users.

Authentication overview

SlackHive supports two login methods:
  • Username / password — built-in, no external provider required
  • Sign in with Slack — users log in via Slack OAuth; their Slack identity links to their SlackHive account
The superadmin account is configured via ADMIN_USERNAME / ADMIN_PASSWORD environment variables — never stored in the database. Sessions use HMAC-signed cookies; the signing key is AUTH_SECRET in your .env.

Sign in with Slack

To enable Slack OAuth login, go to Settings → General → Authentication and enter your Slack app’s Client ID and Client Secret (found in the Slack API console under Basic Information → App Credentials). Once configured, users see a Sign in with Slack button on the login page. Open vs invite-only login:
  • Invite-only (default): Only users you’ve already created or imported can log in via Slack. Anyone else gets an “account not invited” error.
  • Open login: Any Slack workspace member can log in and a SlackHive account is created automatically on first login.
Toggle this with the Allow any workspace member to sign in checkbox — only available once Client ID and Client Secret are saved.

Roles

SlackHive has four roles with escalating permissions:
RoleView agentsEdit agentsScheduled JobsSettingsManage usersActivity
SuperadminAllAllAll jobsAll
AdminAllAllAll jobsAll
EditorGranted onlyOwn + grantedOwn jobsGranted agents
ViewerGranted onlyGranted agents (read-only)

Superadmin

Configured via ADMIN_USERNAME and ADMIN_PASSWORD in .env. This account is never stored in the database — it exists only in environment configuration. The superadmin is the only role that can access the Settings page.

Admin

Full access equivalent to superadmin except Settings. Stored in the database and manageable via the Users page. Admins can create users, change roles, and grant per-agent access to editors and viewers.

Editor

Agents are hidden by default. Editors only see:
  • Agents they created themselves (full edit access automatically)
  • Agents an admin explicitly granted them View or Edit access to
Editors can create and manage scheduled jobs for agents they have edit access to. They can add env vars and edit or delete ones they added themselves.

Viewer

Agents are hidden by default. Viewers only see agents an admin has explicitly granted them (View access only). On a granted agent, viewers can browse all content tabs (Overview, Instructions, Skills, Tools, Knowledge, Memory) but cannot make changes. The Test, Export, Download wiki, Logs, and History tabs are hidden. Viewers can see the Scheduled Jobs page in read-only mode — they see jobs for the agents they have access to, but cannot create, edit, or delete jobs.

Creating users

Only superadmins and admins can create users.
  1. Go to Settings → Users
  2. Click Add User
  3. Enter a username and password
  4. Select a role
  5. Click Create
Users can log in immediately at the /login page.

Importing from Slack

If your team is already on Slack, you can bulk-import workspace members so they can sign in via Slack without self-registering.
  1. Go to Settings → Users
  2. Click Import from Slack
  3. Enter a Slack bot token (xoxb-…) with users:read and users:read.email scopes
  4. Click Import
SlackHive fetches your workspace’s active members and creates accounts for anyone not already in the system. Existing users are matched by email and their Slack identity is linked — they can then use Sign in with Slack. Imported users start with the viewer role and no agent access — assign roles and grants after importing.
Only active, non-bot Slack members are imported. Deactivated accounts and bots are skipped.

Changing a user’s role

  1. Go to Settings → Users
  2. Find the user in the table (use the search box to filter by name)
  3. Use the role dropdown to select a new role
  4. Changes take effect on the user’s next page load

Open to Workspace

By default, any Slack workspace member can trigger agents — no user import or access grant needed. This is the easiest way to get started. To restrict access to specific users, turn off Open to Workspace in Settings → General → Access Control. Once restricted:
  1. Go to Settings → Users → Import from Slack and import your team
  2. Grant each user a Trigger, View, or Edit access level on the agents they should be able to use
Users who message the bot without access will receive a clear explanation:
  • Not imported into SlackHive: “You don’t have access to this agent. Ask an admin to grant you access in SlackHive — you’ll need to be added as a user first.”
  • Imported but not granted: “You don’t have access to this agent. Ask an admin to grant you Trigger (or higher) access to it in SlackHive.”
SettingWho can trigger agents
On (default)Any Slack workspace member
OffOnly imported users with a Trigger, View, or Edit grant

Per-agent access grants

Agents are invisible to editors and viewers until an admin grants access. There are three access levels:
LevelSlackHive dashboardSlack bot
TriggerHiddenBot responds to their messages
ViewRead-onlyBot responds
EditFull edit accessBot responds
Trigger is useful when someone needs to interact with the agent in Slack (e.g. frontline staff using a bot daily) but shouldn’t see agent configuration or conversation history in SlackHive. To grant access:
  1. Go to Settings → Users
  2. Click the user row to open the side panel
  3. Under Agent Access, find the agent
  4. Select Trigger, View, or Edit
  5. Click Save
To revoke access, set the level back to None.
Editors automatically have Edit access on agents they created — no grant needed. Admins and superadmins always see all agents and the bot always responds to them regardless of grants.

Env Vars ownership

The Settings → Env Vars secret store tracks who added each secret:
  • Admins / superadmins — create, edit, and delete any env var
  • Editors — create env vars; can only edit or delete ones they added themselves
  • Viewers — no access
Each row shows Added by · date so admins can audit ownership and rotation history.

Permissions enforcement

All permissions are enforced server-side — not just hidden in the UI. A viewer who manually calls an API endpoint to edit an agent will receive a 403 response. Key rules:
  • GET /api/agents is filtered — editors and viewers only receive agents they have access to
  • Individual agent routes return 404 (not 403) for agents a user has no access to, avoiding leaking agent existence
  • Write operations on an agent require: admin, superadmin, or editor with ownership / Edit grant
  • Settings mutations require superadmin
  • User management requires admin or superadmin
  • Jobs are filtered by accessible agents — each user only sees jobs for agents they can access
  • Slack bot access is also enforced — users with no access level (or None) receive no response from the bot

Session behavior

Sessions use HMAC-signed cookies with no expiry by default. Sessions are invalidated when:
  • The user logs out explicitly
  • AUTH_SECRET is rotated in .env (invalidates all sessions immediately)
Sessions are stateless HMAC tokens — there is no session table and no way to invalidate individual sessions without rotating the secret.