Add the ability to send approval workflow notifications via Slack as an alternative to email or native Jira/Confluence notifications.

Supports both Jira and Confluence products with product-specific message templates and rendering contexts. Includes interactive approval actions directly in Slack messages, real-time message updates reflecting decision outcomes, full delegation support, and automatic email fallback when Slack delivery fails.

Workspace connections

• Connect up to 10 Slack workspaces per instance via OAuth 2.0

• Settings page to manage connections: rename, set default, delete, send test message

• Per-definition workspace and channel overrides in the definition settings form

• Automatic detection of token revocation and app uninstallation with connection invalidation and admin-visible instance errors

Notification delivery

• Three delivery modes configurable globally: Direct Message, Channel (with @mentions), or Both

• All notification types supported for both Jira and Confluence

• Customizable message templates per notification type via the existing template editor, with Slack-specific body field in mrkdwn format

• Full delegation support: delegates receive their own DMs, channel messages include delegate mentions, and decisions are attributed correctly

• External (email-based) approver steps dispatch Slack notifications alongside email

• Async dispatch with automatic email fallback on any Slack failure (token revoked, user not found, channel misconfigured, API error)

Interactive actions in Slack

• Approve, Reject, Abstain buttons with a confirmation dialog on Reject

• Optional comment modal when the comment-required setting is enabled

• Vote button opening a modal with the step's configured voting options (single-choice and multi-choice)

• Identity resolution maps Slack users back to Atlassian accounts via email matching, with caching (24h for found users, 1h for not-found)

• Ephemeral feedback messages confirming whether the decision was applied, with specific messages for already-decided and not-authorized cases

• Supports decisions by delegates, carrying the delegate config through the modal flow

• "Actions without login" toggle behavior (interactive buttons vs URL links)

• "Action buttons" disabled = only "View approval" link shown

Message lifecycle

• When a step completes, all original Slack messages for that step are updated in-place to show the full outcome: individual decisions with comments, vote tallies, and links back to the approval

• Thread replies posted on channel messages after each individual decision, including progress counters for group steps (e.g. 2/3 approvals)

• Slack messages are updated to reflect the new state and remove action buttons when an approval step is expired, reassigned, archived, deleted, or marked outdated

• Duplicate update avoidance for batched group messages sharing same channel:ts

• Token revocation during batch updates skips remaining records for that connection

• Delegate attribution shown in decision summaries

Notification history

• Admin-only activity log with pagination, sorting, and filtering by status, recipient, and date range

• Tracks SENT, UPDATED, and FAILED statuses per notification record

• Automatic cleanup of records older than 30 days

Settings UI

• Slack settings page under app settings with General and Notification History tabs

• Global delivery mode and default channel configuration with validation

• Notification mechanism selector in notification settings shows Slack as an option; automatically switches to Slack when the first workspace is connected

• Per-definition Slack workspace and channel override in the definition settings form

• Revoked token warnings displayed on the settings page with guidance to re-authorize

Robustness

• Retry with exponential backoff on Slack API rate limits and server errors (respects Retry-After header)

• HMAC-SHA256 signature verification on all incoming Slack webhooks with a 5-minute timestamp window

• Payload size limits (512 KB) on webhook endpoints

• Advisory locks to prevent concurrent connection writes and message update races

• Throttled user resolution (max 10 concurrent Slack API lookups) to avoid rate limits during bulk dispatch

• Caching at multiple layers: connections (5 min), user lookups (24h/1h), definition config (5 min), frontend connections (30s)

• OAuth state CSRF prevention (10-min TTL, verification token)

• HTTP client: redirects disabled (SSRF prevention), specific timeouts (5s connect, 10s request)

• Max 3 retries capped at 5s delay