Slack & Teams bots

Slack & Microsoft Teams bots

Surface the Pollen8 Legal Assistant where attorneys already work — in their firm’s Slack workspace or Microsoft Teams tenant. The bot answers grounded in the same Vault, with the same matter-team ACLs and the same Why-trace audit as the in-app /admin/legal/research surface.

Both bots are managed from /admin/legal/bots.

Architecture

Slack / Teams                     Pollen8
─────────────                     ────────
slash cmd / @mention  ───────►   /api/v1/legal/bots/{slack|teams}/...
                                       │
                                  legal_bot_router
                                       │
                                  legal_qa.ask  (full pipeline)
                                       │
chat reply  ◄───────────────────  formatted answer + citations

The bot does not create QA sessions — each exchange is one-shot. Threading in Slack is preserved (thread_ts); Teams replies inline on the activity. Matter-team ACL is enforced via the asking user’s email — we look up the Pollen8 user by email within the install’s tenant. Unmapped emails get a synthetic UUID that sees only acl_mode='open' Vault docs.

Slack — install

1. Create a Slack app at api.slack.com/apps. Choose From an app manifest and paste the contents of https://app.pollen8.ai/bots/slack-app-manifest.json.
2. Note the Client ID, Client Secret, and Signing Secret from Basic Information.
3. Set deploy env vars:

   POLLENIX_SLACK_CLIENT_ID=...
   POLLENIX_SLACK_CLIENT_SECRET=...
   POLLENIX_SLACK_SIGNING_SECRET=...

4. Log in to Pollen8 as the admin of the tenant that owns this Slack workspace. The install row stamps that tenant id.
5. Open /admin/legal/bots → click Install to Slack.
6. Authorize in the Slack OAuth dialog; control returns to Pollen8 and the installation appears in the list.

Slack — using it

/pollenix what's the indemnity cap on the Acme MSA?

Replies post in-channel (visible to the whole channel) so the team sees the answer + citations. Bot also responds to @Pollen8 <question> mentions and to DMs.

The response format uses Block Kit:

• Question echoed in a context block
• Answer text (Markdown)
• Up to 5 citation lines with provenance badges (VAULT, TEMPLATE, CASELAW) and external links where applicable
• Footer pointing back to /admin/legal/research for the full thread

Teams — install

Teams doesn’t use OAuth like Slack. The flow is:

1. In Azure portal, create a Bot Service resource (Free tier is fine for testing). Note the App ID.
2. In Azure AD app registrations, generate a client secret for the bot’s app. Note the secret value.
3. Edit https://app.pollen8.ai/bots/teams-app-manifest.json:
   • Replace REPLACE-WITH-YOUR-BOT-APP-ID (in two places) with your App ID.
   • Zip the manifest along with two icon PNGs (color.png 192x192, outline.png 32x32 transparent).
4. In Teams Admin Center → Teams apps → Manage apps → Upload new app → choose the zip.
5. Set deploy env vars:

   POLLENIX_TEAMS_APP_ID=<bot app id>
   POLLENIX_TEAMS_APP_PASSWORD=<client secret>

6. Set the bot’s Messaging endpoint in Azure Bot Service to:

   https://app.pollen8.ai/api/v1/legal/bots/teams/messages

7. In Pollen8, log in as the right tenant’s admin. Open /admin/legal/bots → Register Teams install. Paste the AAD tenant id, App ID, and client secret.

Teams — using it

@Pollen8 what's the indemnity cap on the Acme MSA?

Or DM the bot. Replies render as Markdown with citation links.

Local dev (Teams)

The Bot Framework JWT verification requires a real Azure registration. For local testing without one, set:

POLLENIX_TEAMS_DEV_SHARED_SECRET=<random string>

…then post requests to /api/v1/legal/bots/teams/messages with header X-Pollen8-Dev-Signature: <hmac_sha256(body, secret)> instead of a Bearer JWT. Production deployments should leave this env var unset.

Disabling a bot install

Either flip the enabled toggle on the installations list (the adapter returns “this bot install is disabled” without invoking the LLM), or Uninstall to remove the row entirely. Uninstall does not revoke the underlying Slack OAuth token — that has to be done from Slack’s app settings. Re-installing later overwrites the prior row (unique on kind + workspace_id).

Audit

Every bot exchange stamps last_event_at on the installation. The underlying Why trace persists per-message; you can dig in via the Research page or by calling GET /api/v1/admin/legal/why-traces/{trace_id} directly.

Bot installs are tenant-scoped — one Slack workspace can only be bound to one Pollen8 tenant at a time.