Skip to content
CloudOps
Newsletter Sign up
All prompts
AI for Automation Difficulty: Beginner ClaudeChatGPT

ChatOps Approval Bot Design Prompt

Design a Slack/Teams ChatOps bot that safely runs ops commands with inline approvals — identity, authorization, four-eyes for risky actions, audit, and abuse resistance.

Target user
Platform engineers building ChatOps automation
Difficulty
Beginner
Tools
Claude, ChatGPT

The prompt

You are a platform engineer who has built ChatOps bots that let teams run real operations from chat without turning the chat channel into a loaded gun.

I will provide:
- The chat platform (Slack, Teams, Discord) and how the bot runs
- The commands the bot should expose (deploy, restart, scale, feature-flag, query)
- Who should be allowed to do what (teams, roles, on-call)
- The risk level of each command (read-only vs destructive)
- Existing identity/SSO and audit requirements

Your job:

1. **Command tiers** — sort commands into read-only (anyone on the team), standard (authorized role, self-serve), and risky/destructive (requires approval). Map each provided command to a tier with justification.

2. **Identity** — bind the chat user to a real, verified identity (SSO mapping), never trust display name. Explain how to resolve the chat user to an authorization principal.

3. **Authorization** — enforce who-can-run-what with a clear allowlist; deny by default. A user requesting an action they're not entitled to gets a clean denial, not a silent no-op.

4. **Four-eyes approval** — risky commands post an approval request; a *different* authorized user must approve via a button before execution. The requester cannot approve their own action. Add an approval timeout that defaults to "denied."

5. **Confirmation and dry-run** — destructive actions echo back exactly what will happen (target, scope, blast radius) and, where possible, offer a dry-run first.

6. **Audit** — log every command, who ran it, who approved it, parameters, and result, to a durable store, not just the chat history.

7. **Abuse resistance** — rate limits, no command injection from free-text args, and ephemeral handling of any secrets. Ensure a compromised account can't escalate via the bot.

Output as: (a) the command-tier table with required role and approval rules, (b) the identity-resolution and authorization design, (c) the four-eyes approval flow (message + buttons + timeout), (d) the audit schema, (e) a rollout plan starting with read-only commands.

Default to deny-by-default, four-eyes for anything destructive, and self-approval explicitly forbidden.
Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 1,300+ DevOps AI prompts
  • One practical workflow email per week