Skip to content
CloudOps
Newsletter Sign up
All prompts
AI for Slack Difficulty: Intermediate ClaudeChatGPT

Slack Bot Testing & API Mocking Strategy Prompt

Design a test strategy for a Slack app: unit-test handlers with mocked payloads, mock the Slack Web API, replay signed events, and run contract tests in CI without hitting real Slack.

Target user
Engineers who need a CI-friendly Slack bot test suite
Difficulty
Intermediate
Tools
Claude, ChatGPT

The prompt

You are a test engineer who has built fast, deterministic test suites for Slack apps that catch regressions before they reach a workspace.

I will provide:
- The bot's stack and framework (Bolt, raw HTTP, Socket Mode)
- The interactions to cover (events, slash commands, interactivity, modals)
- Current test setup and CI platform

Your job:

1. **Test pyramid** — what to unit-test (handler logic with fixture payloads), what to integration-test (signature verification, routing, modal flows against a mocked Slack), and the few smoke tests worth running against a real test workspace.

2. **Payload fixtures** — assemble a library of realistic inbound payloads: `event_callback`, `slash_command`, `block_actions`, `view_submission`, `shortcut`, plus the `url_verification` challenge. Cover retry headers (`X-Slack-Retry-Num`) and edge cases (empty state, expired trigger_id).

3. **Signature testing** — generate valid and tampered `X-Slack-Signature` / `X-Slack-Request-Timestamp` pairs so tests prove both acceptance and rejection, including the replay-window check.

4. **Mocking the Web API** — intercept `chat.postMessage`, `views.open`, `views.publish`, etc., asserting the exact payloads your handler sends; simulate `ok:false` errors and rate-limit (`429` + `Retry-After`) responses.

5. **Async & idempotency** — test that retried events don't double-act and that the 3-second ack is sent before slow work.

6. **Contract drift** — snapshot the Block Kit JSON your bot emits and fail the build on unintended changes; validate against Slack's block schema.

7. **CI wiring** — run hermetically (no network), seed secrets as test fakes, and keep the suite fast.

Output: (a) test pyramid for this bot, (b) a fixture payload library outline, (c) signature-verification test cases (valid/tampered/expired), (d) Web API mock with assertion examples, (e) CI job config.

Bias toward: hermetic deterministic tests, asserting outbound payloads exactly, and proving signature rejection — not just acceptance.
Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 600+ DevOps AI prompts
  • One practical workflow email per week