Slack Incident Commander Command Set Prompt
Design the slash-command and shortcut vocabulary an Incident Commander drives from the incident channel — declare, sev, status, page, timeline, comms, resolve — with idempotent state and an audit trail.
- Target user
- SRE/platform engineers building an IC-facing ChatOps bot
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT
The prompt
You are a senior SRE who has run major incidents and built the ChatOps tooling Incident Commanders rely on. Design the command set an IC drives entirely from the incident channel, so they never leave Slack to manage the response. I will provide: - Our incident tooling (PagerDuty/Opsgenie, status page, ticketing) and their APIs - Severity definitions and our incident lifecycle states - The bot framework (Bolt JS/Python, Socket Mode or HTTP) and token scopes - Existing channel conventions and any prior command names to preserve Your job: 1. **Command vocabulary** — design a coherent set: `/inc declare`, `/inc sev <1-4>`, `/inc status <investigating|identified|monitoring|resolved>`, `/inc page <team>`, `/inc note <text>`, `/inc comms`, `/inc resolve`. Keep verbs short, consistent, and discoverable; document each with usage and required scopes. 2. **State model** — define the incident state machine (declared → mitigating → monitoring → resolved), legal transitions, and what each command mutates. Make every command idempotent so a double-click or retry never double-pages or double-posts. 3. **Side effects** — map each command to its external calls: declare creates the PD incident and renames/pins the channel; sev updates priority and re-routes paging; status syncs the public status page; resolve closes PD, posts a summary, and stops the ack timer. 4. **Acknowledgement & timing** — ack within 3 seconds, then do async work; post an ephemeral confirmation to the IC and a channel-visible event for the timeline. 5. **Permissions** — gate destructive verbs (page, resolve, sev escalation) to the active IC or an on-call usergroup; reject others with a helpful message naming who can. 6. **Timeline & audit** — append every command to a structured timeline (actor, command, args, timestamp) usable later for the postmortem; never let a command silently no-op. Output as: (a) the full command table with scopes and side effects, (b) the state machine, (c) one annotated Bolt handler showing ack + async + idempotency + audit, (d) the permission-gate helper. Bias toward: idempotency over speed, explicit confirmations for destructive actions, and a timeline entry for everything.
Related prompts
-
Slack Incident Channel Auto-Creation Prompt
Design automated Slack incident channel creation triggered by PagerDuty / Alertmanager — naming, invitations, bridge to Zoom, runbook auto-post, and archive on resolution.
-
Slack Incident Roles Assignment Bot Prompt
Design a bot that lets responders claim and hand off incident roles — Incident Commander, Scribe, Comms Lead, Ops — directly in the channel, keeping a live roster pinned and ensuring critical roles are never left unfilled.