@nordbyte/nordrelay 0.6.0 → 0.8.0

package/.env.example

@@ -56,6 +56,41 @@ DISCORD_QUIET_HOURS=
 # Optional Discord override for automatic artifact summaries/uploads.
 DISCORD_AUTO_SEND_ARTIFACTS=
 
+# Slack
+# Slack bot settings. Slack is opt-in and uses the same NordRelay users, groups, and permissions as Telegram and Discord.
+# Start the Slack bot adapter.
+SLACK_ENABLED=false
+# Slack bot token.
+SLACK_BOT_TOKEN=
+# Slack app-level token for Socket Mode.
+SLACK_APP_TOKEN=
+# Slack signing secret for HTTP Events mode.
+SLACK_SIGNING_SECRET=
+# Use Slack Socket Mode instead of an HTTP events receiver.
+SLACK_SOCKET_MODE=true
+# HTTP port used when Slack Socket Mode is disabled.
+SLACK_PORT=3000
+# Optional comma-separated Slack team/workspace allow-list.
+SLACK_ALLOWED_TEAM_IDS=
+# Optional comma-separated Slack channel allow-list before user/group checks.
+SLACK_ALLOWED_CHANNEL_IDS=
+# Read regular Slack text messages as prompts.
+SLACK_MESSAGE_CONTENT_ENABLED=true
+# Slash command configured in Slack.
+SLACK_COMMAND=/nordrelay
+# Optional Slack override for CLI mirror mode. Uses the NordRelay default when unset.
+# Options: off, status, final, full
+SLACK_CLI_MIRROR_MODE=
+# Optional Slack override for mirrored edit interval.
+SLACK_CLI_MIRROR_MIN_UPDATE_MS=
+# Optional Slack override for completion notifications.
+# Options: off, minimal, all
+SLACK_NOTIFY_MODE=
+# Optional Slack quiet hours override. Use HH-HH, off, or leave blank for default.
+SLACK_QUIET_HOURS=
+# Optional Slack override for automatic artifact summaries/uploads.
+SLACK_AUTO_SEND_ARTIFACTS=
+
 # Agents
 # Agent access. Codex is enabled by default; Pi, Hermes, OpenClaw, and Claude Code are opt-in.
 # Allow Codex sessions.
@@ -264,6 +299,23 @@ NORDRELAY_VERSION_CACHE_TTL_MS=3600000
 # Installed agent CLI version cache TTL.
 NORDRELAY_CLI_VERSION_CACHE_TTL_MS=60000
 
+# Peers
+# Optional NordRelay-to-NordRelay federation. Pairing is explicit, authenticated, scoped, and TLS-protected.
+# Expose the dedicated authenticated NordRelay peer API.
+NORDRELAY_PEER_ENABLED=false
+# Human-readable name shown to paired NordRelay instances.
+NORDRELAY_PEER_NAME=
+# Bind host for the peer API. Use 127.0.0.1 for local-only or a LAN/interface IP when explicitly exposing peers.
+NORDRELAY_PEER_HOST=127.0.0.1
+# Port for the peer API.
+NORDRELAY_PEER_PORT=31979
+# Optional public URL other instances should use for this node.
+NORDRELAY_PEER_PUBLIC_URL=
+# Serve the peer API over HTTPS with an automatically generated local certificate.
+NORDRELAY_PEER_TLS_ENABLED=true
+# Reject plaintext peer serving on non-loopback hosts.
+NORDRELAY_PEER_REQUIRE_TLS=true
+
 # Voice
 # Optional voice transcription settings.
 # Whisper fallback API key.

package/README.md

@@ -1,6 +1,6 @@
 # NordRelay
 
-NordRelay is a remote control plane for coding agents across messaging channels. The current implementation connects Codex, Pi, Hermes, OpenClaw, and Claude Code coding-agent sessions to Telegram and Discord, keeps independent sessions per chat, thread, forum topic, or DM, streams replies and tool activity back to the active channel, supports files, photos, voice input, model controls, session browsing, retry/abort, and CLI handback.
+NordRelay is a remote control plane for coding agents across messaging channels and paired NordRelay instances. The current implementation connects Codex, Pi, Hermes, OpenClaw, and Claude Code coding-agent sessions to Telegram, Discord, Slack, the WebUI, and trusted peer nodes, keeps independent sessions per chat, thread, forum topic, DM, or remote target, streams replies and tool activity back to the active channel, supports files, photos, voice input, model controls, session browsing, retry/abort, CLI handback, and scoped multi-host control.
 
 The repo is both a local Codex marketplace and a standalone Node app. The plugin lives in `plugins/nordrelay/`; the full bot runtime lives in `src/` and uses `@openai/codex-sdk` for Codex, Pi RPC mode for Pi, the Hermes API Server for Hermes, the OpenClaw Gateway WebSocket RPC surface for OpenClaw, and the Claude Agent SDK for Claude Code.
 
@@ -8,48 +8,62 @@ The repo is both a local Codex marketplace and a standalone Node app. The plugin
 
 Session control:
 
-- Independent coding-agent sessions per Telegram private chat, group chat, and forum topic.
-- `/agent` switches a Telegram context between enabled agents such as Codex, Pi, Hermes, OpenClaw, and Claude Code.
-- Persistent Telegram context metadata in the active workspace under `.nordrelay/contexts.json`.
+- Independent coding-agent sessions per Telegram private chat, group chat, forum topic, Discord DM/channel/thread, Slack DM/channel/thread, WebUI, and peer target.
+- `/agent` switches a chat context between enabled agents such as Codex, Pi, Hermes, OpenClaw, and Claude Code.
+- Persistent channel context metadata in the active workspace under `.nordrelay/contexts.json`.
 - `/new` starts a fresh thread, with workspace selection when known workspaces are available.
 - `/session` shows thread id, workspace, launch profile, launch behavior, model, reasoning, fast mode, context usage, token totals, and subscription limit remaining percentages.
 - `/sessions` opens a paginated browser for recent sessions from the selected agent.
 - `/sessions <query>` filters recent sessions by id, title, workspace, model, or first message.
-- `/sync` manually refreshes the active Telegram session from local CLI state when the selected agent supports state watching.
+- `/sync` manually refreshes the active chat session from local CLI state when the selected agent supports state watching.
 - `/pin`, `/unpin`, and `/pinned` keep important threads at the top of Telegram session browsing.
 - `/switch <session-id>` switches directly to an existing session.
 - `/attach <session-id>` binds an existing agent session to the current chat or topic.
 - Existing thread metadata is imported on switch/attach, including model, reasoning effort, sandbox mode, and approval policy.
 - Codex session usage is read from local rollout JSONL files, including context-used percent, total input/output tokens, 5h limit remaining, and weekly limit remaining.
 - `/handback` returns a ready-to-run CLI command for continuing in the native agent CLI.
-- `/retry` resends the last prompt for the current Telegram context.
-- `/queue`, inline run/top/up/down/cancel buttons, `/cancel <queue-id>`, and `/clearqueue` manage queued prompts for a busy Telegram context.
+- `/retry` resends the last prompt for the current chat context.
+- `/queue`, inline run/top/up/down/cancel buttons, `/cancel <queue-id>`, and `/clearqueue` manage queued prompts for a busy chat context.
 - `/queue later <minutes> <prompt>` schedules a prompt for later execution, and `/queue inspect <queue-id>` shows full queue metadata.
 - `/abort`, `/stop`, and the inline Abort button cancel the active agent turn.
-- Busy prompts are queued per Telegram context instead of being dropped.
-- If the attached thread is currently active in the local agent CLI, Telegram prompts are queued until that CLI task finishes.
-- Active Codex, Pi, Hermes, OpenClaw, and Claude Code CLI/API turns are mirrored into Telegram with configurable `off`, `status`, `final`, or `full` modes.
-- `/mirror` controls CLI mirroring per Telegram context.
+- Busy prompts are queued per chat context instead of being dropped.
+- If the attached thread is currently active in the local agent CLI, chat prompts are queued until that CLI task finishes.
+- Active Codex, Pi, Hermes, OpenClaw, and Claude Code CLI/API turns are mirrored into Telegram, Discord, and Slack with configurable `off`, `status`, `final`, or `full` modes.
+- `/mirror` controls CLI mirroring per chat context.
 - Queues survive connector restarts and are resumed automatically when the external CLI turn becomes idle.
-- `/notify` controls completion/status notifications and quiet hours per Telegram context.
+- `/notify` controls completion/status notifications and quiet hours per chat context.
 - `/workspaces` lists allowed workspaces and shows workspace guardrail warnings.
-- `/status`, `/health`, and `/version` report connector runtime health from Telegram.
+- `/status`, `/health`, and `/version` report connector runtime health from chat adapters.
 - `/tasks` and `/progress` show the current turn status, queue length, active tool, elapsed time, and last error.
 - `/activity` shows a compact timeline of recent rollout events for the active thread, with filters and export.
-- `/diagnostics` reports redacted runtime, config, user/group authorization, Telegram rate-limit, mirror, voice, session, queue, and progress details.
+- `/diagnostics` reports redacted runtime, config, user/group authorization, channel rate-limit, mirror, voice, session, queue, and progress details.
 - `/support` exports a redacted diagnostics ZIP with config, health, versions, agent paths, recent logs, audit events, update jobs, state backend, and OS/Node/npm info.
 - `/lock`, `/unlock`, and `/locks` provide a team write-lock for shared sessions so one user can operate while others watch.
-- `/audit` shows recent prompt, queue, lock, command, authentication, permission-denied, user, group, Telegram-link, Telegram-chat, and web-session audit events for admins.
+- `/audit` shows recent prompt, queue, lock, command, authentication, permission-denied, user, group, Telegram-link, Telegram-chat, Discord-link, Discord-channel, Slack-link, Slack-channel, and web-session audit events for admins.
 
 Adapter architecture:
 
 - Telegram supports text, typing, streaming edits, inline buttons, files, photos, voice, forum topics, and polling/webhook transport.
 - Discord supports text, typing, streaming edits, buttons, files, photos, voice/audio transcription, guild channels, threads, DMs, message commands, and slash commands.
-- `/channels` shows available and planned messaging adapters for Telegram, Discord, WhatsApp, Slack, and Matrix.
+- Slack supports text, typing/status, streaming edits, Block Kit buttons, files, images, audio transcription, channels, DMs, threads, Socket Mode, and HTTP Events mode.
+- Slack startup and `/diagnostics` include readiness checks for token/transport configuration, registered channels, Slack API auth probes, channel visibility probes, file-upload readiness notes, and rate-limit counters.
+- `/channels` shows available and planned messaging adapters for Telegram, Discord, Slack, WhatsApp, and Matrix.
 - Codex, Pi, Hermes, OpenClaw, and Claude Code are implemented as agent adapters.
 - `/agents` shows available/planned agent adapters and whether Codex, Pi, Hermes, OpenClaw, and Claude Code are enabled.
+- Agent and chat adapters expose a shared conformance matrix so command coverage and feature support can be tested and surfaced consistently.
 - Shared command-action renderers and a channel runtime contract keep inbound commands, outbound messages, typing, files, inline actions, and streaming-ready delivery separate from channel-specific API calls.
 
+Peer federation:
+
+- Optional NordRelay-to-NordRelay pairing lets one instance operate agents on trusted Ubuntu, macOS, Windows, LAN, or remote hosts.
+- Peer serving is disabled by default and uses a dedicated API port separate from the dashboard.
+- Pairing requires an explicit one-time invitation code, Ed25519 node identity verification, a per-peer shared secret, request HMAC signatures, timestamp/nonce replay protection, and TLS fingerprint pinning.
+- Peer scopes restrict which remote WebUI/API actions are allowed, including read, prompt, queue, file, diagnostic, log, and session permissions.
+- Peer records can also restrict allowed agent ids, allowed workspace roots, and per-peer workspace aliases such as `app=/srv/app`.
+- The WebUI has a Peers page plus a local/remote target selector; dashboard pages, SSE streaming, queue actions, artifact downloads, health checks, and the global session browser proxy through the selected peer when allowed.
+- Telegram, Discord, and Slack expose `/peers` and `/target` so a linked user can choose whether prompts run locally or on a paired NordRelay instance.
+- Remote prompts stream text, tool status, turn completion, and errors back to the originating Telegram, Discord, or Slack context.
+
 Codex runtime:
 
 - Uses `@openai/codex-sdk` to start, resume, and stream Codex threads.
@@ -59,18 +73,18 @@ Codex runtime:
 - Supports launch profiles through `/launch_profiles` and `/launch`.
 - Built-in launch profiles include Default, Read Only, Review, and optional Full Access.
 - Custom launch profiles can be configured with `CODEX_LAUNCH_PROFILES_JSON`.
-- Unsafe `danger-full-access` profiles require `ENABLE_UNSAFE_LAUNCH_PROFILES=true` and Telegram confirmation.
-- Review or unsafe launch profiles require an inline Telegram approval before each prompt is executed.
+- Unsafe `danger-full-access` profiles require `ENABLE_UNSAFE_LAUNCH_PROFILES=true` and channel confirmation.
+- Review or unsafe launch profiles require an inline channel approval before each prompt is executed.
 - Fast mode can be toggled with `/fast` and mirrors Codex's `fast_default_opt_out` setting from `~/.codex/config.toml`.
-- Active Telegram sessions periodically sync model, reasoning, workspace, launch metadata, and fast-mode defaults from local agent state where supported.
-- Active local Codex CLI tasks are detected from rollout JSONL files so Telegram does not race the CLI on the same thread.
+- Active chat sessions periodically sync model, reasoning, workspace, launch metadata, and fast-mode defaults from local agent state where supported.
+- Active local Codex CLI tasks are detected from rollout JSONL files so chat adapters do not race the CLI on the same thread.
 - `/diagnostics` includes rollout path, activity status, stale/idle reason, line count, and last update time.
 - Optional per-turn token usage footer with `SHOW_TURN_TOKEN_USAGE=true`.
 
 Pi runtime:
 
 - Pi support is opt-in with `NORDRELAY_PI_ENABLED=true`.
-- The default Telegram agent is selected with `NORDRELAY_DEFAULT_AGENT=codex`, `pi`, `hermes`, `openclaw`, or `claude-code`.
+- The default chat agent is selected with `NORDRELAY_DEFAULT_AGENT=codex`, `pi`, `hermes`, `openclaw`, or `claude-code`.
 - Pi sessions are driven through official `pi --mode rpc` JSONL commands and events.
 - Existing Pi sessions are discovered from `~/.pi/agent/sessions/` or `PI_SESSION_DIR`.
 - `/sessions`, `/switch`, `/attach`, `/new`, `/session`, `/handback`, `/model`, `/reasoning`, `/abort`, `/stop`, `/retry`, `/queue`, files, photos, and voice input work for Pi contexts.
@@ -78,15 +92,15 @@ Pi runtime:
 - Pi thinking levels use `/reasoning` and support `off`, `minimal`, `low`, `medium`, `high`, and `xhigh`.
 - Pi token and context stats are read through `get_session_stats` when an RPC session is active.
 - Pi launch profiles expose CLI safety modes such as default, read-only tools, no tools, offline, and safe offline.
-- Pi external CLI activity is detected from Pi session JSONL files so Telegram/WebUI prompts queue while the same Pi session is busy.
-- Pi CLI turns can be mirrored into Telegram/WebUI with status, tool activity, final answers, activity timelines, diagnostics, and generated artifact discovery.
+- Pi external CLI activity is detected from Pi session JSONL files so chat/WebUI prompts queue while the same Pi session is busy.
+- Pi CLI turns can be mirrored into chat adapters and the WebUI with status, tool activity, final answers, activity timelines, diagnostics, and generated artifact discovery.
 - Pi provider auth checks report the environment variables expected for the selected provider.
 - Codex-only subscription limit percentages remain Codex-specific; Pi reports token/context stats when available.
 
 Hermes runtime:
 
 - Hermes support is opt-in with `NORDRELAY_HERMES_ENABLED=true`.
-- The default Telegram agent can be set with `NORDRELAY_DEFAULT_AGENT=hermes`.
+- The default chat agent can be set with `NORDRELAY_DEFAULT_AGENT=hermes`.
 - Hermes turns are executed through the Hermes API Server `/v1/runs` endpoint and streamed through `/v1/runs/{run_id}/events`.
 - `/abort` and `/stop` use the Hermes run stop endpoint when a NordRelay-started Hermes run is active.
 - Existing Hermes sessions are discovered from `~/.hermes/state.db`, or from `HERMES_STATE_DB_PATH` when configured.
@@ -94,14 +108,14 @@ Hermes runtime:
 - Hermes model selection uses `/v1/models` when the API Server is reachable and falls back to the selected/default model.
 - Hermes reasoning uses `/reasoning` and supports `none`, `minimal`, `low`, `medium`, `high`, and `xhigh`.
 - Hermes launch profiles include `default`, `safe`, `readonly`, and `yolo`; profiles map to run instructions and Hermes approval responses.
-- Hermes external activity is detected from `state.db`, so Telegram/WebUI prompts queue while the same Hermes session has an unfinished CLI turn.
-- Hermes CLI/API turns can be mirrored into Telegram/WebUI with status, tool activity, final answers, activity timelines, diagnostics, and generated artifact discovery.
+- Hermes external activity is detected from `state.db`, so chat/WebUI prompts queue while the same Hermes session has an unfinished CLI turn.
+- Hermes CLI/API turns can be mirrored into chat adapters and the WebUI with status, tool activity, final answers, activity timelines, diagnostics, and generated artifact discovery.
 - `/auth` checks that the Hermes API Server is reachable and that `HERMES_API_KEY` is usable when configured.
 
 OpenClaw runtime:
 
 - OpenClaw support is opt-in with `NORDRELAY_OPENCLAW_ENABLED=true`.
-- The default Telegram agent can be set with `NORDRELAY_DEFAULT_AGENT=openclaw`.
+- The default chat agent can be set with `NORDRELAY_DEFAULT_AGENT=openclaw`.
 - OpenClaw turns are executed through the OpenClaw Gateway WebSocket RPC endpoint configured by `OPENCLAW_GATEWAY_URL`.
 - `/abort` and `/stop` call the OpenClaw Gateway cancel method when a NordRelay-started OpenClaw run is active.
 - Existing OpenClaw sessions are discovered from `openclaw sessions --all-agents --json`, or from the state directory configured with `OPENCLAW_HOME` or `OPENCLAW_STATE_DIR`.
@@ -109,22 +123,22 @@ OpenClaw runtime:
 - OpenClaw model selection uses the Gateway `models.list` method when reachable and falls back to `openclaw models list --json`.
 - OpenClaw thinking uses `/reasoning` and supports `off`, `minimal`, `low`, `medium`, `high`, and `xhigh`.
 - OpenClaw launch profiles include `default`, `safe`, `readonly`, `local`, and `deliver`; profiles map to Gateway run flags and additional instructions.
-- OpenClaw external activity is detected from OpenClaw session state, so Telegram/WebUI prompts queue while the same OpenClaw session has an unfinished CLI turn.
-- OpenClaw Gateway turns can be mirrored into Telegram/WebUI with status, tool activity, final answers, activity timelines, diagnostics, and generated artifact discovery.
+- OpenClaw external activity is detected from OpenClaw session state, so chat/WebUI prompts queue while the same OpenClaw session has an unfinished CLI turn.
+- OpenClaw Gateway turns can be mirrored into chat adapters and the WebUI with status, tool activity, final answers, activity timelines, diagnostics, and generated artifact discovery.
 - `/auth` checks that the OpenClaw Gateway is reachable and that `OPENCLAW_GATEWAY_TOKEN` or `OPENCLAW_GATEWAY_PASSWORD` is usable when configured.
 
 Claude Code runtime:
 
 - Claude Code support is opt-in with `NORDRELAY_CLAUDE_CODE_ENABLED=true`.
-- The default Telegram agent can be set with `NORDRELAY_DEFAULT_AGENT=claude-code`.
+- The default chat agent can be set with `NORDRELAY_DEFAULT_AGENT=claude-code`.
 - Claude Code turns are executed through `@anthropic-ai/claude-agent-sdk`, using the host `claude` executable when available and the SDK bundled runtime otherwise.
 - Existing Claude Code sessions are discovered from `~/.claude/projects/`, or from `CLAUDE_CONFIG_DIR/projects` when configured.
 - `/sessions`, `/switch`, `/attach`, `/new`, `/session`, `/handback`, `/model`, `/reasoning`, `/abort`, `/stop`, `/retry`, `/queue`, files, photos, and voice input work for Claude Code contexts.
 - Claude Code model selection exposes common aliases and model ids; explicit values from existing sessions are preserved.
 - Claude Code effort uses `/reasoning` and supports `off`, `low`, `medium`, `high`, and `xhigh`.
 - Claude Code launch profiles include `default`, `accept-edits`, `plan`, `readonly`, `no-tools`, and optional `bypass-permissions`.
-- Claude Code external activity is detected from transcript JSONL files, so Telegram/WebUI prompts queue while the same Claude Code session has an unfinished CLI turn.
-- Claude Code SDK turns can be mirrored into Telegram/WebUI with status, tool activity, final answers, activity timelines, diagnostics, and generated artifact discovery.
+- Claude Code external activity is detected from transcript JSONL files, so chat/WebUI prompts queue while the same Claude Code session has an unfinished CLI turn.
+- Claude Code SDK turns can be mirrored into chat adapters and the WebUI with status, tool activity, final answers, activity timelines, diagnostics, and generated artifact discovery.
 - `/auth` checks the host Claude Code CLI auth state when `claude auth status` is available.
 
 Telegram input:
@@ -162,7 +176,7 @@ Telegram output:
 
 Discord input and output:
 
-- Enable Discord with `DISCORD_ENABLED=true` and `DISCORD_BOT_TOKEN`.
+- Enable Discord with `DISCORD_ENABLED=true` and `DISCORD_BOT_TOKEN`. If a requested chat adapter is missing its token, NordRelay disables that adapter and keeps running as long as another chat adapter is usable.
 - Set `DISCORD_CLIENT_ID` to let NordRelay register slash commands automatically.
 - `DISCORD_COMMAND_MODE=both` supports slash commands and `/command` text messages. Set it to `slash` if the bot should not read message commands.
 - `DISCORD_MESSAGE_CONTENT_ENABLED=true` lets regular Discord messages become prompts. The matching privileged intent must also be enabled in the Discord Developer Portal.
@@ -171,22 +185,33 @@ Discord input and output:
 - Discord buttons cover session picks, model/reasoning/launch picks, queue actions, artifact actions, update jobs, and abort where Discord component limits allow.
 - Discord slash commands mirror the Telegram command surface where Discord supports it: `/agent`, `/auth`, `/login`, `/logout`, `/session`, `/sessions`, `/new`, `/switch`, `/attach`, `/handback`, `/workspaces`, `/pin`, `/unpin`, `/pinned`, `/model`, `/reasoning`, `/fast`, `/launch`, `/launch_profiles`, `/queue`, `/stop`, `/retry`, `/sync`, `/progress`, `/activity`, `/audit`, `/artifacts`, `/logs`, `/version`, `/diagnostics`, `/restart`, `/update`, `/lock`, `/unlock`, `/mirror`, `/notify`, `/voice`, `/link`, `/whoami`, and `/register_channel`.
 
+Slack input and output:
+
+- Enable Slack with `SLACK_ENABLED=true`, `SLACK_BOT_TOKEN`, and `SLACK_APP_TOKEN` for Socket Mode. If Socket Mode is disabled, set `SLACK_SIGNING_SECRET` and expose the Slack HTTP receiver.
+- `SLACK_MESSAGE_CONTENT_ENABLED=true` lets regular Slack messages become prompts. Keep it disabled if you only want slash-command control.
+- Slack DMs, channels, and message threads get independent NordRelay contexts.
+- Slack files are staged like Telegram/Discord uploads; images are passed as image inputs and audio files are transcribed before prompting.
+- Slack Block Kit buttons cover session picks, model/reasoning/launch picks, queue actions, artifact actions, update jobs, and abort where Slack component limits allow.
+- Slack slash/text commands mirror the shared command surface where Slack supports it: `/agent`, `/auth`, `/login`, `/logout`, `/session`, `/sessions`, `/new`, `/switch`, `/attach`, `/handback`, `/workspaces`, `/pin`, `/unpin`, `/pinned`, `/model`, `/reasoning`, `/fast`, `/launch`, `/launch_profiles`, `/queue`, `/stop`, `/retry`, `/sync`, `/progress`, `/activity`, `/audit`, `/artifacts`, `/logs`, `/version`, `/diagnostics`, `/restart`, `/update`, `/lock`, `/unlock`, `/mirror`, `/notify`, `/voice`, `/link`, `/whoami`, and `/register_channel`.
+
 Authentication and safety:
 
 - WebUI login is required for every dashboard page, API route, SSE stream, artifact download, and health endpoint.
-- Access is managed through NordRelay users, groups, permissions, web sessions, linked Telegram identities, and linked Discord identities.
-- Built-in groups are `Admin`, `User`, and `Read Only`; custom groups can be created in the WebUI and can restrict allowed agents, workspace roots, Telegram chats, and Discord channels.
+- Access is managed through NordRelay users, groups, permissions, web sessions, linked Telegram identities, linked Discord identities, and linked Slack identities.
+- Built-in groups are `Admin`, `User`, and `Read Only`; custom groups can be created in the WebUI and can restrict allowed agents, workspace roots, Telegram chats, Discord channels, and Slack channels.
 - The last active admin cannot be disabled or demoted, and web sessions are revoked when passwords or group memberships change.
 - Admins can review and revoke active WebUI sessions from the Users page.
 - Telegram private chats require a linked active NordRelay user.
 - Telegram group and forum chats must be registered before use; admins can run `/register_chat` in the chat or enable chats in the WebUI.
 - Discord DMs require a linked active NordRelay user.
 - Discord guild channels and threads must be registered before use; admins can run `/register_channel` in the channel or enable channels in the WebUI.
+- Slack DMs require a linked active NordRelay user.
+- Slack channels and threads must be registered before use; admins can run `/register_channel` in the channel or enable channels in the WebUI.
 - `/whoami` shows the linked NordRelay account and groups.
 - `/link <code>` links a Telegram account to a NordRelay user after a link code is created in the WebUI or with `nordrelay user link-code`.
-- `/link <code>` also links a Discord account when the code was created as a Discord link code.
+- `/link <code>` also links a Discord or Slack account when the code was created for that channel.
 - WebUI login and chat-account link attempts are rate-limited to reduce brute-force risk.
-- User, group, Telegram-link, Telegram-chat, Discord-link, Discord-channel, web-session, login, and permission-denied events are written to the audit log.
+- User, group, Telegram-link, Telegram-chat, Discord-link, Discord-channel, Slack-link, Slack-channel, web-session, login, and permission-denied events are written to the audit log.
 - `/auth` reports Codex authentication, Pi provider environment health, Hermes API Server reachability, OpenClaw Gateway reachability, or Claude Code CLI auth for the selected agent.
 - `/login` starts Telegram-managed CLI auth for Codex, Hermes, or Claude Code when enabled.
 - `/logout` signs out of CLI auth for Codex, Hermes, or Claude Code; Codex logout is disabled while `CODEX_API_KEY` is in use.
@@ -200,15 +225,16 @@ Operations:
 - Plugin command/skill starts, stops, restarts, and inspects the connector process.
 - Manual process commands support `start`, `stop`, `restart`, `status`, `update`, and `foreground`.
 - Telegram admin commands support `/logs`, `/diagnostics`, `/support`, `/restart`, and `/update` for NordRelay and agent CLIs.
+- `nordrelay peer identity`, `list`, `invite`, `add`, `test`, and `revoke` manage secure peer federation from the CLI.
 - `nordrelay update`, `/update`, and the WebUI update button detect the install type: npm installs update with `npm install -g @nordbyte/nordrelay@latest`; source checkouts pull `origin/main`, install dependencies, run check, tests, and build, then restart if the connector is running.
 - `/update agents`, `/update <agent>`, `/update install <agent>`, `/update jobs`, `/update log <id>`, `/update cancel <id>`, and `/update input <id> <text>` manage Codex, Pi, Hermes, OpenClaw, and Claude Code updater or installer jobs from Telegram.
 - `/logs` renders redacted connector, NordRelay update, and agent update logs with local-time timestamps, levels, file path, last-modified time, and highlighted warnings/errors.
 - Logs can be emitted as timestamped plain text or JSON records with `CONNECTOR_LOG_FORMAT`.
 - Telegram sends/edits/documents are routed through a rate-limit queue that honors Telegram retry-after responses.
-- Mirror, notification, quiet-hour, and automatic artifact-delivery defaults are configured through channel-neutral `NORDRELAY_*` settings, with Telegram and Discord override keys when a channel should differ.
+- Mirror, notification, quiet-hour, and automatic artifact-delivery defaults are configured through channel-neutral `NORDRELAY_*` settings, with Telegram, Discord, and Slack override keys when a channel should differ.
 - The WebUI Tasks page includes a unified Jobs view for active WebUI turns, external CLI turns, queued prompts, agent update/install jobs, self-updates, and diagnostics bundle exports, with log, cancel, and retry actions where supported.
 - Unified Jobs are persisted across restarts and retain recent prompt, queue, update, connector-update, and support-bundle history for WebUI inspection.
-- The WebUI Metrics page reports queue state, active/completed/failed turns, job counts, average prompt duration, and Telegram/Discord rate-limit counters.
+- The WebUI Metrics page reports queue state, active/completed/failed turns, job counts, average prompt duration, and Telegram/Discord/Slack rate-limit counters.
 - Expensive dashboard views such as version checks, adapter health, and diagnostics use a short stale-while-refresh server cache so the UI can render recent data while fresh checks run in the background.
 - Context metadata, queues, and preferences are written atomically with backup recovery.
 - Context metadata, queues, preferences, audit events, and locks can use JSON files or the optional SQLite state backend with `NORDRELAY_STATE_BACKEND=sqlite`.
@@ -217,7 +243,7 @@ Operations:
 - On first WebUI startup without an admin account, NordRelay shows a setup wizard for creating the first admin; remote setup requires the one-time token printed in the server console.
 - The WebUI has responsive header/sidebar/footer navigation, live chat streaming, session controls, queue/artifact/log/diagnostic views, and settings management.
 - The WebUI supports light and dark themes, tabbed settings groups, paginated session browsing, and chat uploads for images, documents, and audio transcription.
-- The WebUI exposes REST and SSE endpoints for chat streaming, sessions, settings, queue, artifacts, logs, health, diagnostics, and redacted diagnostics bundle export.
+- The WebUI exposes REST and SSE endpoints for chat streaming, sessions, settings, queue, artifacts, logs, health, diagnostics, peers, adapter conformance, and redacted diagnostics bundle export.
 - The dashboard can bind to `127.0.0.1` or `0.0.0.0`; user login and session cookies are mandatory in both modes.
 - Telegram can run with long polling or an HTTP webhook via `TELEGRAM_TRANSPORT=webhook`.
 - Version freshness checks are cached with `NORDRELAY_VERSION_CACHE_TTL_MS`, and installed agent CLI version checks are cached with `NORDRELAY_CLI_VERSION_CACHE_TTL_MS`, to keep `/version` and adapter health responsive.
@@ -289,6 +315,16 @@ Create the Discord bot:
 6. Link Discord from the WebUI, with `nordrelay user link-discord`, or by creating a Discord link code and sending `/link <code>` to the bot.
 7. In guild channels, run `/register_channel` once from an admin-linked Discord account.
 
+Create the Slack app:
+
+1. Open Slack API Apps and create a new app for your workspace.
+2. Add a bot user and copy the bot token into `SLACK_BOT_TOKEN`.
+3. Enable Socket Mode and create an app-level token with `connections:write`; copy it into `SLACK_APP_TOKEN`.
+4. Add bot scopes for messages, files, channels, groups, IMs, MPIMs, commands, and chat write access.
+5. Create the slash command configured in `SLACK_COMMAND` (default `/nordrelay`) and install the app to your workspace.
+6. Link Slack from the WebUI, with `nordrelay user link-slack`, or by creating a Slack link code and sending `/link <code>` to the app.
+7. In Slack channels, run `/register_channel` once from an admin-linked Slack account.
+
 Minimal private-bot `~/.nordrelay/nordrelay.env`:
 
 ```dotenv
@@ -296,6 +332,9 @@ TELEGRAM_BOT_TOKEN=123456789:replace-me
 DISCORD_ENABLED=false
 DISCORD_BOT_TOKEN=
 DISCORD_CLIENT_ID=
+SLACK_ENABLED=false
+SLACK_BOT_TOKEN=
+SLACK_APP_TOKEN=
 NORDRELAY_CODEX_ENABLED=true
 NORDRELAY_PI_ENABLED=false
 NORDRELAY_HERMES_ENABLED=false
@@ -313,10 +352,40 @@ User and chat access management:
 - `nordrelay user create --email dev@example.com --name "Dev" --group user` creates a normal user.
 - `nordrelay user link-telegram --email you@example.com --telegram-user-id 123456789` links a Telegram account directly.
 - `nordrelay user link-discord --email you@example.com --discord-user-id 123456789012345678` links a Discord account directly.
+- `nordrelay user link-slack --email you@example.com --slack-user-id U123 --slack-team-id T123` links a Slack account directly.
 - `nordrelay user link-code --email you@example.com` creates a short-lived Telegram code that the user sends as `/link <code>` to the Telegram bot.
 - `nordrelay user discord-link-code --email you@example.com` creates a short-lived Discord code that the user sends as `/link <code>` to the Discord bot.
+- `nordrelay user slack-link-code --email you@example.com` creates a short-lived Slack code that the user sends as `/link <code>` to the Slack app.
 - Telegram group chats are disabled until an admin enables them from the WebUI or runs `/register_chat` inside the group.
 - Discord guild channels are disabled until an admin enables them from the WebUI or runs `/register_channel` inside the channel.
+- Slack channels are disabled until an admin enables them from the WebUI or runs `/register_channel` inside the channel.
+
+Peer setup:
+
+1. On each host that should accept peer connections, set `NORDRELAY_PEER_ENABLED=true` in `~/.nordrelay/nordrelay.env`.
+2. Keep `NORDRELAY_PEER_TLS_ENABLED=true` and `NORDRELAY_PEER_REQUIRE_TLS=true` for LAN or internet use.
+3. Use `NORDRELAY_PEER_HOST=127.0.0.1` for local-only testing, a LAN/interface IP for trusted local networks, or keep the peer API behind a TLS reverse proxy/VPN for internet access.
+4. Set `NORDRELAY_PEER_PUBLIC_URL=https://host.example:31979` when other hosts cannot reach the bind address directly.
+5. Restart NordRelay on the accepting host and create an invitation:
+
+```bash
+nordrelay peer invite --name workstation --scopes inspect,sessions.read,sessions.write,prompt.send,prompt.abort,queue.read,queue.write,files.read,files.write,diagnostics.read,logs.read
+```
+
+6. On the controlling host, run the printed command:
+
+```bash
+nordrelay peer add https://workstation.example:31979 --code one-time-code
+```
+
+7. Confirm the connection:
+
+```bash
+nordrelay peer list
+nordrelay peer test <peer-id>
+```
+
+Use `--workspace-aliases app=/srv/app,demo=/home/me/demo` on invites when a controller should be able to start remote sessions with short workspace names. Use the WebUI Peers page for the same invite, pair, enable/disable, test, alias, global-session, and revoke workflow. Use `/peers` from Telegram, Discord, or Slack to inspect paired nodes and `/target <peer-id>` or `/target local` to choose where subsequent prompts run.
 
 Codex authentication:
 
@@ -403,6 +472,9 @@ nordrelay restart
 nordrelay stop
 nordrelay foreground
 nordrelay web
+nordrelay peer list
+nordrelay peer invite
+nordrelay peer add https://peer.example:31979 --code one-time-code
 ```
 
 Source checkout process commands:
@@ -417,6 +489,7 @@ node plugins/nordrelay/scripts/nordrelay.mjs foreground
 node plugins/nordrelay/scripts/nordrelay.mjs user list
 node plugins/nordrelay/scripts/nordrelay.mjs doctor
 node plugins/nordrelay/scripts/nordrelay.mjs web
+node plugins/nordrelay/scripts/nordrelay.mjs peer list
 ```
 
 NPM shortcuts:
@@ -472,6 +545,7 @@ The dashboard is a second NordRelay client next to Telegram. It can:
 - Inspect a per-agent capability matrix showing model, reasoning, launch, fast mode, attachments, activity, usage, auth, login/logout, and handback support.
 - Check NordRelay and agent CLI versions, then start Codex, Pi, Hermes, OpenClaw, or Claude Code updates from outdated rows or installs from not-installed rows with live output, cancel, delete-log, and stdin response controls.
 - Build dashboard CSS and client JavaScript from modular source assets through esbuild, then serve them as authenticated static assets instead of inline HTML.
+- Pair, test, enable/disable, and revoke NordRelay peers, then switch the dashboard target between the local instance and paired remote instances.
 
 Dashboard API endpoints are served under `/api/*`. Streaming uses `GET /api/events`.
 
@@ -504,6 +578,8 @@ Run NordRelay behind your reverse proxy so the public URL forwards to `http://12
 - `/channels` shows available and planned messaging adapters.
 - `/agents` shows available and planned coding-agent adapters.
 - `/agent` selects the active agent for this Telegram context.
+- `/peers` shows configured NordRelay peer instances.
+- `/target local|<peer-id>` selects whether prompts for this chat run locally or on a paired peer.
 - `/link <code>` links the Telegram account to a NordRelay user.
 - `/whoami` shows the linked NordRelay user, groups, and permissions.
 - `/register_chat` enables the current Telegram group or forum chat for NordRelay when the linked user has user-management permission.
@@ -575,10 +651,24 @@ Discord supports slash commands and `/command` text messages for the shared comm
 - `/prompt <text>` is available for slash-command-only deployments where regular message content is disabled.
 - `/link <code>` consumes Discord link codes created in the WebUI or with `nordrelay user discord-link-code`.
 - `/queue`, `/sessions`, `/agent`, `/model`, `/reasoning`, `/launch`, `/artifacts`, `/update`, and `/stop` use Discord buttons where component limits allow.
+- `/peers` and `/target local|<peer-id>` use the same paired-instance target selection as Telegram.
 - `/artifacts latest`, `/artifacts zip latest`, `/artifacts images`, `/artifacts docs`, `/artifacts search <text>`, and `/artifacts delete <turn-id>` are available in Discord.
 - Unsafe launch profiles require explicit confirmation with `/launch <profile-id> confirm`.
 - Discord does not support Telegram reactions or Telegram webhook transport; typing, message edits, attachments, files, DMs, guild channels, and threads are supported.
 
+## Slack Commands
+
+Slack supports the configured slash command and `/command` text messages for the shared command set. The primary differences from Telegram are:
+
+- `/register_channel` enables the current Slack channel or thread for NordRelay when the linked user has user-management permission.
+- `/prompt <text>` is available through the configured slash command when regular message content is disabled.
+- `/link <code>` consumes Slack link codes created in the WebUI or with `nordrelay user slack-link-code`.
+- `/queue`, `/sessions`, `/agent`, `/model`, `/reasoning`, `/launch`, `/artifacts`, `/update`, and `/stop` use Slack buttons where Block Kit limits allow.
+- `/peers` and `/target local|<peer-id>` use the same paired-instance target selection as Telegram and Discord.
+- `/artifacts latest`, `/artifacts zip latest`, `/artifacts images`, `/artifacts docs`, `/artifacts search <text>`, and `/artifacts delete <turn-id>` are available in Slack.
+- Unsafe launch profiles require explicit confirmation with `/launch <profile-id> confirm`.
+- Slack does not support Telegram reactions or Telegram webhook transport; typing/status, message edits, attachments, files, DMs, channels, and threads are supported.
+
 ## Command Examples
 
 Switching to an existing thread:
@@ -760,7 +850,7 @@ Voice transcription uses `OPENAI_API_KEY`, not `CODEX_API_KEY`.
 Telegram:
 
 - `TELEGRAM_ENABLED`: starts the Telegram adapter. Defaults to `true`.
-- `TELEGRAM_BOT_TOKEN`: required BotFather token.
+- `TELEGRAM_BOT_TOKEN`: BotFather token. Required for the Telegram adapter to start.
 - `TELEGRAM_RATE_LIMIT_MIN_INTERVAL_MS`: minimum interval for normal Telegram API sends. Defaults to `80`.
 - `TELEGRAM_EDIT_MIN_INTERVAL_MS`: minimum interval for Telegram message edits. Defaults to `1200`.
 - `TELEGRAM_TRANSPORT`: `polling` or `webhook`. Defaults to `polling`.
@@ -780,7 +870,7 @@ Telegram:
 Discord:
 
 - `DISCORD_ENABLED`: starts the Discord adapter. Defaults to `false`.
-- `DISCORD_BOT_TOKEN`: required Discord bot token when Discord is enabled.
+- `DISCORD_BOT_TOKEN`: Discord bot token. Required for the Discord adapter to start.
 - `DISCORD_CLIENT_ID`: Discord application/client id used for slash-command registration.
 - `DISCORD_GUILD_IDS`: optional comma-separated guild ids for instant guild slash-command registration.
 - `DISCORD_ALLOWED_GUILD_IDS`: optional guild allow-list before user/group permissions are checked.
@@ -790,13 +880,39 @@ Discord:
 - `DISCORD_AUTO_REGISTER_COMMANDS`: registers slash commands on startup when `DISCORD_CLIENT_ID` is set. Defaults to `true`.
 - `DISCORD_CLI_MIRROR_MODE`, `DISCORD_CLI_MIRROR_MIN_UPDATE_MS`, `DISCORD_NOTIFY_MODE`, `DISCORD_QUIET_HOURS`, and `DISCORD_AUTO_SEND_ARTIFACTS`: optional Discord-specific overrides for the channel-neutral defaults.
 
+Slack:
+
+- `SLACK_ENABLED`: starts the Slack adapter. Defaults to `false`.
+- `SLACK_BOT_TOKEN`: Slack bot token. Required for the Slack adapter to start.
+- `SLACK_APP_TOKEN`: Slack app-level token for Socket Mode. Required when `SLACK_SOCKET_MODE=true`.
+- `SLACK_SIGNING_SECRET`: Slack signing secret for HTTP Events mode. Required when `SLACK_SOCKET_MODE=false`.
+- `SLACK_SOCKET_MODE`: uses Slack Socket Mode instead of an HTTP Events receiver. Defaults to `true`.
+- `SLACK_PORT`: HTTP receiver port when Socket Mode is disabled. Defaults to `3000`.
+- `SLACK_ALLOWED_TEAM_IDS`: optional Slack workspace allow-list before user/group permissions are checked.
+- `SLACK_ALLOWED_CHANNEL_IDS`: optional channel allow-list before user/group permissions are checked.
+- `SLACK_MESSAGE_CONTENT_ENABLED`: reads regular Slack text messages as prompts. Defaults to `true`.
+- `SLACK_COMMAND`: slash command configured in Slack. Defaults to `/nordrelay`.
+- `SLACK_CLI_MIRROR_MODE`, `SLACK_CLI_MIRROR_MIN_UPDATE_MS`, `SLACK_NOTIFY_MODE`, `SLACK_QUIET_HOURS`, and `SLACK_AUTO_SEND_ARTIFACTS`: optional Slack-specific overrides for the channel-neutral defaults.
+
 User management:
 
-- Users, groups, Telegram identities, Telegram group-chat access, Discord identities, Discord channel access, and web sessions are stored in `~/.nordrelay/users.json`.
-- Manage users in the WebUI Users page or with `nordrelay user list`, `create-admin`, `create`, `reset-password`, `link-telegram`, `link-discord`, `link-code`, and `discord-link-code`.
+- Users, groups, Telegram identities, Telegram group-chat access, Discord identities, Discord channel access, Slack identities, Slack channel access, and web sessions are stored in `~/.nordrelay/users.json`.
+- Manage users in the WebUI Users page or with `nordrelay user list`, `create-admin`, `create`, `reset-password`, `link-telegram`, `link-discord`, `link-slack`, `link-code`, `discord-link-code`, and `slack-link-code`.
 - Built-in groups are `admin`, `user`, and `readonly`.
-- Group permissions include `inspect`, `sessions.read`, `sessions.write`, `prompt.send`, `prompt.abort`, `files.read`, `files.write`, `settings.read`, `settings.write`, `auth.manage`, `diagnostics.read`, `logs.read`, `logs.clear`, `queue.read`, `queue.write`, `updates.run`, `system.restart`, `users.read`, `users.write`, and `audit.read`.
-- Custom groups can also restrict access to specific agent ids, workspace roots, Telegram chat ids, and Discord channel ids.
+- Group permissions include `inspect`, `sessions.read`, `sessions.write`, `prompt.send`, `prompt.abort`, `files.read`, `files.write`, `settings.read`, `settings.write`, `auth.manage`, `diagnostics.read`, `logs.read`, `logs.clear`, `queue.read`, `queue.write`, `updates.run`, `system.restart`, `users.read`, `users.write`, `audit.read`, `peers.read`, `peers.write`, and `peers.connect`.
+- Custom groups can also restrict access to specific agent ids, workspace roots, Telegram chat ids, Discord channel ids, and Slack channel ids.
+
+Peers:
+
+- `NORDRELAY_PEER_ENABLED`: starts the dedicated peer API. Defaults to `false`.
+- `NORDRELAY_PEER_NAME`: optional human-readable node name shown to paired instances.
+- `NORDRELAY_PEER_HOST`: peer API bind host. Defaults to `127.0.0.1`.
+- `NORDRELAY_PEER_PORT`: peer API port. Defaults to `31979`.
+- `NORDRELAY_PEER_PUBLIC_URL`: optional URL other instances should use to reach this node.
+- `NORDRELAY_PEER_TLS_ENABLED`: serves the peer API over HTTPS with an automatically generated local certificate. Defaults to `true`.
+- `NORDRELAY_PEER_REQUIRE_TLS`: refuses plaintext peer serving on non-loopback hosts. Defaults to `true`.
+- Peer identity, TLS certificate, peers, and invitations are stored under `~/.nordrelay/identity.json`, `~/.nordrelay/tls/`, and `~/.nordrelay/peers.json`.
+- Peer invitations expire after at most 24 hours even if a longer lifetime is requested.
 
 Agent selection:
 
@@ -824,8 +940,8 @@ Codex:
 - `CODEX_CLI_PATH`: optional explicit path to the Codex CLI executable.
 - `CODEX_USE_BUNDLED_CLI`: set `true` to force the SDK-bundled Codex CLI instead of the host `codex` executable.
 - `CODEX_MODEL`: default model for new threads.
-- `CODEX_SYNC_INTERVAL_MS`: periodic local Codex-state sync interval for active Telegram sessions. Defaults to `10000`; set `0` to disable.
-- `CODEX_EXTERNAL_BUSY_CHECK_MS`: how often queued Telegram prompts re-check an active local Codex CLI task. Defaults to `5000`.
+- `CODEX_SYNC_INTERVAL_MS`: periodic local Codex-state sync interval for active chat sessions. Defaults to `10000`; set `0` to disable.
+- `CODEX_EXTERNAL_BUSY_CHECK_MS`: how often queued chat prompts re-check an active local Codex CLI task. Defaults to `5000`.
 - `CODEX_EXTERNAL_BUSY_STALE_MS`: maximum age for an unclosed rollout task before it is treated as stale instead of active. Defaults to `300000`.
 - `CODEX_SANDBOX_MODE`: default sandbox mode, one of `read-only`, `workspace-write`, `danger-full-access`.
 - `CODEX_APPROVAL_POLICY`: default approval policy, one of `never`, `on-request`, `on-failure`, `untrusted`.
@@ -948,7 +1064,7 @@ ENABLE_UNSAFE_LAUNCH_PROFILES=true
 CODEX_LAUNCH_PROFILES_JSON=[{"id":"host-full","label":"Host Full Access","sandboxMode":"danger-full-access","approvalPolicy":"never"}]
 ```
 
-Unsafe profiles are intentionally gated. Telegram asks for confirmation before applying them.
+Unsafe profiles are intentionally gated. Chat adapters ask for confirmation before applying them.
 
 ## Security Notes
 
@@ -956,12 +1072,14 @@ Unsafe profiles are intentionally gated. Telegram asks for confirmation before a
 - Link Telegram accounts only to active NordRelay users that should control agents remotely.
 - Enable Telegram group/forum chats only when the whole chat context is trusted for the permissions granted to linked users.
 - Review group permissions before granting `prompt.send`, `prompt.abort`, `files.write`, `settings.write`, `updates.run`, `system.restart`, or `users.write`.
+- Review peer scopes before granting `peers.write`, `peers.connect`, broad `prompt.send`, or unrestricted workspace roots to a paired instance.
 - Treat `danger-full-access` as equivalent to shell access on the host.
 - Treat uploaded files as untrusted input. They are staged inside the active workspace so the selected sandbox policy still matters.
 - Keep `CODEX_API_KEY`, `HERMES_API_KEY`, `OPENCLAW_GATEWAY_TOKEN`, `OPENCLAW_GATEWAY_PASSWORD`, and `OPENAI_API_KEY` in `~/.nordrelay/nordrelay.env` or host secret management.
 - In group chats, remember that any linked user with prompt permissions can prompt the selected agent in that chat context.
 - Use `TOOL_VERBOSITY=summary` or `errors-only` when command output may include sensitive data.
 - Review and unsafe launch profiles add a Telegram approve/deny gate before each turn starts.
+- Keep the peer API disabled unless needed. For internet use, expose it only through a firewall, VPN, or hardened reverse proxy; keep TLS enabled and revoke unused peers with `nordrelay peer revoke <peer-id>`.
 
 ## Troubleshooting
 
@@ -1118,7 +1236,10 @@ npm run build
 - `src/index.ts`: runtime entrypoint, config load, auth check, state-file writes, polling lifecycle, shutdown.
 - `src/bot.ts`: Telegram prompt/session runtime, streaming, file/photo/voice handling, artifacts, and error handling.
 - `src/telegram-general-commands.ts`, `src/telegram-agent-commands.ts`, `src/telegram-preference-commands.ts`, `src/telegram-access-commands.ts`, `src/telegram-diagnostics-command.ts`, `src/telegram-update-commands.ts`, `src/telegram-support-command.ts`, and `src/telegram-command-menu.ts`: focused Telegram command groups for start/help/adapters, agent/auth controls, per-chat preferences, access linking, diagnostics/log/version commands, update jobs, diagnostics bundle export, and command menu registration.
-- `src/channel-adapter.ts`, `src/channel-runtime.ts`, and `src/channel-actions.ts`: channel descriptors, generic command routing, outbound delivery contracts, and channel-neutral command responses.
+- `src/channel-adapter.ts`, `src/channel-runtime.ts`, `src/channel-command-core.ts`, `src/channel-actions.ts`, and `src/adapter-conformance.ts`: channel descriptors, shared command dispatch/coverage, outbound delivery contracts, channel-neutral responses, and generated feature/command conformance matrices.
+- `src/discord-bot.ts` and `src/slack-bot.ts`: Discord and Slack bridge runtimes built on the shared channel command core, channel runtimes, rate limiters, access checks, streaming replies, attachments, mirrors, and queue controls.
+- `src/slack-diagnostics.ts`: Slack readiness probes for token/transport config, auth, registered channel visibility, file-upload readiness, and rate-limit reporting.
+- `src/user-management.ts`, `src/user-management-types.ts`, `src/user-management-normalize.ts`, and `src/user-management-crypto.ts`: user/group/session/channel-access store with separated DTOs, payload normalization, password/token helpers, and public snapshots.
 - `src/config-metadata.ts`: shared setting metadata used by the WebUI settings page and generated `.env.example`.
 - `src/support-bundle.ts` and `src/zip-writer.ts`: redacted diagnostics bundle creation with a dependency-free ZIP writer.
 - `src/relay-queue-service.ts`, `src/relay-artifact-service.ts`, and `src/relay-external-activity-monitor.ts`: Web runtime queue operations, artifact preview/export/persistence, and external CLI activity mirroring.

package/dist/access-control.js

@@ -20,6 +20,9 @@ export const ALL_PERMISSIONS = [
     "users.read",
     "users.write",
     "audit.read",
+    "peers.read",
+    "peers.write",
+    "peers.connect",
 ];
 export const ADMIN_GROUP_ID = "admin";
 export const USER_GROUP_ID = "user";
@@ -71,6 +74,8 @@ const COMMAND_PERMISSIONS = new Map([
     ["health", "inspect"],
     ["version", "inspect"],
     ["channels", "inspect"],
+    ["peers", "peers.read"],
+    ["target", "peers.connect"],
     ["agents", "inspect"],
     ["tasks", "inspect"],
     ["progress", "inspect"],
@@ -148,7 +153,7 @@ export function permissionForCallbackData(callbackData) {
     if (callbackData.startsWith("approval_") || callbackData.startsWith("codex_abort:") || callbackData.startsWith("agent_abort:")) {
         return "prompt.abort";
     }
-    if (callbackData.startsWith("queue_")) {
+    if (callbackData.startsWith("queue_") || callbackData.startsWith("peer_queue_")) {
         return "queue.write";
     }
     if (callbackData.startsWith("artifact_delete")) {

package/dist/activity-events.js

@@ -11,7 +11,7 @@ export function activityCategoryForType(type) {
         return "artifact";
     if (/^(auth|login|logout)/.test(type))
         return "auth";
-    if (/^(user_|group_|telegram_chat_|telegram_link|discord_channel_|discord_link|permission_|access_|lock_)/.test(type))
+    if (/^(user_|group_|telegram_chat_|telegram_link|discord_channel_|discord_link|slack_channel_|slack_link|peer_|permission_|access_|lock_)/.test(type))
         return "security";
     if (/^(tool_|cli_tool)/.test(type))
         return "tool";
@@ -32,7 +32,7 @@ export function auditCategoryForAction(action) {
         return "security";
     if (/^auth_/.test(action))
         return "auth";
-    if (/^(permission_|user_|group_|telegram_|discord_)/.test(action))
+    if (/^(permission_|user_|group_|telegram_|discord_|slack_|peer_)/.test(action))
         return "security";
     if (/^(artifact|file)/.test(action))
         return "artifact";