Nestbot MVP

backend/apps/ai/common/constants.py

@@ -5,3 +5,4 @@
 DEFAULT_SIMILARITY_THRESHOLD = 0.4
 DELIMITER = "\n\n"
 MIN_REQUEST_INTERVAL_SECONDS = 1.2
+QUEUE_RESPONSE_TIME_MINUTES = 1

backend/apps/slack/MANIFEST.yaml

@@ -95,6 +95,11 @@ features:
       description: OWASP users list
       usage_hint: <user>
       should_escape: false
+    - command: /ai
+      url: https://nest.owasp.org/integrations/slack/commands/
+      description: AI-powered OWASP Nest assistant
+      usage_hint: <your question>
+      should_escape: false
 oauth_config:
   scopes:
     user:
@@ -103,6 +108,7 @@ oauth_config:
       - mpim:read
       - users:read
     bot:
+      - app_mentions:read
       - channels:read
       - chat:write
       - commands
@@ -115,6 +121,7 @@ oauth_config:
       - users:read
       - groups:write
       - channels:manage
+      - channels:history
 settings:
   event_subscriptions:
     request_url: https://nest.owasp.org/integrations/slack/events/
@@ -123,7 +130,9 @@ settings:
       - team_join
     bot_events:
       - app_home_opened
+      - app_mention
       - member_joined_channel
+      - message.channels
       - team_join
   interactivity:
     is_enabled: true

backend/apps/slack/admin/conversation.py

@@ -27,6 +27,7 @@ class ConversationAdmin(admin.ModelAdmin):
                     "is_private",
                     "is_archived",
                     "is_general",
+                    "is_nest_bot_assistant_enabled",
                 )
             },
         ),

backend/apps/slack/apps.py

@@ -25,6 +25,13 @@ class SlackConfig(AppConfig):
         else None
     )
 
+    def ready(self):
+        """Configure Slack events when the app is ready."""
+        super().ready()
+        from apps.slack.events import configure_slack_events
+
+        configure_slack_events()
+
 
 if SlackConfig.app:
 

backend/apps/slack/commands/__init__.py

@@ -2,6 +2,7 @@
 from apps.slack.commands.command import CommandBase
 
 from . import (
+    ai,
     board,
     chapters,
     committees,

backend/apps/slack/commands/ai.py

@@ -0,0 +1,23 @@
+"""Slack bot AI command."""
+
+from apps.slack.commands.command import CommandBase
+
+
+class Ai(CommandBase):
+    """Slack bot /ai command."""
+
+    def render_blocks(self, command: dict):
+        """Get the rendered blocks.
+
+        Args:
+            command (dict): The Slack command payload.
+
+        Returns:
+            list: A list of Slack blocks representing the AI response.
+
+        """
+        from apps.slack.common.handlers.ai import get_blocks
+
+        return get_blocks(
+            query=command["text"].strip(),
+        )

backend/apps/slack/common/handlers/ai.py

@@ -0,0 +1,61 @@
+"""Handler for AI-powered Slack functionality."""
+
+from __future__ import annotations
+
+import logging
+
+from apps.ai.agent.tools.rag.rag_tool import RagTool
+from apps.slack.blocks import markdown
+
+logger = logging.getLogger(__name__)
+
+
+def get_blocks(query: str) -> list[dict]:
+    """Get AI response blocks.
+
+    Args:
+        query (str): The user's question.
+        presentation (EntityPresentation | None): Configuration for entity presentation.
+
+    Returns:
+        list: A list of Slack blocks representing the AI response.
+
+    """
+    ai_response = process_ai_query(query.strip())
+
+    if ai_response:
+        return [markdown(ai_response)]
+    return get_error_blocks()
+
+
+def process_ai_query(query: str) -> str | None:
+    """Process the AI query using the RAG tool.
+
+    Args:
+        query (str): The user's question.
+
+    Returns:
+        str | None: The AI response or None if error occurred.
+
+    """
+    rag_tool = RagTool(
+        chat_model="gpt-4o",
+        embedding_model="text-embedding-3-small",
+    )
+
+    return rag_tool.query(question=query)
+
+
+def get_error_blocks() -> list[dict]:
+    """Get error response blocks.
+
+    Returns:
+        list: A list of Slack blocks with error message.
+
+    """
+    return [
+        markdown(
+            "⚠️ Unfortunately, I'm unable to answer your question at this time.\n"
+            "Please try again later or contact support if the issue persists."
+        )
+    ]

backend/apps/slack/common/question_detector.py

@@ -0,0 +1,57 @@
+"""Question detection utilities for Slack OWASP bot."""
+
+from __future__ import annotations
+
+import logging
+import re
+
+from apps.slack.constants import OWASP_KEYWORDS
+
+logger = logging.getLogger(__name__)
+
+
+class QuestionDetector:
+    """Utility class for detecting OWASP-related questions."""
+
+    def __init__(self):
+        """Initialize the question detector."""
+        self.owasp_keywords = OWASP_KEYWORDS
+
+        self.question_patterns = [
+            r"\?",
+            r"^(what|how|why|when|where|which|who|can|could|would|should|is|are|does|do|did)",
+            r"(help|explain|tell me|show me|guide|tutorial|example)",
+            r"(recommend|suggest|advice|opinion)",
+        ]
+
+        self.compiled_patterns = [
+            re.compile(pattern, re.IGNORECASE) for pattern in self.question_patterns
+        ]
+
+    def is_owasp_question(self, text: str) -> bool:
+        """Check if text contains an OWASP-related question."""
+        if not text or not text.strip():
+            return False
+
+        text_lower = text.lower().strip()
+
+        is_a_question = self.is_question(text_lower)
+        if not is_a_question:
+            return False
+
+        return self.contains_owasp_keywords(text_lower)
+
+    def is_question(self, text: str) -> bool:
+        """Check if text appears to be a question."""
+        return any(pattern.search(text) for pattern in self.compiled_patterns)
+
+    def contains_owasp_keywords(self, text: str) -> bool:
+        """Check if text contains OWASP-related keywords."""
+        words = re.findall(r"\b\w+\b", text)
+        text_words = set(words)
+
+        intersection = self.owasp_keywords.intersection(text_words)
+        if intersection:
+            return True
+
+        return any(" " in keyword and keyword in text for keyword in self.owasp_keywords)

backend/apps/slack/constants.py

@@ -22,6 +22,63 @@
 OWASP_SPONSORSHIP_CHANNEL_ID = "#C08EGFDD9L2"
 OWASP_THREAT_MODELING_CHANNEL_ID = "#C1CS3C6AF"
 
+OWASP_KEYWORDS = {
+    "owasp",
+    "security",
+    "vulnerability",
+    "vulnerabilities",
+    "zap",
+    "appsec",
+    "devsecops",
+    "nettacker",
+    "nest",
+    "threat modeling",
+    "top 10",
+    "top10",
+    "webgoat",
+    "dependency",
+    "secure",
+    "penetration",
+    "project",
+    "chapter",
+    "event",
+    "committee",
+    "defect dojo",
+    "juice shop",
+    "red team",
+    "injection",
+    "xss",
+    "csrf",
+    "authentication",
+    "authorization",
+    "encryption",
+    "cryptography",
+    "threat",
+    "risk",
+    "assessment",
+    "code review",
+    "static analysis",
+    "dynamic analysis",
+    "firewall",
+    "application security",
+    "web security",
+    "mobile security",
+    "api security",
+    "devops",
+    "secure coding",
+    "security testing",
+    "security tools",
+    "security framework",
+    "security guideline",
+    "security standard",
+    "security best practice",
+    "security policy",
+    "security bug",
+    "security patch",
+    "security update",
+    "security fix",
+}
+
 OWASP_WORKSPACE_ID = "T04T40NHX"
 
 VIEW_PROJECTS_ACTION = "view_projects_action"

backend/apps/slack/events/__init__.py

@@ -1,7 +1,20 @@
-from apps.slack.apps import SlackConfig
-from apps.slack.events import app_home_opened, team_join, url_verification
-from apps.slack.events.event import EventBase
-from apps.slack.events.member_joined_channel import catch_all, contribute, gsoc, project_nest
+def configure_slack_events():
+    """Configure Slack events after Django apps are ready."""
+    from apps.slack.apps import SlackConfig
+    from apps.slack.events import (
+        app_home_opened,
+        app_mention,
+        message_posted,
+        team_join,
+        url_verification,
+    )
+    from apps.slack.events.event import EventBase
+    from apps.slack.events.member_joined_channel import (
+        catch_all,
+        contribute,
+        gsoc,
+        project_nest,
+    )
 
-if SlackConfig.app:
-    EventBase.configure_events()
+    if SlackConfig.app:
+        EventBase.configure_events()

backend/apps/slack/events/app_mention.py

@@ -0,0 +1,43 @@
+"""Slack app mention event handler."""
+
+import logging
+
+from apps.slack.common.handlers.ai import get_blocks
+from apps.slack.events.event import EventBase
+
+logger = logging.getLogger(__name__)
+
+
+class AppMention(EventBase):
+    """Handles app mention events when the bot is mentioned in a channel."""
+
+    event_type = "app_mention"
+
+    def handle_event(self, event, client):
+        """Handle an incoming app mention event."""
+        channel_id = event.get("channel")
+        text = event.get("text", "")
+
+        query = text
+        for mention in event.get("blocks", []):
+            if mention.get("type") == "rich_text":
+                for element in mention.get("elements", []):
+                    if element.get("type") == "rich_text_section":
+                        for text_element in element.get("elements", []):
+                            if text_element.get("type") == "text":
+                                query = text_element.get("text", "").strip()
+                                break
+
+        if not query:
+            logger.warning("No query found in app mention")
+            return
+
+        logger.info("Handling app mention")
+
+        reply_blocks = get_blocks(query=query)
+        client.chat_postMessage(
+            channel=channel_id,
+            blocks=reply_blocks,
+            text=query,
+            thread_ts=event.get("thread_ts") or event.get("ts"),
+        )