Skip to main content
Version: MVP

Channel Adapters

7 min readFor operatorsUpdated 2026-05-22

What you'll do

Inspect and configure Craik's first production channel boundaries for WebChat, Telegram, Discord, and Slack without storing provider tokens inside Craik config files.

Pair first, authorize second.

Every adapter normalizes messages into the same policy-bound messaging shape. Unknown senders remain denied until their external account is paired to an operator subject and matched by a channel allowlist.

Supported Adapters

WebChat

Local browser chat surface for dashboard-backed operator conversations.

Telegram

Bot-token adapter boundary for Telegram message updates.

Discord

Bot-token adapter boundary for Discord message events.

Slack

App-token adapter boundary for Slack event callbacks.

Each adapter declares the same capabilities:

  • channel.message.receive
  • channel.message.respond

Both capabilities require grants and receipts. Inbound message text and outbound response text are redacted from receipts.

Setup

List the adapter contracts:

craik channels list

Install the default channel artifacts and print a redacted setup plan:

craik channels setup telegram

The setup command requires an active operator session. It persists the adapter contract, an operator-bound bootstrap pairing, a deny-by-default allowlist, and a channel-scoped policy envelope, then reports the environment variable to use as a secret reference. It does not echo token material.

WebChat
secret ref
CRAIK_WEBCHAT_TOKEN
Telegram
secret ref
CRAIK_TELEGRAM_BOT_TOKEN
Discord
secret ref
CRAIK_DISCORD_BOT_TOKEN
Slack
secret ref
CRAIK_SLACK_BOT_TOKEN

Run diagnostics after adding a secret reference:

craik channels doctor slack

Diagnostics report whether the token resolves and whether the platform credential backend is secure. They also report whether setup artifacts exist in the local store. Diagnostics never print the token.

Fixture Validation

Normalize one provider event without contacting the provider:

craik channels normalize-fixture webchat '{"message_id":"m1","user_id":"u1","text":"hello"}'

Build an outbound response fixture and delivery receipt:

craik channels respond-fixture telegram telegram_10 response_1 "Queued response"

Use --failed to inspect the receipt emitted for provider delivery failure.

Runtime Flow

  1. The adapter validates provider-specific payload shape.
  2. The payload is normalized into channel = messaging with provider-specific metadata.service.
  3. The sender external id is matched against a paired ChannelIdentityPairing.
  4. The event is evaluated against a deny-by-default ChannelAllowlist.
  5. A channel-scoped policy envelope allows only message receive, response, and receipt write capabilities.
  6. Inbound and outbound receipts preserve the policy id, event id, service, sender id, and redaction fields.
Channel Adapter SecurityDefault-deny posture and token handling.Adapter ContractShared contract schema.AllowlistsPairing and allowlist enforcement.Policy EnvelopesCapability limits for channel ingress.