5 min

Deploy & Connect

Slack, MCP & Compliance Monitoring

From Localhost to Production

A working HR assistant on localhost is a proof of concept. Deploying it means making it accessible, reliable, and auditable. For HR systems, this last requirement — auditability — is non-negotiable. Every query and response must be logged for compliance purposes, guardrail triggers must be monitored, and data freshness must be tracked.

Production Deployment

Environment Management

An HR assistant has more environment variables than a typical web app because of the sensitivity of the data:

Variable	Purpose	Rotation Schedule
`DATABASE_URL`	pgvector connection	Quarterly
`ANTHROPIC_API_KEY`	LLM access	Monthly
`SLACK_BOT_TOKEN`	Slack integration	On compromise
`SLACK_SIGNING_SECRET`	Slack webhook verification	On compromise
`HR_DATA_ENCRYPTION_KEY`	At-rest encryption for PTO/comp data	Annually
`JWT_SECRET`	Employee auth tokens	Quarterly

Never store these in code. Use Vercel environment variables (encrypted at rest), with separate values for development, preview, and production.

Health Checks

The /api/health endpoint verifies:

Database connectivity (pgvector query returns in <100ms)

Embedding model availability

LLM API reachability

Data freshness (last ingestion timestamp < 24 hours ago)

If data freshness fails, the system should still serve cached responses but display a warning: "Policy data may not reflect the latest updates."

Slack Integration

Most employees don't want to open a separate app for HR questions. They want to ask from where they already work — Slack.

Slash Command

/hr What's our parental leave policy in California?

The response appears as a rich Slack message with:

The answer text

Source citations (policy name, version, effective date)

Confidence badge (high/medium/low)

"Was this helpful?" reaction buttons

@Mention

@HRAssistant How do I file an expense report for international travel?

Responds in the thread, maintaining conversational context for follow-up questions.

Ephemeral Responses

For sensitive queries, the response is ephemeral — only visible to the person who asked. This is critical for:

PTO balance inquiries ("How many days off do I have left?")

Personal policy questions ("What's the severance policy?")

Accommodation requests ("How do I request a reasonable accommodation?")

The query classification from Module 4 determines whether a response should be ephemeral. Queries tagged as sensitivity: "sensitive" or sensitivity: "restricted" always get ephemeral responses.

Channel Restrictions

The HR bot only responds in approved channels. This prevents scenarios where an employee asks a sensitive question in #general and gets a public response. Approved channels are configured in the bot's settings:

#hr-help — public HR questions

#benefits-questions — benefits-specific

Direct messages — always allowed, always ephemeral

MCP Server

The Model Context Protocol (MCP) server exposes your HR knowledge base as a data source for other AI tools. When an employee uses Claude Desktop or Cursor, they can query HR policies directly through the MCP connection.

Tools

Tool	Description	Input
`search_policies`	Search policies by topic	query string, optional category
`get_benefits`	Get benefit plan details	plan name or category
`search_org`	Search org chart	name, title, or department
`get_pto_balance`	Get PTO balance	employee ID (requires auth)
`find_policy_by_topic`	Find relevant policy for a topic	topic keyword

Resources

Resource	Description
`policy_list`	List of all policies with IDs and versions
`benefits_summary`	Overview of all benefit plans
`org_chart`	Full organizational hierarchy
`hr_faq`	Top 20 most-asked HR questions with answers

Why MCP Matters

MCP turns your HR knowledge base into a universal data source. An engineer using Claude Desktop can ask "Does our data security policy allow using external AI tools?" and get an answer sourced from your actual policy documents — without opening the HR app. The same guardrails apply: no salary disclosure, no legal advice, confidentiality enforcement.

Monitoring & Compliance

Real-Time Dashboard

The monitoring dashboard tracks:

┌─────────────────────────────────────────────────┐
│  HR Assistant Dashboard                          │
├──────────────┬──────────────┬───────────────────┤
│  Queries/day │  Avg latency │  Cache hit rate    │
│     247      │    1.2s      │     38%            │
├──────────────┴──────────────┴───────────────────┤
│  Top Categories          │  Guardrail Triggers   │
│  1. Benefits (32%)       │  Salary block: 12     │
│  2. Leave/PTO (28%)      │  Legal redirect: 8    │
│  3. Remote Work (15%)    │  PII detected: 3      │
│  4. Organization (12%)   │  Confidentiality: 1   │
│  5. Compliance (8%)      │                       │
│  6. Other (5%)           │                       │
├──────────────────────────┴───────────────────────┤
│  Unanswered Queries (low confidence)             │
│  - "What's the policy on bringing pets to...?"   │
│  - "Can I switch from PPO to HDHP mid-year?"     │
│  - "Is there a sabbatical program?"              │
└──────────────────────────────────────────────────┘

Compliance Audit Log

Every interaction is logged for regulatory compliance:

{
  "timestamp": "2025-11-15T10:30:00Z",
  "employee_id": "EMP-008",
  "query": "What's our parental leave policy?",
  "category": "leave",
  "sensitivity": "normal",
  "guardrails_triggered": [],
  "model_used": "sonnet",
  "sources_cited": ["HB-001", "POL-001"],
  "confidence": "high",
  "latency_ms": 1200,
  "tokens_used": 850
}

This log serves multiple purposes:

Regulatory compliance — proof that the system cited official policies

Dispute resolution — if an employee claims they were misinformed, the log shows exactly what was said

System improvement — identify low-confidence answers and missing policies

Cost tracking — token usage per department, per category

Alerting Rules

Alert	Condition	Action
Error spike	Error rate > 5% for 5 min	Page on-call engineer
Latency degradation	p95 > 5s for 10 min	Investigate database/LLM latency
Guardrail spike	> 20 guardrail triggers/hour	Review for adversarial probing
Data staleness	Last ingestion > 48 hours	Alert HR data ops team
Budget breach	Daily token cost > $50	Notify finance + throttle to cache-only

Weekly HR AI Report

Automated weekly email to the HR leadership team:

Total queries and unique employees

Top question categories and trending topics

Unanswered questions (opportunities to add policies)

Guardrail trigger summary

Employee satisfaction scores (from post-chat ratings)

Cost summary (tokens, LLM costs, infrastructure)

This report is how HR gets value from the system beyond just answering questions — it reveals what employees are confused about, which policies need clarification, and where the knowledge base has gaps.

What You'll Build

Deploy the HR assistant to production with proper environment management

Build a Slack bot with slash commands, @mentions, and ephemeral responses

Create an MCP server exposing HR tools and resources

Set up monitoring with compliance audit logging and alerting

Write an operations runbook for the HR data ops team

Glossary

Term	Meaning
Ephemeral response	Slack message visible only to the requester
MCP	Model Context Protocol — standard for AI tool data sources
Compliance audit log	Record of every query/response for regulatory purposes
Data freshness	How recently the knowledge base was updated
Health check	Endpoint that verifies system components are operational
Runbook	Document describing operational procedures and troubleshooting

This is chapter 6 of AI HR Assistant.

Get the full hands-on course for $100 and build the complete system. Your projects become your portfolio.

View course details

Ch. 5: HR App