… in continuation to my Node.js series previous post

After setting up a software repository in git hub next setup is to choose a framework and a development setup.

Most  part of my software development i wrote server application that ran on  Linux environment. So i prefer to have a framework and setup that is  suited for Linux. On exploring a bit two options stands out, Botkit and Botbuilder.

BotBuilder is managed by Microsoft and BotKit is managed by independent entity BotKit itself. The post from Jon Church, Picking a Chatbot Framework: Botkit vs Microsoft Bot Builder,  gave me a good insight on how these two frameworks stack up. Based on  these details looks like BotKit is a better option than BotBuilder. But  once started setting up the bot i realised its a fremium service. The  free trie would be good for development but not suitable for production.  It needs a credit card info for free account also and a more groose  things is that if the traffic exceeds the free tier range the account  will be automatically upgraded to next tier and the credit card will be  charged accordingly in the next billing cycle.

I decide to  go with BotKit. Primary reasons being it is good to have low level  access to Teams API and I dont really intend to run this application  with any other application. Secondly I have tried few bots with  BotBuilder so trying out BotKit will be a good learning.

To being with Icreated a clone of my git hub repository and did a ‘npm init’. Install botkit node.js application:

npm install — save botkit

Create package related files using BotKit Studio.

The  next choice to make is about securing the application. Since this  application deals with Jira a security breach could expose the companies  road maps, strategies, weakness, etc. Ideally one would not like these  information to leave organizations private network. The basic setup with  Botkit and Bot Builder exchanges traffic with external entity. In spite  of the connection being secure, a software component outside of an  organization is an security and privacy threat. Need to figure out an  approach to make the information exchanges secure and confined to  organization boundaries.