@cuylabs/channel-slack 0.1.0

package/dist/bolt.js

@@ -0,0 +1,705 @@
+// src/bolt/auth.ts
+function resolveDirectAuth(options) {
+  const provided = options.auth;
+  if (!provided || provided.mode === void 0 || provided.mode === "single-workspace") {
+    const singleWorkspace = provided;
+    const botToken = firstNonEmptyString(
+      singleWorkspace?.botToken,
+      options.botToken,
+      process.env.SLACK_BOT_TOKEN
+    );
+    if (!botToken) {
+      throw new Error(
+        'Slack bot token is required for single-workspace mode. Pass `botToken`, use `auth: { mode: "oauth", ... }`, or use `auth: { mode: "authorize", ... }`.'
+      );
+    }
+    return {
+      mode: "single-workspace",
+      botToken,
+      botId: singleWorkspace?.botId,
+      botUserId: singleWorkspace?.botUserId
+    };
+  }
+  if (provided.mode === "authorize") {
+    return provided;
+  }
+  const oauth = provided;
+  const clientId = firstNonEmptyString(
+    oauth.clientId,
+    process.env.SLACK_CLIENT_ID
+  );
+  const clientSecret = firstNonEmptyString(
+    oauth.clientSecret,
+    process.env.SLACK_CLIENT_SECRET
+  );
+  if (!clientId || !clientSecret) {
+    throw new Error(
+      "Slack OAuth mode requires `clientId` and `clientSecret` or SLACK_CLIENT_ID / SLACK_CLIENT_SECRET."
+    );
+  }
+  if (oauth.stateVerification !== false && !trimToUndefined(oauth.stateSecret) && !oauth.stateStore && !trimToUndefined(process.env.SLACK_STATE_SECRET)) {
+    throw new Error(
+      "Slack OAuth mode requires `stateSecret` or a custom `stateStore` when state verification is enabled."
+    );
+  }
+  return {
+    ...oauth,
+    mode: "oauth",
+    clientId,
+    clientSecret,
+    stateSecret: firstNonEmptyString(
+      oauth.stateSecret,
+      process.env.SLACK_STATE_SECRET
+    )
+  };
+}
+function normalizeSlackEventsPath(path2) {
+  const trimmed = path2.trim();
+  if (!trimmed) {
+    throw new Error("Slack events path must not be empty.");
+  }
+  return trimmed.startsWith("/") ? trimmed : `/${trimmed}`;
+}
+function trimToUndefined(value) {
+  const trimmed = value?.trim();
+  return trimmed || void 0;
+}
+function firstNonEmptyString(...values) {
+  for (const value of values) {
+    const trimmed = trimToUndefined(value);
+    if (trimmed) {
+      return trimmed;
+    }
+  }
+  return void 0;
+}
+
+// src/bolt/app.ts
+async function createSlackBoltApp(options = {}) {
+  const boltModule = await import("@slack/bolt");
+  const routePath = normalizeSlackEventsPath(options.path ?? "/slack/events");
+  const signingSecret = trimToUndefined(
+    options.signingSecret ?? process.env.SLACK_SIGNING_SECRET
+  );
+  if (!signingSecret) {
+    throw new Error(
+      "Slack signing secret is required. Pass `signingSecret` or set SLACK_SIGNING_SECRET."
+    );
+  }
+  const auth = resolveDirectAuth(options);
+  const receiver = new boltModule.ExpressReceiver({
+    ...options.receiverOptions,
+    signingSecret,
+    endpoints: routePath,
+    processBeforeResponse: options.processBeforeResponse,
+    signatureVerification: options.signatureVerification,
+    // Bolt is typed against Express 4 while this repo uses Express 5 types.
+    // The runtime contract is compatible; keep the cast localized here.
+    app: options.app,
+    ...auth.mode === "oauth" ? {
+      clientId: auth.clientId,
+      clientSecret: auth.clientSecret,
+      stateSecret: auth.stateSecret,
+      installationStore: auth.installationStore,
+      redirectUri: auth.redirectUri,
+      scopes: auth.scopes,
+      installerOptions: {
+        stateStore: auth.stateStore,
+        stateVerification: auth.stateVerification,
+        legacyStateVerification: auth.legacyStateVerification,
+        stateCookieName: auth.stateCookieName,
+        stateCookieExpirationSeconds: auth.stateCookieExpirationSeconds,
+        metadata: auth.metadata,
+        userScopes: auth.userScopes,
+        installPath: auth.installPath,
+        redirectUriPath: auth.callbackPath,
+        renderHtmlForInstallPath: auth.renderHtmlForInstallPath,
+        installPathOptions: auth.installPathOptions,
+        callbackOptions: auth.callbackOptions,
+        directInstall: auth.directInstall,
+        authVersion: auth.authVersion,
+        authorizationUrl: auth.authorizationUrl
+      }
+    } : {}
+  });
+  const boltApp = new boltModule.App({
+    ...options.boltAppOptions,
+    receiver,
+    ...auth.mode === "single-workspace" ? {
+      token: auth.botToken,
+      botId: auth.botId,
+      botUserId: auth.botUserId
+    } : {},
+    ...auth.mode === "authorize" ? { authorize: auth.authorize } : {}
+  });
+  return {
+    boltApp,
+    receiver,
+    app: options.app ?? receiver.app,
+    authMode: auth.mode,
+    routePath
+  };
+}
+
+// src/bolt/socket-app.ts
+async function createSlackSocketBoltApp(options = {}) {
+  const appToken = trimToUndefined(
+    options.appToken ?? process.env.SLACK_APP_TOKEN
+  );
+  if (!appToken) {
+    throw new Error(
+      "Slack app token is required for Socket Mode. Pass `appToken` or set SLACK_APP_TOKEN."
+    );
+  }
+  const auth = resolveDirectAuth({
+    auth: options.auth,
+    botToken: options.botToken
+  });
+  const boltModule = await import("@slack/bolt");
+  const receiverInstallerOptions = {
+    clientOptions: options.boltAppOptions?.clientOptions,
+    ...auth.mode === "oauth" ? {
+      port: options.boltAppOptions?.port,
+      stateStore: auth.stateStore,
+      stateVerification: auth.stateVerification,
+      legacyStateVerification: auth.legacyStateVerification,
+      stateCookieName: auth.stateCookieName,
+      stateCookieExpirationSeconds: auth.stateCookieExpirationSeconds,
+      metadata: auth.metadata,
+      userScopes: auth.userScopes,
+      installPath: auth.installPath,
+      redirectUriPath: auth.callbackPath,
+      renderHtmlForInstallPath: auth.renderHtmlForInstallPath,
+      installPathOptions: auth.installPathOptions,
+      callbackOptions: auth.callbackOptions,
+      directInstall: auth.directInstall,
+      authVersion: auth.authVersion,
+      authorizationUrl: auth.authorizationUrl
+    } : {}
+  };
+  const receiver = new boltModule.SocketModeReceiver({
+    ...options.socketModeReceiverOptions,
+    appToken,
+    customRoutes: options.socketModeReceiverOptions?.customRoutes ?? options.boltAppOptions?.customRoutes,
+    installerOptions: receiverInstallerOptions,
+    logger: options.boltAppOptions?.logger,
+    logLevel: options.boltAppOptions?.logLevel,
+    ...auth.mode === "oauth" ? {
+      clientId: auth.clientId,
+      clientSecret: auth.clientSecret,
+      stateSecret: auth.stateSecret,
+      installationStore: auth.installationStore,
+      redirectUri: auth.redirectUri,
+      scopes: auth.scopes
+    } : {}
+  });
+  const boltApp = new boltModule.App({
+    ...options.boltAppOptions,
+    receiver,
+    ...auth.mode === "single-workspace" ? {
+      token: auth.botToken,
+      botId: auth.botId,
+      botUserId: auth.botUserId
+    } : {},
+    ...auth.mode === "authorize" ? { authorize: auth.authorize } : {}
+  });
+  return { boltApp, authMode: auth.mode };
+}
+
+// src/bolt/socket-lock.ts
+import crypto from "crypto";
+import fs from "fs";
+import os from "os";
+import path from "path";
+function acquireSlackSocketModeProcessLock({
+  appSlug,
+  appToken,
+  enabled = true,
+  lockDir,
+  logger
+}) {
+  if (!enabled) {
+    logger?.debug?.("Slack Socket Mode process lock skipped", {
+      reason: "disabled"
+    });
+    return void 0;
+  }
+  if (!appToken?.trim()) {
+    throw new Error(
+      "Slack app token is required when the Slack Socket Mode process lock is enabled."
+    );
+  }
+  const resolvedLockDir = lockDir ?? path.join(os.tmpdir(), "channel-slack");
+  const tokenHash = crypto.createHash("sha256").update(appToken).digest("hex").slice(0, 16);
+  const lockPath = path.join(
+    resolvedLockDir,
+    `${appSlug}-${tokenHash}.socket-mode.lock`
+  );
+  fs.mkdirSync(resolvedLockDir, { recursive: true, mode: 448 });
+  return createLockFile({ appSlug, lockPath, logger, tokenHash });
+}
+function createLockFile({
+  appSlug,
+  lockPath,
+  logger,
+  tokenHash
+}) {
+  let fd = tryOpenLockFile({ lockPath, logger });
+  if (fd === void 0) {
+    removeStaleLockOrThrow({ lockPath, logger });
+    fd = tryOpenLockFile({ lockPath, logger });
+  }
+  if (fd === void 0) {
+    throw new Error(`Unable to acquire Slack Socket Mode lock at ${lockPath}`);
+  }
+  const record = {
+    appSlug,
+    hostname: os.hostname(),
+    pid: process.pid,
+    startedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    tokenHash
+  };
+  fs.writeFileSync(fd, `${JSON.stringify(record, null, 2)}
+`);
+  logger?.info?.("Slack Socket Mode process lock acquired", {
+    lockPath,
+    pid: record.pid
+  });
+  let released = false;
+  return {
+    path: lockPath,
+    release() {
+      if (released) {
+        return;
+      }
+      released = true;
+      try {
+        fs.closeSync(fd);
+      } catch {
+      }
+      releaseLockFile({ lockPath, logger });
+    }
+  };
+}
+function tryOpenLockFile({
+  lockPath,
+  logger
+}) {
+  try {
+    return fs.openSync(lockPath, "wx", 384);
+  } catch (error) {
+    const code = error.code;
+    if (code === "EEXIST") {
+      return void 0;
+    }
+    logger?.error("Failed to create Slack Socket Mode process lock", {
+      lockPath,
+      error: formatLockError(error)
+    });
+    throw error;
+  }
+}
+function removeStaleLockOrThrow({
+  lockPath,
+  logger
+}) {
+  const record = readLockRecord(lockPath);
+  if (record?.pid && isProcessAlive(record.pid)) {
+    throw new Error(
+      `Another Slack Socket Mode process appears to be active (pid=${record.pid}, lock=${lockPath})`
+    );
+  }
+  logger?.warn?.("Removing stale Slack Socket Mode process lock", {
+    lockPath,
+    previousPid: record?.pid
+  });
+  fs.rmSync(lockPath, { force: true });
+}
+function releaseLockFile({
+  lockPath,
+  logger
+}) {
+  const record = readLockRecord(lockPath);
+  if (record?.pid !== process.pid) {
+    logger?.warn?.("Slack Socket Mode process lock not released", {
+      lockPath,
+      reason: "lock-owned-by-another-process",
+      ownerPid: record?.pid
+    });
+    return;
+  }
+  fs.rmSync(lockPath, { force: true });
+  logger?.debug?.("Slack Socket Mode process lock released", {
+    lockPath
+  });
+}
+function readLockRecord(lockPath) {
+  try {
+    const raw = fs.readFileSync(lockPath, "utf8");
+    const parsed = JSON.parse(raw);
+    return {
+      appSlug: String(parsed.appSlug ?? ""),
+      hostname: String(parsed.hostname ?? ""),
+      pid: Number(parsed.pid),
+      startedAt: String(parsed.startedAt ?? ""),
+      tokenHash: String(parsed.tokenHash ?? "")
+    };
+  } catch {
+    return void 0;
+  }
+}
+function isProcessAlive(pid) {
+  if (!Number.isInteger(pid) || pid < 1) {
+    return false;
+  }
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch (error) {
+    return error.code !== "ESRCH";
+  }
+}
+function formatLockError(error) {
+  return error instanceof Error ? error.message : String(error);
+}
+
+// src/bolt/socket-runtime.ts
+var DEFAULT_CLIENT_PING_TIMEOUT_MS = 3e4;
+var DEFAULT_RESTART_GUARD_MAX_WARNINGS = 3;
+var DEFAULT_RESTART_GUARD_WINDOW_MS = 6e4;
+var DEFAULT_SERVER_PING_TIMEOUT_MS = 3e4;
+var SOCKET_MODE_RECOVERY_WARNING_PATTERNS = [
+  "A pong wasn't received",
+  "A ping wasn't received",
+  "Failed to send ping",
+  "WebSocket error",
+  "BrokenPipeError",
+  "broken pipe"
+];
+function createSlackSocketModeRuntime({
+  appSlug,
+  appToken,
+  autoReconnectEnabled = true,
+  clientPingTimeoutMs = DEFAULT_CLIENT_PING_TIMEOUT_MS,
+  exitProcess = process.exit,
+  lockDir,
+  lockEnabled = true,
+  logger,
+  logLevel = "info",
+  pingPongLoggingEnabled = false,
+  restartGuardEnabled = false,
+  restartGuardMaxWarnings = DEFAULT_RESTART_GUARD_MAX_WARNINGS,
+  restartGuardWindowMs = DEFAULT_RESTART_GUARD_WINDOW_MS,
+  runtimePolicy = "single-instance",
+  serverPingTimeoutMs = DEFAULT_SERVER_PING_TIMEOUT_MS
+}) {
+  const lock = acquireSlackSocketModeProcessLock({
+    appSlug,
+    appToken,
+    enabled: lockEnabled && runtimePolicy === "single-instance",
+    ...lockDir ? { lockDir } : {},
+    ...logger ? { logger } : {}
+  });
+  const restartGuard = createSlackSocketModeRestartGuard({
+    enabled: restartGuardEnabled,
+    exitProcess,
+    logger,
+    maxWarnings: restartGuardMaxWarnings,
+    windowMs: restartGuardWindowMs
+  });
+  logger?.info?.("Slack Socket Mode runtime guard configured", {
+    autoReconnectEnabled,
+    clientPingTimeoutMs,
+    lockEnabled: Boolean(lock),
+    pingPongLoggingEnabled,
+    restartGuardEnabled,
+    restartGuardMaxWarnings,
+    restartGuardWindowMs,
+    runtimePolicy,
+    serverPingTimeoutMs
+  });
+  return {
+    boltAppOptions: {
+      logger: createSlackSdkLogger({
+        level: logLevel,
+        logger,
+        restartGuard
+      })
+    },
+    close() {
+      lock?.release();
+    },
+    socketModeReceiverOptions: {
+      autoReconnectEnabled,
+      clientPingTimeout: clientPingTimeoutMs,
+      pingPongLoggingEnabled,
+      serverPingTimeout: serverPingTimeoutMs
+    }
+  };
+}
+function createSlackSocketModeRestartGuard({
+  enabled,
+  exitProcess,
+  logger,
+  maxWarnings,
+  windowMs
+}) {
+  const warningTimes = [];
+  let tripped = false;
+  return {
+    record(message) {
+      if (!enabled || tripped || !SOCKET_MODE_RECOVERY_WARNING_PATTERNS.some(
+        (pattern) => message.includes(pattern)
+      )) {
+        return;
+      }
+      const now = Date.now();
+      const cutoff = now - windowMs;
+      while (warningTimes.length > 0 && warningTimes[0] < cutoff) {
+        warningTimes.shift();
+      }
+      warningTimes.push(now);
+      if (warningTimes.length < maxWarnings) {
+        return;
+      }
+      tripped = true;
+      logger?.error("Slack Socket Mode restart guard tripped", {
+        maxWarnings,
+        windowMs,
+        reason: "repeated-websocket-health-warnings",
+        lastWarning: message
+      });
+      const timer = setTimeout(() => exitProcess(1), 50);
+      timer.unref?.();
+    }
+  };
+}
+function createSlackSdkLogger({
+  level,
+  logger,
+  restartGuard
+}) {
+  let currentLevel = toSlackLogLevel(level);
+  let name = "slack-sdk";
+  function attributes(message) {
+    return {
+      component: name,
+      message
+    };
+  }
+  return {
+    debug(...msg) {
+      logger?.debug?.("Slack SDK debug", attributes(formatSlackLogArgs(msg)));
+    },
+    error(...msg) {
+      const message = formatSlackLogArgs(msg);
+      restartGuard?.record(message);
+      logger?.error("Slack SDK error", attributes(message));
+    },
+    getLevel() {
+      return currentLevel;
+    },
+    info(...msg) {
+      logger?.debug?.("Slack SDK info", attributes(formatSlackLogArgs(msg)));
+    },
+    setLevel(nextLevel) {
+      currentLevel = nextLevel;
+    },
+    setName(nextName) {
+      name = nextName || name;
+    },
+    warn(...msg) {
+      const message = formatSlackLogArgs(msg);
+      restartGuard?.record(message);
+      logger?.warn?.("Slack SDK warning", attributes(message));
+    }
+  };
+}
+function toSlackLogLevel(level) {
+  switch (level) {
+    case "debug":
+      return "debug";
+    case "warn":
+      return "warn";
+    case "error":
+      return "error";
+    case "info":
+      return "info";
+  }
+}
+function formatSlackLogArgs(args) {
+  return args.map(formatSlackLogArg).join(" ");
+}
+function formatSlackLogArg(value) {
+  if (value instanceof Error) {
+    return value.message;
+  }
+  if (typeof value === "string") {
+    return value;
+  }
+  if (typeof value === "number" || typeof value === "boolean" || value === null || value === void 0) {
+    return String(value);
+  }
+  try {
+    return JSON.stringify(redactSlackSocketModeLogValue(value));
+  } catch {
+    return "[unserializable]";
+  }
+}
+function redactSlackSocketModeLogValue(value, depth = 0) {
+  if (depth > 4 || value === null || typeof value !== "object") {
+    return value;
+  }
+  if (Array.isArray(value)) {
+    return value.map((item) => redactSlackSocketModeLogValue(item, depth + 1));
+  }
+  const result = {};
+  for (const [key, item] of Object.entries(value)) {
+    result[key] = isSensitiveKey(key) ? "[redacted]" : redactSlackSocketModeLogValue(item, depth + 1);
+  }
+  return result;
+}
+function isSensitiveKey(key) {
+  const normalized = key.toLowerCase();
+  return normalized.includes("token") || normalized.includes("secret") || normalized === "authorization" || normalized === "cookie";
+}
+
+// src/bolt/installation-store.ts
+import fs2 from "fs/promises";
+import { dirname } from "path";
+var InMemorySlackInstallationStore = class {
+  devDB = {};
+  async storeInstallation(installation) {
+    const key = getSlackInstallationKey(installation);
+    this.devDB[key] = installation;
+  }
+  async fetchInstallation(query) {
+    const key = getSlackInstallationKey(query);
+    const installation = this.devDB[key];
+    if (!installation) {
+      throw new Error(`No Slack installation found for key: ${key}`);
+    }
+    return installation;
+  }
+  async deleteInstallation(query) {
+    const key = getSlackInstallationKey(query);
+    delete this.devDB[key];
+  }
+};
+function createInMemorySlackInstallationStore() {
+  return new InMemorySlackInstallationStore();
+}
+var JsonFileSlackInstallationStore = class {
+  constructor(filePath) {
+    this.filePath = filePath;
+  }
+  filePath;
+  pending = Promise.resolve();
+  async storeInstallation(installation) {
+    await this.withLock(async () => {
+      const installations = await this.readInstallations();
+      installations[getSlackInstallationKey(installation)] = installation;
+      await this.writeInstallations(installations);
+    });
+  }
+  async fetchInstallation(query) {
+    return await this.withLock(async () => {
+      const key = getSlackInstallationKey(query);
+      const installations = await this.readInstallations();
+      const installation = installations[key];
+      if (!installation) {
+        throw new Error(`No Slack installation found for key: ${key}`);
+      }
+      return installation;
+    });
+  }
+  async deleteInstallation(query) {
+    await this.withLock(async () => {
+      const key = getSlackInstallationKey(query);
+      const installations = await this.readInstallations();
+      delete installations[key];
+      await this.writeInstallations(installations);
+    });
+  }
+  async withLock(operation) {
+    const run = this.pending.then(operation, operation);
+    this.pending = run.then(
+      () => void 0,
+      () => void 0
+    );
+    return await run;
+  }
+  async readInstallations() {
+    let contents;
+    try {
+      contents = await fs2.readFile(this.filePath, "utf8");
+    } catch (error) {
+      if (isNodeErrorCode(error, "ENOENT")) {
+        return {};
+      }
+      throw error;
+    }
+    if (!contents.trim()) {
+      return {};
+    }
+    const parsed = JSON.parse(contents);
+    const record = asRecord(parsed);
+    const installations = asRecord(record?.installations) ?? record;
+    if (!installations) {
+      return {};
+    }
+    const output = {};
+    for (const [key, value] of Object.entries(installations)) {
+      if (asRecord(value)) {
+        output[key] = value;
+      }
+    }
+    return output;
+  }
+  async writeInstallations(installations) {
+    await fs2.mkdir(dirname(this.filePath), { recursive: true });
+    const tempPath = `${this.filePath}.${process.pid}.${Date.now()}.tmp`;
+    const payload = JSON.stringify({ version: 1, installations }, null, 2);
+    await fs2.writeFile(tempPath, `${payload}
+`, "utf8");
+    await fs2.rename(tempPath, this.filePath);
+  }
+};
+function createJsonFileSlackInstallationStore(filePath) {
+  return new JsonFileSlackInstallationStore(filePath);
+}
+function getSlackInstallationKey(input) {
+  if (input.isEnterpriseInstall && "enterprise" in input && input.enterprise?.id) {
+    return `enterprise:${input.enterprise.id}`;
+  }
+  if (input.isEnterpriseInstall && "enterpriseId" in input && input.enterpriseId) {
+    return `enterprise:${input.enterpriseId}`;
+  }
+  if ("team" in input && input.team?.id) {
+    return `team:${input.team.id}`;
+  }
+  if ("teamId" in input && input.teamId) {
+    return `team:${input.teamId}`;
+  }
+  throw new Error("Slack installation is missing a team or enterprise id.");
+}
+function asRecord(value) {
+  return value && typeof value === "object" ? value : void 0;
+}
+function isNodeErrorCode(error, code) {
+  return error instanceof Error && "code" in error && error.code === code;
+}
+export {
+  InMemorySlackInstallationStore,
+  JsonFileSlackInstallationStore,
+  acquireSlackSocketModeProcessLock,
+  createInMemorySlackInstallationStore,
+  createJsonFileSlackInstallationStore,
+  createSlackBoltApp,
+  createSlackSdkLogger,
+  createSlackSocketBoltApp,
+  createSlackSocketModeRestartGuard,
+  createSlackSocketModeRuntime,
+  getSlackInstallationKey,
+  redactSlackSocketModeLogValue
+};