@inkeep/agents-core 0.0.0-dev-20260204182014 → 0.0.0-dev-20260204185956

package/dist/data-access/runtime/workAppSlack.d.ts

@@ -1,45 +0,0 @@
-import { workAppSlackChannelAgentConfigs, workAppSlackUserMappings, workAppSlackUserSettings, workAppSlackWorkspaces } from "../../db/runtime/runtime-schema.js";
-import { AgentsRunDatabaseClient } from "../../db/runtime/runtime-client.js";
-
-//#region src/data-access/runtime/workAppSlack.d.ts
-type WorkAppSlackWorkspaceInsert = typeof workAppSlackWorkspaces.$inferInsert;
-type WorkAppSlackWorkspaceSelect = typeof workAppSlackWorkspaces.$inferSelect;
-type WorkAppSlackUserMappingInsert = typeof workAppSlackUserMappings.$inferInsert;
-type WorkAppSlackUserMappingSelect = typeof workAppSlackUserMappings.$inferSelect;
-type WorkAppSlackChannelAgentConfigInsert = typeof workAppSlackChannelAgentConfigs.$inferInsert;
-type WorkAppSlackChannelAgentConfigSelect = typeof workAppSlackChannelAgentConfigs.$inferSelect;
-type WorkAppSlackUserSettingsInsert = typeof workAppSlackUserSettings.$inferInsert;
-type WorkAppSlackUserSettingsSelect = typeof workAppSlackUserSettings.$inferSelect;
-declare const createWorkAppSlackWorkspace: (db: AgentsRunDatabaseClient) => (data: Omit<WorkAppSlackWorkspaceInsert, "id" | "createdAt" | "updatedAt">) => Promise<WorkAppSlackWorkspaceSelect>;
-declare const findWorkAppSlackWorkspaceByTeamId: (db: AgentsRunDatabaseClient) => (tenantId: string, slackTeamId: string) => Promise<WorkAppSlackWorkspaceSelect | null>;
-declare const findWorkAppSlackWorkspaceByNangoConnectionId: (db: AgentsRunDatabaseClient) => (nangoConnectionId: string) => Promise<WorkAppSlackWorkspaceSelect | null>;
-declare const listWorkAppSlackWorkspacesByTenant: (db: AgentsRunDatabaseClient) => (tenantId: string) => Promise<WorkAppSlackWorkspaceSelect[]>;
-declare const updateWorkAppSlackWorkspace: (db: AgentsRunDatabaseClient) => (id: string, data: Partial<Pick<WorkAppSlackWorkspaceInsert, "status" | "slackTeamName">>) => Promise<WorkAppSlackWorkspaceSelect | null>;
-declare const deleteWorkAppSlackWorkspace: (db: AgentsRunDatabaseClient) => (id: string) => Promise<boolean>;
-declare const deleteWorkAppSlackWorkspaceByNangoConnectionId: (db: AgentsRunDatabaseClient) => (nangoConnectionId: string) => Promise<boolean>;
-declare const findWorkAppSlackUserMapping: (db: AgentsRunDatabaseClient) => (tenantId: string, slackUserId: string, slackTeamId: string, clientId?: string) => Promise<WorkAppSlackUserMappingSelect | null>;
-declare const findWorkAppSlackUserMappingByInkeepUserId: (db: AgentsRunDatabaseClient) => (inkeepUserId: string) => Promise<WorkAppSlackUserMappingSelect[]>;
-/**
- * Find a user mapping by Slack user ID and team ID only (ignores tenant).
- * Use this when you need to find the user's tenant from their mapping.
- */
-declare const findWorkAppSlackUserMappingBySlackUser: (db: AgentsRunDatabaseClient) => (slackUserId: string, slackTeamId: string, clientId?: string) => Promise<WorkAppSlackUserMappingSelect | null>;
-declare const listWorkAppSlackUserMappingsByTeam: (db: AgentsRunDatabaseClient) => (tenantId: string, slackTeamId: string) => Promise<WorkAppSlackUserMappingSelect[]>;
-declare const createWorkAppSlackUserMapping: (db: AgentsRunDatabaseClient) => (data: Omit<WorkAppSlackUserMappingInsert, "id" | "clientId" | "createdAt" | "updatedAt"> & {
-  clientId?: string;
-}) => Promise<WorkAppSlackUserMappingSelect>;
-declare const updateWorkAppSlackUserMappingLastUsed: (db: AgentsRunDatabaseClient) => (tenantId: string, slackUserId: string, slackTeamId: string, clientId?: string) => Promise<void>;
-declare const deleteWorkAppSlackUserMapping: (db: AgentsRunDatabaseClient) => (tenantId: string, slackUserId: string, slackTeamId: string, clientId?: string) => Promise<boolean>;
-declare const deleteAllWorkAppSlackUserMappingsByTeam: (db: AgentsRunDatabaseClient) => (tenantId: string, slackTeamId: string, clientId?: string) => Promise<number>;
-declare const createWorkAppSlackChannelAgentConfig: (db: AgentsRunDatabaseClient) => (data: Omit<WorkAppSlackChannelAgentConfigInsert, "id" | "createdAt" | "updatedAt">) => Promise<WorkAppSlackChannelAgentConfigSelect>;
-declare const findWorkAppSlackChannelAgentConfig: (db: AgentsRunDatabaseClient) => (tenantId: string, slackTeamId: string, slackChannelId: string) => Promise<WorkAppSlackChannelAgentConfigSelect | null>;
-declare const listWorkAppSlackChannelAgentConfigsByTeam: (db: AgentsRunDatabaseClient) => (tenantId: string, slackTeamId: string) => Promise<WorkAppSlackChannelAgentConfigSelect[]>;
-declare const upsertWorkAppSlackChannelAgentConfig: (db: AgentsRunDatabaseClient) => (data: Omit<WorkAppSlackChannelAgentConfigInsert, "id" | "createdAt" | "updatedAt">) => Promise<WorkAppSlackChannelAgentConfigSelect>;
-declare const deleteWorkAppSlackChannelAgentConfig: (db: AgentsRunDatabaseClient) => (tenantId: string, slackTeamId: string, slackChannelId: string) => Promise<boolean>;
-declare const deleteAllWorkAppSlackChannelAgentConfigsByTeam: (db: AgentsRunDatabaseClient) => (tenantId: string, slackTeamId: string) => Promise<number>;
-declare const createWorkAppSlackUserSettings: (db: AgentsRunDatabaseClient) => (data: Omit<WorkAppSlackUserSettingsInsert, "id" | "createdAt" | "updatedAt">) => Promise<WorkAppSlackUserSettingsSelect>;
-declare const findWorkAppSlackUserSettings: (db: AgentsRunDatabaseClient) => (tenantId: string, slackTeamId: string, slackUserId: string) => Promise<WorkAppSlackUserSettingsSelect | null>;
-declare const upsertWorkAppSlackUserSettings: (db: AgentsRunDatabaseClient) => (data: Omit<WorkAppSlackUserSettingsInsert, "id" | "createdAt" | "updatedAt">) => Promise<WorkAppSlackUserSettingsSelect>;
-declare const deleteWorkAppSlackUserSettings: (db: AgentsRunDatabaseClient) => (tenantId: string, slackTeamId: string, slackUserId: string) => Promise<boolean>;
-//#endregion
-export { WorkAppSlackChannelAgentConfigInsert, WorkAppSlackChannelAgentConfigSelect, WorkAppSlackUserMappingInsert, WorkAppSlackUserMappingSelect, WorkAppSlackUserSettingsInsert, WorkAppSlackUserSettingsSelect, WorkAppSlackWorkspaceInsert, WorkAppSlackWorkspaceSelect, createWorkAppSlackChannelAgentConfig, createWorkAppSlackUserMapping, createWorkAppSlackUserSettings, createWorkAppSlackWorkspace, deleteAllWorkAppSlackChannelAgentConfigsByTeam, deleteAllWorkAppSlackUserMappingsByTeam, deleteWorkAppSlackChannelAgentConfig, deleteWorkAppSlackUserMapping, deleteWorkAppSlackUserSettings, deleteWorkAppSlackWorkspace, deleteWorkAppSlackWorkspaceByNangoConnectionId, findWorkAppSlackChannelAgentConfig, findWorkAppSlackUserMapping, findWorkAppSlackUserMappingByInkeepUserId, findWorkAppSlackUserMappingBySlackUser, findWorkAppSlackUserSettings, findWorkAppSlackWorkspaceByNangoConnectionId, findWorkAppSlackWorkspaceByTeamId, listWorkAppSlackChannelAgentConfigsByTeam, listWorkAppSlackUserMappingsByTeam, listWorkAppSlackWorkspacesByTenant, updateWorkAppSlackUserMappingLastUsed, updateWorkAppSlackWorkspace, upsertWorkAppSlackChannelAgentConfig, upsertWorkAppSlackUserSettings };

package/dist/data-access/runtime/workAppSlack.js

@@ -1,154 +0,0 @@
-import { workAppSlackChannelAgentConfigs, workAppSlackUserMappings, workAppSlackUserSettings, workAppSlackWorkspaces } from "../../db/runtime/runtime-schema.js";
-import { and, eq } from "drizzle-orm";
-import { nanoid } from "nanoid";
-
-//#region src/data-access/runtime/workAppSlack.ts
-const DEFAULT_CLIENT_ID = "work-apps-slack";
-const createWorkAppSlackWorkspace = (db) => async (data) => {
-	const id = `wsw_${nanoid(21)}`;
-	const now = (/* @__PURE__ */ new Date()).toISOString();
-	const [result] = await db.insert(workAppSlackWorkspaces).values({
-		id,
-		...data,
-		createdAt: now,
-		updatedAt: now
-	}).returning();
-	return result;
-};
-const findWorkAppSlackWorkspaceByTeamId = (db) => async (tenantId, slackTeamId) => {
-	return (await db.select().from(workAppSlackWorkspaces).where(and(eq(workAppSlackWorkspaces.tenantId, tenantId), eq(workAppSlackWorkspaces.slackTeamId, slackTeamId))).limit(1))[0] || null;
-};
-const findWorkAppSlackWorkspaceByNangoConnectionId = (db) => async (nangoConnectionId) => {
-	return (await db.select().from(workAppSlackWorkspaces).where(eq(workAppSlackWorkspaces.nangoConnectionId, nangoConnectionId)).limit(1))[0] || null;
-};
-const listWorkAppSlackWorkspacesByTenant = (db) => async (tenantId) => {
-	return db.select().from(workAppSlackWorkspaces).where(eq(workAppSlackWorkspaces.tenantId, tenantId));
-};
-const updateWorkAppSlackWorkspace = (db) => async (id, data) => {
-	const [result] = await db.update(workAppSlackWorkspaces).set({
-		...data,
-		updatedAt: (/* @__PURE__ */ new Date()).toISOString()
-	}).where(eq(workAppSlackWorkspaces.id, id)).returning();
-	return result || null;
-};
-const deleteWorkAppSlackWorkspace = (db) => async (id) => {
-	return (await db.delete(workAppSlackWorkspaces).where(eq(workAppSlackWorkspaces.id, id)).returning()).length > 0;
-};
-const deleteWorkAppSlackWorkspaceByNangoConnectionId = (db) => async (nangoConnectionId) => {
-	return (await db.delete(workAppSlackWorkspaces).where(eq(workAppSlackWorkspaces.nangoConnectionId, nangoConnectionId)).returning()).length > 0;
-};
-const findWorkAppSlackUserMapping = (db) => async (tenantId, slackUserId, slackTeamId, clientId = DEFAULT_CLIENT_ID) => {
-	return (await db.select().from(workAppSlackUserMappings).where(and(eq(workAppSlackUserMappings.tenantId, tenantId), eq(workAppSlackUserMappings.clientId, clientId), eq(workAppSlackUserMappings.slackUserId, slackUserId), eq(workAppSlackUserMappings.slackTeamId, slackTeamId))).limit(1))[0] || null;
-};
-const findWorkAppSlackUserMappingByInkeepUserId = (db) => async (inkeepUserId) => {
-	return db.select().from(workAppSlackUserMappings).where(eq(workAppSlackUserMappings.inkeepUserId, inkeepUserId));
-};
-/**
-* Find a user mapping by Slack user ID and team ID only (ignores tenant).
-* Use this when you need to find the user's tenant from their mapping.
-*/
-const findWorkAppSlackUserMappingBySlackUser = (db) => async (slackUserId, slackTeamId, clientId = DEFAULT_CLIENT_ID) => {
-	return (await db.select().from(workAppSlackUserMappings).where(and(eq(workAppSlackUserMappings.clientId, clientId), eq(workAppSlackUserMappings.slackUserId, slackUserId), eq(workAppSlackUserMappings.slackTeamId, slackTeamId))).limit(1))[0] || null;
-};
-const listWorkAppSlackUserMappingsByTeam = (db) => async (tenantId, slackTeamId) => {
-	return db.select().from(workAppSlackUserMappings).where(and(eq(workAppSlackUserMappings.tenantId, tenantId), eq(workAppSlackUserMappings.slackTeamId, slackTeamId)));
-};
-const createWorkAppSlackUserMapping = (db) => async (data) => {
-	const id = `wsum_${nanoid(21)}`;
-	const now = (/* @__PURE__ */ new Date()).toISOString();
-	const [result] = await db.insert(workAppSlackUserMappings).values({
-		id,
-		clientId: data.clientId || DEFAULT_CLIENT_ID,
-		...data,
-		linkedAt: now,
-		createdAt: now,
-		updatedAt: now
-	}).returning();
-	return result;
-};
-const updateWorkAppSlackUserMappingLastUsed = (db) => async (tenantId, slackUserId, slackTeamId, clientId = DEFAULT_CLIENT_ID) => {
-	const now = (/* @__PURE__ */ new Date()).toISOString();
-	await db.update(workAppSlackUserMappings).set({
-		lastUsedAt: now,
-		updatedAt: now
-	}).where(and(eq(workAppSlackUserMappings.tenantId, tenantId), eq(workAppSlackUserMappings.clientId, clientId), eq(workAppSlackUserMappings.slackUserId, slackUserId), eq(workAppSlackUserMappings.slackTeamId, slackTeamId)));
-};
-const deleteWorkAppSlackUserMapping = (db) => async (tenantId, slackUserId, slackTeamId, clientId = DEFAULT_CLIENT_ID) => {
-	return (await db.delete(workAppSlackUserMappings).where(and(eq(workAppSlackUserMappings.tenantId, tenantId), eq(workAppSlackUserMappings.clientId, clientId), eq(workAppSlackUserMappings.slackUserId, slackUserId), eq(workAppSlackUserMappings.slackTeamId, slackTeamId))).returning()).length > 0;
-};
-const deleteAllWorkAppSlackUserMappingsByTeam = (db) => async (tenantId, slackTeamId, clientId = DEFAULT_CLIENT_ID) => {
-	return (await db.delete(workAppSlackUserMappings).where(and(eq(workAppSlackUserMappings.tenantId, tenantId), eq(workAppSlackUserMappings.clientId, clientId), eq(workAppSlackUserMappings.slackTeamId, slackTeamId))).returning()).length;
-};
-const createWorkAppSlackChannelAgentConfig = (db) => async (data) => {
-	const id = `wscac_${nanoid(21)}`;
-	const now = (/* @__PURE__ */ new Date()).toISOString();
-	const [result] = await db.insert(workAppSlackChannelAgentConfigs).values({
-		id,
-		...data,
-		createdAt: now,
-		updatedAt: now
-	}).returning();
-	return result;
-};
-const findWorkAppSlackChannelAgentConfig = (db) => async (tenantId, slackTeamId, slackChannelId) => {
-	return (await db.select().from(workAppSlackChannelAgentConfigs).where(and(eq(workAppSlackChannelAgentConfigs.tenantId, tenantId), eq(workAppSlackChannelAgentConfigs.slackTeamId, slackTeamId), eq(workAppSlackChannelAgentConfigs.slackChannelId, slackChannelId))).limit(1))[0] || null;
-};
-const listWorkAppSlackChannelAgentConfigsByTeam = (db) => async (tenantId, slackTeamId) => {
-	return db.select().from(workAppSlackChannelAgentConfigs).where(and(eq(workAppSlackChannelAgentConfigs.tenantId, tenantId), eq(workAppSlackChannelAgentConfigs.slackTeamId, slackTeamId)));
-};
-const upsertWorkAppSlackChannelAgentConfig = (db) => async (data) => {
-	const existing = await findWorkAppSlackChannelAgentConfig(db)(data.tenantId, data.slackTeamId, data.slackChannelId);
-	if (existing) {
-		const [updated] = await db.update(workAppSlackChannelAgentConfigs).set({
-			projectId: data.projectId,
-			agentId: data.agentId,
-			agentName: data.agentName,
-			slackChannelName: data.slackChannelName,
-			slackChannelType: data.slackChannelType,
-			enabled: data.enabled,
-			configuredByUserId: data.configuredByUserId,
-			updatedAt: (/* @__PURE__ */ new Date()).toISOString()
-		}).where(eq(workAppSlackChannelAgentConfigs.id, existing.id)).returning();
-		return updated;
-	}
-	return createWorkAppSlackChannelAgentConfig(db)(data);
-};
-const deleteWorkAppSlackChannelAgentConfig = (db) => async (tenantId, slackTeamId, slackChannelId) => {
-	return (await db.delete(workAppSlackChannelAgentConfigs).where(and(eq(workAppSlackChannelAgentConfigs.tenantId, tenantId), eq(workAppSlackChannelAgentConfigs.slackTeamId, slackTeamId), eq(workAppSlackChannelAgentConfigs.slackChannelId, slackChannelId))).returning()).length > 0;
-};
-const deleteAllWorkAppSlackChannelAgentConfigsByTeam = (db) => async (tenantId, slackTeamId) => {
-	return (await db.delete(workAppSlackChannelAgentConfigs).where(and(eq(workAppSlackChannelAgentConfigs.tenantId, tenantId), eq(workAppSlackChannelAgentConfigs.slackTeamId, slackTeamId))).returning()).length;
-};
-const createWorkAppSlackUserSettings = (db) => async (data) => {
-	const id = `wsus_${nanoid(21)}`;
-	const now = (/* @__PURE__ */ new Date()).toISOString();
-	const [result] = await db.insert(workAppSlackUserSettings).values({
-		id,
-		...data,
-		createdAt: now,
-		updatedAt: now
-	}).returning();
-	return result;
-};
-const findWorkAppSlackUserSettings = (db) => async (tenantId, slackTeamId, slackUserId) => {
-	return (await db.select().from(workAppSlackUserSettings).where(and(eq(workAppSlackUserSettings.tenantId, tenantId), eq(workAppSlackUserSettings.slackTeamId, slackTeamId), eq(workAppSlackUserSettings.slackUserId, slackUserId))).limit(1))[0] || null;
-};
-const upsertWorkAppSlackUserSettings = (db) => async (data) => {
-	const existing = await findWorkAppSlackUserSettings(db)(data.tenantId, data.slackTeamId, data.slackUserId);
-	if (existing) {
-		const [updated] = await db.update(workAppSlackUserSettings).set({
-			defaultProjectId: data.defaultProjectId,
-			defaultAgentId: data.defaultAgentId,
-			defaultAgentName: data.defaultAgentName,
-			updatedAt: (/* @__PURE__ */ new Date()).toISOString()
-		}).where(eq(workAppSlackUserSettings.id, existing.id)).returning();
-		return updated;
-	}
-	return createWorkAppSlackUserSettings(db)(data);
-};
-const deleteWorkAppSlackUserSettings = (db) => async (tenantId, slackTeamId, slackUserId) => {
-	return (await db.delete(workAppSlackUserSettings).where(and(eq(workAppSlackUserSettings.tenantId, tenantId), eq(workAppSlackUserSettings.slackTeamId, slackTeamId), eq(workAppSlackUserSettings.slackUserId, slackUserId))).returning()).length > 0;
-};
-
-//#endregion
-export { createWorkAppSlackChannelAgentConfig, createWorkAppSlackUserMapping, createWorkAppSlackUserSettings, createWorkAppSlackWorkspace, deleteAllWorkAppSlackChannelAgentConfigsByTeam, deleteAllWorkAppSlackUserMappingsByTeam, deleteWorkAppSlackChannelAgentConfig, deleteWorkAppSlackUserMapping, deleteWorkAppSlackUserSettings, deleteWorkAppSlackWorkspace, deleteWorkAppSlackWorkspaceByNangoConnectionId, findWorkAppSlackChannelAgentConfig, findWorkAppSlackUserMapping, findWorkAppSlackUserMappingByInkeepUserId, findWorkAppSlackUserMappingBySlackUser, findWorkAppSlackUserSettings, findWorkAppSlackWorkspaceByNangoConnectionId, findWorkAppSlackWorkspaceByTeamId, listWorkAppSlackChannelAgentConfigsByTeam, listWorkAppSlackUserMappingsByTeam, listWorkAppSlackWorkspacesByTenant, updateWorkAppSlackUserMappingLastUsed, updateWorkAppSlackWorkspace, upsertWorkAppSlackChannelAgentConfig, upsertWorkAppSlackUserSettings };

package/dist/utils/slack-link-token.d.ts

@@ -1,60 +0,0 @@
-import { JwtVerifyResult } from "./jwt-helpers.js";
-import { z } from "zod";
-
-//#region src/utils/slack-link-token.d.ts
-
-/**
- * Zod schema for validating Slack link token JWT payload.
- * This is a stateless token used for the device authorization flow.
- */
-declare const SlackLinkTokenPayloadSchema: z.ZodObject<{
-  iss: z.ZodLiteral<"inkeep-auth">;
-  aud: z.ZodLiteral<"slack-link">;
-  sub: z.ZodString;
-  iat: z.ZodNumber;
-  exp: z.ZodNumber;
-  jti: z.ZodOptional<z.ZodString>;
-  tokenUse: z.ZodLiteral<"slackLinkCode">;
-  tenantId: z.ZodString;
-  slack: z.ZodObject<{
-    teamId: z.ZodString;
-    userId: z.ZodString;
-    enterpriseId: z.ZodOptional<z.ZodString>;
-    username: z.ZodOptional<z.ZodString>;
-  }, z.core.$strip>;
-}, z.core.$strip>;
-type SlackLinkTokenPayload = z.infer<typeof SlackLinkTokenPayloadSchema>;
-/**
- * Parameters for generating a Slack link token
- */
-interface SignSlackLinkTokenParams {
-  tenantId: string;
-  slackTeamId: string;
-  slackUserId: string;
-  slackEnterpriseId?: string;
-  slackUsername?: string;
-}
-/**
- * Result of verifying a Slack link token
- */
-type VerifySlackLinkTokenResult = JwtVerifyResult<SlackLinkTokenPayload>;
-/**
- * Sign a Slack link JWT token for the device authorization flow.
- * Token expires in 10 minutes.
- *
- * This token is generated when a user runs `/inkeep link` in Slack
- * and is verified when they visit the dashboard link page.
- */
-declare function signSlackLinkToken(params: SignSlackLinkTokenParams): Promise<string>;
-/**
- * Verify and decode a Slack link JWT token.
- * Validates signature, expiration, issuer, audience, and schema.
- */
-declare function verifySlackLinkToken(token: string): Promise<VerifySlackLinkTokenResult>;
-/**
- * Check if a token looks like a Slack link JWT (quick check before full verification).
- * Returns true if the token has the expected issuer and tokenUse.
- */
-declare function isSlackLinkToken(token: string): boolean;
-//#endregion
-export { SignSlackLinkTokenParams, SlackLinkTokenPayload, SlackLinkTokenPayloadSchema, VerifySlackLinkTokenResult, isSlackLinkToken, signSlackLinkToken, verifySlackLinkToken };

package/dist/utils/slack-link-token.js

@@ -1,124 +0,0 @@
-import { getLogger } from "./logger.js";
-import { signJwt, verifyJwt } from "./jwt-helpers.js";
-import { z } from "zod";
-
-//#region src/utils/slack-link-token.ts
-const logger = getLogger("slack-link-token");
-const ISSUER = "inkeep-auth";
-const AUDIENCE = "slack-link";
-const TOKEN_USE = "slackLinkCode";
-const TOKEN_TTL = "10m";
-/**
-* Zod schema for validating Slack link token JWT payload.
-* This is a stateless token used for the device authorization flow.
-*/
-const SlackLinkTokenPayloadSchema = z.object({
-	iss: z.literal(ISSUER),
-	aud: z.literal(AUDIENCE),
-	sub: z.string().min(1),
-	iat: z.number(),
-	exp: z.number(),
-	jti: z.string().optional(),
-	tokenUse: z.literal(TOKEN_USE),
-	tenantId: z.string().min(1),
-	slack: z.object({
-		teamId: z.string().min(1),
-		userId: z.string().min(1),
-		enterpriseId: z.string().min(1).optional(),
-		username: z.string().optional()
-	})
-});
-/**
-* Sign a Slack link JWT token for the device authorization flow.
-* Token expires in 10 minutes.
-*
-* This token is generated when a user runs `/inkeep link` in Slack
-* and is verified when they visit the dashboard link page.
-*/
-async function signSlackLinkToken(params) {
-	try {
-		const token = await signJwt({
-			issuer: ISSUER,
-			subject: `slack:${params.slackTeamId}:${params.slackUserId}`,
-			audience: AUDIENCE,
-			expiresIn: TOKEN_TTL,
-			claims: {
-				tokenUse: TOKEN_USE,
-				tenantId: params.tenantId,
-				slack: {
-					teamId: params.slackTeamId,
-					userId: params.slackUserId,
-					...params.slackEnterpriseId && { enterpriseId: params.slackEnterpriseId },
-					...params.slackUsername && { username: params.slackUsername }
-				}
-			}
-		});
-		logger.debug({
-			tenantId: params.tenantId,
-			slackTeamId: params.slackTeamId,
-			slackUserId: params.slackUserId
-		}, "Generated Slack link token");
-		return token;
-	} catch (error) {
-		const errorMessage = error instanceof Error ? error.message : String(error);
-		logger.error({
-			error,
-			errorMessage
-		}, "Failed to generate Slack link token");
-		throw new Error(`Failed to generate Slack link token: ${errorMessage}`);
-	}
-}
-/**
-* Verify and decode a Slack link JWT token.
-* Validates signature, expiration, issuer, audience, and schema.
-*/
-async function verifySlackLinkToken(token) {
-	const result = await verifyJwt(token, {
-		issuer: ISSUER,
-		audience: AUDIENCE
-	});
-	if (!result.valid || !result.payload) {
-		logger.warn({ error: result.error }, "Slack link token verification failed");
-		return {
-			valid: false,
-			error: result.error
-		};
-	}
-	const parseResult = SlackLinkTokenPayloadSchema.safeParse(result.payload);
-	if (!parseResult.success) {
-		logger.warn({
-			payload: result.payload,
-			issues: parseResult.error.issues
-		}, "Invalid Slack link token: schema validation failed");
-		return {
-			valid: false,
-			error: `Invalid token schema: ${parseResult.error.issues.map((e) => e.message).join(", ")}`
-		};
-	}
-	logger.debug({
-		tenantId: parseResult.data.tenantId,
-		slackTeamId: parseResult.data.slack.teamId,
-		slackUserId: parseResult.data.slack.userId
-	}, "Successfully verified Slack link token");
-	return {
-		valid: true,
-		payload: parseResult.data
-	};
-}
-/**
-* Check if a token looks like a Slack link JWT (quick check before full verification).
-* Returns true if the token has the expected issuer and tokenUse.
-*/
-function isSlackLinkToken(token) {
-	try {
-		const parts = token.split(".");
-		if (parts.length !== 3) return false;
-		const payload = JSON.parse(Buffer.from(parts[1], "base64url").toString());
-		return payload?.iss === ISSUER && payload?.tokenUse === TOKEN_USE;
-	} catch {
-		return false;
-	}
-}
-
-//#endregion
-export { SlackLinkTokenPayloadSchema, isSlackLinkToken, signSlackLinkToken, verifySlackLinkToken };

package/dist/utils/slack-user-token.d.ts

@@ -1,87 +0,0 @@
-import { JwtVerifyResult } from "./jwt-helpers.js";
-import { z } from "zod";
-
-//#region src/utils/slack-user-token.d.ts
-
-/**
- * Zod schema for validating Slack user access token JWT payload.
- * This is the canonical schema from the work_apps_slack spec.
- */
-declare const SlackAccessTokenPayloadSchema: z.ZodObject<{
-  iss: z.ZodLiteral<"inkeep-auth">;
-  aud: z.ZodLiteral<"inkeep-api">;
-  sub: z.ZodString;
-  iat: z.ZodNumber;
-  exp: z.ZodNumber;
-  jti: z.ZodOptional<z.ZodString>;
-  tokenUse: z.ZodLiteral<"slackUser">;
-  act: z.ZodObject<{
-    sub: z.ZodLiteral<"inkeep-work-app-slack">;
-  }, z.core.$strip>;
-  tenantId: z.ZodString;
-  slack: z.ZodObject<{
-    teamId: z.ZodString;
-    userId: z.ZodString;
-    enterpriseId: z.ZodOptional<z.ZodString>;
-    email: z.ZodOptional<z.ZodString>;
-  }, z.core.$strip>;
-}, z.core.$strip>;
-type SlackAccessTokenPayload = z.infer<typeof SlackAccessTokenPayloadSchema>;
-/**
- * Parameters for generating a Slack user token
- */
-interface SignSlackUserTokenParams {
-  inkeepUserId: string;
-  tenantId: string;
-  slackTeamId: string;
-  slackUserId: string;
-  slackEnterpriseId?: string;
-  slackEmail?: string;
-}
-/**
- * Result of verifying a Slack user token
- */
-type VerifySlackUserTokenResult = JwtVerifyResult<SlackAccessTokenPayload>;
-/**
- * Auth context extracted from a verified Slack user token
- */
-interface SlackUserAuthContext {
-  userId: string;
-  tenantId: string;
-  source: 'slack';
-  metadata: {
-    slackTeamId: string;
-    slackUserId: string;
-    slackEnterpriseId?: string;
-    slackEmail?: string;
-  };
-}
-/**
- * Sign a Slack user JWT token for calling Manage/Run APIs.
- * Token expires in 5 minutes.
- *
- * This token is used when Slack runtime logic needs to call:
- * - Manage API (list projects, list agents)
- * - Run API (POST /run/api/chat)
- */
-declare function signSlackUserToken(params: SignSlackUserTokenParams): Promise<string>;
-/**
- * Verify and decode a Slack user JWT token.
- * Validates signature, expiration, issuer, audience, and schema.
- */
-declare function verifySlackUserToken(token: string): Promise<VerifySlackUserTokenResult>;
-/**
- * Check if a token looks like a Slack user JWT (quick check before full verification).
- * Returns true if the token has the expected issuer and tokenUse.
- */
-declare function isSlackUserToken(token: string): boolean;
-/**
- * Extract Slack user token from Authorization header and verify it.
- */
-declare function verifySlackUserAuthHeader(authHeader: string | undefined): Promise<VerifySlackUserTokenResult>;
-/**
- * Convert a verified Slack token payload to an auth context for middleware.
- */
-declare function toSlackUserAuthContext(payload: SlackAccessTokenPayload): SlackUserAuthContext;
-//#endregion
-export { SignSlackUserTokenParams, SlackAccessTokenPayload, SlackAccessTokenPayloadSchema, SlackUserAuthContext, VerifySlackUserTokenResult, isSlackUserToken, signSlackUserToken, toSlackUserAuthContext, verifySlackUserAuthHeader, verifySlackUserToken };

package/dist/utils/slack-user-token.js

@@ -1,156 +0,0 @@
-import { getLogger } from "./logger.js";
-import { extractBearerToken, signJwt, verifyJwt } from "./jwt-helpers.js";
-import { z } from "zod";
-
-//#region src/utils/slack-user-token.ts
-const logger = getLogger("slack-user-token");
-const ISSUER = "inkeep-auth";
-const AUDIENCE = "inkeep-api";
-const TOKEN_USE = "slackUser";
-const ACTOR_SUB = "inkeep-work-app-slack";
-const TOKEN_TTL = "5m";
-/**
-* Zod schema for validating Slack user access token JWT payload.
-* This is the canonical schema from the work_apps_slack spec.
-*/
-const SlackAccessTokenPayloadSchema = z.object({
-	iss: z.literal(ISSUER),
-	aud: z.literal(AUDIENCE),
-	sub: z.string().min(1),
-	iat: z.number(),
-	exp: z.number(),
-	jti: z.string().optional(),
-	tokenUse: z.literal(TOKEN_USE),
-	act: z.object({ sub: z.literal(ACTOR_SUB) }),
-	tenantId: z.string().min(1),
-	slack: z.object({
-		teamId: z.string().min(1),
-		userId: z.string().min(1),
-		enterpriseId: z.string().min(1).optional(),
-		email: z.string().email().optional()
-	})
-});
-/**
-* Sign a Slack user JWT token for calling Manage/Run APIs.
-* Token expires in 5 minutes.
-*
-* This token is used when Slack runtime logic needs to call:
-* - Manage API (list projects, list agents)
-* - Run API (POST /run/api/chat)
-*/
-async function signSlackUserToken(params) {
-	try {
-		const token = await signJwt({
-			issuer: ISSUER,
-			subject: params.inkeepUserId,
-			audience: AUDIENCE,
-			expiresIn: TOKEN_TTL,
-			claims: {
-				tokenUse: TOKEN_USE,
-				act: { sub: ACTOR_SUB },
-				tenantId: params.tenantId,
-				slack: {
-					teamId: params.slackTeamId,
-					userId: params.slackUserId,
-					...params.slackEnterpriseId && { enterpriseId: params.slackEnterpriseId },
-					...params.slackEmail && { email: params.slackEmail }
-				}
-			}
-		});
-		logger.debug({
-			inkeepUserId: params.inkeepUserId,
-			tenantId: params.tenantId,
-			slackTeamId: params.slackTeamId,
-			slackUserId: params.slackUserId
-		}, "Generated Slack user token");
-		return token;
-	} catch (error) {
-		const errorMessage = error instanceof Error ? error.message : String(error);
-		logger.error({
-			error,
-			errorMessage
-		}, "Failed to generate Slack user token");
-		throw new Error(`Failed to generate Slack user token: ${errorMessage}`);
-	}
-}
-/**
-* Verify and decode a Slack user JWT token.
-* Validates signature, expiration, issuer, audience, and schema.
-*/
-async function verifySlackUserToken(token) {
-	const result = await verifyJwt(token, {
-		issuer: ISSUER,
-		audience: AUDIENCE
-	});
-	if (!result.valid || !result.payload) {
-		logger.warn({ error: result.error }, "Slack user token verification failed");
-		return {
-			valid: false,
-			error: result.error
-		};
-	}
-	const parseResult = SlackAccessTokenPayloadSchema.safeParse(result.payload);
-	if (!parseResult.success) {
-		logger.warn({
-			payload: result.payload,
-			issues: parseResult.error.issues
-		}, "Invalid Slack user token: schema validation failed");
-		return {
-			valid: false,
-			error: `Invalid token schema: ${parseResult.error.issues.map((e) => e.message).join(", ")}`
-		};
-	}
-	logger.debug({
-		inkeepUserId: parseResult.data.sub,
-		tenantId: parseResult.data.tenantId,
-		slackTeamId: parseResult.data.slack.teamId
-	}, "Successfully verified Slack user token");
-	return {
-		valid: true,
-		payload: parseResult.data
-	};
-}
-/**
-* Check if a token looks like a Slack user JWT (quick check before full verification).
-* Returns true if the token has the expected issuer and tokenUse.
-*/
-function isSlackUserToken(token) {
-	try {
-		const parts = token.split(".");
-		if (parts.length !== 3) return false;
-		const payload = JSON.parse(Buffer.from(parts[1], "base64url").toString());
-		return payload?.iss === ISSUER && payload?.tokenUse === TOKEN_USE;
-	} catch {
-		return false;
-	}
-}
-/**
-* Extract Slack user token from Authorization header and verify it.
-*/
-async function verifySlackUserAuthHeader(authHeader) {
-	const extracted = extractBearerToken(authHeader);
-	if (!extracted.token) return {
-		valid: false,
-		error: extracted.error
-	};
-	return verifySlackUserToken(extracted.token);
-}
-/**
-* Convert a verified Slack token payload to an auth context for middleware.
-*/
-function toSlackUserAuthContext(payload) {
-	return {
-		userId: payload.sub,
-		tenantId: payload.tenantId,
-		source: "slack",
-		metadata: {
-			slackTeamId: payload.slack.teamId,
-			slackUserId: payload.slack.userId,
-			slackEnterpriseId: payload.slack.enterpriseId,
-			slackEmail: payload.slack.email
-		}
-	};
-}
-
-//#endregion
-export { SlackAccessTokenPayloadSchema, isSlackUserToken, signSlackUserToken, toSlackUserAuthContext, verifySlackUserAuthHeader, verifySlackUserToken };

package/dist/utils/sse-parser.d.ts

@@ -1,35 +0,0 @@
-//#region src/utils/sse-parser.d.ts
-/**
- * SSE (Server-Sent Events) Response Parser
- *
- * Shared utility for parsing SSE responses from the chat API.
- * Used by EvaluationService, Slack integration, and other consumers.
- *
- * Handles multiple response formats:
- * - OpenAI-compatible chat completion chunks
- * - Vercel AI SDK data stream format (text-delta)
- * - Error operations and events
- */
-interface ParsedSSEResponse {
-  text: string;
-  error?: string;
-}
-/**
- * Parse SSE (Server-Sent Events) response from chat API
- * Handles text deltas, error operations, and other data operations
- *
- * Supports:
- * - OpenAI-compatible format: `chat.completion.chunk` with `delta.content`
- * - Vercel AI SDK format: `text-delta` with `delta`
- * - Vercel AI SDK format: `text-start` and `text-end` markers (ignored)
- * - Error operations: `data-operation` with `type: 'error'`
- * - Direct error events: `type: 'error'`
- *
- * Ignores:
- * - `data-operation` events (metadata, not content)
- * - `text-start` and `text-end` markers
- * - `[DONE]` markers
- */
-declare function parseSSEResponse(sseText: string): ParsedSSEResponse;
-//#endregion
-export { ParsedSSEResponse, parseSSEResponse };