@inkeep/agents-work-apps 0.50.1 → 0.50.4

package/dist/slack/middleware/permissions.js

@@ -4,6 +4,7 @@ import { findWorkspaceConnectionByTeamId } from "../services/nango.js";
 import { checkUserIsChannelMember, getSlackClient } from "../services/client.js";
 import { OrgRoles, createApiError, findWorkAppSlackUserMappingByInkeepUserId, getUserOrganizationsFromDb } from "@inkeep/agents-core";
 import { createMiddleware } from "hono/factory";
+import { registerAuthzMeta } from "@inkeep/agents-core/middleware";
 
 //#region src/slack/middleware/permissions.ts
 const logger = getLogger("slack-permissions");
@@ -41,49 +42,57 @@ async function resolveWorkAppTenantContext(c, teamId, userId) {
 * Middleware that requires Inkeep org admin/owner role.
 * Use for workspace-level settings that only Inkeep organization admins can modify.
 */
-const requireWorkspaceAdmin = () => createMiddleware(async (c, next) => {
-	if (process.env.ENVIRONMENT === "test" && c.req.header("x-test-bypass-auth") === "true") {
+const requireWorkspaceAdmin = () => {
+	const mw = createMiddleware(async (c, next) => {
+		if (process.env.ENVIRONMENT === "test" && c.req.header("x-test-bypass-auth") === "true") {
+			await next();
+			return;
+		}
+		const userId = c.get("userId");
+		if (!userId) throw createApiError({
+			code: "unauthorized",
+			message: "User context not found",
+			instance: c.req.path
+		});
+		if (userId === "system" || userId.startsWith("apikey:")) {
+			await next();
+			return;
+		}
+		const teamId = c.req.param("teamId") || c.req.param("workspaceId");
+		if (teamId && !c.get("tenantRole")) await resolveWorkAppTenantContext(c, teamId, userId);
+		const tenantId = c.get("tenantId");
+		const tenantRole = c.get("tenantRole");
+		if (!tenantId) throw createApiError({
+			code: "unauthorized",
+			message: "Organization context not found",
+			instance: c.req.path
+		});
+		if (!isOrgAdmin(tenantRole)) {
+			logger.warn({
+				userId,
+				tenantId,
+				tenantRole,
+				path: c.req.path
+			}, "User does not have admin role for workspace operation");
+			throw createApiError({
+				code: "forbidden",
+				message: "Only organization administrators can modify workspace settings",
+				instance: c.req.path,
+				extensions: {
+					requiredRole: "admin or owner",
+					currentRole: tenantRole
+				}
+			});
+		}
 		await next();
-		return;
-	}
-	const userId = c.get("userId");
-	if (!userId) throw createApiError({
-		code: "unauthorized",
-		message: "User context not found",
-		instance: c.req.path
 	});
-	if (userId === "system" || userId.startsWith("apikey:")) {
-		await next();
-		return;
-	}
-	const teamId = c.req.param("teamId") || c.req.param("workspaceId");
-	if (teamId && !c.get("tenantRole")) await resolveWorkAppTenantContext(c, teamId, userId);
-	const tenantId = c.get("tenantId");
-	const tenantRole = c.get("tenantRole");
-	if (!tenantId) throw createApiError({
-		code: "unauthorized",
-		message: "Organization context not found",
-		instance: c.req.path
+	registerAuthzMeta(mw, {
+		resource: "organization",
+		permission: "admin",
+		description: "Requires Inkeep org admin/owner role to modify workspace settings"
 	});
-	if (!isOrgAdmin(tenantRole)) {
-		logger.warn({
-			userId,
-			tenantId,
-			tenantRole,
-			path: c.req.path
-		}, "User does not have admin role for workspace operation");
-		throw createApiError({
-			code: "forbidden",
-			message: "Only organization administrators can modify workspace settings",
-			instance: c.req.path,
-			extensions: {
-				requiredRole: "admin or owner",
-				currentRole: tenantRole
-			}
-		});
-	}
-	await next();
-});
+	return mw;
+};
 /**
 * Middleware that requires either:
 * 1. Org admin/owner role (can modify any channel), OR
@@ -91,77 +100,81 @@ const requireWorkspaceAdmin = () => createMiddleware(async (c, next) => {
 *
 * Use for channel-level settings where members can configure their own channels.
 */
-const requireChannelMemberOrAdmin = () => createMiddleware(async (c, next) => {
-	if (process.env.ENVIRONMENT === "test" && c.req.header("x-test-bypass-auth") === "true") {
-		await next();
-		return;
-	}
-	const userId = c.get("userId");
-	if (!userId) throw createApiError({
-		code: "unauthorized",
-		message: "User context not found",
-		instance: c.req.path
-	});
-	if (userId === "system" || userId.startsWith("apikey:")) {
-		await next();
-		return;
-	}
-	const teamId = c.req.param("teamId");
-	if (teamId && !c.get("tenantRole")) await resolveWorkAppTenantContext(c, teamId, userId);
-	const tenantId = c.get("tenantId");
-	const tenantRole = c.get("tenantRole");
-	if (!tenantId) throw createApiError({
-		code: "unauthorized",
-		message: "Organization context not found",
-		instance: c.req.path
-	});
-	if (isOrgAdmin(tenantRole)) {
-		await next();
-		return;
-	}
-	const channelId = c.req.param("channelId");
-	if (!teamId || !channelId) throw createApiError({
-		code: "bad_request",
-		message: "Team ID and Channel ID are required",
-		instance: c.req.path
-	});
-	const userMapping = (await findWorkAppSlackUserMappingByInkeepUserId(runDbClient_default)(userId)).find((m) => m.tenantId === tenantId && m.slackTeamId === teamId);
-	if (!userMapping) throw createApiError({
-		code: "forbidden",
-		message: "You must link your Slack account to modify channel settings. Use /inkeep link in Slack.",
-		instance: c.req.path
-	});
-	const workspace = await findWorkspaceConnectionByTeamId(teamId);
-	if (!workspace?.botToken) throw createApiError({
-		code: "not_found",
-		message: "Slack workspace not found or not properly configured",
-		instance: c.req.path
-	});
-	if (!await checkUserIsChannelMember(getSlackClient(workspace.botToken), channelId, userMapping.slackUserId)) {
-		logger.info({
+const requireChannelMemberOrAdmin = () => {
+	const mw = createMiddleware(async (c, next) => {
+		if (process.env.ENVIRONMENT === "test" && c.req.header("x-test-bypass-auth") === "true") {
+			await next();
+			return;
+		}
+		const userId = c.get("userId");
+		if (!userId) throw createApiError({
+			code: "unauthorized",
+			message: "User context not found",
+			instance: c.req.path
+		});
+		if (userId === "system" || userId.startsWith("apikey:")) {
+			await next();
+			return;
+		}
+		const teamId = c.req.param("teamId");
+		if (teamId && !c.get("tenantRole")) await resolveWorkAppTenantContext(c, teamId, userId);
+		const tenantId = c.get("tenantId");
+		const tenantRole = c.get("tenantRole");
+		if (!tenantId) throw createApiError({
+			code: "unauthorized",
+			message: "Organization context not found",
+			instance: c.req.path
+		});
+		if (isOrgAdmin(tenantRole)) {
+			await next();
+			return;
+		}
+		const channelId = c.req.param("channelId");
+		if (!teamId || !channelId) throw createApiError({
+			code: "bad_request",
+			message: "Team ID and Channel ID are required",
+			instance: c.req.path
+		});
+		const userMapping = (await findWorkAppSlackUserMappingByInkeepUserId(runDbClient_default)(userId)).find((m) => m.tenantId === tenantId && m.slackTeamId === teamId);
+		if (!userMapping) throw createApiError({
+			code: "forbidden",
+			message: "You must link your Slack account to modify channel settings. Use /inkeep link in Slack.",
+			instance: c.req.path
+		});
+		const workspace = await findWorkspaceConnectionByTeamId(teamId);
+		if (!workspace?.botToken) throw createApiError({
+			code: "not_found",
+			message: "Slack workspace not found or not properly configured",
+			instance: c.req.path
+		});
+		if (!await checkUserIsChannelMember(getSlackClient(workspace.botToken), channelId, userMapping.slackUserId)) {
+			logger.info({
+				userId,
+				slackUserId: userMapping.slackUserId,
+				channelId,
+				teamId
+			}, "User is not a member of the channel");
+			throw createApiError({
+				code: "forbidden",
+				message: "You can only configure channels you are a member of",
+				instance: c.req.path,
+				extensions: {
+					channelId,
+					reason: "not_channel_member"
+				}
+			});
+		}
+		logger.debug({
 			userId,
 			slackUserId: userMapping.slackUserId,
 			channelId,
 			teamId
-		}, "User is not a member of the channel");
-		throw createApiError({
-			code: "forbidden",
-			message: "You can only configure channels you are a member of",
-			instance: c.req.path,
-			extensions: {
-				channelId,
-				reason: "not_channel_member"
-			}
-		});
-	}
-	logger.debug({
-		userId,
-		slackUserId: userMapping.slackUserId,
-		channelId,
-		teamId
-	}, "User verified as channel member");
-	await next();
-});
+		}, "User verified as channel member");
+		await next();
+	});
+	registerAuthzMeta(mw, { description: "Requires Inkeep organization admin role, or Slack channel membership to modify channel settings" });
+	return mw;
+};
 
 //#endregion
 export { isOrgAdmin, requireChannelMemberOrAdmin, requireWorkspaceAdmin };

package/dist/slack/routes/events.js

@@ -3,17 +3,13 @@ import { getLogger } from "../../logger.js";
 import runDbClient_default from "../../db/runDbClient.js";
 import { findWorkspaceConnectionByTeamId, getSlackIntegrationId, getSlackNango, updateConnectionMetadata } from "../services/nango.js";
 import { getSlackClient, getSlackUserInfo } from "../services/client.js";
-import { sendResponseUrlMessage } from "../services/events/utils.js";
 import { handleCommand } from "../services/commands/index.js";
 import { SLACK_SPAN_KEYS, SLACK_SPAN_NAMES, tracer } from "../tracer.js";
-import { handleAppMention } from "../services/events/app-mention.js";
-import { handleMessageShortcut, handleOpenAgentSelectorModal, handleOpenFollowUpModal } from "../services/events/block-actions.js";
-import { handleFollowUpSubmission, handleModalSubmission } from "../services/events/modal-submission.js";
-import "../services/events/index.js";
 import { parseSlackCommandBody, parseSlackEventBody, verifySlackRequest } from "../services/security.js";
 import "../services/index.js";
+import { dispatchSlackEvent } from "../dispatcher.js";
 import { OpenAPIHono } from "@hono/zod-openapi";
-import { deleteAllWorkAppSlackChannelAgentConfigsByTeam, deleteAllWorkAppSlackUserMappingsByTeam, deleteWorkAppSlackWorkspaceByNangoConnectionId, flushTraces, getWaitUntil } from "@inkeep/agents-core";
+import { deleteAllWorkAppSlackChannelAgentConfigsByTeam, deleteAllWorkAppSlackUserMappingsByTeam, deleteWorkAppSlackWorkspaceByNangoConnectionId, getWaitUntil } from "@inkeep/agents-core";
 import { SpanStatusCode } from "@opentelemetry/api";
 
 //#region src/slack/routes/events.ts
@@ -122,328 +118,14 @@ app.post("/events", async (c) => {
 				span.end();
 				return c.text(String(eventBody.challenge));
 			}
-			if (eventType === "event_callback") {
-				const teamId = eventBody.team_id;
-				const event = eventBody.event;
-				const innerEventType = event?.type || "unknown";
-				span.setAttribute(SLACK_SPAN_KEYS.INNER_EVENT_TYPE, innerEventType);
-				if (teamId) span.setAttribute(SLACK_SPAN_KEYS.TEAM_ID, teamId);
-				if (event?.channel) span.setAttribute(SLACK_SPAN_KEYS.CHANNEL_ID, event.channel);
-				if (event?.user) span.setAttribute(SLACK_SPAN_KEYS.USER_ID, event.user);
-				span.updateName(`${SLACK_SPAN_NAMES.WEBHOOK} event_callback.${innerEventType}`);
-				if (event?.bot_id || event?.subtype === "bot_message") {
-					outcome = "ignored_bot_message";
-					span.setAttribute(SLACK_SPAN_KEYS.IS_BOT_MESSAGE, true);
-					span.setAttribute(SLACK_SPAN_KEYS.OUTCOME, outcome);
-					logger.info({
-						botId: event.bot_id,
-						subtype: event?.subtype,
-						teamId,
-						innerEventType
-					}, "Ignoring bot message");
-					span.end();
-					return c.json({ ok: true });
-				}
-				if (event?.type === "app_mention" && event.channel && event.user && teamId) {
-					outcome = "handled";
-					span.setAttribute(SLACK_SPAN_KEYS.OUTCOME, outcome);
-					const question = (event.text || "").replace(/<@[A-Z0-9]+>/g, "").trim();
-					span.setAttribute(SLACK_SPAN_KEYS.HAS_QUERY, question.length > 0);
-					if (event.thread_ts) span.setAttribute(SLACK_SPAN_KEYS.THREAD_TS, event.thread_ts);
-					if (event.ts) span.setAttribute(SLACK_SPAN_KEYS.MESSAGE_TS, event.ts);
-					logger.info({
-						userId: event.user,
-						channel: event.channel,
-						teamId,
-						hasQuery: question.length > 0
-					}, "Handling event: app_mention");
-					const dispatchedAt = Date.now();
-					const mentionWork = handleAppMention({
-						slackUserId: event.user,
-						channel: event.channel,
-						text: question,
-						threadTs: event.thread_ts || event.ts || "",
-						messageTs: event.ts || "",
-						teamId,
-						dispatchedAt
-					}).catch((err) => {
-						const errorMessage = err instanceof Error ? err.message : String(err);
-						const errorStack = err instanceof Error ? err.stack : void 0;
-						logger.error({
-							errorMessage,
-							errorStack
-						}, "Failed to handle app mention (outer catch)");
-					}).finally(() => flushTraces());
-					if (waitUntil) {
-						waitUntil(mentionWork);
-						logger.info({
-							teamId,
-							channel: event.channel,
-							dispatchedAt
-						}, "app_mention work registered with waitUntil");
-					} else logger.warn({
-						teamId,
-						channel: event.channel,
-						dispatchedAt
-					}, "waitUntil unavailable — app_mention background work is untracked fire-and-forget");
-				} else {
-					outcome = "ignored_unknown_event";
-					span.setAttribute(SLACK_SPAN_KEYS.OUTCOME, outcome);
-					logger.info({
-						innerEventType,
-						teamId
-					}, `Ignoring unhandled event_callback: ${innerEventType}`);
-				}
-			}
-			if (eventType === "block_actions" || eventType === "interactive_message") {
-				const actions = eventBody.actions;
-				const teamId = eventBody.team?.id;
-				const responseUrl = eventBody.response_url;
-				const triggerId = eventBody.trigger_id;
-				const actionIds = actions?.map((a) => a.action_id) || [];
-				if (teamId) span.setAttribute(SLACK_SPAN_KEYS.TEAM_ID, teamId);
-				span.setAttribute(SLACK_SPAN_KEYS.ACTION_IDS, actionIds.join(","));
-				span.updateName(`${SLACK_SPAN_NAMES.WEBHOOK} ${eventType} [${actionIds.join(",")}]`);
-				if (actions && teamId) {
-					let anyHandled = false;
-					for (const action of actions) {
-						if (action.action_id === "open_agent_selector_modal" && action.value && triggerId) {
-							anyHandled = true;
-							logger.info({
-								teamId,
-								actionId: action.action_id
-							}, "Handling block_action: open_agent_selector_modal");
-							const selectorWork = handleOpenAgentSelectorModal({
-								triggerId,
-								actionValue: action.value,
-								teamId,
-								responseUrl: responseUrl || ""
-							}).catch(async (err) => {
-								const errorMessage = err instanceof Error ? err.message : String(err);
-								logger.error({
-									errorMessage,
-									actionId: action.action_id
-								}, "Failed to open agent selector modal");
-								if (responseUrl) await sendResponseUrlMessage(responseUrl, {
-									text: "Sorry, something went wrong while opening the agent selector. Please try again.",
-									response_type: "ephemeral"
-								}).catch((e) => logger.warn({ error: e }, "Failed to send error notification via response URL"));
-							}).finally(() => flushTraces());
-							if (waitUntil) waitUntil(selectorWork);
-						}
-						if (action.action_id === "modal_project_select") {
-							anyHandled = true;
-							const selectedProjectId = action.selected_option?.value;
-							const view = eventBody.view;
-							logger.info({
-								teamId,
-								actionId: action.action_id,
-								selectedProjectId
-							}, "Handling block_action: modal_project_select");
-							if (selectedProjectId && view?.id) {
-								const projectSelectWork = (async () => {
-									try {
-										const metadata = JSON.parse(view.private_metadata || "{}");
-										const tenantId = metadata.tenantId;
-										if (!tenantId) {
-											logger.warn({ teamId }, "No tenantId in modal metadata — skipping project update");
-											return;
-										}
-										const workspace = await findWorkspaceConnectionByTeamId(teamId);
-										if (!workspace?.botToken) return;
-										const slackClient = getSlackClient(workspace.botToken);
-										const { fetchProjectsForTenant, fetchAgentsForProject } = await import("../services/events/utils.js");
-										const { buildAgentSelectorModal, buildMessageShortcutModal } = await import("../services/modals.js");
-										const projectList = await fetchProjectsForTenant(tenantId);
-										const agentList = await fetchAgentsForProject(tenantId, selectedProjectId);
-										const agentOptions = agentList.map((a) => ({
-											id: a.id,
-											name: a.name,
-											projectId: a.projectId,
-											projectName: a.projectName || a.projectId
-										}));
-										const modal = metadata.messageContext ? buildMessageShortcutModal({
-											projects: projectList,
-											agents: agentOptions,
-											metadata,
-											selectedProjectId,
-											messageContext: metadata.messageContext
-										}) : buildAgentSelectorModal({
-											projects: projectList,
-											agents: agentOptions,
-											metadata,
-											selectedProjectId
-										});
-										await slackClient.views.update({
-											view_id: view.id,
-											view: modal
-										});
-										logger.debug({
-											selectedProjectId,
-											agentCount: agentList.length
-										}, "Updated modal with agents for selected project");
-									} catch (err) {
-										logger.error({
-											err,
-											selectedProjectId
-										}, "Failed to update modal on project change");
-									} finally {
-										await flushTraces();
-									}
-								})();
-								if (waitUntil) waitUntil(projectSelectWork);
-							}
-						}
-						if (action.action_id === "open_follow_up_modal" && action.value && triggerId) {
-							anyHandled = true;
-							logger.info({
-								teamId,
-								actionId: action.action_id
-							}, "Handling block_action: open_follow_up_modal");
-							const followUpModalWork = handleOpenFollowUpModal({
-								triggerId,
-								actionValue: action.value,
-								teamId,
-								responseUrl: responseUrl || void 0
-							}).catch((err) => {
-								const errorMessage = err instanceof Error ? err.message : String(err);
-								logger.error({
-									errorMessage,
-									actionId: action.action_id
-								}, "Failed to open follow-up modal");
-							}).finally(() => flushTraces());
-							if (waitUntil) waitUntil(followUpModalWork);
-						}
-					}
-					outcome = anyHandled ? "handled" : "ignored_no_action_match";
-					span.setAttribute(SLACK_SPAN_KEYS.OUTCOME, outcome);
-					if (!anyHandled) logger.info({
-						teamId,
-						actionIds,
-						eventType
-					}, "Ignoring block_actions: no matching action handlers");
-				} else {
-					outcome = "ignored_no_action_match";
-					span.setAttribute(SLACK_SPAN_KEYS.OUTCOME, outcome);
-					logger.info({
-						teamId,
-						eventType,
-						hasActions: Boolean(actions)
-					}, "Ignoring block_actions: missing actions or teamId");
-				}
-			}
-			if (eventType === "message_action") {
-				const callbackId = eventBody.callback_id;
-				span.setAttribute(SLACK_SPAN_KEYS.CALLBACK_ID, callbackId || "unknown");
-				span.updateName(`${SLACK_SPAN_NAMES.WEBHOOK} message_action.${callbackId || "unknown"}`);
-				if (callbackId === "ask_agent_shortcut") {
-					const triggerId = eventBody.trigger_id;
-					const teamId = eventBody.team?.id;
-					const channelId = eventBody.channel?.id;
-					const userId = eventBody.user?.id;
-					const message = eventBody.message;
-					const responseUrl = eventBody.response_url;
-					if (teamId) span.setAttribute(SLACK_SPAN_KEYS.TEAM_ID, teamId);
-					if (channelId) span.setAttribute(SLACK_SPAN_KEYS.CHANNEL_ID, channelId);
-					if (userId) span.setAttribute(SLACK_SPAN_KEYS.USER_ID, userId);
-					if (triggerId && teamId && channelId && userId && message?.ts) {
-						outcome = "handled";
-						span.setAttribute(SLACK_SPAN_KEYS.OUTCOME, outcome);
-						logger.info({
-							teamId,
-							channelId,
-							userId,
-							callbackId
-						}, "Handling message_action: ask_agent_shortcut");
-						const shortcutWork = handleMessageShortcut({
-							triggerId,
-							teamId,
-							channelId,
-							userId,
-							messageTs: message.ts,
-							messageText: message.text || "",
-							threadTs: message.thread_ts,
-							responseUrl
-						}).catch((err) => {
-							const errorMessage = err instanceof Error ? err.message : String(err);
-							logger.error({
-								errorMessage,
-								callbackId
-							}, "Failed to handle message shortcut");
-						}).finally(() => flushTraces());
-						if (waitUntil) waitUntil(shortcutWork);
-					} else {
-						outcome = "ignored_unknown_event";
-						span.setAttribute(SLACK_SPAN_KEYS.OUTCOME, outcome);
-						logger.info({
-							teamId,
-							channelId,
-							userId,
-							callbackId,
-							hasTriggerId: Boolean(triggerId)
-						}, "Ignoring message_action: missing required fields");
-					}
-				} else {
-					outcome = "ignored_unknown_event";
-					span.setAttribute(SLACK_SPAN_KEYS.OUTCOME, outcome);
-					logger.info({ callbackId }, `Ignoring unhandled message_action: ${callbackId}`);
-				}
-			}
-			if (eventType === "view_submission") {
-				const callbackId = eventBody.view?.callback_id;
-				span.setAttribute(SLACK_SPAN_KEYS.CALLBACK_ID, callbackId || "unknown");
-				span.updateName(`${SLACK_SPAN_NAMES.WEBHOOK} view_submission.${callbackId || "unknown"}`);
-				if (callbackId === "agent_selector_modal") {
-					const view = eventBody.view;
-					const agentSelect = view.state?.values?.agent_select_block?.agent_select;
-					if (!agentSelect?.selected_option?.value || agentSelect.selected_option.value === "none") {
-						outcome = "validation_error";
-						span.setAttribute(SLACK_SPAN_KEYS.OUTCOME, outcome);
-						logger.info({ callbackId }, "Rejecting view_submission: no agent selected");
-						span.end();
-						return c.json({
-							response_action: "errors",
-							errors: { agent_select_block: "Please select an agent. If none are available, add agents to this project in the dashboard." }
-						});
-					}
-					outcome = "handled";
-					span.setAttribute(SLACK_SPAN_KEYS.OUTCOME, outcome);
-					logger.info({ callbackId }, "Handling view_submission: agent_selector_modal");
-					const modalWork = handleModalSubmission(view).catch((err) => {
-						const errorMessage = err instanceof Error ? err.message : String(err);
-						logger.error({
-							errorMessage,
-							callbackId
-						}, "Failed to handle modal submission");
-					}).finally(() => flushTraces());
-					if (waitUntil) waitUntil(modalWork);
-					span.end();
-					return new Response(null, { status: 200 });
-				}
-				if (callbackId === "follow_up_modal") {
-					const view = eventBody.view;
-					outcome = "handled";
-					span.setAttribute(SLACK_SPAN_KEYS.OUTCOME, outcome);
-					logger.info({ callbackId }, "Handling view_submission: follow_up_modal");
-					const followUpWork = handleFollowUpSubmission(view).catch((err) => {
-						const errorMessage = err instanceof Error ? err.message : String(err);
-						logger.error({
-							errorMessage,
-							callbackId
-						}, "Failed to handle follow-up submission");
-					}).finally(() => flushTraces());
-					if (waitUntil) waitUntil(followUpWork);
-					span.end();
-					return new Response(null, { status: 200 });
-				}
-				outcome = "ignored_unknown_event";
-				span.setAttribute(SLACK_SPAN_KEYS.OUTCOME, outcome);
-				logger.info({ callbackId }, `Ignoring unhandled view_submission: ${callbackId}`);
-			}
-			if (eventType !== "event_callback" && eventType !== "block_actions" && eventType !== "interactive_message" && eventType !== "message_action" && eventType !== "view_submission") {
-				outcome = "ignored_unknown_event";
-				span.setAttribute(SLACK_SPAN_KEYS.OUTCOME, outcome);
-				logger.info({ eventType }, `Ignoring unhandled Slack event type: ${eventType}`);
+			const registerBackgroundWork = (work) => {
+				if (waitUntil) waitUntil(work);
+			};
+			const result = await dispatchSlackEvent(eventType || "", eventBody, { registerBackgroundWork }, span);
+			outcome = result.outcome;
+			if (result.response) {
+				span.end();
+				return c.json(result.response);
 			}
 			span.end();
 			return c.json({ ok: true });

package/dist/slack/routes/oauth.js

@@ -5,9 +5,10 @@ import { clearWorkspaceConnectionCache, computeWorkspaceConnectionId, deleteWork
 import { getSlackClient, getSlackTeamInfo, getSlackUserInfo } from "../services/client.js";
 import { getBotTokenForTeam, setBotTokenForTeam } from "../services/workspace-tokens.js";
 import "../services/index.js";
-import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { OpenAPIHono, z } from "@hono/zod-openapi";
 import { createWorkAppSlackWorkspace } from "@inkeep/agents-core";
 import * as crypto$1 from "node:crypto";
+import { createProtectedRoute, noAuth } from "@inkeep/agents-core/middleware";
 
 //#region src/slack/routes/oauth.ts
 /**
@@ -70,7 +71,7 @@ function parseOAuthState(stateStr) {
 	}
 }
 const app = new OpenAPIHono();
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/install",
 	summary: "Install Slack App",
@@ -81,6 +82,7 @@ app.openapi(createRoute({
 		"Slack",
 		"OAuth"
 	],
+	permission: noAuth(),
 	request: { query: z.object({ tenant_id: z.string().optional() }) },
 	responses: { 302: { description: "Redirect to Slack OAuth" } }
 }), (c) => {
@@ -115,7 +117,7 @@ app.openapi(createRoute({
 	}, "Redirecting to Slack OAuth");
 	return c.redirect(slackAuthUrl.toString());
 });
-app.openapi(createRoute({
+app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/oauth_redirect",
 	summary: "Slack OAuth Callback",
@@ -126,6 +128,7 @@ app.openapi(createRoute({
 		"Slack",
 		"OAuth"
 	],
+	permission: noAuth(),
 	request: { query: z.object({
 		code: z.string().optional(),
 		error: z.string().optional(),