@inkeep/agents-work-apps 0.73.3 → 0.73.5

package/dist/github/index.d.ts

@@ -4,10 +4,10 @@ import "./routes/setup.js";
 import "./routes/tokenExchange.js";
 import { WebhookVerificationResult, verifyWebhookSignature } from "./routes/webhooks.js";
 import { Hono } from "hono";
-import * as hono_types6 from "hono/types";
+import * as hono_types0 from "hono/types";
 
 //#region src/github/index.d.ts
-declare function createGithubRoutes(): Hono<hono_types6.BlankEnv, hono_types6.BlankSchema, "/">;
-declare const githubRoutes: Hono<hono_types6.BlankEnv, hono_types6.BlankSchema, "/">;
+declare function createGithubRoutes(): Hono<hono_types0.BlankEnv, hono_types0.BlankSchema, "/">;
+declare const githubRoutes: Hono<hono_types0.BlankEnv, hono_types0.BlankSchema, "/">;
 //#endregion
 export { GenerateInstallationAccessTokenResult, GenerateTokenError, GenerateTokenResult, GitHubAppConfig, InstallationAccessToken, InstallationInfo, LookupInstallationError, LookupInstallationForRepoResult, LookupInstallationResult, WebhookVerificationResult, clearConfigCache, createAppJwt, createGithubRoutes, determineStatus, fetchInstallationDetails, fetchInstallationRepositories, generateInstallationAccessToken, getGitHubAppConfig, getGitHubAppName, getStateSigningSecret, getWebhookSecret, githubRoutes, isGitHubAppConfigured, isGitHubAppNameConfigured, isStateSigningConfigured, isWebhookConfigured, lookupInstallationForRepo, validateGitHubAppConfigOnStartup, validateGitHubInstallFlowConfigOnStartup, validateGitHubWebhookConfigOnStartup, verifyWebhookSignature };

package/dist/github/mcp/auth.d.ts

@@ -1,7 +1,7 @@
-import * as hono2 from "hono";
+import * as hono0 from "hono";
 
 //#region src/github/mcp/auth.d.ts
-declare const githubMcpAuth: () => hono2.MiddlewareHandler<{
+declare const githubMcpAuth: () => hono0.MiddlewareHandler<{
   Variables: {
     toolId: string;
     tenantId: string;

package/dist/github/mcp/index.d.ts

@@ -1,5 +1,5 @@
 import { Hono } from "hono";
-import * as hono_types10 from "hono/types";
+import * as hono_types3 from "hono/types";
 
 //#region src/github/mcp/index.d.ts
 declare const app: Hono<{
@@ -8,6 +8,6 @@ declare const app: Hono<{
     tenantId: string;
     projectId: string;
   };
-}, hono_types10.BlankSchema, "/">;
+}, hono_types3.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/github/routes/setup.d.ts

@@ -1,7 +1,7 @@
 import { Hono } from "hono";
-import * as hono_types0 from "hono/types";
+import * as hono_types4 from "hono/types";
 
 //#region src/github/routes/setup.d.ts
-declare const app: Hono<hono_types0.BlankEnv, hono_types0.BlankSchema, "/">;
+declare const app: Hono<hono_types4.BlankEnv, hono_types4.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/github/routes/tokenExchange.d.ts

@@ -1,7 +1,7 @@
 import { Hono } from "hono";
-import * as hono_types1 from "hono/types";
+import * as hono_types6 from "hono/types";
 
 //#region src/github/routes/tokenExchange.d.ts
-declare const app: Hono<hono_types1.BlankEnv, hono_types1.BlankSchema, "/">;
+declare const app: Hono<hono_types6.BlankEnv, hono_types6.BlankSchema, "/">;
 //#endregion
 export { app as default };

package/dist/github/routes/webhooks.d.ts

@@ -1,5 +1,5 @@
 import { Hono } from "hono";
-import * as hono_types3 from "hono/types";
+import * as hono_types8 from "hono/types";
 
 //#region src/github/routes/webhooks.d.ts
 interface WebhookVerificationResult {
@@ -7,6 +7,6 @@ interface WebhookVerificationResult {
   error?: string;
 }
 declare function verifyWebhookSignature(payload: string, signature: string | undefined, secret: string): WebhookVerificationResult;
-declare const app: Hono<hono_types3.BlankEnv, hono_types3.BlankSchema, "/">;
+declare const app: Hono<hono_types8.BlankEnv, hono_types8.BlankSchema, "/">;
 //#endregion
 export { WebhookVerificationResult, app as default, verifyWebhookSignature };

package/dist/slack/mcp/auth.d.ts

@@ -1,7 +1,7 @@
-import * as hono0 from "hono";
+import * as hono2 from "hono";
 
 //#region src/slack/mcp/auth.d.ts
-declare const slackMcpAuth: () => hono0.MiddlewareHandler<{
+declare const slackMcpAuth: () => hono2.MiddlewareHandler<{
   Variables: {
     toolId: string;
     tenantId: string;

package/dist/slack/mcp/index.d.ts

@@ -1,5 +1,5 @@
 import { Hono } from "hono";
-import * as hono_types5 from "hono/types";
+import * as hono_types10 from "hono/types";
 
 //#region src/slack/mcp/index.d.ts
 interface ChannelInfo {
@@ -18,6 +18,6 @@ declare const app: Hono<{
     tenantId: string;
     projectId: string;
   };
-}, hono_types5.BlankSchema, "/">;
+}, hono_types10.BlankSchema, "/">;
 //#endregion
 export { ChannelInfo, app as default, pruneStaleChannelIds };

package/dist/slack/routes/oauth.d.ts

@@ -8,14 +8,15 @@ import { OpenAPIHono } from "@hono/zod-openapi";
 interface OAuthState {
   nonce: string;
   tenantId?: string;
+  projectId?: string;
   timestamp: number;
 }
 declare function getStateSigningSecret(): string;
-declare function createOAuthState(tenantId?: string): string;
+declare function createOAuthState(tenantId?: string, projectId?: string): string;
 declare function parseOAuthState(stateStr: string): OAuthState | null;
-declare function sanitizeTenantId(raw: string): string;
+declare function sanitizeId(raw: string): string;
 declare const app: OpenAPIHono<{
   Variables: WorkAppsVariables;
 }, {}, "/">;
 //#endregion
-export { createOAuthState, app as default, getBotTokenForTeam, getStateSigningSecret, parseOAuthState, sanitizeTenantId, setBotTokenForTeam };
+export { createOAuthState, app as default, getBotTokenForTeam, getStateSigningSecret, parseOAuthState, sanitizeId, setBotTokenForTeam };

package/dist/slack/routes/oauth.js

@@ -31,10 +31,11 @@ function getStateSigningSecret() {
 	}
 	return secret;
 }
-function createOAuthState(tenantId) {
+function createOAuthState(tenantId, projectId) {
 	const state = {
 		nonce: crypto$1.randomBytes(16).toString("hex"),
 		tenantId: tenantId || "",
+		projectId: projectId || "",
 		timestamp: Date.now()
 	};
 	const data = Buffer.from(JSON.stringify(state)).toString("base64url");
@@ -71,7 +72,7 @@ function parseOAuthState(stateStr) {
 		return null;
 	}
 }
-function sanitizeTenantId(raw) {
+function sanitizeId(raw) {
 	return /^[a-zA-Z0-9_-]+$/.test(raw) ? raw : "";
 }
 const app = new OpenAPIHono();
@@ -79,7 +80,7 @@ app.openapi(createProtectedRoute({
 	method: "get",
 	path: "/install",
 	summary: "Install Slack App",
-	description: "Redirects to Slack OAuth page for workspace installation",
+	description: "Redirects to Slack OAuth page for workspace installation. Pass include_webhook=true to additionally request the incoming-webhook scope (shows channel picker for webhook URL).",
 	operationId: "slack-install",
 	tags: [
 		"Work Apps",
@@ -87,21 +88,27 @@ app.openapi(createProtectedRoute({
 		"OAuth"
 	],
 	permission: noAuth(),
-	request: { query: z.object({ tenant_id: z.string().optional() }) },
+	request: { query: z.object({
+		tenant_id: z.string().optional(),
+		project_id: z.string().optional(),
+		include_webhook: z.string().optional()
+	}) },
 	responses: { 302: { description: "Redirect to Slack OAuth" } }
 }), (c) => {
-	const { tenant_id: tenantId } = c.req.valid("query");
+	const { tenant_id: tenantId, project_id: projectId, include_webhook: includeWebhook } = c.req.valid("query");
 	const clientId = env.SLACK_CLIENT_ID;
 	const redirectUri = `${env.SLACK_APP_URL}/work-apps/slack/oauth_redirect`;
-	const state = createOAuthState(tenantId);
+	const state = createOAuthState(tenantId, projectId);
+	const scope = includeWebhook === "true" ? `${BOT_SCOPES_CSV},incoming-webhook` : BOT_SCOPES_CSV;
 	const slackAuthUrl = new URL("https://slack.com/oauth/v2/authorize");
 	slackAuthUrl.searchParams.set("client_id", clientId || "");
-	slackAuthUrl.searchParams.set("scope", BOT_SCOPES_CSV);
+	slackAuthUrl.searchParams.set("scope", scope);
 	slackAuthUrl.searchParams.set("redirect_uri", redirectUri);
 	slackAuthUrl.searchParams.set("state", state);
 	logger.info({
 		redirectUri,
-		tenantId: tenantId || ""
+		tenantId: tenantId || "",
+		includeWebhook: includeWebhook === "true"
 	}, "Redirecting to Slack OAuth");
 	return c.redirect(slackAuthUrl.toString());
 });
@@ -127,7 +134,7 @@ app.openapi(createProtectedRoute({
 	const { code, error, state: stateParam } = c.req.valid("query");
 	const parsedState = stateParam ? parseOAuthState(stateParam) : null;
 	const rawTenantId = parsedState?.tenantId || "";
-	const tenantId = sanitizeTenantId(rawTenantId);
+	const tenantId = sanitizeId(rawTenantId);
 	if (rawTenantId && !tenantId) logger.warn({ rawTenantId: rawTenantId.slice(0, 50) }, "Rejected invalid tenantId from OAuth state");
 	const dashboardUrl = `${manageUiUrl}/${tenantId}/work-apps/slack`;
 	if (!stateParam || !parsedState) {
@@ -302,6 +309,33 @@ app.openapi(createProtectedRoute({
 			teamId: workspaceData.teamId,
 			teamName: workspaceData.teamName
 		}, "Slack workspace installation successful");
+		if (tokenData.incoming_webhook?.url) {
+			const webhookUrl = tokenData.incoming_webhook.url;
+			if (!webhookUrl.startsWith("https://hooks.slack.com/")) logger.warn({ prefix: webhookUrl.slice(0, 60) }, "Unexpected incoming_webhook URL prefix, skipping form redirect");
+			else {
+				const rawProjectId = parsedState.projectId || "";
+				const stateProjectId = sanitizeId(rawProjectId);
+				if (rawProjectId && !stateProjectId) logger.warn({ rawProjectId: rawProjectId.slice(0, 50) }, "Rejected invalid projectId from OAuth state");
+				if (!tenantId || !stateProjectId) {
+					logger.warn({
+						tenantId,
+						projectId: stateProjectId
+					}, "Incoming webhook received but missing tenantId or projectId for redirect");
+					return c.redirect(`${dashboardUrl}?error=missing_project_context`);
+				}
+				try {
+					const newWebhookFormUrl = new URL(`${manageUiUrl}/${tenantId}/projects/${stateProjectId}/webhook-destinations/new`);
+					newWebhookFormUrl.searchParams.set("url", webhookUrl);
+					logger.info({
+						teamId: workspaceData.teamId,
+						channel: tokenData.incoming_webhook.channel
+					}, "Incoming webhook URL received, redirecting to webhook form");
+					return c.redirect(newWebhookFormUrl.toString());
+				} catch (err) {
+					logger.error({ err }, "Failed to build webhook form URL after successful install");
+				}
+			}
+		}
 		const safeWorkspaceData = {
 			ok: workspaceData.ok,
 			teamId: workspaceData.teamId,
@@ -332,4 +366,4 @@ app.openapi(createProtectedRoute({
 var oauth_default = app;
 
 //#endregion
-export { createOAuthState, oauth_default as default, getBotTokenForTeam, getStateSigningSecret, parseOAuthState, sanitizeTenantId, setBotTokenForTeam };
+export { createOAuthState, oauth_default as default, getBotTokenForTeam, getStateSigningSecret, parseOAuthState, sanitizeId, setBotTokenForTeam };

package/dist/slack/services/link-prompt.d.ts

@@ -1,5 +1,5 @@
 import { SlackLinkIntent } from "@inkeep/agents-core";
-import * as slack_block_builder7 from "slack-block-builder";
+import * as slack_block_builder0 from "slack-block-builder";
 
 //#region src/slack/services/link-prompt.d.ts
 type LinkPromptResult = {
@@ -22,6 +22,6 @@ interface ResolveLinkActionParams {
   intent?: SlackLinkIntent;
 }
 declare function resolveUnlinkedUserAction(params: ResolveLinkActionParams): Promise<LinkPromptResult>;
-declare function buildLinkPromptMessage(result: LinkPromptResult): Readonly<slack_block_builder7.SlackMessageDto>;
+declare function buildLinkPromptMessage(result: LinkPromptResult): Readonly<slack_block_builder0.SlackMessageDto>;
 //#endregion
 export { LinkPromptResult, ResolveLinkActionParams, buildLinkPromptMessage, resolveUnlinkedUserAction };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inkeep/agents-work-apps",
-  "version": "0.73.3",
+  "version": "0.73.5",
   "description": "First party integrations for Inkeep Agents",
   "type": "module",
   "license": "SEE LICENSE IN LICENSE.md",
@@ -35,7 +35,7 @@
     "minimatch": "^10.2.1",
     "oxfmt": "^0.42.0",
     "slack-block-builder": "^2.8.0",
-    "@inkeep/agents-core": "0.73.3"
+    "@inkeep/agents-core": "0.73.5"
   },
   "peerDependencies": {
     "@hono/zod-openapi": "^1.1.5",