@keystrokehq/cli 0.0.53 → 0.0.55

package/dist/{emit-route-manifest-DRcNXHCP-CSOVo0UZ.mjs → emit-route-manifest-DRcNXHCP-CuH5IaKl.mjs}

@@ -1,12 +1,11 @@
 #!/usr/bin/env node
-import { a as __toESM, i as __require, r as __exportAll$1, t as __commonJSMin } from "./chunk-lXUa1qmO.mjs";
 import { a as createSession$1, c as isCredentialError$1, d as withSpan$1, i as captureConsole$1, l as listMessageEvents$1, m as ZodIssueCode, n as appendEvent$1, o as getSession$1, p as defineCredential, r as buildCredentialRunContext$1, s as getTraceContext$1, t as MESSAGE_EVENT_TYPE$3, u as touchSession$1 } from "./dist-CXHSlVhd-CTQzOALD.mjs";
-import { $ as getTableUniqueName, $t as _enum, A as applyMixins, At as TriggerListResponseSchema, B as Param, Bt as WorkflowSubscriptionListResponseSchema, C as PgJsonb, Cn as url$2, Ct as PollRunRequestSchema, D as PgDate, Dt as QueuedAgentPromptResponseSchema, E as integer$1, En as toJSONSchema, Et as PromptResponseSchema, F as isConfig, Ft as UpsertGatewayAttachmentBodySchema, G as fillPlaceholders, Gt as parsePollRunRequest, H as SQL, Ht as credentialInputSchema, I as mapResultRow, It as UpsertWorkflowSubscriptionBodySchema, J as sql, Jt as parseWorkflowRunDetailInclude, K as isDriverValueEncoder, Kt as parsePromptInput, L as mapUpdateSet, Lt as WorkflowRunDetailResponseSchema, M as getTableColumns, Mt as TriggerRunListQuerySchema, N as getTableLikeName, Nt as TriggerRunListResponseSchema, O as PgDateString, Ot as SkipResponseSchema, P as haveSameKeys, Pt as UpdateCredentialInstanceBodySchema, Q as getTableName, Qt as ZodType, R as orderSelectedFields, Rt as WorkflowRunListQuerySchema, S as PgNumeric, Sn as unknown$1, St as GatewayAttachmentRecordSchema, T as PgJson, Tn as datetime, Tt as PromptInputSchema, U as StringChunk, Ut as normalizeCredentialList, V as Placeholder, Vt as WorkflowSubscriptionRecordSchema, W as View, Wt as parseAgentSessionDetailInclude, X as Schema, Y as Columns, Yt as validationErrorResponse, Z as Table$1, Zt as number$1, _ as PgTimestamp, _n as optional, _t as CredentialInstanceListResponseSchema, a as entryIdFromFile, an as boolean, at as PgColumn, b as PgTime, bn as string$2, bt as ErrorResponseSchema, c as authSessions, cn as discriminatedUnion, ct as Column, d as users, dt as AgentListResponseSchema, en as _function, et as ViewBaseConfig, f as index$2, fn as literal, ft as AgentSessionDetailResponseSchema, g as PgUUID, gn as object, gt as CreateCredentialInstanceBodySchema, h as pgTable, hn as number, ht as CREDENTIAL_SCOPE_LEVEL_TO_SCOPE_TYPE, i as resolveSandboxRoot, in as array, it as pgEnum, j as getColumnNameAndConfig, jt as TriggerRunDetailResponseSchema, k as boolean$1, kn as NEVER, kt as TriggerDetailResponseSchema, l as authVerifications, lt as entityKind, m as PgTable, mt as AgentSessionListResponseSchema, n as ensureWorkspaceDir, nt as Subquery, o as authAccounts, on as custom, ot as TableName, p as uniqueIndex$1, pn as looseObject, pt as AgentSessionListQuerySchema, q as isSQLWrapper, qt as parseTriggerRunDetailInclude, r as materializeSandbox, rn as any, rt as WithSubquery, s as authDeviceCodes, st as ColumnBuilder, t as SandboxDefinitionSchema, tn as _null, tt as tracer, u as getDbFromContext$1, un as intersection, ut as is, v as PgTimestampString, vn as preprocess$1, vt as CredentialInstanceRecordSchema, w as jsonb, wn as ZodError, wt as PollRunResponseSchema, x as text$6, xn as union$2, xt as GatewayAttachmentListResponseSchema, y as timestamp, yn as record, yt as DISCOVERY_CONVENTIONS, z as textDecoder, zt as WorkflowRunListResponseSchema } from "./index.mjs";
-import "./env-api-keys-CjsGqLnm.mjs";
+import { $ as getTableUniqueName, $t as _enum, A as applyMixins, An as __commonJSMin, At as TriggerListResponseSchema, B as Param, Bt as WorkflowSubscriptionListResponseSchema, C as PgJsonb, Cn as url$2, Ct as PollRunRequestSchema, D as PgDate, Dt as QueuedAgentPromptResponseSchema, E as integer$1, En as toJSONSchema, Et as PromptResponseSchema, F as isConfig, Ft as UpsertGatewayAttachmentBodySchema, G as fillPlaceholders, Gt as parsePollRunRequest, H as SQL, Ht as credentialInputSchema, I as mapResultRow, It as UpsertWorkflowSubscriptionBodySchema, J as sql, Jt as parseWorkflowRunDetailInclude, K as isDriverValueEncoder, Kt as parsePromptInput, L as mapUpdateSet, Lt as WorkflowRunDetailResponseSchema, M as getTableColumns, Mn as __exportAll$1, Mt as TriggerRunListQuerySchema, N as getTableLikeName, Nn as __require, Nt as TriggerRunListResponseSchema, O as PgDateString, Ot as SkipResponseSchema, P as haveSameKeys, Pn as __toESM, Pt as UpdateCredentialInstanceBodySchema, Q as getTableName, Qt as ZodType, R as orderSelectedFields, Rt as WorkflowRunListQuerySchema, S as PgNumeric, Sn as unknown$1, St as GatewayAttachmentRecordSchema, T as PgJson, Tn as datetime, Tt as PromptInputSchema, U as StringChunk, Ut as normalizeCredentialList, V as Placeholder, Vt as WorkflowSubscriptionRecordSchema, W as View, Wt as parseAgentSessionDetailInclude, X as Schema, Y as Columns, Yt as validationErrorResponse, Z as Table$1, Zt as number$1, _ as PgTimestamp, _n as optional, _t as CredentialInstanceListResponseSchema, a as entryIdFromFile, an as boolean, at as PgColumn, b as PgTime, bn as string$2, bt as ErrorResponseSchema, c as authSessions, cn as discriminatedUnion, ct as Column, d as users, dt as AgentListResponseSchema, en as _function, et as ViewBaseConfig, f as index$2, fn as literal, ft as AgentSessionDetailResponseSchema, g as PgUUID, gn as object, gt as CreateCredentialInstanceBodySchema, h as pgTable, hn as number, ht as CREDENTIAL_SCOPE_LEVEL_TO_SCOPE_TYPE, i as resolveSandboxRoot, in as array, it as pgEnum, j as getColumnNameAndConfig, jt as TriggerRunDetailResponseSchema, k as boolean$1, kn as NEVER, kt as TriggerDetailResponseSchema, l as authVerifications, lt as entityKind, m as PgTable, mt as AgentSessionListResponseSchema, n as ensureWorkspaceDir, nt as Subquery, o as authAccounts, on as custom, ot as TableName, p as uniqueIndex$1, pn as looseObject, pt as AgentSessionListQuerySchema, q as isSQLWrapper, qt as parseTriggerRunDetailInclude, r as materializeSandbox, rn as any, rt as WithSubquery, s as authDeviceCodes, st as ColumnBuilder, t as SandboxDefinitionSchema, tn as _null, tt as tracer, u as getDbFromContext$1, un as intersection, ut as is, v as PgTimestampString, vn as preprocess$1, vt as CredentialInstanceRecordSchema, w as jsonb, wn as ZodError, wt as PollRunResponseSchema, x as text$6, xn as union$2, xt as GatewayAttachmentListResponseSchema, y as timestamp, yn as record, yt as DISCOVERY_CONVENTIONS, z as textDecoder, zt as WorkflowRunListResponseSchema } from "./index.mjs";
+import "./env-api-keys-Dj0phNAZ.mjs";
 import { t as AssistantMessageEventStream } from "./event-stream-FOdgPz2L.mjs";
-import "./json-parse-4wvL0yab.mjs";
-import { a as require_extension, c as require_permessage_deflate, i as require_websocket, l as require_extend, n as require_subprotocol, o as require_sender, r as require_stream, s as require_receiver, t as require_websocket_server, u as require_p_retry } from "./websocket-server-DBCa1Df9.mjs";
-import { t as require_src$2 } from "./src-DuFA6S6A.mjs";
+import "./json-parse-D7gmIw6y.mjs";
+import { a as require_extension, c as require_permessage_deflate, i as require_websocket, l as require_extend, n as require_subprotocol, o as require_sender, r as require_stream, s as require_receiver, t as require_websocket_server, u as require_p_retry } from "./websocket-server-m6wiYSFm.mjs";
+import { t as require_src$2 } from "./src-CO4ATuDw.mjs";
 import "./chunk-BZUGFHVS-CPWRFwK8.mjs";
 import "./chunk-DLL7UR66-BUYgzxnR.mjs";
 import "./chunk-TN7HHBQW-CSB_R-XD.mjs";
@@ -5169,15 +5168,15 @@ var tt = [
 	},
 	{
 		name: "cat",
-		load: async () => (await import("./cat-TSFMZVYS-BfwZOafs.mjs")).catCommand
+		load: async () => (await import("./cat-TSFMZVYS-BUlDi5Qf.mjs")).catCommand
 	},
 	{
 		name: "printf",
-		load: async () => (await import("./printf-TWGXF445-BcIEiMjE.mjs")).printfCommand
+		load: async () => (await import("./printf-TWGXF445-CtbOGcY-.mjs")).printfCommand
 	},
 	{
 		name: "ls",
-		load: async () => (await import("./ls-ZJGQER7M-C_1bAeGq.mjs")).lsCommand
+		load: async () => (await import("./ls-ZJGQER7M-CvMghjGY.mjs")).lsCommand
 	},
 	{
 		name: "mkdir",
@@ -5229,7 +5228,7 @@ var tt = [
 	},
 	{
 		name: "wc",
-		load: async () => (await import("./wc-LF7NU4LA-BWoItyXd.mjs")).wcCommand
+		load: async () => (await import("./wc-LF7NU4LA-CsPoPEAk.mjs")).wcCommand
 	},
 	{
 		name: "stat",
@@ -5261,11 +5260,11 @@ var tt = [
 	},
 	{
 		name: "sort",
-		load: async () => (await import("./sort-SW2YEO5B-D08jaQ5v.mjs")).sortCommand
+		load: async () => (await import("./sort-SW2YEO5B-BT2dtrqE.mjs")).sortCommand
 	},
 	{
 		name: "uniq",
-		load: async () => (await import("./uniq-XSIZR6PB-BA-vRB1O.mjs")).uniqCommand
+		load: async () => (await import("./uniq-XSIZR6PB-ERG9Mu92.mjs")).uniqCommand
 	},
 	{
 		name: "comm",
@@ -5273,7 +5272,7 @@ var tt = [
 	},
 	{
 		name: "cut",
-		load: async () => (await import("./cut-OKARJCCV-Cm3OStWG.mjs")).cutCommand
+		load: async () => (await import("./cut-OKARJCCV-p9v-ig7a.mjs")).cutCommand
 	},
 	{
 		name: "paste",
@@ -5337,11 +5336,11 @@ var tt = [
 	},
 	{
 		name: "tree",
-		load: async () => (await import("./tree-YLD52CNT-DiHyiFBi.mjs")).treeCommand
+		load: async () => (await import("./tree-YLD52CNT-CFtEJCzO.mjs")).treeCommand
 	},
 	{
 		name: "du",
-		load: async () => (await import("./du-572XNP42-DeJ11TW7.mjs")).duCommand
+		load: async () => (await import("./du-572XNP42-Br0wC4cR.mjs")).duCommand
 	},
 	{
 		name: "env",
@@ -5389,7 +5388,7 @@ var tt = [
 	},
 	{
 		name: "jq",
-		load: async () => (await import("./jq-4XLYLOS5-DrYXLsYH.mjs")).jqCommand
+		load: async () => (await import("./jq-4XLYLOS5-KSRW1t5y.mjs")).jqCommand
 	},
 	{
 		name: "base64",
@@ -5441,7 +5440,7 @@ var tt = [
 	},
 	{
 		name: "html-to-markdown",
-		load: async () => (await import("./html-to-markdown-JW4MSQZO-CvfnlE0t.mjs")).htmlToMarkdownCommand
+		load: async () => (await import("./html-to-markdown-JW4MSQZO-CL7jZmA2.mjs")).htmlToMarkdownCommand
 	},
 	{
 		name: "help",
@@ -5482,16 +5481,16 @@ var tt = [
 ];
 (typeof __BROWSER__ > "u" || !__BROWSER__) && (tt.push({
 	name: "tar",
-	load: async () => (await import("./tar-STHHZTZ6-C7-gpnmi.mjs")).tarCommand
+	load: async () => (await import("./tar-STHHZTZ6-Cy8WppFl.mjs")).tarCommand
 }), tt.push({
 	name: "yq",
 	load: async () => (await import("./yq-4QJW3EQG-XhB3aACo.mjs")).yqCommand
 }), tt.push({
 	name: "xan",
-	load: async () => (await import("./xan-Y6WF3IRG-BilR2MsH.mjs")).xanCommand
+	load: async () => (await import("./xan-Y6WF3IRG-ovCpFLkA.mjs")).xanCommand
 }), tt.push({
 	name: "sqlite3",
-	load: async () => (await import("./sqlite3-CGOEFJAO-DVuaAgm0.mjs")).sqlite3Command
+	load: async () => (await import("./sqlite3-CGOEFJAO-DKaf3b_T.mjs")).sqlite3Command
 }));
 var Yt = [];
 (typeof __BROWSER__ > "u" || !__BROWSER__) && (Yt.push({
@@ -23347,7 +23346,7 @@ function createLazyLoadErrorImages$1(model, error) {
 	};
 }
 function loadOpenRouterImagesProviderModule$1() {
-	openRouterImagesProviderModulePromise$1 ||= import("./openrouter-Cq37VS4X.mjs").then((module) => module);
+	openRouterImagesProviderModulePromise$1 ||= import("./openrouter-BD82J9ov.mjs").then((module) => module);
 	return openRouterImagesProviderModulePromise$1;
 }
 const generateImagesOpenRouter$1 = async (model, context, options) => {
@@ -23451,7 +23450,7 @@ function createLazySimpleStream$1(loadModule) {
 	};
 }
 function loadAnthropicProviderModule$1() {
-	anthropicProviderModulePromise$1 ||= import("./anthropic-BW7tKfye.mjs").then((module) => {
+	anthropicProviderModulePromise$1 ||= import("./anthropic-OIjNEgxk.mjs").then((module) => {
 		const provider = module;
 		return {
 			stream: provider.streamAnthropic,
@@ -23461,7 +23460,7 @@ function loadAnthropicProviderModule$1() {
 	return anthropicProviderModulePromise$1;
 }
 function loadAzureOpenAIResponsesProviderModule$1() {
-	azureOpenAIResponsesProviderModulePromise$1 ||= import("./azure-openai-responses-CbpqfHpG.mjs").then((module) => {
+	azureOpenAIResponsesProviderModulePromise$1 ||= import("./azure-openai-responses-J2iGyy4d.mjs").then((module) => {
 		const provider = module;
 		return {
 			stream: provider.streamAzureOpenAIResponses,
@@ -23471,7 +23470,7 @@ function loadAzureOpenAIResponsesProviderModule$1() {
 	return azureOpenAIResponsesProviderModulePromise$1;
 }
 function loadGoogleProviderModule$1() {
-	googleProviderModulePromise$1 ||= import("./google-B3pBIkED.mjs").then((module) => {
+	googleProviderModulePromise$1 ||= import("./google-CZqUzYLL.mjs").then((module) => {
 		const provider = module;
 		return {
 			stream: provider.streamGoogle,
@@ -23481,7 +23480,7 @@ function loadGoogleProviderModule$1() {
 	return googleProviderModulePromise$1;
 }
 function loadGoogleVertexProviderModule$1() {
-	googleVertexProviderModulePromise$1 ||= import("./google-vertex-CK79qwUV.mjs").then((module) => {
+	googleVertexProviderModulePromise$1 ||= import("./google-vertex-BM9RkknB.mjs").then((module) => {
 		const provider = module;
 		return {
 			stream: provider.streamGoogleVertex,
@@ -23491,7 +23490,7 @@ function loadGoogleVertexProviderModule$1() {
 	return googleVertexProviderModulePromise$1;
 }
 function loadMistralProviderModule$1() {
-	mistralProviderModulePromise$1 ||= import("./mistral-CO6JoIDU.mjs").then((module) => {
+	mistralProviderModulePromise$1 ||= import("./mistral-BMK3QxKa.mjs").then((module) => {
 		const provider = module;
 		return {
 			stream: provider.streamMistral,
@@ -23501,7 +23500,7 @@ function loadMistralProviderModule$1() {
 	return mistralProviderModulePromise$1;
 }
 function loadOpenAICodexResponsesProviderModule$1() {
-	openAICodexResponsesProviderModulePromise$1 ||= import("./openai-codex-responses-BsV2OXkO.mjs").then((module) => {
+	openAICodexResponsesProviderModulePromise$1 ||= import("./openai-codex-responses-FPOFDQCI.mjs").then((module) => {
 		const provider = module;
 		return {
 			stream: provider.streamOpenAICodexResponses,
@@ -23511,7 +23510,7 @@ function loadOpenAICodexResponsesProviderModule$1() {
 	return openAICodexResponsesProviderModulePromise$1;
 }
 function loadOpenAICompletionsProviderModule$1() {
-	openAICompletionsProviderModulePromise$1 ||= import("./openai-completions-DtKMQJXz.mjs").then((module) => {
+	openAICompletionsProviderModulePromise$1 ||= import("./openai-completions-DaFkurXZ.mjs").then((module) => {
 		const provider = module;
 		return {
 			stream: provider.streamOpenAICompletions,
@@ -23521,7 +23520,7 @@ function loadOpenAICompletionsProviderModule$1() {
 	return openAICompletionsProviderModulePromise$1;
 }
 function loadOpenAIResponsesProviderModule$1() {
-	openAIResponsesProviderModulePromise$1 ||= import("./openai-responses-Dn8IOWpx.mjs").then((module) => {
+	openAIResponsesProviderModulePromise$1 ||= import("./openai-responses-DjcjpFVd.mjs").then((module) => {
 		const provider = module;
 		return {
 			stream: provider.streamOpenAIResponses,
@@ -47335,10 +47334,6 @@ function wrapScheduler(jobQueue) {
 async function createScheduler(options = {}) {
 	return wrapScheduler(await createUnderlyingJobQueue(options));
 }
-defineCredential({
-	key: "google",
-	kind: "oauth"
-});
 //#endregion
 //#region ../../packages/oauth/dist/index.mjs
 function oauthRoutes(key, options = {}) {
@@ -47545,7 +47540,7 @@ function parseGrantedScopes(scope, options = {}) {
 	return options.fallback ? [...options.fallback] : [];
 }
 //#endregion
-//#region ../../packages/integrations/google/dist/index.mjs
+//#region ../../packages/integrations/google/dist/provider-BcVUhsgN.mjs
 function googleNotConfiguredResponse() {
 	return {
 		error: "google_not_configured",
@@ -47718,10 +47713,190 @@ const googleOAuthProvider = defineOAuthProvider({
 	},
 	refreshAccessToken: refreshGoogleAccessToken
 });
+defineCredential({
+	key: "google",
+	kind: "oauth"
+});
 googleOAuthProvider.routes.start;
 googleOAuthProvider.routes.authorizeUrl;
 googleOAuthProvider.routes.callback;
 //#endregion
+//#region ../../packages/integrations/slack/dist/provider-D51h-OH1.mjs
+function slackNotConfiguredResponse() {
+	return {
+		error: "slack_not_configured",
+		message: "Slack OAuth is not configured. Install via the UI or seed oauth_apps."
+	};
+}
+const LOG_PREFIX = "[slack]";
+function envValue(name) {
+	return process.env[name]?.trim() || void 0;
+}
+function missingSlackAppEnv(options) {
+	return [
+		!options.clientId ? "SLACK_CLIENT_ID" : null,
+		!options.clientSecret ? "SLACK_CLIENT_SECRET" : null,
+		!options.signingSecret ? "SLACK_SIGNING_SECRET" : null
+	].filter((name) => name !== null);
+}
+async function fetchSlackTeamId(botToken, fetchImpl) {
+	const body = await (await fetchImpl("https://slack.com/api/auth.test", {
+		method: "POST",
+		headers: {
+			Authorization: `Bearer ${botToken}`,
+			"Content-Type": "application/x-www-form-urlencoded"
+		}
+	})).json();
+	if (!body.ok || !body.team_id) throw new Error(body.error ?? "Slack auth.test failed");
+	return {
+		teamId: body.team_id,
+		teamName: body.team,
+		botUserId: body.user_id
+	};
+}
+async function seedSlackOAuthFromEnv(options = {}) {
+	const fetchImpl = options.fetchImpl ?? fetch;
+	const clientId = envValue("SLACK_CLIENT_ID");
+	const clientSecret = envValue("SLACK_CLIENT_SECRET");
+	const signingSecret = envValue("SLACK_SIGNING_SECRET");
+	const botToken = envValue("SLACK_BOT_TOKEN");
+	const hasAppEnv = Boolean(clientId && clientSecret && signingSecret);
+	const hasPartialAppEnv = Boolean(clientId || clientSecret || signingSecret);
+	let appId;
+	if (hasAppEnv) {
+		const app = await ensureOAuthApp({
+			key: SLACK_OAUTH_APP_KEY,
+			provider: SLACK_OAUTH_APP_KEY,
+			tokenStrategy: "installation",
+			clientId,
+			clientSecret,
+			signingSecret,
+			metadata: { appName: "Slack" }
+		});
+		appId = app.id;
+		if (app.updated) console.log(`${LOG_PREFIX} Updated oauth_apps from env`);
+	} else if (hasPartialAppEnv) {
+		const missing = missingSlackAppEnv({
+			clientId,
+			clientSecret,
+			signingSecret
+		});
+		console.warn(`${LOG_PREFIX} Incomplete Slack OAuth env — missing ${missing.join(", ")}. Skipping oauth_apps seed.`);
+	}
+	if (!appId) {
+		appId = (await getDecryptedOAuthAppByKey(SLACK_OAUTH_APP_KEY))?.id;
+		if (!appId && !botToken) console.warn(`${LOG_PREFIX} Slack OAuth not configured — install routes and gateway will fail until configured.`);
+	}
+	if (!appId || !botToken) return;
+	try {
+		const team = await fetchSlackTeamId(botToken, fetchImpl);
+		const existingConnection = (await getDecryptedOAuthConnectionsByAppKey(SLACK_OAUTH_APP_KEY)).find((connection) => connection.externalId === team.teamId);
+		await ensureOAuthCredentialInstance({
+			credentialKey: SLACK_OAUTH_APP_KEY,
+			connectionId: await saveOAuthConnection({
+				appId,
+				externalId: team.teamId,
+				accessToken: botToken,
+				metadata: {
+					teamName: team.teamName,
+					botUserId: team.botUserId
+				}
+			})
+		});
+		if (existingConnection && existingConnection.accessToken !== botToken) console.log(`${LOG_PREFIX} Updated Slack bot token connection from SLACK_BOT_TOKEN`);
+	} catch (error) {
+		console.warn(`${LOG_PREFIX} Failed to seed Slack bot token from SLACK_BOT_TOKEN:`, error instanceof Error ? error.message : error);
+	}
+}
+const SLACK_OAUTH_SCOPES = [
+	"chat:write",
+	"app_mentions:read",
+	"im:history",
+	"im:write",
+	"channels:history",
+	"groups:history",
+	"users:read",
+	"users:read.email"
+];
+const SLACK_OAUTH_SCOPE = SLACK_OAUTH_SCOPES.join(",");
+const SLACK_OAUTH_APP_KEY = "slack";
+/**
+* Slack OAuth provider — mount handlers from `slackOAuthProvider.handlers` in the plugin.
+*
+* Requires an authenticated session to start the install (a workspace bot token is
+* org-scoped, so we gate who can install it but do not track which user ran connect).
+*/
+const slackOAuthProvider = defineOAuthProvider({
+	key: SLACK_OAUTH_APP_KEY,
+	stateCookie: "slack_oauth_state",
+	requiresAuth: true,
+	authorizeUrlPath: true,
+	async resolveApp() {
+		await seedSlackOAuthFromEnv();
+		const app = await getDecryptedOAuthAppByKey(SLACK_OAUTH_APP_KEY);
+		if (!app) return null;
+		return {
+			id: app.id,
+			clientId: app.clientId,
+			clientSecret: app.clientSecret,
+			redirectUri: app.redirectUri
+		};
+	},
+	notConfigured: slackNotConfiguredResponse,
+	buildAuthorizeUrl({ app, redirectUri, state }) {
+		const authorizeUrl = new URL("https://slack.com/oauth/v2/authorize");
+		authorizeUrl.searchParams.set("client_id", app.clientId);
+		authorizeUrl.searchParams.set("scope", SLACK_OAUTH_SCOPE);
+		authorizeUrl.searchParams.set("redirect_uri", redirectUri);
+		authorizeUrl.searchParams.set("state", state);
+		return authorizeUrl.toString();
+	},
+	async exchange({ app, redirectUri, code }) {
+		const body = new URLSearchParams({
+			client_id: app.clientId,
+			client_secret: app.clientSecret,
+			code,
+			redirect_uri: redirectUri
+		});
+		const payload = await (await fetch("https://slack.com/api/oauth.v2.access", {
+			method: "POST",
+			headers: { "Content-Type": "application/x-www-form-urlencoded" },
+			body
+		})).json();
+		if (!payload.ok || !payload.access_token || !payload.team?.id) throw new Error(payload.error ?? "Slack OAuth token exchange failed.");
+		return {
+			externalId: payload.team.id,
+			accessToken: payload.access_token,
+			grantedScopes: parseGrantedScopes(payload.scope, {
+				delimiter: "comma",
+				fallback: SLACK_OAUTH_SCOPES
+			}),
+			metadata: {
+				teamName: payload.team.name,
+				botUserId: payload.bot_user_id,
+				enterpriseId: payload.enterprise?.id
+			}
+		};
+	},
+	async persist({ app, result }) {
+		await ensureOAuthCredentialInstance({
+			credentialKey: SLACK_OAUTH_APP_KEY,
+			connectionId: await saveOAuthConnection({
+				appId: app.id,
+				externalId: result.externalId,
+				accessToken: result.accessToken,
+				grantedScopes: [...result.grantedScopes],
+				metadata: result.metadata
+			})
+		});
+		return {
+			status: "installed",
+			teamId: result.externalId,
+			teamName: result.metadata?.teamName ?? null
+		};
+	}
+});
+//#endregion
 //#region ../../node_modules/.pnpm/@slack+web-api@7.16.0/node_modules/@slack/web-api/dist/errors.js
 var require_errors$2 = /* @__PURE__ */ __commonJSMin(((exports) => {
 	Object.defineProperty(exports, "__esModule", { value: true });
@@ -104973,180 +105148,6 @@ var SessionAgentMismatchError = class extends Error {
 };
 //#endregion
 //#region ../../packages/integrations/slack/dist/index.mjs
-function slackNotConfiguredResponse() {
-	return {
-		error: "slack_not_configured",
-		message: "Slack OAuth is not configured. Install via the UI or seed oauth_apps."
-	};
-}
-const LOG_PREFIX = "[slack]";
-function envValue(name) {
-	return process.env[name]?.trim() || void 0;
-}
-function missingSlackAppEnv(options) {
-	return [
-		!options.clientId ? "SLACK_CLIENT_ID" : null,
-		!options.clientSecret ? "SLACK_CLIENT_SECRET" : null,
-		!options.signingSecret ? "SLACK_SIGNING_SECRET" : null
-	].filter((name) => name !== null);
-}
-async function fetchSlackTeamId(botToken, fetchImpl) {
-	const body = await (await fetchImpl("https://slack.com/api/auth.test", {
-		method: "POST",
-		headers: {
-			Authorization: `Bearer ${botToken}`,
-			"Content-Type": "application/x-www-form-urlencoded"
-		}
-	})).json();
-	if (!body.ok || !body.team_id) throw new Error(body.error ?? "Slack auth.test failed");
-	return {
-		teamId: body.team_id,
-		teamName: body.team,
-		botUserId: body.user_id
-	};
-}
-async function seedSlackOAuthFromEnv(options = {}) {
-	const fetchImpl = options.fetchImpl ?? fetch;
-	const clientId = envValue("SLACK_CLIENT_ID");
-	const clientSecret = envValue("SLACK_CLIENT_SECRET");
-	const signingSecret = envValue("SLACK_SIGNING_SECRET");
-	const botToken = envValue("SLACK_BOT_TOKEN");
-	const hasAppEnv = Boolean(clientId && clientSecret && signingSecret);
-	const hasPartialAppEnv = Boolean(clientId || clientSecret || signingSecret);
-	let appId;
-	if (hasAppEnv) {
-		const app = await ensureOAuthApp({
-			key: SLACK_OAUTH_APP_KEY,
-			provider: SLACK_OAUTH_APP_KEY,
-			tokenStrategy: "installation",
-			clientId,
-			clientSecret,
-			signingSecret,
-			metadata: { appName: "Slack" }
-		});
-		appId = app.id;
-		if (app.updated) console.log(`${LOG_PREFIX} Updated oauth_apps from env`);
-	} else if (hasPartialAppEnv) {
-		const missing = missingSlackAppEnv({
-			clientId,
-			clientSecret,
-			signingSecret
-		});
-		console.warn(`${LOG_PREFIX} Incomplete Slack OAuth env — missing ${missing.join(", ")}. Skipping oauth_apps seed.`);
-	}
-	if (!appId) {
-		appId = (await getDecryptedOAuthAppByKey(SLACK_OAUTH_APP_KEY))?.id;
-		if (!appId && !botToken) console.warn(`${LOG_PREFIX} Slack OAuth not configured — install routes and gateway will fail until configured.`);
-	}
-	if (!appId || !botToken) return;
-	try {
-		const team = await fetchSlackTeamId(botToken, fetchImpl);
-		const existingConnection = (await getDecryptedOAuthConnectionsByAppKey(SLACK_OAUTH_APP_KEY)).find((connection) => connection.externalId === team.teamId);
-		await ensureOAuthCredentialInstance({
-			credentialKey: SLACK_OAUTH_APP_KEY,
-			connectionId: await saveOAuthConnection({
-				appId,
-				externalId: team.teamId,
-				accessToken: botToken,
-				metadata: {
-					teamName: team.teamName,
-					botUserId: team.botUserId
-				}
-			})
-		});
-		if (existingConnection && existingConnection.accessToken !== botToken) console.log(`${LOG_PREFIX} Updated Slack bot token connection from SLACK_BOT_TOKEN`);
-	} catch (error) {
-		console.warn(`${LOG_PREFIX} Failed to seed Slack bot token from SLACK_BOT_TOKEN:`, error instanceof Error ? error.message : error);
-	}
-}
-const SLACK_OAUTH_SCOPES = [
-	"chat:write",
-	"app_mentions:read",
-	"im:history",
-	"im:write",
-	"channels:history",
-	"groups:history",
-	"users:read",
-	"users:read.email"
-];
-const SLACK_OAUTH_SCOPE = SLACK_OAUTH_SCOPES.join(",");
-const SLACK_OAUTH_APP_KEY = "slack";
-/**
-* Slack OAuth provider — mount handlers from `slackOAuthProvider.handlers` in the plugin.
-*
-* Requires an authenticated session to start the install (a workspace bot token is
-* org-scoped, so we gate who can install it but do not track which user ran connect).
-*/
-const slackOAuthProvider = defineOAuthProvider({
-	key: SLACK_OAUTH_APP_KEY,
-	stateCookie: "slack_oauth_state",
-	requiresAuth: true,
-	authorizeUrlPath: true,
-	async resolveApp() {
-		await seedSlackOAuthFromEnv();
-		const app = await getDecryptedOAuthAppByKey(SLACK_OAUTH_APP_KEY);
-		if (!app) return null;
-		return {
-			id: app.id,
-			clientId: app.clientId,
-			clientSecret: app.clientSecret,
-			redirectUri: app.redirectUri
-		};
-	},
-	notConfigured: slackNotConfiguredResponse,
-	buildAuthorizeUrl({ app, redirectUri, state }) {
-		const authorizeUrl = new URL("https://slack.com/oauth/v2/authorize");
-		authorizeUrl.searchParams.set("client_id", app.clientId);
-		authorizeUrl.searchParams.set("scope", SLACK_OAUTH_SCOPE);
-		authorizeUrl.searchParams.set("redirect_uri", redirectUri);
-		authorizeUrl.searchParams.set("state", state);
-		return authorizeUrl.toString();
-	},
-	async exchange({ app, redirectUri, code }) {
-		const body = new URLSearchParams({
-			client_id: app.clientId,
-			client_secret: app.clientSecret,
-			code,
-			redirect_uri: redirectUri
-		});
-		const payload = await (await fetch("https://slack.com/api/oauth.v2.access", {
-			method: "POST",
-			headers: { "Content-Type": "application/x-www-form-urlencoded" },
-			body
-		})).json();
-		if (!payload.ok || !payload.access_token || !payload.team?.id) throw new Error(payload.error ?? "Slack OAuth token exchange failed.");
-		return {
-			externalId: payload.team.id,
-			accessToken: payload.access_token,
-			grantedScopes: parseGrantedScopes(payload.scope, {
-				delimiter: "comma",
-				fallback: SLACK_OAUTH_SCOPES
-			}),
-			metadata: {
-				teamName: payload.team.name,
-				botUserId: payload.bot_user_id,
-				enterpriseId: payload.enterprise?.id
-			}
-		};
-	},
-	async persist({ app, result }) {
-		await ensureOAuthCredentialInstance({
-			credentialKey: SLACK_OAUTH_APP_KEY,
-			connectionId: await saveOAuthConnection({
-				appId: app.id,
-				externalId: result.externalId,
-				accessToken: result.accessToken,
-				grantedScopes: [...result.grantedScopes],
-				metadata: result.metadata
-			})
-		});
-		return {
-			status: "installed",
-			teamId: result.externalId,
-			teamName: result.metadata?.teamName ?? null
-		};
-	}
-});
 async function resolveSlackBotUserIdFromDb(credentialKey) {
 	const connections = await getDecryptedOAuthConnectionsByAppKey(credentialKey);
 	if (connections.length !== 1) return null;
@@ -108121,4 +108122,4 @@ async function emitRouteManifest(root) {
 //#endregion
 export { emitRouteManifest };
 
-//# sourceMappingURL=emit-route-manifest-DRcNXHCP-CSOVo0UZ.mjs.map
+//# sourceMappingURL=emit-route-manifest-DRcNXHCP-CuH5IaKl.mjs.map