@sena-ai/platform-core 1.4.0

package/dist/web/setup.js

@@ -0,0 +1,208 @@
+import { Hono } from 'hono';
+import { getCookie } from 'hono/cookie';
+import { parseSessionCookieValue } from '../auth/session.js';
+const DEFAULT_WORKSPACE_ADMIN_CONFIG_ID = 'default';
+export function createSetupPage(workspaceAdminConfig, vault) {
+    const app = new Hono();
+    app.get('/setup', async (c) => {
+        const access = await getSetupAccess(workspaceAdminConfig, vault, getCookie(c, 'sena_session') ?? null);
+        if (!access.allowed) {
+            return c.redirect('/auth/login');
+        }
+        const origin = new URL(c.req.url).origin;
+        const redirectUrl = `${origin}/auth/callback`;
+        const currentClientId = access.currentConfig?.slackClientId ?? '';
+        return c.html(`<!DOCTYPE html>
+<html lang="ko">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>초기 설정 - Sena Platform</title>
+  <script src="https://cdn.tailwindcss.com"></script>
+  <style>
+    body { font-family: 'Pretendard', -apple-system, BlinkMacSystemFont, system-ui, sans-serif; }
+  </style>
+</head>
+<body class="bg-gray-50 min-h-screen flex items-center justify-center">
+  <main class="w-full max-w-lg px-4">
+    <div class="bg-white rounded-xl shadow-sm border border-gray-200 p-8">
+      <div class="text-center mb-6">
+        <h1 class="text-2xl font-bold text-gray-900">Sena Platform 초기 설정</h1>
+        <p class="text-gray-500 text-sm mt-2">플랫폼 접근을 Slack 로그인으로 보호하려면 로그인 앱 정보를 먼저 넣어야 해요.</p>
+      </div>
+
+      <div class="mb-6 p-4 bg-blue-50 border border-blue-200 rounded-lg">
+        <h3 class="text-sm font-semibold text-blue-800 mb-2">Slack 로그인 앱 준비</h3>
+        <ol class="text-sm text-blue-700 space-y-1 list-decimal list-inside">
+          <li><a href="https://api.slack.com/apps" target="_blank" rel="noopener" class="underline">api.slack.com/apps</a>에서 로그인용 Slack 앱을 만드세요.</li>
+          <li>OAuth &amp; Permissions → Redirect URL에 아래 값을 추가하세요.<br>
+            <code class="bg-blue-100 px-1 py-0.5 rounded text-xs">${redirectUrl}</code>
+          </li>
+          <li>OpenID Connect scopes로 <code class="bg-blue-100 px-1 py-0.5 rounded text-xs">openid, profile, email</code> 을 추가하세요.</li>
+          <li>Basic Information에서 Client ID / Client Secret을 복사하세요.</li>
+        </ol>
+      </div>
+
+      <form id="setup-form" class="space-y-5">
+        <div>
+          <label for="slack-client-id" class="block text-sm font-medium text-gray-700 mb-1">Slack Login App Client ID <span class="text-red-500">*</span></label>
+          <input type="text" id="slack-client-id" name="slackClientId" required
+                 placeholder="1234567890.1234567890"
+                 value="${escapeHtml(currentClientId)}"
+                 class="w-full px-3 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-indigo-500 focus:border-indigo-500 outline-none">
+        </div>
+
+        <div>
+          <label for="slack-client-secret" class="block text-sm font-medium text-gray-700 mb-1">Slack Login App Client Secret <span class="text-red-500">*</span></label>
+          <input type="password" id="slack-client-secret" name="slackClientSecret" required
+                 placeholder="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+                 class="w-full px-3 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-indigo-500 focus:border-indigo-500 outline-none">
+        </div>
+
+        <div id="setup-msg" class="hidden p-3 rounded-lg text-sm"></div>
+
+        <button type="submit" id="setup-btn"
+                class="w-full py-2.5 bg-indigo-600 text-white font-medium rounded-lg hover:bg-indigo-700 transition-colors disabled:opacity-50 disabled:cursor-not-allowed">
+          저장하고 Slack 로그인 연결하기
+        </button>
+      </form>
+    </div>
+  </main>
+
+  <script>
+    document.getElementById('setup-form').addEventListener('submit', async function (event) {
+      event.preventDefault();
+      const button = document.getElementById('setup-btn');
+      const message = document.getElementById('setup-msg');
+      button.disabled = true;
+      button.textContent = '저장 중...';
+      message.classList.add('hidden');
+
+      try {
+        const payload = {
+          slackClientId: document.getElementById('slack-client-id').value.trim(),
+          slackClientSecret: document.getElementById('slack-client-secret').value.trim(),
+        };
+
+        if (!payload.slackClientId || !payload.slackClientSecret) {
+          throw new Error('Client ID와 Client Secret을 모두 입력해주세요.');
+        }
+
+        const response = await fetch('/api/setup', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify(payload),
+        });
+        const data = await response.json();
+        if (!response.ok || !data.ok) {
+          throw new Error(data.error || '설정 저장에 실패했습니다.');
+        }
+
+        window.location.href = data.redirectTo || '/auth/login';
+      } catch (error) {
+        message.className = 'p-3 rounded-lg text-sm bg-red-50 border border-red-200 text-red-700';
+        message.textContent = error.message;
+        message.classList.remove('hidden');
+        button.disabled = false;
+        button.textContent = '저장하고 Slack 로그인 연결하기';
+      }
+    });
+  </script>
+</body>
+</html>`);
+    });
+    app.post('/api/setup', async (c) => {
+        const access = await getSetupAccess(workspaceAdminConfig, vault, getCookie(c, 'sena_session') ?? null);
+        if (!access.allowed) {
+            return c.json({ error: '이미 설정된 워크스페이스라 Slack 로그인 후에만 수정할 수 있어요.' }, 401);
+        }
+        const body = await c.req.json();
+        const slackClientId = (body.slackClientId ?? '').trim();
+        const slackClientSecret = (body.slackClientSecret ?? '').trim();
+        if (!slackClientId || !slackClientSecret) {
+            return c.json({ error: 'slackClientId와 slackClientSecret은 필수예요.' }, 400);
+        }
+        const targetWorkspaceId = access.session?.user.slackTeamId ?? DEFAULT_WORKSPACE_ADMIN_CONFIG_ID;
+        const existing = (await workspaceAdminConfig.findByWorkspaceId(targetWorkspaceId)) ??
+            (targetWorkspaceId !== DEFAULT_WORKSPACE_ADMIN_CONFIG_ID
+                ? await workspaceAdminConfig.findByWorkspaceId(DEFAULT_WORKSPACE_ADMIN_CONFIG_ID)
+                : null);
+        await workspaceAdminConfig.upsert({
+            workspaceId: targetWorkspaceId,
+            slackClientId,
+            slackClientSecretEnc: await vault.encrypt(slackClientSecret),
+            dCookieEnc: existing?.dCookieEnc ?? null,
+            xoxcTokenEnc: existing?.xoxcTokenEnc ?? null,
+            workspaceDomain: existing?.workspaceDomain ?? null,
+            updatedByUserId: access.session?.user.slackUserId ?? existing?.updatedByUserId ?? null,
+        });
+        return c.json({
+            ok: true,
+            redirectTo: access.session ? '/' : '/auth/login',
+        });
+    });
+    return app;
+}
+async function getSetupAccess(workspaceAdminConfig, vault, rawSession) {
+    const configuredConfigs = await listConfiguredSlackLoginConfigs(workspaceAdminConfig);
+    const configuredTeamIds = configuredConfigs
+        .map((config) => config.workspaceId)
+        .filter((workspaceId) => workspaceId !== DEFAULT_WORKSPACE_ADMIN_CONFIG_ID);
+    if (configuredConfigs.length === 0) {
+        return {
+            allowed: true,
+            session: null,
+            currentConfig: null,
+        };
+    }
+    const session = rawSession
+        ? await parseSessionCookieValue(vault, rawSession)
+        : null;
+    if (!session) {
+        return {
+            allowed: false,
+            session: null,
+            currentConfig: null,
+        };
+    }
+    if (configuredTeamIds.length > 0 &&
+        !configuredTeamIds.includes(session.user.slackTeamId)) {
+        return {
+            allowed: false,
+            session,
+            currentConfig: null,
+        };
+    }
+    const currentConfig = configuredConfigs.find((config) => config.workspaceId === session.user.slackTeamId) ?? configuredConfigs[0];
+    return {
+        allowed: true,
+        session,
+        currentConfig,
+    };
+}
+async function listConfiguredSlackLoginConfigs(workspaceAdminConfig) {
+    const configs = await workspaceAdminConfig.findAll();
+    return configs.filter((config) => typeof config.slackClientId === 'string' &&
+        config.slackClientId.trim().length > 0 &&
+        typeof config.slackClientSecretEnc === 'string' &&
+        config.slackClientSecretEnc.length > 0);
+}
+function escapeHtml(value) {
+    return value.replace(/[&<>"']/g, (char) => {
+        switch (char) {
+            case '&':
+                return '&amp;';
+            case '<':
+                return '&lt;';
+            case '>':
+                return '&gt;';
+            case '"':
+                return '&quot;';
+            case "'":
+                return '&#39;';
+            default:
+                return char;
+        }
+    });
+}
+//# sourceMappingURL=setup.js.map

package/dist/web/setup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup.js","sourceRoot":"","sources":["../../src/web/setup.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAC3B,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAGvC,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAA;AAE5D,MAAM,iCAAiC,GAAG,SAAS,CAAA;AAEnD,MAAM,UAAU,eAAe,CAC7B,oBAAoD,EACpD,KAAY;IAEZ,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;IAEtB,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC5B,MAAM,MAAM,GAAG,MAAM,cAAc,CACjC,oBAAoB,EACpB,KAAK,EACL,SAAS,CAAC,CAAC,EAAE,cAAc,CAAC,IAAI,IAAI,CACrC,CAAA;QACD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAA;QAClC,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,CAAA;QACxC,MAAM,WAAW,GAAG,GAAG,MAAM,gBAAgB,CAAA;QAC7C,MAAM,eAAe,GAAG,MAAM,CAAC,aAAa,EAAE,aAAa,IAAI,EAAE,CAAA;QAEjE,OAAO,CAAC,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;;;;;oEAwBkD,WAAW;;;;;;;;;;;;0BAYrD,UAAU,CAAC,eAAe,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QA6D7C,CAAC,CAAA;IACP,CAAC,CAAC,CAAA;IAEF,GAAG,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACjC,MAAM,MAAM,GAAG,MAAM,cAAc,CACjC,oBAAoB,EACpB,KAAK,EACL,SAAS,CAAC,CAAC,EAAE,cAAc,CAAC,IAAI,IAAI,CACrC,CAAA;QACD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,CAAC,IAAI,CACX,EAAE,KAAK,EAAE,yCAAyC,EAAE,EACpD,GAAG,CACJ,CAAA;QACH,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,EAGzB,CAAA;QAEJ,MAAM,aAAa,GAAG,CAAC,IAAI,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;QACvD,MAAM,iBAAiB,GAAG,CAAC,IAAI,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;QAC/D,IAAI,CAAC,aAAa,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACzC,OAAO,CAAC,CAAC,IAAI,CACX,EAAE,KAAK,EAAE,yCAAyC,EAAE,EACpD,GAAG,CACJ,CAAA;QACH,CAAC;QAED,MAAM,iBAAiB,GACrB,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,WAAW,IAAI,iCAAiC,CAAA;QACvE,MAAM,QAAQ,GACZ,CAAC,MAAM,oBAAoB,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,CAAC;YACjE,CAAC,iBAAiB,KAAK,iCAAiC;gBACtD,CAAC,CAAC,MAAM,oBAAoB,CAAC,iBAAiB,CAC1C,iCAAiC,CAClC;gBACH,CAAC,CAAC,IAAI,CAAC,CAAA;QAEX,MAAM,oBAAoB,CAAC,MAAM,CAAC;YAChC,WAAW,EAAE,iBAAiB;YAC9B,aAAa;YACb,oBAAoB,EAAE,MAAM,KAAK,CAAC,OAAO,CAAC,iBAAiB,CAAC;YAC5D,UAAU,EAAE,QAAQ,EAAE,UAAU,IAAI,IAAI;YACxC,YAAY,EAAE,QAAQ,EAAE,YAAY,IAAI,IAAI;YAC5C,eAAe,EAAE,QAAQ,EAAE,eAAe,IAAI,IAAI;YAClD,eAAe,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,WAAW,IAAI,QAAQ,EAAE,eAAe,IAAI,IAAI;SACvF,CAAC,CAAA;QAEF,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,IAAI;YACR,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,aAAa;SACjD,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,oBAAoD,EACpD,KAAY,EACZ,UAAyB;IAEzB,MAAM,iBAAiB,GAAG,MAAM,+BAA+B,CAC7D,oBAAoB,CACrB,CAAA;IACD,MAAM,iBAAiB,GAAG,iBAAiB;SACxC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC;SACnC,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,WAAW,KAAK,iCAAiC,CAAC,CAAA;IAE7E,IAAI,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,IAAI;YACb,aAAa,EAAE,IAAI;SACpB,CAAA;IACH,CAAC;IAED,MAAM,OAAO,GAAG,UAAU;QACxB,CAAC,CAAC,MAAM,uBAAuB,CAAC,KAAK,EAAE,UAAU,CAAC;QAClD,CAAC,CAAC,IAAI,CAAA;IAER,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,IAAI;YACb,aAAa,EAAE,IAAI;SACpB,CAAA;IACH,CAAC;IAED,IACE,iBAAiB,CAAC,MAAM,GAAG,CAAC;QAC5B,CAAC,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EACrD,CAAC;QACD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO;YACP,aAAa,EAAE,IAAI;SACpB,CAAA;IACH,CAAC;IAED,MAAM,aAAa,GACjB,iBAAiB,CAAC,IAAI,CACpB,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,WAAW,KAAK,OAAO,CAAC,IAAI,CAAC,WAAW,CAC5D,IAAI,iBAAiB,CAAC,CAAC,CAAC,CAAA;IAE3B,OAAO;QACL,OAAO,EAAE,IAAI;QACb,OAAO;QACP,aAAa;KACd,CAAA;AACH,CAAC;AAED,KAAK,UAAU,+BAA+B,CAC5C,oBAAoD;IAEpD,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,OAAO,EAAE,CAAA;IACpD,OAAO,OAAO,CAAC,MAAM,CACnB,CAAC,MAAM,EAAE,EAAE,CACT,OAAO,MAAM,CAAC,aAAa,KAAK,QAAQ;QACxC,MAAM,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;QACtC,OAAO,MAAM,CAAC,oBAAoB,KAAK,QAAQ;QAC/C,MAAM,CAAC,oBAAoB,CAAC,MAAM,GAAG,CAAC,CACzC,CAAA;AACH,CAAC;AAED,SAAS,UAAU,CAAC,KAAa;IAC/B,OAAO,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;QACxC,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,GAAG;gBACN,OAAO,OAAO,CAAA;YAChB,KAAK,GAAG;gBACN,OAAO,MAAM,CAAA;YACf,KAAK,GAAG;gBACN,OAAO,MAAM,CAAA;YACf,KAAK,GAAG;gBACN,OAAO,QAAQ,CAAA;YACjB,KAAK,GAAG;gBACN,OAAO,OAAO,CAAA;YAChB;gBACE,OAAO,IAAI,CAAA;QACf,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC"}

package/package.json

@@ -0,0 +1,46 @@
+{
+  "name": "@sena-ai/platform-core",
+  "version": "1.4.0",
+  "type": "module",
+  "exports": {
+    ".": "./src/index.ts",
+    "./db/mysql": "./src/db/mysql/index.ts",
+    "./db/postgresql": "./src/db/postgresql/index.ts",
+    "./db/d1": "./src/db/d1/index.ts",
+    "./node": "./src/runtime/node/index.ts",
+    "./cf": "./src/runtime/cf/index.ts"
+  },
+  "dependencies": {
+    "hono": "^4.7.4"
+  },
+  "peerDependencies": {
+    "drizzle-orm": ">=0.38.0",
+    "mysql2": ">=3.0.0",
+    "postgres": ">=3.0.0"
+  },
+  "peerDependenciesMeta": {
+    "drizzle-orm": {
+      "optional": true
+    },
+    "mysql2": {
+      "optional": true
+    },
+    "postgres": {
+      "optional": true
+    }
+  },
+  "devDependencies": {
+    "@cloudflare/workers-types": "^4.20250321.0",
+    "@types/node": "^22.12.0",
+    "@types/uuid": "^10.0.0",
+    "drizzle-orm": "^0.38.4",
+    "mysql2": "^3.12.0",
+    "postgres": "^3.4.5",
+    "typescript": "^5.8.0",
+    "uuid": "^11.1.0"
+  },
+  "scripts": {
+    "build": "tsc -b",
+    "typecheck": "tsc --noEmit"
+  }
+}

package/src/app.ts

@@ -0,0 +1,221 @@
+import { Hono } from 'hono'
+import { logger } from 'hono/logger'
+import type { Platform, AppConfig } from './types/platform.js'
+import { createApiProxy } from './relay/api-proxy.js'
+import { createSlackEventsHandler } from './slack/events.js'
+import { createOAuthHandler } from './slack/oauth.js'
+import { createProvisioner, type Provisioner } from './slack/provisioner.js'
+import { createAuthHandler, createAuthMiddleware } from './auth/handler.js'
+import { createWebApi } from './web/api.js'
+import { createPages } from './web/pages.js'
+import { createSetupPage } from './web/setup.js'
+
+export interface CreateAppResult {
+  app: Hono
+  provisioner: Provisioner
+}
+
+/**
+ * Create the main Hono application with all routes wired up.
+ * Works in both Node.js and CF Workers environments.
+ */
+function generateInstallScript(): string {
+  return `#!/bin/sh
+set -e
+
+# sena-ai bot bootstrap script
+# Usage: curl -fsSL <platform-url>/install.sh | sh -s -- --name "봇이름" --bot-username "lily-bot" --connect-key "cpk_..." --platform-url "https://..."
+
+BOT_NAME=""
+BOT_USERNAME=""
+CONNECT_KEY=""
+PLATFORM_URL=""
+
+while [ \$# -gt 0 ]; do
+  case "\$1" in
+    --name) BOT_NAME="\$2"; shift 2;;
+    --bot-username) BOT_USERNAME="\$2"; shift 2;;
+    --connect-key) CONNECT_KEY="\$2"; shift 2;;
+    --platform-url) PLATFORM_URL="\$2"; shift 2;;
+    *) echo "Unknown option: \$1"; exit 1;;
+  esac
+done
+
+if [ -z "\$BOT_NAME" ] || [ -z "\$BOT_USERNAME" ] || [ -z "\$CONNECT_KEY" ] || [ -z "\$PLATFORM_URL" ]; then
+  echo "Error: --name, --bot-username, --connect-key, --platform-url are all required."
+  exit 1
+fi
+
+DIR_NAME="\$BOT_USERNAME"
+
+echo "🤖 Setting up bot: \$BOT_NAME"
+echo "   Directory: ./\$DIR_NAME"
+echo ""
+
+# Download template from GitHub
+echo "📦 Downloading bot template..."
+TMPDIR_DL=\$(mktemp -d)
+curl -fsSL https://github.com/unlimiting-studio/sena-ai/archive/refs/heads/main.tar.gz -o "\$TMPDIR_DL/repo.tar.gz"
+tar xzf "\$TMPDIR_DL/repo.tar.gz" -C "\$TMPDIR_DL"
+
+# Copy template directory
+cp -r "\$TMPDIR_DL/sena-ai-main/templates/bot-starter" "\$DIR_NAME"
+rm -rf "\$TMPDIR_DL"
+
+cd "\$DIR_NAME"
+
+# Escape special characters for sed replacement
+escape_sed() {
+  printf '%s' "\$1" | sed 's/[&/\\]/\\&/g'
+}
+
+# Customize package.json name
+ESCAPED_DIR=\$(escape_sed "\$DIR_NAME")
+sed -i.bak "s/\\"sena-bot\\"/\\"\$ESCAPED_DIR\\"/" package.json && rm -f package.json.bak
+
+# Replace bot name placeholder in sena.config.ts
+ESCAPED_NAME=\$(escape_sed "\$BOT_NAME")
+sed -i.bak "s/%%BOT_NAME%%/\$ESCAPED_NAME/" sena.config.ts && rm -f sena.config.ts.bak
+
+# Create .env from template
+ESCAPED_KEY=\$(escape_sed "\$CONNECT_KEY")
+sed -e "s/%%CONNECT_KEY%%/\$ESCAPED_KEY/" -e "s|%%PLATFORM_URL%%|\$PLATFORM_URL|" .env.template > .env
+rm -f .env.template
+
+echo ""
+echo "✅ Bot scaffolding complete!"
+echo ""
+echo "Next steps:"
+echo "  cd \$DIR_NAME"
+echo "  pnpm install"
+echo "  npx sena start"
+echo ""
+`
+}
+
+export function createApp(
+  platform: Platform,
+  config: AppConfig,
+): CreateAppResult {
+  const app = new Hono()
+  app.use('*', logger())
+
+  const provisioner = createProvisioner(
+    platform.bots,
+    platform.configTokens,
+    platform.vault,
+    config.platformBaseUrl,
+  )
+
+  const authMiddleware = createAuthMiddleware(
+    platform.workspaceAdminConfig,
+    platform.vault,
+  )
+
+  // Serve bootstrap script at /install.sh
+  app.get('/install.sh', (c) => {
+    c.header('Content-Type', 'text/plain; charset=utf-8')
+    return c.body(generateInstallScript())
+  })
+
+  // Health check
+  app.get('/health', (c) =>
+    c.json({
+      ok: true,
+      connectedBots: platform.relay.connectedBots().length,
+      ts: new Date().toISOString(),
+    }),
+  )
+
+  // SSE/WebSocket relay stream endpoint
+  app.get('/relay/stream', async (c) => {
+    const connectKey =
+      c.req.header('x-connect-key') || c.req.query('connect_key')
+    if (!connectKey) {
+      return c.json({ error: 'missing connect_key' }, 401)
+    }
+
+    const bot = await platform.bots.findByConnectKeyAndStatus(
+      connectKey,
+      'active',
+    )
+    if (!bot) {
+      return c.json({ error: 'invalid connect_key or bot not active' }, 401)
+    }
+
+    return platform.relay.handleStream(c, bot.id, connectKey)
+  })
+
+  // Slack API proxy
+  app.route('/', createApiProxy(platform.bots, platform.vault))
+
+  // Slack events
+  app.route(
+    '/',
+    createSlackEventsHandler(
+      platform.bots,
+      platform.vault,
+      platform.relay,
+      platform.crypto,
+    ),
+  )
+
+  // Bot installation OAuth
+  app.route(
+    '/',
+    createOAuthHandler(
+      platform.bots,
+      platform.vault,
+      platform.crypto,
+      platform.oauthStates,
+    ),
+  )
+
+  // Slack login setup + auth
+  app.route('/', createSetupPage(platform.workspaceAdminConfig, platform.vault))
+  app.route(
+    '/',
+    createAuthHandler(
+      platform.workspaceAdminConfig,
+      platform.oauthStates,
+      platform.crypto,
+      platform.vault,
+      { platformBaseUrl: config.platformBaseUrl },
+    ),
+  )
+
+  // Protect all subsequent web/API/admin routes.
+  app.use('/', authMiddleware.requireAuth)
+  app.use('/bots/*', authMiddleware.requireAuth)
+  app.use('/api/*', authMiddleware.requireAuth)
+  app.use('/admin/*', authMiddleware.requireAuth)
+
+  // Web API
+  app.route(
+    '/',
+    createWebApi(
+      platform.bots,
+      provisioner,
+      platform.crypto,
+      config.workspaceId,
+    ),
+  )
+
+  // Web UI pages
+  app.route('/', createPages(platform.bots, config.platformBaseUrl))
+
+  // Admin endpoints
+  app.get('/admin/bots', async (c) => {
+    const allBots = await platform.bots.findAllSummary()
+    return c.json({ bots: allBots })
+  })
+
+  app.get('/admin/connections', (c) => {
+    return c.json({
+      connected: platform.relay.connectedBots(),
+      count: platform.relay.connectedBots().length,
+    })
+  })
+
+  return { app, provisioner }
+}