npm - @sena-ai/platform-core - Versions diffs - 1.4.0 - Mend

@sena-ai/platform-core 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (158) hide show

package/dist/app.d.ts +9 -0
package/dist/app.d.ts.map +1 -0
package/dist/app.js +147 -0
package/dist/app.js.map +1 -0
package/dist/auth/handler.d.ts +19 -0
package/dist/auth/handler.d.ts.map +1 -0
package/dist/auth/handler.js +213 -0
package/dist/auth/handler.js.map +1 -0
package/dist/auth/session.d.ts +16 -0
package/dist/auth/session.d.ts.map +1 -0
package/dist/auth/session.js +54 -0
package/dist/auth/session.js.map +1 -0
package/dist/db/d1/index.d.ts +14 -0
package/dist/db/d1/index.d.ts.map +1 -0
package/dist/db/d1/index.js +252 -0
package/dist/db/d1/index.js.map +1 -0
package/dist/db/d1/schema.d.ts +610 -0
package/dist/db/d1/schema.d.ts.map +1 -0
package/dist/db/d1/schema.js +58 -0
package/dist/db/d1/schema.js.map +1 -0
package/dist/db/mysql/index.d.ts +14 -0
package/dist/db/mysql/index.d.ts.map +1 -0
package/dist/db/mysql/index.js +248 -0
package/dist/db/mysql/index.js.map +1 -0
package/dist/db/mysql/schema.d.ts +562 -0
package/dist/db/mysql/schema.d.ts.map +1 -0
package/dist/db/mysql/schema.js +61 -0
package/dist/db/mysql/schema.js.map +1 -0
package/dist/db/postgresql/index.d.ts +14 -0
package/dist/db/postgresql/index.d.ts.map +1 -0
package/dist/db/postgresql/index.js +246 -0
package/dist/db/postgresql/index.js.map +1 -0
package/dist/db/postgresql/schema.d.ts +591 -0
package/dist/db/postgresql/schema.d.ts.map +1 -0
package/dist/db/postgresql/schema.js +64 -0
package/dist/db/postgresql/schema.js.map +1 -0
package/dist/index.d.ts +6 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +3 -0
package/dist/index.js.map +1 -0
package/dist/relay/api-proxy.d.ts +10 -0
package/dist/relay/api-proxy.d.ts.map +1 -0
package/dist/relay/api-proxy.js +40 -0
package/dist/relay/api-proxy.js.map +1 -0
package/dist/runtime/cf/crypto.d.ts +7 -0
package/dist/runtime/cf/crypto.d.ts.map +1 -0
package/dist/runtime/cf/crypto.js +48 -0
package/dist/runtime/cf/crypto.js.map +1 -0
package/dist/runtime/cf/index.d.ts +20 -0
package/dist/runtime/cf/index.d.ts.map +1 -0
package/dist/runtime/cf/index.js +14 -0
package/dist/runtime/cf/index.js.map +1 -0
package/dist/runtime/cf/relay.d.ts +11 -0
package/dist/runtime/cf/relay.d.ts.map +1 -0
package/dist/runtime/cf/relay.js +57 -0
package/dist/runtime/cf/relay.js.map +1 -0
package/dist/runtime/cf/vault.d.ts +7 -0
package/dist/runtime/cf/vault.d.ts.map +1 -0
package/dist/runtime/cf/vault.js +68 -0
package/dist/runtime/cf/vault.js.map +1 -0
package/dist/runtime/node/crypto.d.ts +6 -0
package/dist/runtime/node/crypto.d.ts.map +1 -0
package/dist/runtime/node/crypto.js +26 -0
package/dist/runtime/node/crypto.js.map +1 -0
package/dist/runtime/node/index.d.ts +17 -0
package/dist/runtime/node/index.d.ts.map +1 -0
package/dist/runtime/node/index.js +14 -0
package/dist/runtime/node/index.js.map +1 -0
package/dist/runtime/node/relay.d.ts +6 -0
package/dist/runtime/node/relay.d.ts.map +1 -0
package/dist/runtime/node/relay.js +73 -0
package/dist/runtime/node/relay.js.map +1 -0
package/dist/runtime/node/vault.d.ts +7 -0
package/dist/runtime/node/vault.d.ts.map +1 -0
package/dist/runtime/node/vault.js +41 -0
package/dist/runtime/node/vault.js.map +1 -0
package/dist/slack/events.d.ts +15 -0
package/dist/slack/events.d.ts.map +1 -0
package/dist/slack/events.js +63 -0
package/dist/slack/events.js.map +1 -0
package/dist/slack/oauth.d.ts +13 -0
package/dist/slack/oauth.d.ts.map +1 -0
package/dist/slack/oauth.js +90 -0
package/dist/slack/oauth.js.map +1 -0
package/dist/slack/provisioner.d.ts +60 -0
package/dist/slack/provisioner.d.ts.map +1 -0
package/dist/slack/provisioner.js +156 -0
package/dist/slack/provisioner.js.map +1 -0
package/dist/types/crypto.d.ts +15 -0
package/dist/types/crypto.d.ts.map +1 -0
package/dist/types/crypto.js +2 -0
package/dist/types/crypto.js.map +1 -0
package/dist/types/index.d.ts +6 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +2 -0
package/dist/types/index.js.map +1 -0
package/dist/types/platform.d.ts +25 -0
package/dist/types/platform.d.ts.map +1 -0
package/dist/types/platform.js +2 -0
package/dist/types/platform.js.map +1 -0
package/dist/types/relay.d.ts +16 -0
package/dist/types/relay.d.ts.map +1 -0
package/dist/types/relay.js +2 -0
package/dist/types/relay.js.map +1 -0
package/dist/types/repository.d.ts +78 -0
package/dist/types/repository.d.ts.map +1 -0
package/dist/types/repository.js +6 -0
package/dist/types/repository.js.map +1 -0
package/dist/types/vault.d.ts +9 -0
package/dist/types/vault.d.ts.map +1 -0
package/dist/types/vault.js +2 -0
package/dist/types/vault.js.map +1 -0
package/dist/web/api.d.ts +9 -0
package/dist/web/api.d.ts.map +1 -0
package/dist/web/api.js +144 -0
package/dist/web/api.js.map +1 -0
package/dist/web/pages.d.ts +4 -0
package/dist/web/pages.d.ts.map +1 -0
package/dist/web/pages.js +401 -0
package/dist/web/pages.js.map +1 -0
package/dist/web/setup.d.ts +5 -0
package/dist/web/setup.d.ts.map +1 -0
package/dist/web/setup.js +208 -0
package/dist/web/setup.js.map +1 -0
package/package.json +46 -0
package/src/app.ts +221 -0
package/src/auth/handler.ts +343 -0
package/src/auth/session.ts +89 -0
package/src/db/d1/index.ts +304 -0
package/src/db/d1/schema.ts +62 -0
package/src/db/mysql/index.ts +301 -0
package/src/db/mysql/schema.ts +78 -0
package/src/db/postgresql/index.ts +311 -0
package/src/db/postgresql/schema.ts +82 -0
package/src/index.ts +21 -0
package/src/relay/api-proxy.ts +61 -0
package/src/runtime/cf/crypto.ts +74 -0
package/src/runtime/cf/index.ts +31 -0
package/src/runtime/cf/relay.ts +74 -0
package/src/runtime/cf/vault.ts +99 -0
package/src/runtime/node/crypto.ts +33 -0
package/src/runtime/node/index.ts +28 -0
package/src/runtime/node/relay.ts +98 -0
package/src/runtime/node/vault.ts +50 -0
package/src/slack/events.ts +92 -0
package/src/slack/oauth.ts +127 -0
package/src/slack/provisioner.ts +256 -0
package/src/types/crypto.ts +14 -0
package/src/types/index.ts +14 -0
package/src/types/platform.ts +31 -0
package/src/types/relay.ts +16 -0
package/src/types/repository.ts +93 -0
package/src/types/vault.ts +8 -0
package/src/web/api.ts +204 -0
package/src/web/pages.ts +458 -0
package/src/web/setup.ts +270 -0
package/tsconfig.json +19 -0
package/tsconfig.tsbuildinfo +1 -0

package/src/db/mysql/schema.ts ADDED Viewed

@@ -0,0 +1,78 @@
+import {
+  mysqlTableCreator,
+  varchar,
+  text,
+  mysqlEnum,
+  datetime,
+  uniqueIndex,
+} from 'drizzle-orm/mysql-core'
+/**
+ * Table prefix.
+ * When set, all tables get a `{prefix}_` prefix.
+ * E.g.: 'sena' -> sena_bots, sena_config_tokens
+ */
+export const TABLE_PREFIX = ''
+const mysqlTable = mysqlTableCreator((name) =>
+  TABLE_PREFIX ? `${TABLE_PREFIX}_${name}` : name,
+)
+export const bots = mysqlTable(
+  'bots',
+  {
+    id: varchar('id', { length: 36 }).primaryKey(),
+    name: varchar('name', { length: 255 }).notNull(),
+    botUsername: varchar('bot_username', { length: 80 }).notNull().default(''),
+    profileImageUrl: text('profile_image_url'),
+    connectKey: varchar('connect_key', { length: 255 }).notNull(),
+    slackAppId: varchar('slack_app_id', { length: 64 }),
+    slackTeamId: varchar('slack_team_id', { length: 64 }),
+    botTokenEnc: text('bot_token_enc'),
+    signingSecretEnc: text('signing_secret_enc'),
+    clientId: varchar('client_id', { length: 128 }),
+    clientSecretEnc: text('client_secret_enc'),
+    manifestJson: text('manifest_json'),
+    status: mysqlEnum('status', ['pending', 'active', 'disabled'])
+      .notNull()
+      .default('pending'),
+    createdAt: datetime('created_at')
+      .notNull()
+      .$defaultFn(() => new Date()),
+    updatedAt: datetime('updated_at')
+      .notNull()
+      .$defaultFn(() => new Date())
+      .$onUpdateFn(() => new Date()),
+  },
+  (table) => [uniqueIndex('idx_bots_connect_key').on(table.connectKey)],
+)
+export const configTokens = mysqlTable('config_tokens', {
+  workspaceId: varchar('workspace_id', { length: 64 }).primaryKey(),
+  accessTokenEnc: text('access_token_enc').notNull(),
+  refreshTokenEnc: text('refresh_token_enc').notNull(),
+  expiresAt: datetime('expires_at').notNull(),
+  updatedAt: datetime('updated_at')
+    .notNull()
+    .$defaultFn(() => new Date())
+    .$onUpdateFn(() => new Date()),
+})
+export const oauthStates = mysqlTable('oauth_states', {
+  state: varchar('state', { length: 64 }).primaryKey(),
+  botId: varchar('bot_id', { length: 36 }).notNull(),
+  expiresAt: datetime('expires_at').notNull(),
+})
+export const workspaceAdminConfig = mysqlTable('workspace_admin_config', {
+  workspaceId: varchar('workspace_id', { length: 64 }).primaryKey(),
+  slackClientId: varchar('slack_client_id', { length: 128 }),
+  slackClientSecretEnc: text('slack_client_secret_enc'),
+  dCookieEnc: text('d_cookie_enc'),
+  xoxcTokenEnc: text('xoxc_token_enc'),
+  workspaceDomain: varchar('workspace_domain', { length: 255 }),
+  updatedAt: datetime('updated_at')
+    .notNull()
+    .$defaultFn(() => new Date())
+    .$onUpdateFn(() => new Date()),
+  updatedByUserId: varchar('updated_by_user_id', { length: 36 }),
+})

package/src/db/postgresql/index.ts ADDED Viewed

@@ -0,0 +1,311 @@
+import { drizzle, type PostgresJsDatabase } from 'drizzle-orm/postgres-js'
+import postgres from 'postgres'
+import { eq, and, lt } from 'drizzle-orm'
+import type {
+  BotRow,
+  ConfigTokenRow,
+  WorkspaceAdminConfigRow,
+  BotRepository,
+  ConfigTokenRepository,
+  OAuthStateRepository,
+  WorkspaceAdminConfigRepository,
+} from '../../types/repository.js'
+import * as schema from './schema.js'
+export type PostgreSQLDatabase = PostgresJsDatabase<typeof schema>
+export function initPostgreSQLDb(databaseUrl: string): PostgreSQLDatabase {
+  const client = postgres(databaseUrl)
+  return drizzle(client, { schema })
+}
+function rowToBot(row: typeof schema.bots.$inferSelect): BotRow {
+  return {
+    id: row.id,
+    name: row.name,
+    botUsername: row.botUsername,
+    profileImageUrl: row.profileImageUrl,
+    connectKey: row.connectKey,
+    slackAppId: row.slackAppId,
+    slackTeamId: row.slackTeamId,
+    botTokenEnc: row.botTokenEnc,
+    signingSecretEnc: row.signingSecretEnc,
+    clientId: row.clientId,
+    clientSecretEnc: row.clientSecretEnc,
+    manifestJson: row.manifestJson,
+    status: row.status,
+    createdAt: row.createdAt,
+    updatedAt: row.updatedAt,
+  }
+}
+function rowToWorkspaceAdminConfig(
+  row: typeof schema.workspaceAdminConfig.$inferSelect,
+): WorkspaceAdminConfigRow {
+  return {
+    workspaceId: row.workspaceId,
+    slackClientId: row.slackClientId,
+    slackClientSecretEnc: row.slackClientSecretEnc,
+    dCookieEnc: row.dCookieEnc,
+    xoxcTokenEnc: row.xoxcTokenEnc,
+    workspaceDomain: row.workspaceDomain,
+    updatedAt: row.updatedAt,
+    updatedByUserId: row.updatedByUserId,
+  }
+}
+export interface PostgreSQLRepositories {
+  bots: BotRepository
+  configTokens: ConfigTokenRepository
+  oauthStates: OAuthStateRepository
+  workspaceAdminConfig: WorkspaceAdminConfigRepository
+}
+export function createPostgreSQLRepositories(
+  db: PostgreSQLDatabase,
+): PostgreSQLRepositories {
+  return {
+    bots: createBotRepository(db),
+    configTokens: createConfigTokenRepository(db),
+    oauthStates: createOAuthStateRepository(db),
+    workspaceAdminConfig: createWorkspaceAdminConfigRepository(db),
+  }
+}
+function createBotRepository(db: PostgreSQLDatabase): BotRepository {
+  return {
+    async findById(id) {
+      const [row] = await db.select().from(schema.bots).where(eq(schema.bots.id, id)).limit(1)
+      return row ? rowToBot(row) : null
+    },
+    async findByConnectKey(connectKey) {
+      const [row] = await db
+        .select()
+        .from(schema.bots)
+        .where(eq(schema.bots.connectKey, connectKey))
+        .limit(1)
+      return row ? rowToBot(row) : null
+    },
+    async findByConnectKeyAndStatus(connectKey, status) {
+      const [row] = await db
+        .select()
+        .from(schema.bots)
+        .where(
+          and(
+            eq(schema.bots.connectKey, connectKey),
+            eq(schema.bots.status, status),
+          ),
+        )
+        .limit(1)
+      return row ? rowToBot(row) : null
+    },
+    async findByIdAndStatus(id, status) {
+      const [row] = await db
+        .select()
+        .from(schema.bots)
+        .where(and(eq(schema.bots.id, id), eq(schema.bots.status, status)))
+        .limit(1)
+      return row ? rowToBot(row) : null
+    },
+    async findAll() {
+      const rows = await db.select().from(schema.bots).orderBy(schema.bots.createdAt)
+      return rows.map(rowToBot)
+    },
+    async findAllSummary() {
+      const rows = await db
+        .select({
+          id: schema.bots.id,
+          name: schema.bots.name,
+          profileImageUrl: schema.bots.profileImageUrl,
+          slackAppId: schema.bots.slackAppId,
+          slackTeamId: schema.bots.slackTeamId,
+          status: schema.bots.status,
+          createdAt: schema.bots.createdAt,
+        })
+        .from(schema.bots)
+        .orderBy(schema.bots.createdAt)
+      return rows
+    },
+    async create(bot) {
+      await db.insert(schema.bots).values({
+        id: bot.id,
+        name: bot.name,
+        botUsername: bot.botUsername,
+        profileImageUrl: bot.profileImageUrl,
+        connectKey: bot.connectKey,
+        slackAppId: bot.slackAppId,
+        slackTeamId: bot.slackTeamId,
+        botTokenEnc: bot.botTokenEnc,
+        signingSecretEnc: bot.signingSecretEnc,
+        clientId: bot.clientId,
+        clientSecretEnc: bot.clientSecretEnc,
+        manifestJson: bot.manifestJson,
+        status: bot.status,
+      })
+    },
+    async update(id, data) {
+      await db.update(schema.bots).set(data).where(eq(schema.bots.id, id))
+    },
+    async delete(id) {
+      await db.delete(schema.bots).where(eq(schema.bots.id, id))
+    },
+  }
+}
+function createConfigTokenRepository(
+  db: PostgreSQLDatabase,
+): ConfigTokenRepository {
+  return {
+    async findByWorkspaceId(id) {
+      const [row] = await db
+        .select()
+        .from(schema.configTokens)
+        .where(eq(schema.configTokens.workspaceId, id))
+        .limit(1)
+      if (!row) return null
+      return {
+        workspaceId: row.workspaceId,
+        accessTokenEnc: row.accessTokenEnc,
+        refreshTokenEnc: row.refreshTokenEnc,
+        expiresAt: row.expiresAt,
+        updatedAt: row.updatedAt,
+      }
+    },
+    async findAll() {
+      const rows = await db.select().from(schema.configTokens)
+      return rows.map(
+        (row): ConfigTokenRow => ({
+          workspaceId: row.workspaceId,
+          accessTokenEnc: row.accessTokenEnc,
+          refreshTokenEnc: row.refreshTokenEnc,
+          expiresAt: row.expiresAt,
+          updatedAt: row.updatedAt,
+        }),
+      )
+    },
+    async upsert(row) {
+      await db
+        .insert(schema.configTokens)
+        .values({
+          workspaceId: row.workspaceId,
+          accessTokenEnc: row.accessTokenEnc,
+          refreshTokenEnc: row.refreshTokenEnc,
+          expiresAt: row.expiresAt,
+        })
+        .onConflictDoUpdate({
+          target: schema.configTokens.workspaceId,
+          set: {
+            accessTokenEnc: row.accessTokenEnc,
+            refreshTokenEnc: row.refreshTokenEnc,
+            expiresAt: row.expiresAt,
+          },
+        })
+    },
+  }
+}
+function createOAuthStateRepository(
+  db: PostgreSQLDatabase,
+): OAuthStateRepository {
+  return {
+    async create(row) {
+      await db.insert(schema.oauthStates).values({
+        state: row.state,
+        botId: row.botId,
+        expiresAt: row.expiresAt,
+      })
+    },
+    async consume(state) {
+      const [row] = await db
+        .select()
+        .from(schema.oauthStates)
+        .where(eq(schema.oauthStates.state, state))
+        .limit(1)
+      if (!row) return null
+      if (row.expiresAt < new Date()) {
+        await db.delete(schema.oauthStates).where(eq(schema.oauthStates.state, state))
+        return null
+      }
+      await db.delete(schema.oauthStates).where(eq(schema.oauthStates.state, state))
+      return {
+        state: row.state,
+        botId: row.botId,
+        expiresAt: row.expiresAt,
+      }
+    },
+    async deleteExpired() {
+      await db.delete(schema.oauthStates).where(lt(schema.oauthStates.expiresAt, new Date()))
+    },
+  }
+}
+function createWorkspaceAdminConfigRepository(
+  db: PostgreSQLDatabase,
+): WorkspaceAdminConfigRepository {
+  return {
+    async findByWorkspaceId(workspaceId) {
+      const [row] = await db
+        .select()
+        .from(schema.workspaceAdminConfig)
+        .where(eq(schema.workspaceAdminConfig.workspaceId, workspaceId))
+        .limit(1)
+      return row ? rowToWorkspaceAdminConfig(row) : null
+    },
+    async findAll() {
+      const rows = await db.select().from(schema.workspaceAdminConfig)
+      return rows.map(rowToWorkspaceAdminConfig)
+    },
+    async upsert(config) {
+      await db
+        .insert(schema.workspaceAdminConfig)
+        .values({
+          workspaceId: config.workspaceId,
+          slackClientId: config.slackClientId,
+          slackClientSecretEnc: config.slackClientSecretEnc,
+          dCookieEnc: config.dCookieEnc,
+          xoxcTokenEnc: config.xoxcTokenEnc,
+          workspaceDomain: config.workspaceDomain,
+          updatedByUserId: config.updatedByUserId,
+        })
+        .onConflictDoUpdate({
+          target: schema.workspaceAdminConfig.workspaceId,
+          set: {
+            slackClientId: config.slackClientId,
+            slackClientSecretEnc: config.slackClientSecretEnc,
+            dCookieEnc: config.dCookieEnc,
+            xoxcTokenEnc: config.xoxcTokenEnc,
+            workspaceDomain: config.workspaceDomain,
+            updatedByUserId: config.updatedByUserId,
+            updatedAt: new Date(),
+          },
+        })
+    },
+  }
+}
+// Re-export schema for drizzle-kit
+export {
+  TABLE_PREFIX,
+  botStatusEnum,
+  bots,
+  configTokens,
+  oauthStates,
+  workspaceAdminConfig,
+} from './schema.js'

package/src/db/postgresql/schema.ts ADDED Viewed

@@ -0,0 +1,82 @@
+import {
+  pgTableCreator,
+  varchar,
+  text,
+  pgEnum,
+  timestamp,
+  uniqueIndex,
+} from 'drizzle-orm/pg-core'
+/**
+ * Table prefix.
+ * When set, all tables get a `{prefix}_` prefix.
+ * E.g.: 'sena' -> sena_bots, sena_config_tokens
+ */
+export const TABLE_PREFIX = ''
+const pgTable = pgTableCreator((name) =>
+  TABLE_PREFIX ? `${TABLE_PREFIX}_${name}` : name,
+)
+export const botStatusEnum = pgEnum('bot_status', [
+  'pending',
+  'active',
+  'disabled',
+])
+export const bots = pgTable(
+  'bots',
+  {
+    id: varchar('id', { length: 36 }).primaryKey(),
+    name: varchar('name', { length: 255 }).notNull(),
+    botUsername: varchar('bot_username', { length: 80 }).notNull().default(''),
+    profileImageUrl: text('profile_image_url'),
+    connectKey: varchar('connect_key', { length: 255 }).notNull(),
+    slackAppId: varchar('slack_app_id', { length: 64 }),
+    slackTeamId: varchar('slack_team_id', { length: 64 }),
+    botTokenEnc: text('bot_token_enc'),
+    signingSecretEnc: text('signing_secret_enc'),
+    clientId: varchar('client_id', { length: 128 }),
+    clientSecretEnc: text('client_secret_enc'),
+    manifestJson: text('manifest_json'),
+    status: botStatusEnum('status').notNull().default('pending'),
+    createdAt: timestamp('created_at', { mode: 'date' })
+      .notNull()
+      .$defaultFn(() => new Date()),
+    updatedAt: timestamp('updated_at', { mode: 'date' })
+      .notNull()
+      .$defaultFn(() => new Date())
+      .$onUpdateFn(() => new Date()),
+  },
+  (table) => [uniqueIndex('idx_bots_connect_key').on(table.connectKey)],
+)
+export const configTokens = pgTable('config_tokens', {
+  workspaceId: varchar('workspace_id', { length: 64 }).primaryKey(),
+  accessTokenEnc: text('access_token_enc').notNull(),
+  refreshTokenEnc: text('refresh_token_enc').notNull(),
+  expiresAt: timestamp('expires_at', { mode: 'date' }).notNull(),
+  updatedAt: timestamp('updated_at', { mode: 'date' })
+    .notNull()
+    .$defaultFn(() => new Date())
+    .$onUpdateFn(() => new Date()),
+})
+export const oauthStates = pgTable('oauth_states', {
+  state: varchar('state', { length: 64 }).primaryKey(),
+  botId: varchar('bot_id', { length: 36 }).notNull(),
+  expiresAt: timestamp('expires_at', { mode: 'date' }).notNull(),
+})
+export const workspaceAdminConfig = pgTable('workspace_admin_config', {
+  workspaceId: varchar('workspace_id', { length: 64 }).primaryKey(),
+  slackClientId: varchar('slack_client_id', { length: 128 }),
+  slackClientSecretEnc: text('slack_client_secret_enc'),
+  dCookieEnc: text('d_cookie_enc'),
+  xoxcTokenEnc: text('xoxc_token_enc'),
+  workspaceDomain: varchar('workspace_domain', { length: 255 }),
+  updatedAt: timestamp('updated_at', { mode: 'date' })
+    .notNull()
+    .$defaultFn(() => new Date())
+    .$onUpdateFn(() => new Date()),
+  updatedByUserId: varchar('updated_by_user_id', { length: 36 }),
+})

package/src/index.ts ADDED Viewed

@@ -0,0 +1,21 @@
+export { createApp } from './app.js'
+export type { CreateAppResult } from './app.js'
+export { createProvisioner } from './slack/provisioner.js'
+export type { Provisioner } from './slack/provisioner.js'
+// Re-export all types
+export type {
+  Vault,
+  RelayHub,
+  CryptoProvider,
+  BotRow,
+  ConfigTokenRow,
+  OAuthStateRow,
+  WorkspaceAdminConfigRow,
+  BotRepository,
+  ConfigTokenRepository,
+  OAuthStateRepository,
+  WorkspaceAdminConfigRepository,
+  Platform,
+  AppConfig,
+} from './types/index.js'

package/src/relay/api-proxy.ts ADDED Viewed

@@ -0,0 +1,61 @@
+import { Hono } from 'hono'
+import type { Vault } from '../types/vault.js'
+import type { BotRepository } from '../types/repository.js'
+/**
+ * Slack API proxy.
+ * Local runtimes send POST /relay/api with Slack API calls.
+ * The proxy decrypts the bot_token from Vault and forwards the request.
+ */
+export function createApiProxy(botRepo: BotRepository, vault: Vault) {
+  const app = new Hono()
+  app.post('/relay/api', async (c) => {
+    const connectKey = c.req.header('x-connect-key')
+    if (!connectKey) {
+      return c.json(
+        { ok: false, error: 'missing x-connect-key header' },
+        401,
+      )
+    }
+    const bot = await botRepo.findByConnectKeyAndStatus(connectKey, 'active')
+    if (!bot) {
+      return c.json(
+        { ok: false, error: 'invalid connect_key or bot not active' },
+        401,
+      )
+    }
+    if (!bot.botTokenEnc) {
+      return c.json({ ok: false, error: 'bot has no token configured' }, 500)
+    }
+    const botToken = await vault.decrypt(bot.botTokenEnc)
+    const body = await c.req.json<{
+      method: string
+      params: Record<string, unknown>
+    }>()
+    if (!body.method) {
+      return c.json({ ok: false, error: 'missing method field' }, 400)
+    }
+    const slackUrl = `https://slack.com/api/${body.method}`
+    const slackRes = await fetch(slackUrl, {
+      method: 'POST',
+      headers: {
+        Authorization: `Bearer ${botToken}`,
+        'Content-Type': 'application/json; charset=utf-8',
+      },
+      body: JSON.stringify(body.params || {}),
+    })
+    const slackData = await slackRes.json()
+    return c.json(slackData as Record<string, unknown>)
+  })
+  return app
+}

package/src/runtime/cf/crypto.ts ADDED Viewed

@@ -0,0 +1,74 @@
+import type { CryptoProvider } from '../../types/crypto.js'
+/**
+ * CryptoProvider implementation using Web Crypto API.
+ * Compatible with CF Workers runtime.
+ */
+export function createCfCrypto(): CryptoProvider {
+  return {
+    async randomHex(byteLength: number): Promise<string> {
+      const bytes = crypto.getRandomValues(new Uint8Array(byteLength))
+      return Array.from(bytes)
+        .map((b) => b.toString(16).padStart(2, '0'))
+        .join('')
+    },
+    uuid(): string {
+      return crypto.randomUUID()
+    },
+    async hmacSha256(key: string, data: string): Promise<string> {
+      const encoder = new TextEncoder()
+      const cryptoKey = await crypto.subtle.importKey(
+        'raw',
+        encoder.encode(key),
+        { name: 'HMAC', hash: 'SHA-256' },
+        false,
+        ['sign'],
+      )
+      const signature = await crypto.subtle.sign(
+        'HMAC',
+        cryptoKey,
+        encoder.encode(data),
+      )
+      return Array.from(new Uint8Array(signature))
+        .map((b) => b.toString(16).padStart(2, '0'))
+        .join('')
+    },
+    async timingSafeEqual(a: string, b: string): Promise<boolean> {
+      const encoder = new TextEncoder()
+      const bufA = encoder.encode(a)
+      const bufB = encoder.encode(b)
+      if (bufA.length !== bufB.length) return false
+      // Import both as HMAC keys and compare by signing
+      // This provides constant-time comparison without node:crypto
+      const key = crypto.getRandomValues(new Uint8Array(32))
+      const cryptoKey = await crypto.subtle.importKey(
+        'raw',
+        key,
+        { name: 'HMAC', hash: 'SHA-256' },
+        false,
+        ['sign'],
+      )
+      const [sigA, sigB] = await Promise.all([
+        crypto.subtle.sign('HMAC', cryptoKey, bufA),
+        crypto.subtle.sign('HMAC', cryptoKey, bufB),
+      ])
+      const arrA = new Uint8Array(sigA)
+      const arrB = new Uint8Array(sigB)
+      let result = 0
+      for (let i = 0; i < arrA.length; i++) {
+        result |= arrA[i] ^ arrB[i]
+      }
+      return result === 0
+    },
+  }
+}

package/src/runtime/cf/index.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import type { Vault } from '../../types/vault.js'
+import type { RelayHub } from '../../types/relay.js'
+import type { CryptoProvider } from '../../types/crypto.js'
+import { createCfVault } from './vault.js'
+import { createCfCrypto } from './crypto.js'
+import { createCfRelay } from './relay.js'
+export interface CfEnv {
+  RELAY_DO: DurableObjectNamespace
+  VAULT_MASTER_KEY: string
+  PLATFORM_BASE_URL: string
+  SLACK_WORKSPACE_ID: string
+}
+export interface CfRuntime {
+  vault: Vault
+  relay: RelayHub
+  crypto: CryptoProvider
+}
+/**
+ * Create runtime services for Cloudflare Workers (vault, relay, crypto).
+ * Does NOT include DB repositories -- those are created separately via the DB subpath.
+ */
+export async function createCfRuntime(env: CfEnv): Promise<CfRuntime> {
+  const vault = await createCfVault(env.VAULT_MASTER_KEY)
+  const crypto = createCfCrypto()
+  const relay = createCfRelay(env.RELAY_DO)
+  return { vault, relay, crypto }
+}