@sena-ai/platform-core 1.4.0

package/dist/slack/events.js

@@ -0,0 +1,63 @@
+import { Hono } from 'hono';
+/**
+ * Slack HTTP Events API receiver + relay to SSE/WebSocket Hub.
+ *
+ * Route: POST /slack/events/:botId
+ * - url_verification challenge auto-response
+ * - signing_secret signature verification
+ * - Relay to local runtime via RelayHub
+ */
+export function createSlackEventsHandler(botRepo, vault, relay, crypto) {
+    const app = new Hono();
+    app.post('/slack/events/:botId', async (c) => {
+        const botId = c.req.param('botId');
+        const rawBody = await c.req.text();
+        const bot = await botRepo.findByIdAndStatus(botId, 'active');
+        if (!bot) {
+            return c.json({ error: 'unknown bot' }, 404);
+        }
+        // Signing secret verification
+        if (bot.signingSecretEnc) {
+            const signingSecret = await vault.decrypt(bot.signingSecretEnc);
+            const timestamp = c.req.header('x-slack-request-timestamp');
+            const slackSignature = c.req.header('x-slack-signature');
+            if (!timestamp || !slackSignature) {
+                return c.json({ error: 'missing slack signature headers' }, 401);
+            }
+            // Only allow requests within 5 minutes (replay attack prevention)
+            const now = Math.floor(Date.now() / 1000);
+            if (Math.abs(now - Number(timestamp)) > 300) {
+                return c.json({ error: 'request too old' }, 401);
+            }
+            const basestring = `v0:${timestamp}:${rawBody}`;
+            const hmac = await crypto.hmacSha256(signingSecret, basestring);
+            const computed = `v0=${hmac}`;
+            const isValid = await crypto.timingSafeEqual(computed, slackSignature);
+            if (!isValid) {
+                return c.json({ error: 'invalid signature' }, 401);
+            }
+        }
+        const payload = JSON.parse(rawBody);
+        // URL verification challenge
+        if (payload.type === 'url_verification') {
+            return c.json({ challenge: payload.challenge });
+        }
+        // event_callback -> relay to local runtime
+        if (payload.type === 'event_callback') {
+            const dispatched = relay.dispatch(botId, {
+                type: payload.type,
+                event: payload.event,
+                event_id: payload.event_id,
+                event_time: payload.event_time,
+                team_id: payload.team_id,
+            });
+            if (!dispatched) {
+                console.warn(`[events] bot ${botId} not connected, event dropped`);
+            }
+        }
+        // Slack expects 200 within 3 seconds
+        return c.json({ ok: true });
+    });
+    return app;
+}
+//# sourceMappingURL=events.js.map

package/dist/slack/events.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"events.js","sourceRoot":"","sources":["../../src/slack/events.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAM3B;;;;;;;GAOG;AACH,MAAM,UAAU,wBAAwB,CACtC,OAAsB,EACtB,KAAY,EACZ,KAAe,EACf,MAAsB;IAEtB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;IAEtB,GAAG,CAAC,IAAI,CAAC,sBAAsB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC3C,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAClC,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAA;QAElC,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAA;QAC5D,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,GAAG,CAAC,CAAA;QAC9C,CAAC;QAED,8BAA8B;QAC9B,IAAI,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACzB,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAA;YAC/D,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,2BAA2B,CAAC,CAAA;YAC3D,MAAM,cAAc,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAA;YAExD,IAAI,CAAC,SAAS,IAAI,CAAC,cAAc,EAAE,CAAC;gBAClC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iCAAiC,EAAE,EAAE,GAAG,CAAC,CAAA;YAClE,CAAC;YAED,kEAAkE;YAClE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;YACzC,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC;gBAC5C,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,EAAE,GAAG,CAAC,CAAA;YAClD,CAAC;YAED,MAAM,UAAU,GAAG,MAAM,SAAS,IAAI,OAAO,EAAE,CAAA;YAC/C,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,aAAa,EAAE,UAAU,CAAC,CAAA;YAC/D,MAAM,QAAQ,GAAG,MAAM,IAAI,EAAE,CAAA;YAE7B,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAA;YACtE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,EAAE,GAAG,CAAC,CAAA;YACpD,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAOjC,CAAA;QAED,6BAA6B;QAC7B,IAAI,OAAO,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;YACxC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAA;QACjD,CAAC;QAED,2CAA2C;QAC3C,IAAI,OAAO,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YACtC,MAAM,UAAU,GAAG,KAAK,CAAC,QAAQ,CAAC,KAAK,EAAE;gBACvC,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB,CAAC,CAAA;YAEF,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,OAAO,CAAC,IAAI,CAAC,gBAAgB,KAAK,+BAA+B,CAAC,CAAA;YACpE,CAAC;QACH,CAAC;QAED,qCAAqC;QACrC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;IAC7B,CAAC,CAAC,CAAA;IAEF,OAAO,GAAG,CAAA;AACZ,CAAC"}

package/dist/slack/oauth.d.ts

@@ -0,0 +1,13 @@
+import { Hono } from 'hono';
+import type { Vault } from '../types/vault.js';
+import type { CryptoProvider } from '../types/crypto.js';
+import type { BotRepository, OAuthStateRepository } from '../types/repository.js';
+/**
+ * Slack OAuth 2.0 handler.
+ *
+ * Flow:
+ * 1. GET /oauth/start/:botId -> Redirect to Slack auth page
+ * 2. Slack approves -> GET /oauth/callback -> acquire bot_token -> save to Vault
+ */
+export declare function createOAuthHandler(botRepo: BotRepository, vault: Vault, crypto: CryptoProvider, oauthStates: OAuthStateRepository): Hono<import("hono/types").BlankEnv, import("hono/types").BlankSchema, "/">;
+//# sourceMappingURL=oauth.d.ts.map

package/dist/slack/oauth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/slack/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAC3B,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACxD,OAAO,KAAK,EACV,aAAa,EACb,oBAAoB,EACrB,MAAM,wBAAwB,CAAA;AAU/B;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,aAAa,EACtB,KAAK,EAAE,KAAK,EACZ,MAAM,EAAE,cAAc,EACtB,WAAW,EAAE,oBAAoB,8EAmGlC"}

package/dist/slack/oauth.js

@@ -0,0 +1,90 @@
+import { Hono } from 'hono';
+/**
+ * Slack OAuth 2.0 handler.
+ *
+ * Flow:
+ * 1. GET /oauth/start/:botId -> Redirect to Slack auth page
+ * 2. Slack approves -> GET /oauth/callback -> acquire bot_token -> save to Vault
+ */
+export function createOAuthHandler(botRepo, vault, crypto, oauthStates) {
+    const app = new Hono();
+    app.get('/oauth/start/:botId', async (c) => {
+        const botId = c.req.param('botId');
+        const bot = await botRepo.findById(botId);
+        if (!bot || !bot.clientId) {
+            return c.json({ error: 'bot not found or not provisioned' }, 404);
+        }
+        // Clean up expired states
+        await oauthStates.deleteExpired();
+        const state = await crypto.randomHex(16);
+        await oauthStates.create({
+            state,
+            botId,
+            expiresAt: new Date(Date.now() + 5 * 60 * 1000),
+        });
+        const scopes = [
+            'app_mentions:read',
+            'chat:write',
+            'chat:write.public',
+            'channels:history',
+            'channels:read',
+            'channels:join',
+            'groups:history',
+            'groups:read',
+            'im:history',
+            'im:read',
+            'im:write',
+            'reactions:read',
+            'reactions:write',
+            'files:read',
+            'files:write',
+            'users:read',
+        ].join(',');
+        const slackUrl = new URL('https://slack.com/oauth/v2/authorize');
+        slackUrl.searchParams.set('client_id', bot.clientId);
+        slackUrl.searchParams.set('scope', scopes);
+        slackUrl.searchParams.set('state', state);
+        return c.redirect(slackUrl.toString());
+    });
+    app.get('/oauth/callback', async (c) => {
+        const code = c.req.query('code');
+        const state = c.req.query('state');
+        if (!code || !state) {
+            return c.json({ error: 'missing code or state' }, 400);
+        }
+        await oauthStates.deleteExpired();
+        const entry = await oauthStates.consume(state);
+        if (!entry) {
+            return c.json({ error: 'invalid or expired state' }, 400);
+        }
+        const bot = await botRepo.findById(entry.botId);
+        if (!bot || !bot.clientId || !bot.clientSecretEnc) {
+            return c.json({ error: 'bot configuration incomplete' }, 500);
+        }
+        const clientSecret = await vault.decrypt(bot.clientSecretEnc);
+        // Exchange code for token
+        const res = await fetch('https://slack.com/api/oauth.v2.access', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+            body: new URLSearchParams({
+                client_id: bot.clientId,
+                client_secret: clientSecret,
+                code,
+            }),
+        });
+        const data = (await res.json());
+        if (!data.ok || !data.access_token) {
+            return c.json({ error: `Slack OAuth failed: ${data.error}` }, 400);
+        }
+        // Save bot token to Vault and activate
+        await botRepo.update(entry.botId, {
+            botTokenEnc: await vault.encrypt(data.access_token),
+            slackTeamId: data.team?.id ?? null,
+            status: 'active',
+        });
+        // Redirect to completion page
+        return c.redirect(`/bots/${entry.botId}/complete`);
+    });
+    return app;
+}
+//# sourceMappingURL=oauth.js.map

package/dist/slack/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/slack/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAgB3B;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAAsB,EACtB,KAAY,EACZ,MAAsB,EACtB,WAAiC;IAEjC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;IAEtB,GAAG,CAAC,GAAG,CAAC,qBAAqB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACzC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAClC,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;QAEzC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC1B,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,kCAAkC,EAAE,EAAE,GAAG,CAAC,CAAA;QACnE,CAAC;QAED,0BAA0B;QAC1B,MAAM,WAAW,CAAC,aAAa,EAAE,CAAA;QAEjC,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;QACxC,MAAM,WAAW,CAAC,MAAM,CAAC;YACvB,KAAK;YACL,KAAK;YACL,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;SAChD,CAAC,CAAA;QAEF,MAAM,MAAM,GAAG;YACb,mBAAmB;YACnB,YAAY;YACZ,mBAAmB;YACnB,kBAAkB;YAClB,eAAe;YACf,eAAe;YACf,gBAAgB;YAChB,aAAa;YACb,YAAY;YACZ,SAAS;YACT,UAAU;YACV,gBAAgB;YAChB,iBAAiB;YACjB,YAAY;YACZ,aAAa;YACb,YAAY;SACb,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAEX,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,sCAAsC,CAAC,CAAA;QAChE,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAA;QACpD,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QAC1C,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QAEzC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAA;IACxC,CAAC,CAAC,CAAA;IAEF,GAAG,CAAC,GAAG,CAAC,iBAAiB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACrC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAChC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAElC,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACpB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,EAAE,GAAG,CAAC,CAAA;QACxD,CAAC;QAED,MAAM,WAAW,CAAC,aAAa,EAAE,CAAA;QACjC,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;QAC9C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,0BAA0B,EAAE,EAAE,GAAG,CAAC,CAAA;QAC3D,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;QAC/C,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC;YAClD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,EAAE,GAAG,CAAC,CAAA;QAC/D,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAA;QAE7D,0BAA0B;QAC1B,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,uCAAuC,EAAE;YAC/D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,SAAS,EAAE,GAAG,CAAC,QAAQ;gBACvB,aAAa,EAAE,YAAY;gBAC3B,IAAI;aACL,CAAC;SACH,CAAC,CAAA;QAEF,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAwB,CAAA;QAEtD,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACnC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,IAAI,CAAC,KAAK,EAAE,EAAE,EAAE,GAAG,CAAC,CAAA;QACpE,CAAC;QAED,uCAAuC;QACvC,MAAM,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE;YAChC,WAAW,EAAE,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC;YACnD,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,IAAI;YAClC,MAAM,EAAE,QAAQ;SACjB,CAAC,CAAA;QAEF,8BAA8B;QAC9B,OAAO,CAAC,CAAC,QAAQ,CAAC,SAAS,KAAK,CAAC,KAAK,WAAW,CAAC,CAAA;IACpD,CAAC,CAAC,CAAA;IAEF,OAAO,GAAG,CAAA;AACZ,CAAC"}

package/dist/slack/provisioner.d.ts

@@ -0,0 +1,60 @@
+import type { Vault } from '../types/vault.js';
+import type { BotRepository, ConfigTokenRepository } from '../types/repository.js';
+declare const SLACK_MANIFEST_TEMPLATE: (opts: {
+    botName: string;
+    botUsername: string;
+    eventUrl: string;
+    redirectUrl: string;
+}) => {
+    display_information: {
+        name: string;
+        description: string;
+        background_color: string;
+    };
+    features: {
+        bot_user: {
+            display_name: string;
+            always_online: boolean;
+        };
+    };
+    oauth_config: {
+        redirect_urls: string[];
+        scopes: {
+            bot: string[];
+        };
+    };
+    settings: {
+        event_subscriptions: {
+            request_url: string;
+            bot_events: string[];
+        };
+        interactivity: {
+            is_enabled: boolean;
+        };
+        org_deploy_enabled: boolean;
+        socket_mode_enabled: boolean;
+    };
+};
+export interface Provisioner {
+    rotateConfigToken(workspaceId: string): Promise<boolean>;
+    createApp(workspaceId: string, botId: string, botName: string, botUsername: string): Promise<{
+        ok: boolean;
+        appId?: string;
+        clientId?: string;
+        clientSecret?: string;
+        signingSecret?: string;
+        error?: string;
+    }>;
+    deleteApp(workspaceId: string, appId: string): Promise<{
+        ok: boolean;
+        error?: string;
+    }>;
+    SLACK_MANIFEST_TEMPLATE: typeof SLACK_MANIFEST_TEMPLATE;
+}
+/**
+ * Slack App Configuration Token management.
+ * One Config Token per workspace manages multiple apps.
+ */
+export declare function createProvisioner(botRepo: BotRepository, configTokenRepo: ConfigTokenRepository, vault: Vault, platformBaseUrl: string): Provisioner;
+export {};
+//# sourceMappingURL=provisioner.d.ts.map

package/dist/slack/provisioner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"provisioner.d.ts","sourceRoot":"","sources":["../../src/slack/provisioner.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,KAAK,EACV,aAAa,EACb,qBAAqB,EACtB,MAAM,wBAAwB,CAAA;AAE/B,QAAA,MAAM,uBAAuB,GAAI,MAAM;IACrC,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,MAAM,CAAA;IAChB,WAAW,EAAE,MAAM,CAAA;CACpB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAoDC,CAAA;AAqBF,MAAM,WAAW,WAAW;IAC1B,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IACxD,SAAS,CACP,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC;QACT,EAAE,EAAE,OAAO,CAAA;QACX,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,YAAY,CAAC,EAAE,MAAM,CAAA;QACrB,aAAa,CAAC,EAAE,MAAM,CAAA;QACtB,KAAK,CAAC,EAAE,MAAM,CAAA;KACf,CAAC,CAAA;IACF,SAAS,CACP,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAC3C,uBAAuB,EAAE,OAAO,uBAAuB,CAAA;CACxD;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,aAAa,EACtB,eAAe,EAAE,qBAAqB,EACtC,KAAK,EAAE,KAAK,EACZ,eAAe,EAAE,MAAM,GACtB,WAAW,CA4Ib"}

package/dist/slack/provisioner.js

@@ -0,0 +1,156 @@
+const SLACK_MANIFEST_TEMPLATE = (opts) => ({
+    display_information: {
+        name: opts.botName,
+        description: `${opts.botName} -- powered by sena-ai`,
+        background_color: '#1a1a2e',
+    },
+    features: {
+        bot_user: {
+            display_name: opts.botUsername,
+            always_online: true,
+        },
+    },
+    oauth_config: {
+        redirect_urls: [opts.redirectUrl],
+        scopes: {
+            bot: [
+                'app_mentions:read',
+                'chat:write',
+                'chat:write.public',
+                'channels:history',
+                'channels:read',
+                'channels:join',
+                'groups:history',
+                'groups:read',
+                'im:history',
+                'im:read',
+                'im:write',
+                'reactions:read',
+                'reactions:write',
+                'files:read',
+                'files:write',
+                'users:read',
+            ],
+        },
+    },
+    settings: {
+        event_subscriptions: {
+            request_url: opts.eventUrl,
+            bot_events: [
+                'app_mention',
+                'message.channels',
+                'message.groups',
+                'message.im',
+                'reaction_added',
+            ],
+        },
+        interactivity: {
+            is_enabled: false,
+        },
+        org_deploy_enabled: false,
+        socket_mode_enabled: false,
+    },
+});
+/**
+ * Slack App Configuration Token management.
+ * One Config Token per workspace manages multiple apps.
+ */
+export function createProvisioner(botRepo, configTokenRepo, vault, platformBaseUrl) {
+    async function rotateConfigToken(workspaceId) {
+        const row = await configTokenRepo.findByWorkspaceId(workspaceId);
+        if (!row)
+            return false;
+        const refreshToken = await vault.decrypt(row.refreshTokenEnc);
+        const res = await fetch('https://slack.com/api/tooling.tokens.rotate', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+            body: new URLSearchParams({ refresh_token: refreshToken }),
+        });
+        const data = (await res.json());
+        if (!data.ok || !data.token || !data.refresh_token) {
+            console.error(`[provisioner] rotate failed for ${workspaceId}:`, data.error);
+            return false;
+        }
+        await configTokenRepo.upsert({
+            workspaceId,
+            accessTokenEnc: await vault.encrypt(data.token),
+            refreshTokenEnc: await vault.encrypt(data.refresh_token),
+            expiresAt: new Date((data.exp ?? 0) * 1000),
+        });
+        return true;
+    }
+    async function createApp(workspaceId, botId, botName, botUsername) {
+        const tokenRow = await configTokenRepo.findByWorkspaceId(workspaceId);
+        if (!tokenRow) {
+            return { ok: false, error: 'no config token for workspace' };
+        }
+        const configToken = await vault.decrypt(tokenRow.accessTokenEnc);
+        const eventUrl = `${platformBaseUrl}/slack/events/${botId}`;
+        const redirectUrl = `${platformBaseUrl}/oauth/callback`;
+        const manifest = SLACK_MANIFEST_TEMPLATE({
+            botName,
+            botUsername,
+            eventUrl,
+            redirectUrl,
+        });
+        const res = await fetch('https://slack.com/api/apps.manifest.create', {
+            method: 'POST',
+            headers: {
+                Authorization: `Bearer ${configToken}`,
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({ manifest }),
+        });
+        const data = (await res.json());
+        if (!data.ok) {
+            console.error(`[provisioner] Slack API error detail:`, JSON.stringify(data));
+            return { ok: false, error: data.error };
+        }
+        await botRepo.update(botId, {
+            slackAppId: data.app_id ?? null,
+            clientId: data.credentials?.client_id ?? null,
+            clientSecretEnc: data.credentials?.client_secret
+                ? await vault.encrypt(data.credentials.client_secret)
+                : null,
+            signingSecretEnc: data.credentials?.signing_secret
+                ? await vault.encrypt(data.credentials.signing_secret)
+                : null,
+            manifestJson: JSON.stringify(manifest),
+        });
+        return {
+            ok: true,
+            appId: data.app_id,
+            clientId: data.credentials?.client_id,
+            clientSecret: data.credentials?.client_secret,
+            signingSecret: data.credentials?.signing_secret,
+        };
+    }
+    async function deleteApp(workspaceId, appId) {
+        const tokenRow = await configTokenRepo.findByWorkspaceId(workspaceId);
+        if (!tokenRow) {
+            return { ok: false, error: 'no config token for workspace' };
+        }
+        const configToken = await vault.decrypt(tokenRow.accessTokenEnc);
+        const res = await fetch('https://slack.com/api/apps.manifest.delete', {
+            method: 'POST',
+            headers: {
+                Authorization: `Bearer ${configToken}`,
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({ app_id: appId }),
+        });
+        const data = (await res.json());
+        if (!data.ok) {
+            console.error(`[provisioner] Slack app delete failed for ${appId}:`, JSON.stringify(data));
+            return { ok: false, error: data.error };
+        }
+        return { ok: true };
+    }
+    return {
+        rotateConfigToken,
+        createApp,
+        deleteApp,
+        SLACK_MANIFEST_TEMPLATE,
+    };
+}
+//# sourceMappingURL=provisioner.js.map

package/dist/slack/provisioner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provisioner.js","sourceRoot":"","sources":["../../src/slack/provisioner.ts"],"names":[],"mappings":"AAMA,MAAM,uBAAuB,GAAG,CAAC,IAKhC,EAAE,EAAE,CAAC,CAAC;IACL,mBAAmB,EAAE;QACnB,IAAI,EAAE,IAAI,CAAC,OAAO;QAClB,WAAW,EAAE,GAAG,IAAI,CAAC,OAAO,wBAAwB;QACpD,gBAAgB,EAAE,SAAS;KAC5B;IACD,QAAQ,EAAE;QACR,QAAQ,EAAE;YACR,YAAY,EAAE,IAAI,CAAC,WAAW;YAC9B,aAAa,EAAE,IAAI;SACpB;KACF;IACD,YAAY,EAAE;QACZ,aAAa,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC;QACjC,MAAM,EAAE;YACN,GAAG,EAAE;gBACH,mBAAmB;gBACnB,YAAY;gBACZ,mBAAmB;gBACnB,kBAAkB;gBAClB,eAAe;gBACf,eAAe;gBACf,gBAAgB;gBAChB,aAAa;gBACb,YAAY;gBACZ,SAAS;gBACT,UAAU;gBACV,gBAAgB;gBAChB,iBAAiB;gBACjB,YAAY;gBACZ,aAAa;gBACb,YAAY;aACb;SACF;KACF;IACD,QAAQ,EAAE;QACR,mBAAmB,EAAE;YACnB,WAAW,EAAE,IAAI,CAAC,QAAQ;YAC1B,UAAU,EAAE;gBACV,aAAa;gBACb,kBAAkB;gBAClB,gBAAgB;gBAChB,YAAY;gBACZ,gBAAgB;aACjB;SACF;QACD,aAAa,EAAE;YACb,UAAU,EAAE,KAAK;SAClB;QACD,kBAAkB,EAAE,KAAK;QACzB,mBAAmB,EAAE,KAAK;KAC3B;CACF,CAAC,CAAA;AA2CF;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAC/B,OAAsB,EACtB,eAAsC,EACtC,KAAY,EACZ,eAAuB;IAEvB,KAAK,UAAU,iBAAiB,CAAC,WAAmB;QAClD,MAAM,GAAG,GAAG,MAAM,eAAe,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAA;QAChE,IAAI,CAAC,GAAG;YAAE,OAAO,KAAK,CAAA;QAEtB,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAA;QAE7D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,6CAA6C,EAAE;YACrE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,IAAI,eAAe,CAAC,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC;SAC3D,CAAC,CAAA;QAEF,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAwB,CAAA;QAEtD,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACnD,OAAO,CAAC,KAAK,CACX,mCAAmC,WAAW,GAAG,EACjD,IAAI,CAAC,KAAK,CACX,CAAA;YACD,OAAO,KAAK,CAAA;QACd,CAAC;QAED,MAAM,eAAe,CAAC,MAAM,CAAC;YAC3B,WAAW;YACX,cAAc,EAAE,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;YAC/C,eAAe,EAAE,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC;YACxD,SAAS,EAAE,IAAI,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;SAC5C,CAAC,CAAA;QAEF,OAAO,IAAI,CAAA;IACb,CAAC;IAED,KAAK,UAAU,SAAS,CACtB,WAAmB,EACnB,KAAa,EACb,OAAe,EACf,WAAmB;QASnB,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAA;QACrE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAA;QAC9D,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;QAChE,MAAM,QAAQ,GAAG,GAAG,eAAe,iBAAiB,KAAK,EAAE,CAAA;QAC3D,MAAM,WAAW,GAAG,GAAG,eAAe,iBAAiB,CAAA;QACvD,MAAM,QAAQ,GAAG,uBAAuB,CAAC;YACvC,OAAO;YACP,WAAW;YACX,QAAQ;YACR,WAAW;SACZ,CAAC,CAAA;QAEF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,4CAA4C,EAAE;YACpE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,WAAW,EAAE;gBACtC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC;SACnC,CAAC,CAAA;QAEF,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA2B,CAAA;QAEzD,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CACX,uCAAuC,EACvC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CACrB,CAAA;YACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAA;QACzC,CAAC;QAED,MAAM,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE;YAC1B,UAAU,EAAE,IAAI,CAAC,MAAM,IAAI,IAAI;YAC/B,QAAQ,EAAE,IAAI,CAAC,WAAW,EAAE,SAAS,IAAI,IAAI;YAC7C,eAAe,EAAE,IAAI,CAAC,WAAW,EAAE,aAAa;gBAC9C,CAAC,CAAC,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC;gBACrD,CAAC,CAAC,IAAI;YACR,gBAAgB,EAAE,IAAI,CAAC,WAAW,EAAE,cAAc;gBAChD,CAAC,CAAC,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC;gBACtD,CAAC,CAAC,IAAI;YACR,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;SACvC,CAAC,CAAA;QAEF,OAAO;YACL,EAAE,EAAE,IAAI;YACR,KAAK,EAAE,IAAI,CAAC,MAAM;YAClB,QAAQ,EAAE,IAAI,CAAC,WAAW,EAAE,SAAS;YACrC,YAAY,EAAE,IAAI,CAAC,WAAW,EAAE,aAAa;YAC7C,aAAa,EAAE,IAAI,CAAC,WAAW,EAAE,cAAc;SAChD,CAAA;IACH,CAAC;IAED,KAAK,UAAU,SAAS,CACtB,WAAmB,EACnB,KAAa;QAEb,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAA;QACrE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAA;QAC9D,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;QAEhE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,4CAA4C,EAAE;YACpE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,WAAW,EAAE;gBACtC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;SACxC,CAAC,CAAA;QAEF,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAoC,CAAA;QAElE,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CACX,6CAA6C,KAAK,GAAG,EACrD,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CACrB,CAAA;YACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAA;QACzC,CAAC;QAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAA;IACrB,CAAC;IAED,OAAO;QACL,iBAAiB;QACjB,SAAS;QACT,SAAS;QACT,uBAAuB;KACxB,CAAA;AACH,CAAC"}

package/dist/types/crypto.d.ts

@@ -0,0 +1,15 @@
+/**
+ * CryptoProvider interface: platform-agnostic crypto operations.
+ * Node.js uses node:crypto, CF Workers uses Web Crypto API.
+ */
+export interface CryptoProvider {
+    /** Generate a random hex string of the given byte length. */
+    randomHex(byteLength: number): Promise<string>;
+    /** Generate a UUID v4. */
+    uuid(): string;
+    /** Compute HMAC-SHA256 and return hex digest. */
+    hmacSha256(key: string, data: string): Promise<string>;
+    /** Constant-time string comparison. */
+    timingSafeEqual(a: string, b: string): Promise<boolean>;
+}
+//# sourceMappingURL=crypto.d.ts.map

package/dist/types/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/types/crypto.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,6DAA6D;IAC7D,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IAC9C,0BAA0B;IAC1B,IAAI,IAAI,MAAM,CAAA;IACd,iDAAiD;IACjD,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IACtD,uCAAuC;IACvC,eAAe,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;CACxD"}

package/dist/types/crypto.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=crypto.js.map

package/dist/types/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/types/crypto.ts"],"names":[],"mappings":""}

package/dist/types/index.d.ts

@@ -0,0 +1,6 @@
+export type { Vault } from './vault.js';
+export type { RelayHub } from './relay.js';
+export type { CryptoProvider } from './crypto.js';
+export type { BotRow, ConfigTokenRow, OAuthStateRow, WorkspaceAdminConfigRow, BotRepository, ConfigTokenRepository, OAuthStateRepository, WorkspaceAdminConfigRepository, } from './repository.js';
+export type { Platform, AppConfig } from './platform.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,KAAK,EAAE,MAAM,YAAY,CAAA;AACvC,YAAY,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAA;AAC1C,YAAY,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AACjD,YAAY,EACV,MAAM,EACN,cAAc,EACd,aAAa,EACb,uBAAuB,EACvB,aAAa,EACb,qBAAqB,EACrB,oBAAoB,EACpB,8BAA8B,GAC/B,MAAM,iBAAiB,CAAA;AACxB,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA"}

package/dist/types/index.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=index.js.map

package/dist/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":""}

package/dist/types/platform.d.ts

@@ -0,0 +1,25 @@
+import type { Vault } from './vault.js';
+import type { RelayHub } from './relay.js';
+import type { CryptoProvider } from './crypto.js';
+import type { BotRepository, ConfigTokenRepository, OAuthStateRepository, WorkspaceAdminConfigRepository } from './repository.js';
+/**
+ * Main Platform interface composing all platform-specific services.
+ * Implemented by platform-node and platform-cf.
+ */
+export interface Platform {
+    vault: Vault;
+    relay: RelayHub;
+    crypto: CryptoProvider;
+    bots: BotRepository;
+    configTokens: ConfigTokenRepository;
+    oauthStates: OAuthStateRepository;
+    workspaceAdminConfig: WorkspaceAdminConfigRepository;
+}
+/**
+ * Application configuration shared across runtimes.
+ */
+export interface AppConfig {
+    platformBaseUrl: string;
+    workspaceId: string;
+}
+//# sourceMappingURL=platform.d.ts.map

package/dist/types/platform.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"platform.d.ts","sourceRoot":"","sources":["../../src/types/platform.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,YAAY,CAAA;AACvC,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAA;AAC1C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AACjD,OAAO,KAAK,EACV,aAAa,EACb,qBAAqB,EACrB,oBAAoB,EACpB,8BAA8B,EAC/B,MAAM,iBAAiB,CAAA;AAExB;;;GAGG;AACH,MAAM,WAAW,QAAQ;IACvB,KAAK,EAAE,KAAK,CAAA;IACZ,KAAK,EAAE,QAAQ,CAAA;IACf,MAAM,EAAE,cAAc,CAAA;IACtB,IAAI,EAAE,aAAa,CAAA;IACnB,YAAY,EAAE,qBAAqB,CAAA;IACnC,WAAW,EAAE,oBAAoB,CAAA;IACjC,oBAAoB,EAAE,8BAA8B,CAAA;CACrD;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,eAAe,EAAE,MAAM,CAAA;IACvB,WAAW,EAAE,MAAM,CAAA;CACpB"}

package/dist/types/platform.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=platform.js.map

package/dist/types/platform.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"platform.js","sourceRoot":"","sources":["../../src/types/platform.ts"],"names":[],"mappings":""}

package/dist/types/relay.d.ts

@@ -0,0 +1,16 @@
+import type { Context } from 'hono';
+/**
+ * RelayHub interface: manages connections between the platform and local bot runtimes.
+ * Node.js uses SSE, CF Workers uses WebSocket via Durable Objects.
+ */
+export interface RelayHub {
+    /** Handle a new streaming connection from a bot runtime. */
+    handleStream(c: Context, botId: string, connectKey: string): Promise<Response>;
+    /** Dispatch a Slack event to the connected bot runtime. */
+    dispatch(botId: string, event: unknown): boolean;
+    /** Check if a specific bot is connected. */
+    isConnected(botId: string): boolean;
+    /** List all connected bot IDs. */
+    connectedBots(): string[];
+}
+//# sourceMappingURL=relay.d.ts.map

package/dist/types/relay.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"relay.d.ts","sourceRoot":"","sources":["../../src/types/relay.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAEnC;;;GAGG;AACH,MAAM,WAAW,QAAQ;IACvB,4DAA4D;IAC5D,YAAY,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;IAC9E,2DAA2D;IAC3D,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,OAAO,CAAA;IAChD,4CAA4C;IAC5C,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAA;IACnC,kCAAkC;IAClC,aAAa,IAAI,MAAM,EAAE,CAAA;CAC1B"}

package/dist/types/relay.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=relay.js.map

package/dist/types/relay.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"relay.js","sourceRoot":"","sources":["../../src/types/relay.ts"],"names":[],"mappings":""}

package/dist/types/repository.d.ts

@@ -0,0 +1,78 @@
+/**
+ * Database row types and repository interfaces.
+ * These abstract away the underlying DB (MySQL, PostgreSQL, D1/SQLite) and ORM (Drizzle).
+ */
+export interface BotRow {
+    id: string;
+    name: string;
+    botUsername: string;
+    profileImageUrl: string | null;
+    connectKey: string;
+    slackAppId: string | null;
+    slackTeamId: string | null;
+    botTokenEnc: string | null;
+    signingSecretEnc: string | null;
+    clientId: string | null;
+    clientSecretEnc: string | null;
+    manifestJson: string | null;
+    status: 'pending' | 'active' | 'disabled';
+    createdAt: Date;
+    updatedAt: Date;
+}
+export interface ConfigTokenRow {
+    workspaceId: string;
+    accessTokenEnc: string;
+    refreshTokenEnc: string;
+    expiresAt: Date;
+    updatedAt: Date;
+}
+export interface OAuthStateRow {
+    state: string;
+    botId: string;
+    expiresAt: Date;
+}
+export interface WorkspaceAdminConfigRow {
+    workspaceId: string;
+    slackClientId: string | null;
+    slackClientSecretEnc: string | null;
+    dCookieEnc: string | null;
+    xoxcTokenEnc: string | null;
+    workspaceDomain: string | null;
+    updatedAt: Date;
+    updatedByUserId: string | null;
+}
+export interface BotRepository {
+    findById(id: string): Promise<BotRow | null>;
+    findByConnectKey(connectKey: string): Promise<BotRow | null>;
+    findByConnectKeyAndStatus(connectKey: string, status: BotRow['status']): Promise<BotRow | null>;
+    findByIdAndStatus(id: string, status: BotRow['status']): Promise<BotRow | null>;
+    findAll(): Promise<BotRow[]>;
+    findAllSummary(): Promise<Array<{
+        id: string;
+        name: string;
+        profileImageUrl: string | null;
+        slackAppId: string | null;
+        slackTeamId: string | null;
+        status: BotRow['status'];
+        createdAt: Date;
+    }>>;
+    create(bot: Omit<BotRow, 'createdAt' | 'updatedAt'>): Promise<void>;
+    update(id: string, data: Partial<Omit<BotRow, 'id'>>): Promise<void>;
+    delete(id: string): Promise<void>;
+}
+export interface ConfigTokenRepository {
+    findByWorkspaceId(id: string): Promise<ConfigTokenRow | null>;
+    findAll(): Promise<ConfigTokenRow[]>;
+    upsert(row: Omit<ConfigTokenRow, 'updatedAt'>): Promise<void>;
+}
+export interface OAuthStateRepository {
+    create(row: OAuthStateRow): Promise<void>;
+    consume(state: string): Promise<OAuthStateRow | null>;
+    deleteExpired(): Promise<void>;
+}
+export interface WorkspaceAdminConfigRepository {
+    findByWorkspaceId(workspaceId: string): Promise<WorkspaceAdminConfigRow | null>;
+    findAll(): Promise<WorkspaceAdminConfigRow[]>;
+    upsert(config: Omit<WorkspaceAdminConfigRow, 'updatedAt'>): Promise<void>;
+}
+//# sourceMappingURL=repository.d.ts.map

package/dist/types/repository.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"repository.d.ts","sourceRoot":"","sources":["../../src/types/repository.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,EAAE,MAAM,CAAA;IACnB,eAAe,EAAE,MAAM,GAAG,IAAI,CAAA;IAC9B,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAA;IAC/B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,eAAe,EAAE,MAAM,GAAG,IAAI,CAAA;IAC9B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAA;IAC3B,MAAM,EAAE,SAAS,GAAG,QAAQ,GAAG,UAAU,CAAA;IACzC,SAAS,EAAE,IAAI,CAAA;IACf,SAAS,EAAE,IAAI,CAAA;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAA;IACnB,cAAc,EAAE,MAAM,CAAA;IACtB,eAAe,EAAE,MAAM,CAAA;IACvB,SAAS,EAAE,IAAI,CAAA;IACf,SAAS,EAAE,IAAI,CAAA;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,EAAE,IAAI,CAAA;CAChB;AAED,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,MAAM,CAAA;IACnB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAA;IACnC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAA;IAC3B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAA;IAC9B,SAAS,EAAE,IAAI,CAAA;IACf,eAAe,EAAE,MAAM,GAAG,IAAI,CAAA;CAC/B;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;IAC5C,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;IAC5D,yBAAyB,CACvB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,GACvB,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;IACzB,iBAAiB,CACf,EAAE,EAAE,MAAM,EACV,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,GACvB,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;IACzB,OAAO,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAAA;IAC5B,cAAc,IAAI,OAAO,CACvB,KAAK,CAAC;QACJ,EAAE,EAAE,MAAM,CAAA;QACV,IAAI,EAAE,MAAM,CAAA;QACZ,eAAe,EAAE,MAAM,GAAG,IAAI,CAAA;QAC9B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;QACzB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;QAC1B,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAA;QACxB,SAAS,EAAE,IAAI,CAAA;KAChB,CAAC,CACH,CAAA;IACD,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,WAAW,GAAG,WAAW,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACnE,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACpE,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;CAClC;AAED,MAAM,WAAW,qBAAqB;IACpC,iBAAiB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAAA;IAC7D,OAAO,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC,CAAA;IACpC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,cAAc,EAAE,WAAW,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;CAC9D;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACzC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAA;IACrD,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;CAC/B;AAED,MAAM,WAAW,8BAA8B;IAC7C,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC,CAAA;IAC/E,OAAO,IAAI,OAAO,CAAC,uBAAuB,EAAE,CAAC,CAAA;IAC7C,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,uBAAuB,EAAE,WAAW,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;CAC1E"}

package/dist/types/repository.js

@@ -0,0 +1,6 @@
+/**
+ * Database row types and repository interfaces.
+ * These abstract away the underlying DB (MySQL, PostgreSQL, D1/SQLite) and ORM (Drizzle).
+ */
+export {};
+//# sourceMappingURL=repository.js.map

package/dist/types/repository.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"repository.js","sourceRoot":"","sources":["../../src/types/repository.ts"],"names":[],"mappings":"AAAA;;;GAGG"}

package/dist/types/vault.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Vault interface for encrypting/decrypting secrets.
+ * All methods return Promises to support Web Crypto (async) implementations.
+ */
+export interface Vault {
+    encrypt(plaintext: string): Promise<string>;
+    decrypt(encoded: string): Promise<string>;
+}
+//# sourceMappingURL=vault.d.ts.map

package/dist/types/vault.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault.d.ts","sourceRoot":"","sources":["../../src/types/vault.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,WAAW,KAAK;IACpB,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IAC3C,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;CAC1C"}