@sentry/junior 0.45.0 → 0.46.0

package/dist/app.js

@@ -31,7 +31,7 @@ import {
   runNonInteractiveCommand,
   sandboxSkillDir,
   sandboxSkillFile
-} from "./chunk-QAMTCT2R.js";
+} from "./chunk-ELM6HJ6S.js";
 import {
   CredentialUnavailableError,
   buildOAuthTokenRequest,
@@ -2119,6 +2119,10 @@ function markTurnFailed(args) {
 }
 
 // src/chat/runtime/turn-user-message.ts
+function normalizeSlackMessageTs(value) {
+  const trimmed = value?.trim();
+  return trimmed && /^\d+(?:\.\d+)?$/.test(trimmed) ? trimmed : void 0;
+}
 function getTurnUserMessage(conversation, sessionId) {
   for (let index = conversation.messages.length - 1; index >= 0; index -= 1) {
     const message = conversation.messages[index];
@@ -2134,6 +2138,9 @@ function getTurnUserMessage(conversation, sessionId) {
 function getTurnUserMessageId(conversation, sessionId) {
   return getTurnUserMessage(conversation, sessionId)?.id;
 }
+function getTurnUserSlackMessageTs(message) {
+  return normalizeSlackMessageTs(message?.meta?.slackTs) ?? normalizeSlackMessageTs(message?.id);
+}
 function getTurnUserReplyAttachmentContext(message) {
   const inboundAttachmentCount = message?.meta?.attachmentCount ?? 0;
   const imageAttachmentCount = message?.meta?.imageAttachmentCount ?? 0;
@@ -8631,7 +8638,6 @@ function resolveChannelCapabilities(channelId) {
 import fs4 from "fs/promises";
 
 // src/chat/sandbox/egress-policy.ts
-var SANDBOX_EGRESS_PROXY_PATH = "/api/internal/sandbox-egress";
 function matchesSandboxEgressDomain(host, domain) {
   return host.toLowerCase() === domain.toLowerCase();
 }
@@ -8653,31 +8659,24 @@ function resolveSandboxEgressProviderForHost(host) {
     (entry) => entry.domains.some((domain) => matchesSandboxEgressDomain(host, domain))
   )?.provider;
 }
-function proxyUrl(egressId) {
+function sandboxProxyUrl() {
   const baseUrl = resolveBaseUrl();
   if (!baseUrl) {
-    return void 0;
-  }
-  const url = new URL(
-    `${SANDBOX_EGRESS_PROXY_PATH}/${encodeURIComponent(egressId)}`,
-    baseUrl
-  );
-  return url.toString();
-}
-function buildSandboxEgressNetworkPolicy(egressId) {
-  const entries = providerEntries();
-  if (entries.length === 0) {
-    return void 0;
-  }
-  const forwardURL = proxyUrl(egressId);
-  if (!forwardURL) {
     throw new Error(
       "Cannot determine base URL for sandbox credential egress (set JUNIOR_BASE_URL or deploy to Vercel)"
     );
   }
+  return new URL("/", baseUrl).toString();
+}
+function buildSandboxEgressNetworkPolicy() {
   const allow = {
     "*": []
   };
+  const entries = providerEntries();
+  if (entries.length === 0) {
+    return { allow };
+  }
+  const forwardURL = sandboxProxyUrl();
   for (const entry of entries) {
     for (const domain of entry.domains) {
       allow[domain] = [{ forwardURL }];
@@ -8685,11 +8684,14 @@ function buildSandboxEgressNetworkPolicy(egressId) {
   }
   return { allow };
 }
-async function resolveSandboxCommandEnvironment() {
+async function resolveSandboxCommandEnvironment(provider) {
   const env = {};
   for (const plugin of getPluginProviders().sort(
     (left, right) => left.manifest.name.localeCompare(right.manifest.name)
   )) {
+    if (provider && plugin.manifest.name !== provider) {
+      continue;
+    }
     Object.assign(env, resolvePluginCommandEnv(plugin.manifest));
     const credentials = plugin.manifest.credentials;
     if (credentials) {
@@ -10006,7 +10008,6 @@ function createSandboxSessionManager(options) {
     return {
       bash: async (input) => {
         const commandEgressId = sandboxInstance.sandboxEgressId;
-        await options?.beforeCommand?.(commandEgressId);
         let timedOut = false;
         let timeoutId;
         let commandFinished = false;
@@ -10016,6 +10017,7 @@ function createSandboxSessionManager(options) {
           }
           commandFinished = true;
           await options?.afterCommand?.(commandEgressId);
+          await refreshNetworkPolicy(sandboxInstance);
         };
         const finishCommandBestEffort = async () => {
           try {
@@ -10033,6 +10035,8 @@ function createSandboxSessionManager(options) {
           }
         };
         try {
+          await options?.beforeCommand?.(commandEgressId);
+          await refreshNetworkPolicy(sandboxInstance);
           const sandboxCommandEnv = await resolveCommandEnv();
           const script = buildNonInteractiveShellScript(input.command, {
             env: { ...sandboxCommandEnv, ...input.env ?? {} },
@@ -10156,14 +10160,14 @@ function createSandboxExecutor(options) {
   let referenceFiles = [];
   const traceContext = options?.traceContext ?? {};
   const credentialEgress = options?.credentialEgress;
-  const syncSandboxEgressSession = credentialEgress ? async (egressId) => {
+  const authorizeSandboxEgressForCommand = credentialEgress ? async (egressId) => {
     await upsertSandboxEgressSession({
       egressId,
       requesterId: credentialEgress.requesterId,
       ttlMs: options?.timeoutMs
     });
   } : void 0;
-  const clearSandboxEgressSessionForCommand = credentialEgress ? async (egressId) => {
+  const clearSandboxEgressForCommand = credentialEgress ? async (egressId) => {
     await clearSandboxEgressSession(egressId);
   } : void 0;
   const sessionManager = createSandboxSessionManager({
@@ -10171,10 +10175,13 @@ function createSandboxExecutor(options) {
     sandboxDependencyProfileHash: options?.sandboxDependencyProfileHash,
     timeoutMs: options?.timeoutMs,
     traceContext,
-    commandEnv: credentialEgress ? async () => await resolveSandboxCommandEnvironment() : void 0,
+    commandEnv: credentialEgress ? async () => {
+      const provider = credentialEgress.activeProvider?.();
+      return provider ? await resolveSandboxCommandEnvironment(provider) : {};
+    } : void 0,
     createNetworkPolicy: credentialEgress ? buildSandboxEgressNetworkPolicy : void 0,
-    beforeCommand: syncSandboxEgressSession,
-    afterCommand: clearSandboxEgressSessionForCommand,
+    beforeCommand: authorizeSandboxEgressForCommand,
+    afterCommand: clearSandboxEgressForCommand,
     onSandboxAcquired: async (sandbox) => {
       await options?.onSandboxAcquired?.(sandbox);
     }
@@ -12098,7 +12105,8 @@ async function generateAssistantReply(messageText, context = {}) {
       sandboxDependencyProfileHash: context.sandbox?.sandboxDependencyProfileHash,
       traceContext: spanContext,
       credentialEgress: requesterId ? {
-        requesterId
+        requesterId,
+        activeProvider: () => skillSandbox.getActiveSkill()?.pluginProvider
       } : void 0,
       onSandboxAcquired: async (sandbox2) => {
         lastKnownSandboxId = sandbox2.sandboxId;
@@ -13480,6 +13488,247 @@ async function postSlackApiReplyPosts(args) {
   return lastPostedMessageTs;
 }
 
+// src/chat/slack/errors.ts
+function getSlackApiErrorCode(error) {
+  if (!error || typeof error !== "object") {
+    return void 0;
+  }
+  const candidate = error;
+  if (typeof candidate.data?.error === "string" && candidate.data.error.trim().length > 0) {
+    return candidate.data.error;
+  }
+  if (typeof candidate.code === "string" && candidate.code.trim().length > 0) {
+    return candidate.code;
+  }
+  return void 0;
+}
+function getSlackErrorObservabilityAttributes(error) {
+  if (!error || typeof error !== "object") {
+    return {};
+  }
+  const candidate = error;
+  const attributes = {};
+  if (typeof candidate.code === "string" && candidate.code.trim().length > 0) {
+    attributes["app.slack.error_code"] = candidate.code;
+  }
+  if (typeof candidate.data?.error === "string" && candidate.data.error.trim().length > 0) {
+    attributes["app.slack.api_error"] = candidate.data.error;
+  }
+  const requestId = getHeaderString(candidate.headers, "x-slack-req-id");
+  if (requestId) {
+    attributes["app.slack.request_id"] = requestId;
+  }
+  if (typeof candidate.statusCode === "number" && Number.isFinite(candidate.statusCode)) {
+    attributes["http.response.status_code"] = candidate.statusCode;
+  }
+  return attributes;
+}
+function isSlackTitlePermissionError(error) {
+  const code = getSlackApiErrorCode(error);
+  return code === "no_permission" || code === "missing_scope" || code === "not_allowed_token_type";
+}
+
+// src/chat/slack/context.ts
+function toTrimmedSlackString(value) {
+  const normalized = toOptionalString(value);
+  return normalized?.trim() || void 0;
+}
+function parseSlackThreadId(threadId) {
+  const normalizedThreadId = toTrimmedSlackString(threadId);
+  if (!normalizedThreadId) {
+    return void 0;
+  }
+  const parts = normalizedThreadId.split(":");
+  if (parts.length !== 3 || parts[0] !== "slack") {
+    return void 0;
+  }
+  const channelId = toTrimmedSlackString(parts[1]);
+  const threadTs = toTrimmedSlackString(parts[2]);
+  if (!channelId || !threadTs) {
+    return void 0;
+  }
+  return { channelId, threadTs };
+}
+function resolveSlackChannelIdFromThreadId(threadId) {
+  return parseSlackThreadId(threadId)?.channelId;
+}
+function resolveSlackChannelIdFromMessage(message) {
+  const messageChannelId = toTrimmedSlackString(
+    message.channelId
+  );
+  if (messageChannelId) {
+    return messageChannelId;
+  }
+  const raw = message.raw;
+  if (raw && typeof raw === "object") {
+    const rawChannel = toTrimmedSlackString(
+      raw.channel
+    );
+    if (rawChannel) {
+      return rawChannel;
+    }
+  }
+  const threadId = toTrimmedSlackString(
+    message.threadId
+  );
+  return resolveSlackChannelIdFromThreadId(threadId);
+}
+
+// src/chat/runtime/thread-context.ts
+function escapeRegExp2(value) {
+  return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+function stripLeadingBotMention(text, options = {}) {
+  if (!text.trim()) return text;
+  let next = text;
+  if (options.stripLeadingSlackMentionToken) {
+    next = next.replace(/^\s*<@[^>]+>[\s,:-]*/, "").trim();
+  }
+  const mentionByNameRe = new RegExp(
+    `^\\s*@${escapeRegExp2(botConfig.userName)}\\b[\\s,:-]*`,
+    "i"
+  );
+  next = next.replace(mentionByNameRe, "").trim();
+  const mentionByLabeledEntityRe = new RegExp(
+    `^\\s*<@[^>|]+\\|${escapeRegExp2(botConfig.userName)}>[\\s,:-]*`,
+    "i"
+  );
+  next = next.replace(mentionByLabeledEntityRe, "").trim();
+  return next;
+}
+function getThreadId(thread, _message) {
+  return toOptionalString(thread.id);
+}
+function getRunId(thread, message) {
+  return toOptionalString(thread.runId) ?? toOptionalString(message.runId);
+}
+function getChannelId(thread, message) {
+  return resolveSlackChannelIdFromThreadId(toOptionalString(thread.id)) ?? normalizeSlackConversationId(toOptionalString(thread.channelId)) ?? resolveSlackChannelIdFromMessage(message);
+}
+function getThreadTs(threadId) {
+  return parseSlackThreadId(threadId)?.threadTs;
+}
+function getAssistantThreadContext(message) {
+  const raw = message.raw;
+  const rawRecord = raw && typeof raw === "object" ? raw : void 0;
+  const channelId = toOptionalString(rawRecord?.channel);
+  if (channelId) {
+    const rawThreadTs = toOptionalString(rawRecord?.thread_ts);
+    const threadTs = isDmChannel(channelId) ? rawThreadTs : rawThreadTs ?? toOptionalString(rawRecord?.ts);
+    if (threadTs) {
+      return { channelId, threadTs };
+    }
+  }
+  const parsedThreadId = parseSlackThreadId(
+    toOptionalString(message.threadId)
+  );
+  if (!parsedThreadId || isDmChannel(parsedThreadId.channelId)) {
+    return void 0;
+  }
+  return parsedThreadId;
+}
+function getMessageTs(message) {
+  const directTs = toOptionalString(
+    message.ts
+  );
+  if (directTs) {
+    return directTs;
+  }
+  const raw = message.raw;
+  if (!raw || typeof raw !== "object") {
+    return void 0;
+  }
+  const rawRecord = raw;
+  return toOptionalString(rawRecord.ts) ?? toOptionalString(rawRecord.event_ts) ?? toOptionalString(rawRecord.message?.ts);
+}
+
+// src/chat/runtime/processing-reaction.ts
+var PROCESSING_REACTION_EMOJI = "eyes";
+var noProcessingReaction = {
+  keep: () => void 0,
+  stop: async () => void 0
+};
+function isProcessingReactionEmoji(value) {
+  return typeof value === "string" && normalizeSlackEmojiName(value) === PROCESSING_REACTION_EMOJI;
+}
+function shouldKeepProcessingReactionForToolInvocation(input) {
+  return input.toolName === "slackMessageAddReaction" && isProcessingReactionEmoji(input.params.emoji);
+}
+async function startSlackProcessingReaction(args) {
+  if (args.message.author.isMe) {
+    return noProcessingReaction;
+  }
+  const channelId = getChannelId(args.thread, args.message);
+  const messageTs = getMessageTs(args.message);
+  if (!channelId || !messageTs) {
+    return noProcessingReaction;
+  }
+  return startSlackProcessingReactionForMessage({
+    channelId,
+    timestamp: messageTs,
+    logException: args.logException,
+    logContext: args.logContext
+  });
+}
+async function startSlackProcessingReactionForMessage(args) {
+  try {
+    await addReactionToMessage({
+      channelId: args.channelId,
+      timestamp: args.timestamp,
+      emoji: PROCESSING_REACTION_EMOJI
+    });
+  } catch (error) {
+    args.logException(
+      error,
+      "slack_processing_reaction_add_failed",
+      args.logContext,
+      {
+        "app.slack.action": "reactions.add",
+        "messaging.message.id": args.timestamp,
+        ...getSlackErrorObservabilityAttributes(error)
+      },
+      "Failed to add Slack processing reaction"
+    );
+    return noProcessingReaction;
+  }
+  let shouldRemove = true;
+  return {
+    keep: () => {
+      shouldRemove = false;
+    },
+    stop: async () => {
+      if (!shouldRemove) {
+        return;
+      }
+      try {
+        await removeReactionFromMessage({
+          channelId: args.channelId,
+          timestamp: args.timestamp,
+          emoji: PROCESSING_REACTION_EMOJI
+        });
+      } catch (error) {
+        args.logException(
+          error,
+          "slack_processing_reaction_remove_failed",
+          args.logContext,
+          {
+            "app.slack.action": "reactions.remove",
+            "messaging.message.id": args.timestamp,
+            ...getSlackErrorObservabilityAttributes(error)
+          },
+          "Failed to remove Slack processing reaction"
+        );
+      }
+    }
+  };
+}
+
+// src/chat/services/auth-pause-response.ts
+var AUTH_PAUSE_RESPONSE = "I need authorization to continue. Check your private link to connect.";
+function buildAuthPauseResponse() {
+  return AUTH_PAUSE_RESPONSE;
+}
+
 // src/chat/runtime/slack-resume.ts
 function resolveReplyTimeoutMs(explicitTimeoutMs) {
   if (typeof explicitTimeoutMs === "number" && explicitTimeoutMs > 0) {
@@ -13655,10 +13904,19 @@ async function resumeSlackTurn(args) {
     channelId: args.channelId,
     threadTs: args.threadTs
   });
+  let processingReaction;
   let deferredPauseKind;
   let deferredPauseHandler;
   let deferredFailureHandler;
   try {
+    if (args.messageTs) {
+      processingReaction = await startSlackProcessingReactionForMessage({
+        channelId: args.channelId,
+        timestamp: args.messageTs,
+        logException,
+        logContext: { ...getResumeLogContext(args, lockKey) }
+      });
+    }
     if (args.initialText) {
       await postSlackMessageBestEffort(
         args.channelId,
@@ -13730,11 +13988,19 @@ async function resumeSlackTurn(args) {
       };
     }
   } finally {
+    await processingReaction?.stop();
     await stateAdapter.releaseLock(lock);
   }
   if (deferredPauseHandler) {
     try {
       await deferredPauseHandler();
+      if (deferredPauseKind === "auth") {
+        await postSlackMessageBestEffort(
+          args.channelId,
+          args.threadTs,
+          buildAuthPauseResponse()
+        );
+      }
       if (deferredPauseKind === "timeout") {
         await postTurnContinuationNoticeBestEffort({
           lockKey,
@@ -13762,6 +14028,7 @@ async function resumeAuthorizedRequest(args) {
     messageText: args.messageText,
     channelId: args.channelId,
     threadTs: args.threadTs,
+    messageTs: args.messageTs,
     replyContext: args.replyContext,
     lockKey: args.lockKey,
     initialText: args.connectedText,
@@ -14084,6 +14351,7 @@ async function resumeAuthorizedMcpTurn(args) {
     messageText: userMessage.text,
     channelId: authSession.channelId,
     threadTs: authSession.threadTs,
+    messageTs: getTurnUserSlackMessageTs(userMessage),
     lockKey: authSession.conversationId,
     connectedText: "",
     replyContext: {
@@ -14525,6 +14793,7 @@ async function resumeCheckpointedOAuthTurn(stored) {
     messageText: stored.pendingMessage ?? userMessage.text,
     channelId: stored.channelId,
     threadTs: stored.threadTs,
+    messageTs: getTurnUserSlackMessageTs(userMessage),
     lockKey: stored.resumeConversationId,
     initialText: "",
     replyContext: {
@@ -14617,14 +14886,15 @@ async function resumePendingOAuthMessage(stored) {
   const conversation = coerceThreadConversationState(
     await getPersistedThreadState(threadId)
   );
-  const latestUserMessageId = [...conversation.messages].reverse().find((message) => message.role === "user")?.id;
+  const latestUserMessage = [...conversation.messages].reverse().find((message) => message.role === "user");
   const conversationContext = buildConversationContext(conversation, {
-    excludeMessageId: latestUserMessageId
+    excludeMessageId: latestUserMessage?.id
   });
   await resumeAuthorizedRequest({
     messageText: stored.pendingMessage,
     channelId: stored.channelId,
     threadTs: stored.threadTs,
+    messageTs: getTurnUserSlackMessageTs(latestUserMessage),
     connectedText: "",
     replyContext: {
       requester: { userId: stored.userId },
@@ -14881,12 +15151,7 @@ async function getJwks(issuer) {
   });
   return jwks;
 }
-function validateSandboxClaim(payload, egressId) {
-  if (payload.sandbox_id !== egressId) {
-    throw new Error("Vercel OIDC token belongs to a different sandbox");
-  }
-}
-async function verifyVercelSandboxOidcToken(token, egressId) {
+async function verifyVercelSandboxOidcToken(token) {
   const unverified = decodeJwt(token);
   if (typeof unverified.iss !== "string") {
     throw new Error("Vercel OIDC token did not include an issuer");
@@ -14895,7 +15160,6 @@ async function verifyVercelSandboxOidcToken(token, egressId) {
   const verified = await jwtVerify(token, jwks, {
     issuer: unverified.iss
   });
-  validateSandboxClaim(verified.payload, egressId);
   return verified.payload;
 }
 
@@ -14904,7 +15168,7 @@ var OIDC_TOKEN_HEADER = "vercel-sandbox-oidc-token";
 var FORWARDED_HOST_HEADER = "vercel-forwarded-host";
 var FORWARDED_SCHEME_HEADER = "vercel-forwarded-scheme";
 var FORWARDED_PORT_HEADER = "vercel-forwarded-port";
-var ROUTE_PREFIX = "/api/internal/sandbox-egress";
+var FORWARDED_PATH_HEADER = "vercel-forwarded-path";
 var HOP_BY_HOP_HEADERS = /* @__PURE__ */ new Set([
   "connection",
   "host",
@@ -14920,7 +15184,8 @@ var PROXY_ONLY_HEADERS = /* @__PURE__ */ new Set([
   OIDC_TOKEN_HEADER,
   FORWARDED_HOST_HEADER,
   FORWARDED_SCHEME_HEADER,
-  FORWARDED_PORT_HEADER
+  FORWARDED_PORT_HEADER,
+  FORWARDED_PATH_HEADER
 ]);
 var DECODED_RESPONSE_HEADERS = /* @__PURE__ */ new Set([
   "content-encoding",
@@ -14930,15 +15195,61 @@ var AUTH_REJECTION_STATUS = /* @__PURE__ */ new Set([401, 403]);
 function jsonError(message, status) {
   return Response.json({ error: message }, { status });
 }
-function normalizeHost(value) {
-  const trimmed = value.trim().toLowerCase();
-  if (!trimmed || trimmed.includes("/") || trimmed.includes("\\") || trimmed.includes(":")) {
-    return void 0;
-  }
-  return trimmed.replace(/\.$/, "");
+function shouldLogSandboxEgressInfo() {
+  const environment = (process.env.SENTRY_ENVIRONMENT ?? process.env.VERCEL_ENV ?? process.env.NODE_ENV ?? "").trim().toLowerCase();
+  return environment !== "production";
 }
-function normalizeScheme(value) {
-  return value.trim().toLowerCase() === "https" ? "https" : void 0;
+function egressAttributes(input) {
+  return {
+    ...input.egressId ? { "app.sandbox.egress_id": input.egressId } : {},
+    ...input.provider ? { "app.credential.provider": input.provider } : {},
+    ...input.host ? { "server.address": input.host } : {},
+    ...input.method ? { "http.request.method": input.method } : {},
+    ...input.path ? { "url.path": input.path } : {},
+    ...input.status ? { "http.response.status_code": input.status } : {}
+  };
+}
+function routingAttributes(request, upstreamUrl) {
+  const proxyUrl = new URL(request.url);
+  const attributes = {
+    "app.sandbox.egress.proxy_path": proxyUrl.pathname
+  };
+  if (upstreamUrl) {
+    attributes["app.sandbox.egress.upstream_path"] = upstreamUrl.pathname;
+  }
+  return attributes;
+}
+function logSandboxEgressUpstreamRequest(input) {
+  if (!shouldLogSandboxEgressInfo()) {
+    return;
+  }
+  logInfo(
+    "sandbox_egress_upstream_request",
+    {},
+    {
+      ...egressAttributes({
+        egressId: input.egressId,
+        host: input.upstreamUrl.hostname,
+        method: input.request.method,
+        path: input.upstreamUrl.pathname,
+        provider: input.provider,
+        status: input.upstream.status
+      }),
+      ...routingAttributes(input.request, input.upstreamUrl),
+      "app.sandbox.egress.upstream_ok": input.upstream.ok
+    },
+    `Sandbox egress ${input.request.method} ${input.upstreamUrl.hostname}${input.upstreamUrl.pathname} -> ${input.upstream.status}`
+  );
+}
+function normalizeHost(value) {
+  const trimmed = value.trim().toLowerCase();
+  if (!trimmed || trimmed.includes("/") || trimmed.includes("\\") || trimmed.includes(":")) {
+    return void 0;
+  }
+  return trimmed.replace(/\.$/, "");
+}
+function normalizeScheme(value) {
+  return value.trim().toLowerCase() === "https" ? "https" : void 0;
 }
 function normalizePort(value) {
   if (!value) {
@@ -14951,18 +15262,27 @@ function normalizePort(value) {
   const port = Number.parseInt(trimmed, 10);
   return port >= 1 && port <= 65535 ? trimmed : void 0;
 }
-function upstreamPath(request, egressId) {
-  const url = new URL(request.url);
-  const prefix = `${ROUTE_PREFIX}/${encodeURIComponent(egressId)}`;
-  if (url.pathname === prefix) {
-    return `/${url.search}`;
-  }
-  if (url.pathname.startsWith(`${prefix}/`)) {
-    return `${url.pathname.slice(prefix.length)}${url.search}`;
+function sandboxIdFromPayload(payload) {
+  return typeof payload.sandbox_id === "string" ? payload.sandbox_id : void 0;
+}
+function upstreamPath(request) {
+  const forwardedPath = request.headers.get(FORWARDED_PATH_HEADER);
+  if (forwardedPath?.trim()) {
+    const path11 = forwardedPath.trim();
+    if (!path11.startsWith("/") || path11.startsWith("//") || path11.includes("#") || /[\r\n]/.test(path11)) {
+      return { ok: false, error: "Invalid forwarded path" };
+    }
+    try {
+      const url2 = new URL(path11, "https://sandbox-forwarded.local");
+      return { ok: true, path: `${url2.pathname}${url2.search}` };
+    } catch {
+      return { ok: false, error: "Invalid forwarded path" };
+    }
   }
-  return void 0;
+  const url = new URL(request.url);
+  return { ok: true, path: `${url.pathname}${url.search}` };
 }
-function buildUpstreamUrl(request, egressId) {
+function buildUpstreamUrl(request) {
   const forwardedHost = request.headers.get(FORWARDED_HOST_HEADER);
   if (!forwardedHost?.trim()) {
     return { ok: false, error: "Missing forwarded host" };
@@ -14984,12 +15304,14 @@ function buildUpstreamUrl(request, egressId) {
   if (forwardedPort && !port) {
     return { ok: false, error: "Invalid forwarded port" };
   }
-  const path11 = upstreamPath(request, egressId);
-  if (!path11) {
-    return { ok: false, error: "Invalid egress route" };
+  const path11 = upstreamPath(request);
+  if (!path11.ok) {
+    return { ok: false, error: path11.error };
   }
   try {
-    const url = new URL(`${scheme}://${host}${port ? `:${port}` : ""}${path11}`);
+    const url = new URL(
+      `${scheme}://${host}${port ? `:${port}` : ""}${path11.path}`
+    );
     return { ok: true, url };
   } catch {
     return { ok: false, error: "Invalid forwarded URL" };
@@ -15063,15 +15385,20 @@ function hasTransformForHost(lease, host) {
     (transform) => matchesSandboxEgressDomain(host, transform.domain)
   );
 }
-async function proxySandboxEgressRequest(request, egressId, deps = {}) {
+function isSandboxEgressForwardedRequest(request) {
+  return Boolean(
+    request.headers.get(OIDC_TOKEN_HEADER)?.trim() && request.headers.get(FORWARDED_HOST_HEADER)?.trim() && request.headers.get(FORWARDED_SCHEME_HEADER)?.trim()
+  );
+}
+async function proxySandboxEgressRequest(request, deps = {}) {
   const oidcToken = request.headers.get(OIDC_TOKEN_HEADER)?.trim();
   if (!oidcToken) {
     return jsonError("Missing Vercel Sandbox OIDC token", 401);
   }
+  let oidcPayload;
   try {
-    await (deps.verifyOidc ?? verifyVercelSandboxOidcToken)(
-      oidcToken,
-      egressId
+    oidcPayload = await (deps.verifyOidc ?? verifyVercelSandboxOidcToken)(
+      oidcToken
     );
   } catch (error) {
     logWarn(
@@ -15084,24 +15411,101 @@ async function proxySandboxEgressRequest(request, egressId, deps = {}) {
     );
     return jsonError("Invalid Vercel Sandbox OIDC token", 401);
   }
-  const upstreamResult = buildUpstreamUrl(request, egressId);
+  const activeEgressId = sandboxIdFromPayload(oidcPayload);
+  if (!activeEgressId) {
+    logWarn(
+      "sandbox_egress_oidc_session_missing",
+      {},
+      {
+        "http.request.method": request.method,
+        "url.path": new URL(request.url).pathname
+      },
+      "Sandbox egress OIDC payload did not include a VM session id"
+    );
+    return jsonError(
+      "Vercel Sandbox OIDC token did not include sandbox_id",
+      401
+    );
+  }
+  const upstreamResult = buildUpstreamUrl(request);
   if (!upstreamResult.ok) {
+    logWarn(
+      "sandbox_egress_upstream_url_invalid",
+      {},
+      {
+        ...egressAttributes({
+          egressId: activeEgressId,
+          method: request.method,
+          path: new URL(request.url).pathname,
+          status: 400
+        }),
+        ...routingAttributes(request)
+      },
+      "Sandbox egress forwarded request had invalid upstream routing headers"
+    );
     return jsonError(upstreamResult.error, 400);
   }
   const upstreamUrl = upstreamResult.url;
   const provider = resolveSandboxEgressProviderForHost(upstreamUrl.hostname);
   if (!provider) {
+    logWarn(
+      "sandbox_egress_provider_unresolved",
+      {},
+      {
+        ...egressAttributes({
+          egressId: activeEgressId,
+          host: upstreamUrl.hostname,
+          method: request.method,
+          path: upstreamUrl.pathname,
+          status: 403
+        }),
+        ...routingAttributes(request, upstreamUrl)
+      },
+      "Sandbox egress forwarded host is not owned by any credential provider"
+    );
     return jsonError("No provider owns forwarded host", 403);
   }
-  const session = await getSandboxEgressSession(egressId);
+  const session = await getSandboxEgressSession(activeEgressId);
   if (!session) {
+    logWarn(
+      "sandbox_egress_session_unauthorized",
+      {},
+      {
+        ...egressAttributes({
+          egressId: activeEgressId,
+          host: upstreamUrl.hostname,
+          method: request.method,
+          path: upstreamUrl.pathname,
+          provider,
+          status: 403
+        }),
+        ...routingAttributes(request, upstreamUrl)
+      },
+      "Sandbox egress VM session is not authorized for requester credentials"
+    );
     return jsonError("Sandbox egress session is not authorized", 403);
   }
   let lease;
   try {
-    lease = await credentialLease(egressId, provider, session);
+    lease = await credentialLease(activeEgressId, provider, session);
   } catch (error) {
     if (error instanceof CredentialUnavailableError) {
+      logWarn(
+        "sandbox_egress_credential_unavailable",
+        {},
+        {
+          ...egressAttributes({
+            egressId: activeEgressId,
+            host: upstreamUrl.hostname,
+            method: request.method,
+            path: upstreamUrl.pathname,
+            provider,
+            status: 401
+          }),
+          ...routingAttributes(request, upstreamUrl)
+        },
+        "Sandbox egress provider credential is unavailable"
+      );
       return new Response(
         `junior-auth-required provider=${error.provider} 401 unauthorized
 ${error.message}`,
@@ -15114,28 +15518,80 @@ ${error.message}`,
     throw error;
   }
   if (!hasTransformForHost(lease, upstreamUrl.hostname)) {
+    logWarn(
+      "sandbox_egress_transform_missing",
+      {},
+      {
+        ...egressAttributes({
+          egressId: activeEgressId,
+          host: upstreamUrl.hostname,
+          method: request.method,
+          path: upstreamUrl.pathname,
+          provider,
+          status: 403
+        }),
+        "app.sandbox.egress.transform_domains": lease.headerTransforms.map(
+          (transform) => transform.domain
+        ),
+        ...routingAttributes(request, upstreamUrl)
+      },
+      "Sandbox egress credential lease does not cover forwarded host"
+    );
     return jsonError("Credential lease does not cover forwarded host", 403);
   }
   const body = await requestBodyBytes(request);
-  const upstream = await (deps.fetch ?? fetch)(upstreamUrl, {
+  const fetchImpl = deps.fetch ?? fetch;
+  const headers = requestHeaders(request, lease, upstreamUrl.hostname);
+  const upstream = await fetchImpl(upstreamUrl, {
     method: request.method,
-    headers: requestHeaders(request, lease, upstreamUrl.hostname),
-    ...body ? { body } : {},
+    headers,
+    ...body !== void 0 ? { body } : {},
     redirect: "manual"
   });
+  logSandboxEgressUpstreamRequest({
+    egressId: activeEgressId,
+    provider,
+    request,
+    upstream,
+    upstreamUrl
+  });
+  if (upstream.status >= 400) {
+    logWarn(
+      "sandbox_egress_upstream_error_response",
+      {},
+      {
+        ...egressAttributes({
+          egressId: activeEgressId,
+          host: upstreamUrl.hostname,
+          method: request.method,
+          path: upstreamUrl.pathname,
+          provider,
+          status: upstream.status
+        }),
+        ...routingAttributes(request, upstreamUrl),
+        "error.type": `http_${upstream.status}`
+      },
+      `Sandbox egress upstream returned HTTP ${upstream.status}`
+    );
+  }
   if (AUTH_REJECTION_STATUS.has(upstream.status)) {
     logWarn(
       "sandbox_egress_upstream_auth_rejected",
       {},
       {
-        "app.credential.provider": provider,
-        "http.request.method": request.method,
-        "http.response.status_code": upstream.status,
-        "server.address": upstreamUrl.hostname
+        ...egressAttributes({
+          egressId: activeEgressId,
+          host: upstreamUrl.hostname,
+          method: request.method,
+          path: upstreamUrl.pathname,
+          provider,
+          status: upstream.status
+        }),
+        ...routingAttributes(request, upstreamUrl)
       },
       "Sandbox egress upstream auth rejected"
     );
-    await clearSandboxEgressCredentialLease(egressId, provider, session);
+    await clearSandboxEgressCredentialLease(activeEgressId, provider, session);
   }
   return new Response(upstream.body, {
     status: upstream.status,
@@ -15145,54 +15601,11 @@ ${error.message}`,
 }
 
 // src/handlers/sandbox-egress-proxy.ts
-async function ALL(request, egressId) {
-  return await proxySandboxEgressRequest(request, egressId);
-}
-
-// src/chat/slack/context.ts
-function toTrimmedSlackString(value) {
-  const normalized = toOptionalString(value);
-  return normalized?.trim() || void 0;
-}
-function parseSlackThreadId(threadId) {
-  const normalizedThreadId = toTrimmedSlackString(threadId);
-  if (!normalizedThreadId) {
-    return void 0;
-  }
-  const parts = normalizedThreadId.split(":");
-  if (parts.length !== 3 || parts[0] !== "slack") {
-    return void 0;
-  }
-  const channelId = toTrimmedSlackString(parts[1]);
-  const threadTs = toTrimmedSlackString(parts[2]);
-  if (!channelId || !threadTs) {
-    return void 0;
-  }
-  return { channelId, threadTs };
+async function ALL(request) {
+  return await proxySandboxEgressRequest(request);
 }
-function resolveSlackChannelIdFromThreadId(threadId) {
-  return parseSlackThreadId(threadId)?.channelId;
-}
-function resolveSlackChannelIdFromMessage(message) {
-  const messageChannelId = toTrimmedSlackString(
-    message.channelId
-  );
-  if (messageChannelId) {
-    return messageChannelId;
-  }
-  const raw = message.raw;
-  if (raw && typeof raw === "object") {
-    const rawChannel = toTrimmedSlackString(
-      raw.channel
-    );
-    if (rawChannel) {
-      return rawChannel;
-    }
-  }
-  const threadId = toTrimmedSlackString(
-    message.threadId
-  );
-  return resolveSlackChannelIdFromThreadId(threadId);
+function isSandboxEgressRequest(request) {
+  return isSandboxEgressForwardedRequest(request);
 }
 
 // src/handlers/turn-resume.ts
@@ -15487,11 +15900,11 @@ var DIRECTED_FOLLOW_UP_CUE_RE = /\b(?:you said|you just said|your last response|
 var TERSE_CLARIFICATION_RE = /^(?:which one|which ones|why|how so|what do you mean|what did you mean|say more|explain that|clarify that|expand on that|elaborate on that)\??$/i;
 var GENERIC_IMMEDIATE_SIDE_CONVERSATION_RE = /^(?:is that (?:the )?right (?:approach|call|move)|(?:can|could|would) you check on this)\??$/i;
 var RECENT_THREAD_WINDOW = 6;
-function escapeRegExp2(value) {
+function escapeRegExp3(value) {
   return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
 }
 function containsAssistantInvocation(text, botUserName) {
-  const escapedUserName = escapeRegExp2(botUserName);
+  const escapedUserName = escapeRegExp3(botUserName);
   const plainNameMentionRe = new RegExp(`(^|\\s)@${escapedUserName}\\b`, "i");
   const labeledEntityMentionRe = new RegExp(
     `<@[^>|]+\\|${escapedUserName}>`,
@@ -15786,187 +16199,6 @@ async function decideSubscribedThreadReply(args) {
   }
 }
 
-// src/chat/slack/errors.ts
-function getSlackApiErrorCode(error) {
-  if (!error || typeof error !== "object") {
-    return void 0;
-  }
-  const candidate = error;
-  if (typeof candidate.data?.error === "string" && candidate.data.error.trim().length > 0) {
-    return candidate.data.error;
-  }
-  if (typeof candidate.code === "string" && candidate.code.trim().length > 0) {
-    return candidate.code;
-  }
-  return void 0;
-}
-function getSlackErrorObservabilityAttributes(error) {
-  if (!error || typeof error !== "object") {
-    return {};
-  }
-  const candidate = error;
-  const attributes = {};
-  if (typeof candidate.code === "string" && candidate.code.trim().length > 0) {
-    attributes["app.slack.error_code"] = candidate.code;
-  }
-  if (typeof candidate.data?.error === "string" && candidate.data.error.trim().length > 0) {
-    attributes["app.slack.api_error"] = candidate.data.error;
-  }
-  const requestId = getHeaderString(candidate.headers, "x-slack-req-id");
-  if (requestId) {
-    attributes["app.slack.request_id"] = requestId;
-  }
-  if (typeof candidate.statusCode === "number" && Number.isFinite(candidate.statusCode)) {
-    attributes["http.response.status_code"] = candidate.statusCode;
-  }
-  return attributes;
-}
-function isSlackTitlePermissionError(error) {
-  const code = getSlackApiErrorCode(error);
-  return code === "no_permission" || code === "missing_scope" || code === "not_allowed_token_type";
-}
-
-// src/chat/runtime/thread-context.ts
-function escapeRegExp3(value) {
-  return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-}
-function stripLeadingBotMention(text, options = {}) {
-  if (!text.trim()) return text;
-  let next = text;
-  if (options.stripLeadingSlackMentionToken) {
-    next = next.replace(/^\s*<@[^>]+>[\s,:-]*/, "").trim();
-  }
-  const mentionByNameRe = new RegExp(
-    `^\\s*@${escapeRegExp3(botConfig.userName)}\\b[\\s,:-]*`,
-    "i"
-  );
-  next = next.replace(mentionByNameRe, "").trim();
-  const mentionByLabeledEntityRe = new RegExp(
-    `^\\s*<@[^>|]+\\|${escapeRegExp3(botConfig.userName)}>[\\s,:-]*`,
-    "i"
-  );
-  next = next.replace(mentionByLabeledEntityRe, "").trim();
-  return next;
-}
-function getThreadId(thread, _message) {
-  return toOptionalString(thread.id);
-}
-function getRunId(thread, message) {
-  return toOptionalString(thread.runId) ?? toOptionalString(message.runId);
-}
-function getChannelId(thread, message) {
-  return resolveSlackChannelIdFromThreadId(toOptionalString(thread.id)) ?? normalizeSlackConversationId(toOptionalString(thread.channelId)) ?? resolveSlackChannelIdFromMessage(message);
-}
-function getThreadTs(threadId) {
-  return parseSlackThreadId(threadId)?.threadTs;
-}
-function getAssistantThreadContext(message) {
-  const raw = message.raw;
-  const rawRecord = raw && typeof raw === "object" ? raw : void 0;
-  const channelId = toOptionalString(rawRecord?.channel);
-  if (channelId) {
-    const rawThreadTs = toOptionalString(rawRecord?.thread_ts);
-    const threadTs = isDmChannel(channelId) ? rawThreadTs : rawThreadTs ?? toOptionalString(rawRecord?.ts);
-    if (threadTs) {
-      return { channelId, threadTs };
-    }
-  }
-  const parsedThreadId = parseSlackThreadId(
-    toOptionalString(message.threadId)
-  );
-  if (!parsedThreadId || isDmChannel(parsedThreadId.channelId)) {
-    return void 0;
-  }
-  return parsedThreadId;
-}
-function getMessageTs(message) {
-  const directTs = toOptionalString(
-    message.ts
-  );
-  if (directTs) {
-    return directTs;
-  }
-  const raw = message.raw;
-  if (!raw || typeof raw !== "object") {
-    return void 0;
-  }
-  const rawRecord = raw;
-  return toOptionalString(rawRecord.ts) ?? toOptionalString(rawRecord.event_ts) ?? toOptionalString(rawRecord.message?.ts);
-}
-
-// src/chat/runtime/processing-reaction.ts
-var PROCESSING_REACTION_EMOJI = "eyes";
-var noProcessingReaction = {
-  keep: () => void 0,
-  stop: async () => void 0
-};
-function isProcessingReactionEmoji(value) {
-  return typeof value === "string" && normalizeSlackEmojiName(value) === PROCESSING_REACTION_EMOJI;
-}
-function shouldKeepProcessingReactionForToolInvocation(input) {
-  return input.toolName === "slackMessageAddReaction" && isProcessingReactionEmoji(input.params.emoji);
-}
-async function startSlackProcessingReaction(args) {
-  if (args.message.author.isMe) {
-    return noProcessingReaction;
-  }
-  const channelId = getChannelId(args.thread, args.message);
-  const messageTs = getMessageTs(args.message);
-  if (!channelId || !messageTs) {
-    return noProcessingReaction;
-  }
-  try {
-    await addReactionToMessage({
-      channelId,
-      timestamp: messageTs,
-      emoji: PROCESSING_REACTION_EMOJI
-    });
-  } catch (error) {
-    args.logException(
-      error,
-      "slack_processing_reaction_add_failed",
-      args.logContext,
-      {
-        "app.slack.action": "reactions.add",
-        "messaging.message.id": messageTs,
-        ...getSlackErrorObservabilityAttributes(error)
-      },
-      "Failed to add Slack processing reaction"
-    );
-    return noProcessingReaction;
-  }
-  let shouldRemove = true;
-  return {
-    keep: () => {
-      shouldRemove = false;
-    },
-    stop: async () => {
-      if (!shouldRemove) {
-        return;
-      }
-      try {
-        await removeReactionFromMessage({
-          channelId,
-          timestamp: messageTs,
-          emoji: PROCESSING_REACTION_EMOJI
-        });
-      } catch (error) {
-        args.logException(
-          error,
-          "slack_processing_reaction_remove_failed",
-          args.logContext,
-          {
-            "app.slack.action": "reactions.remove",
-            "messaging.message.id": messageTs,
-            ...getSlackErrorObservabilityAttributes(error)
-          },
-          "Failed to remove Slack processing reaction"
-        );
-      }
-    }
-  };
-}
-
 // src/chat/runtime/slack-runtime.ts
 var THREAD_OPTOUT_ACK = "Understood. I'll stay out of this thread unless someone @mentions me again.";
 async function maybeHandleThreadOptOutDecision(args) {
@@ -16988,8 +17220,14 @@ function createJuniorRuntimeServices(overrides = {}) {
 }
 
 // src/chat/slack/message.ts
+function isSlackMessageTs(value) {
+  return /^\d+(?:\.\d+)?$/.test(value.trim());
+}
 function getSlackMessageTs(message) {
-  if (message.id.endsWith(":message_changed_mention") && message.raw && typeof message.raw === "object") {
+  if (isSlackMessageTs(message.id)) {
+    return message.id;
+  }
+  if (message.raw && typeof message.raw === "object") {
     const ts = message.raw.ts;
     if (typeof ts === "string" && ts.length > 0) {
       return ts;
@@ -17152,6 +17390,26 @@ function createReplyToThread(deps) {
             throw error;
           }
         };
+        const postAuthPauseNotice = async () => {
+          try {
+            await beforeFirstResponsePost();
+            await thread.post(
+              buildSlackOutputMessage(buildAuthPauseResponse())
+            );
+          } catch (error) {
+            logException(
+              error,
+              "slack_auth_pause_notice_post_failed",
+              turnTraceContext,
+              {
+                "app.slack.reply_stage": "thread_reply_auth_pause_notice",
+                ...messageTs ? { "messaging.message.id": messageTs } : {},
+                ...getSlackErrorObservabilityAttributes(error)
+              },
+              "Failed to post auth pause notice"
+            );
+          }
+        };
         const activeTurnId = preparedState.conversation.processing.activeTurnId;
         if (conversationId && activeTurnId) {
           const resumeRequest = await deps.services.getAwaitingTurnContinuationRequest({
@@ -17466,6 +17724,7 @@ function createReplyToThread(deps) {
           }
         } catch (error) {
           if (isRetryableTurnError(error, "mcp_auth_resume") || isRetryableTurnError(error, "plugin_auth_resume")) {
+            await postAuthPauseNotice();
             completeAuthPauseTurn({
               conversation: preparedState.conversation,
               sessionId: error.metadata?.sessionId ?? turnId
@@ -18692,6 +18951,12 @@ async function createApp(options) {
     logException(err, "unhandled_route_error");
     return c.text("Internal Server Error", 500);
   });
+  app.use("*", async (c, next) => {
+    if (isSandboxEgressRequest(c.req.raw)) {
+      return await ALL(c.req.raw);
+    }
+    await next();
+  });
   app.get("/", () => GET3());
   app.get("/health", () => GET2());
   app.get("/api/info", () => GET());
@@ -18704,12 +18969,6 @@ async function createApp(options) {
   app.post("/api/internal/turn-resume", (c) => {
     return POST(c.req.raw, waitUntil);
   });
-  app.all("/api/internal/sandbox-egress/:egressId", (c) => {
-    return ALL(c.req.raw, c.req.param("egressId"));
-  });
-  app.all("/api/internal/sandbox-egress/:egressId/*", (c) => {
-    return ALL(c.req.raw, c.req.param("egressId"));
-  });
   app.post("/api/webhooks/:platform", (c) => {
     return POST2(c.req.raw, c.req.param("platform"), waitUntil);
   });

package/dist/{chunk-QAMTCT2R.js → chunk-ELM6HJ6S.js}

@@ -494,7 +494,7 @@ var NON_INTERACTIVE_ENV = {
   GCM_INTERACTIVE: "never",
   DEBIAN_FRONTEND: "noninteractive",
   // Git credential isolation: prevent git from sending its own auth so the
-  // sandbox network proxy's header transforms are the sole credential source.
+  // sandbox egress proxy's header transforms are the sole credential source.
   GIT_ASKPASS: "/bin/true",
   GIT_CONFIG_NOSYSTEM: "1",
   GIT_CONFIG_COUNT: "2",

package/dist/cli/snapshot-warmup.js

@@ -1,7 +1,7 @@
 import {
   disconnectStateAdapter,
   resolveRuntimeDependencySnapshot
-} from "../chunk-QAMTCT2R.js";
+} from "../chunk-ELM6HJ6S.js";
 import {
   getPluginProviders,
   getPluginRuntimeDependencies,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sentry/junior",
-  "version": "0.45.0",
+  "version": "0.46.0",
   "private": false,
   "publishConfig": {
     "access": "public"