npm - @sentry/junior - Versions diffs - 0.66.3 → 0.67.0 - Mend

@sentry/junior 0.66.3 → 0.67.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/app.js +97 -630
package/dist/chat/config.d.ts +1 -0
package/dist/chat/ingress/slash-command.d.ts +1 -1
package/dist/chat/plugins/agent-hooks.d.ts +3 -1
package/dist/chat/respond.d.ts +2 -0
package/dist/chat/services/turn-session-record.d.ts +6 -1
package/dist/chat/state/turn-session.d.ts +4 -0
package/dist/{chunk-DG2I6GXC.js → chunk-HFMZE67J.js} +1801 -1014
package/dist/{chunk-JA5QR3N4.js → chunk-KWEE2436.js} +1 -1
package/dist/{chunk-SAYCFF7O.js → chunk-NWU2Z6SM.js} +12 -1
package/dist/cli/init.js +1 -0
package/dist/cli/snapshot-warmup.js +2 -2
package/dist/reporting.d.ts +45 -2
package/dist/reporting.js +301 -11
package/package.json +3 -3

package/dist/app.js CHANGED Viewed

@@ -4,14 +4,22 @@ import {
   SlackActionError,
   TURN_CONTEXT_TAG,
   abandonAgentTurnSessionRecord,
+  bindSlackDirectCredentialSubject,
   buildSentryConversationUrl,
   buildSlackOutputMessage,
   buildSystemPrompt,
   buildTurnContextPrompt,
   commitMessages,
+  createAgentPluginHookRunner,
+  createAgentPluginLogger,
+  createPluginState,
   downloadPrivateSlackFile,
   escapeXml,
   failAgentTurnSessionRecord,
+  getAgentPluginRoutes,
+  getAgentPluginSlackConversationLink,
+  getAgentPluginTools,
+  getAgentPlugins,
   getAgentTurnSessionRecord,
   getFilePermalink,
   getHeaderString,
@@ -32,11 +40,14 @@ import {
   recordMcpProviderConnected,
   resolveSlackChannelTypeFromMessage,
   resolveSlackConversationContext,
+  setAgentPlugins,
   splitSlackReplyText,
   truncateStatusText,
   upsertAgentTurnSessionRecord,
+  validateAgentPlugins,
+  verifySlackDirectCredentialSubject,
   withSlackRetries
-} from "./chunk-DG2I6GXC.js";
+} from "./chunk-HFMZE67J.js";
 import {
   discoverSkills,
   findSkillByName,
@@ -51,7 +62,7 @@ import {
   isSnapshotMissingError,
   resolveRuntimeDependencySnapshot,
   runNonInteractiveCommand
-} from "./chunk-JA5QR3N4.js";
+} from "./chunk-KWEE2436.js";
 import {
   ACTIVE_LOCK_TTL_MS,
   FUNCTION_TIMEOUT_BUFFER_SECONDS,
@@ -86,7 +97,7 @@ import {
   toGenAiPayloadMetadata,
   toGenAiPayloadTraceAttributes,
   toGenAiTextMetadata
-} from "./chunk-SAYCFF7O.js";
+} from "./chunk-NWU2Z6SM.js";
 import {
   CredentialUnavailableError,
   buildOAuthTokenRequest,
@@ -178,588 +189,6 @@ function getConfigDefaults() {
   return cloneDefaults(installDefaults);
 }
-// src/chat/plugins/logging.ts
-function createAgentPluginLogger(plugin) {
-  return {
-    info(message, metadata) {
-      logInfo(
-        "agent_plugin_log_info",
-        {},
-        { "app.plugin.name": plugin, ...metadata },
-        message
-      );
-    },
-    warn(message, metadata) {
-      logWarn(
-        "agent_plugin_log_warn",
-        {},
-        { "app.plugin.name": plugin, ...metadata },
-        message
-      );
-    },
-    error(message, metadata) {
-      logException(
-        new Error(message),
-        "agent_plugin_log_error",
-        {},
-        { "app.plugin.name": plugin, ...metadata },
-        message
-      );
-    }
-  };
-}
-// src/chat/plugins/state.ts
-import { createHash } from "crypto";
-var MAX_PLUGIN_STATE_KEY_LENGTH = 512;
-function hashKeyPart(value) {
-  return createHash("sha256").update(value).digest("hex").slice(0, 32);
-}
-function pluginStateKey(plugin, key) {
-  return `junior:plugin_state:${hashKeyPart(plugin)}:${hashKeyPart(key)}`;
-}
-function validatePluginStateKey(key) {
-  if (!key.trim()) {
-    throw new Error("Plugin state key is required");
-  }
-  if (key.length > MAX_PLUGIN_STATE_KEY_LENGTH) {
-    throw new Error("Plugin state key exceeds the maximum length");
-  }
-}
-function legacyStateKey(key, options) {
-  for (const prefix of options?.legacyStatePrefixes ?? []) {
-    const trimmed = prefix.trim();
-    if (!trimmed) {
-      continue;
-    }
-    if (key === trimmed || key.startsWith(`${trimmed}:`)) {
-      return key;
-    }
-  }
-  return void 0;
-}
-function createPluginState(plugin, options) {
-  return {
-    async delete(key) {
-      validatePluginStateKey(key);
-      const state = getStateAdapter();
-      await state.connect();
-      await state.delete(pluginStateKey(plugin, key));
-      const legacyKey = legacyStateKey(key, options);
-      if (legacyKey) {
-        await state.delete(legacyKey);
-      }
-    },
-    async get(key) {
-      validatePluginStateKey(key);
-      const state = getStateAdapter();
-      await state.connect();
-      const value = await state.get(pluginStateKey(plugin, key));
-      if (value !== null && value !== void 0) {
-        return value;
-      }
-      const legacyKey = legacyStateKey(key, options);
-      return legacyKey ? await state.get(legacyKey) ?? void 0 : void 0;
-    },
-    async set(key, value, ttlMs) {
-      validatePluginStateKey(key);
-      const state = getStateAdapter();
-      await state.connect();
-      await state.set(pluginStateKey(plugin, key), value, ttlMs);
-    },
-    async setIfNotExists(key, value, ttlMs) {
-      validatePluginStateKey(key);
-      const state = getStateAdapter();
-      await state.connect();
-      const legacyKey = legacyStateKey(key, options);
-      if (legacyKey) {
-        const existing = await state.get(legacyKey);
-        if (existing !== null && existing !== void 0) {
-          return false;
-        }
-      }
-      return await state.setIfNotExists(
-        pluginStateKey(plugin, key),
-        value,
-        ttlMs
-      );
-    },
-    async withLock(key, ttlMs, callback) {
-      validatePluginStateKey(key);
-      const state = getStateAdapter();
-      await state.connect();
-      const lockKey = legacyStateKey(key, options) ?? pluginStateKey(plugin, key);
-      const lock = await state.acquireLock(lockKey, ttlMs);
-      if (!lock) {
-        throw new Error(`Could not acquire plugin state lock for ${key}`);
-      }
-      try {
-        return await callback();
-      } finally {
-        await state.releaseLock(lock);
-      }
-    }
-  };
-}
-// src/chat/credentials/subject.ts
-import { createHmac, timingSafeEqual } from "crypto";
-var CREDENTIAL_SUBJECT_HMAC_CONTEXT = "junior.credential_subject.v1";
-var CREDENTIAL_SUBJECT_SIGNATURE_VERSION = "v1";
-function getCredentialSubjectSecret() {
-  return process.env.JUNIOR_SECRET?.trim() || void 0;
-}
-function buildPayload(input) {
-  return [
-    CREDENTIAL_SUBJECT_HMAC_CONTEXT,
-    input.allowedWhen,
-    input.teamId,
-    input.channelId,
-    input.userId
-  ].join("\0");
-}
-function signPayload(secret, payload) {
-  const digest = createHmac("sha256", secret).update(payload).digest("hex");
-  return `${CREDENTIAL_SUBJECT_SIGNATURE_VERSION}=${digest}`;
-}
-function timingSafeMatch(expected, actual) {
-  const expectedBuffer = Buffer.from(expected);
-  const actualBuffer = Buffer.from(actual);
-  if (expectedBuffer.length !== actualBuffer.length) {
-    return false;
-  }
-  return timingSafeEqual(expectedBuffer, actualBuffer);
-}
-function createSlackDirectCredentialSubject(input) {
-  const channelId = normalizeSlackConversationId(input.channelId);
-  const teamId = input.teamId?.trim();
-  const userId = input.userId?.trim();
-  if (!channelId || !teamId || !userId || !isDmChannel(channelId)) {
-    return void 0;
-  }
-  return {
-    type: "user",
-    userId,
-    allowedWhen: "private-direct-conversation"
-  };
-}
-function bindSlackDirectCredentialSubject(input) {
-  const channelId = normalizeSlackConversationId(input.channelId);
-  const teamId = input.teamId.trim();
-  const secret = getCredentialSubjectSecret();
-  const { subject } = input;
-  const userId = subject.userId.trim();
-  if (!channelId || !teamId || !secret || !isDmChannel(channelId) || subject.type !== "user" || !userId || subject.allowedWhen !== "private-direct-conversation") {
-    return void 0;
-  }
-  return {
-    type: "user",
-    userId,
-    allowedWhen: subject.allowedWhen,
-    binding: {
-      type: "slack-direct-conversation",
-      teamId,
-      channelId,
-      signature: signPayload(
-        secret,
-        buildPayload({
-          allowedWhen: subject.allowedWhen,
-          teamId,
-          channelId,
-          userId
-        })
-      )
-    }
-  };
-}
-function verifySlackDirectCredentialSubject(input) {
-  const channelId = normalizeSlackConversationId(input.channelId);
-  const secret = getCredentialSubjectSecret();
-  if (!channelId || !secret) {
-    return false;
-  }
-  const { subject } = input;
-  const binding = subject.binding;
-  if (subject.type !== "user" || typeof subject.userId !== "string" || !subject.userId || subject.allowedWhen !== "private-direct-conversation" || !binding || binding.type !== "slack-direct-conversation" || typeof binding.signature !== "string" || !binding.signature || binding.teamId !== input.teamId || binding.channelId !== channelId) {
-    return false;
-  }
-  const expected = signPayload(
-    secret,
-    buildPayload({
-      allowedWhen: subject.allowedWhen,
-      teamId: binding.teamId,
-      channelId: binding.channelId,
-      userId: subject.userId
-    })
-  );
-  return timingSafeMatch(expected, binding.signature);
-}
-// src/chat/plugins/agent-hooks.ts
-var AgentPluginHookDeniedError = class extends Error {
-  constructor(message) {
-    super(message);
-    this.name = "AgentPluginHookDeniedError";
-  }
-};
-var agentPlugins = [];
-var AGENT_PLUGIN_NAME_RE = /^[a-z][a-z0-9-]*$/;
-var AGENT_PLUGIN_TOOL_NAME_RE = /^[a-z][A-Za-z0-9]*$/;
-var AGENT_PLUGIN_ROUTE_METHODS = /* @__PURE__ */ new Set([
-  "GET",
-  "POST",
-  "PUT",
-  "PATCH",
-  "DELETE",
-  "HEAD",
-  "OPTIONS",
-  "ALL"
-]);
-function validateLegacyStatePrefixes(plugin) {
-  const prefixes = plugin.legacyStatePrefixes;
-  if (prefixes === void 0) {
-    return;
-  }
-  if (!Array.isArray(prefixes)) {
-    throw new Error(
-      `Trusted plugin "${plugin.name}" legacyStatePrefixes must be an array`
-    );
-  }
-  const allowedPrefix = `junior:${plugin.name}`;
-  for (const rawPrefix of prefixes) {
-    const prefix = typeof rawPrefix === "string" ? rawPrefix.trim() : "";
-    if (!prefix) {
-      throw new Error(
-        `Trusted plugin "${plugin.name}" legacy state prefixes must be non-empty strings`
-      );
-    }
-    if (prefix !== allowedPrefix && !prefix.startsWith(`${allowedPrefix}:`)) {
-      throw new Error(
-        `Trusted plugin "${plugin.name}" legacy state prefix "${prefix}" must stay under "${allowedPrefix}"`
-      );
-    }
-  }
-}
-function validateAgentPlugins(plugins) {
-  const seen = /* @__PURE__ */ new Set();
-  for (const plugin of plugins) {
-    if (!AGENT_PLUGIN_NAME_RE.test(plugin.name)) {
-      throw new Error(
-        `Trusted plugin name "${plugin.name}" must be a lowercase plugin identifier`
-      );
-    }
-    if (seen.has(plugin.name)) {
-      throw new Error(`Duplicate trusted plugin name "${plugin.name}"`);
-    }
-    seen.add(plugin.name);
-    validateLegacyStatePrefixes(plugin);
-  }
-}
-function setAgentPlugins(plugins) {
-  validateAgentPlugins(plugins);
-  const previous = agentPlugins;
-  agentPlugins = [...plugins].sort(
-    (left, right) => left.name.localeCompare(right.name)
-  );
-  return previous;
-}
-function getAgentPlugins() {
-  return [...agentPlugins];
-}
-function getAgentPluginTools(context) {
-  const tools = {};
-  for (const plugin of getAgentPlugins()) {
-    const hook = plugin.hooks?.tools;
-    if (!hook) {
-      continue;
-    }
-    const log = createAgentPluginLogger(plugin.name);
-    const credentialSubject = createSlackDirectCredentialSubject({
-      channelId: context.channelId,
-      teamId: context.teamId,
-      userId: context.requester?.userId
-    });
-    const pluginTools = hook({
-      plugin: { name: plugin.name },
-      log,
-      requester: context.requester,
-      channelCapabilities: context.channelCapabilities,
-      channelId: context.channelId,
-      ...credentialSubject ? { credentialSubject } : {},
-      teamId: context.teamId,
-      messageTs: context.messageTs,
-      threadTs: context.threadTs,
-      userText: context.userText,
-      state: createPluginState(plugin.name, {
-        legacyStatePrefixes: plugin.legacyStatePrefixes
-      })
-    });
-    for (const [name, tool2] of Object.entries(pluginTools)) {
-      if (!AGENT_PLUGIN_TOOL_NAME_RE.test(name)) {
-        throw new Error(
-          `Trusted plugin tool "${name}" from plugin "${plugin.name}" must be a camelCase identifier`
-        );
-      }
-      if (tools[name]) {
-        throw new Error(
-          `Duplicate trusted plugin tool "${name}" from plugin "${plugin.name}"`
-        );
-      }
-      tools[name] = tool2;
-    }
-  }
-  return tools;
-}
-function routeMethods(route, pluginName) {
-  const methods = Array.isArray(route.method) ? route.method : [route.method ?? "ALL"];
-  if (methods.length === 0) {
-    throw new Error(
-      `Trusted plugin route "${route.path}" from plugin "${pluginName}" must declare at least one method`
-    );
-  }
-  for (const method of methods) {
-    if (!AGENT_PLUGIN_ROUTE_METHODS.has(method)) {
-      throw new Error(
-        `Trusted plugin route "${route.path}" from plugin "${pluginName}" has invalid method "${String(method)}"`
-      );
-    }
-  }
-  if (methods.includes("ALL") && methods.length > 1) {
-    throw new Error(
-      `Trusted plugin route "${route.path}" from plugin "${pluginName}" must not combine ALL with explicit methods`
-    );
-  }
-  return methods;
-}
-function getAgentPluginRoutes() {
-  const routes = [];
-  const seen = /* @__PURE__ */ new Set();
-  const methodsByPath = /* @__PURE__ */ new Map();
-  for (const plugin of getAgentPlugins()) {
-    const hook = plugin.hooks?.routes;
-    if (!hook) {
-      continue;
-    }
-    const log = createAgentPluginLogger(plugin.name);
-    const pluginRoutes = hook({
-      plugin: { name: plugin.name },
-      log
-    });
-    if (!Array.isArray(pluginRoutes)) {
-      throw new Error(
-        `Trusted plugin routes hook from plugin "${plugin.name}" must return an array`
-      );
-    }
-    for (const route of pluginRoutes) {
-      if (!isRecord2(route)) {
-        throw new Error(
-          `Trusted plugin route from plugin "${plugin.name}" must be an object`
-        );
-      }
-      if (typeof route.path !== "string" || !route.path.startsWith("/")) {
-        throw new Error(
-          `Trusted plugin route "${route.path}" from plugin "${plugin.name}" must start with /`
-        );
-      }
-      if (typeof route.handler !== "function") {
-        throw new Error(
-          `Trusted plugin route "${route.path}" from plugin "${plugin.name}" must provide a handler`
-        );
-      }
-      const methods = routeMethods(route, plugin.name);
-      const pathMethods = methodsByPath.get(route.path) ?? /* @__PURE__ */ new Set();
-      if (pathMethods.has("ALL") || methods.includes("ALL") && pathMethods.size > 0) {
-        throw new Error(
-          `Trusted plugin route "${route.path}" conflicts with an ALL route for the same path`
-        );
-      }
-      for (const method of methods) {
-        const key = `${method}:${route.path}`;
-        if (seen.has(key)) {
-          throw new Error(
-            `Duplicate trusted plugin route "${method} ${route.path}"`
-          );
-        }
-        seen.add(key);
-        pathMethods.add(method);
-      }
-      methodsByPath.set(route.path, pathMethods);
-      routes.push({
-        ...route,
-        pluginName: plugin.name
-      });
-    }
-  }
-  return routes;
-}
-function trustedSlackConversationUrl(pluginName, link) {
-  const url = typeof link?.url === "string" ? link.url.trim() : "";
-  if (!url) {
-    return void 0;
-  }
-  let parsed;
-  try {
-    parsed = new URL(url);
-  } catch (error) {
-    throw new Error(
-      `Trusted plugin "${pluginName}" slackConversationLink must return an absolute http(s) URL`,
-      { cause: error }
-    );
-  }
-  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
-    throw new Error(
-      `Trusted plugin "${pluginName}" slackConversationLink must return an absolute http(s) URL`
-    );
-  }
-  return parsed.toString();
-}
-function getAgentPluginSlackConversationLink(conversationId) {
-  for (const plugin of getAgentPlugins()) {
-    const hook = plugin.hooks?.slackConversationLink;
-    if (!hook) {
-      continue;
-    }
-    const log = createAgentPluginLogger(plugin.name);
-    const link = hook({
-      plugin: { name: plugin.name },
-      log,
-      conversationId
-    });
-    const url = trustedSlackConversationUrl(plugin.name, link);
-    if (url) {
-      return { url };
-    }
-  }
-  return void 0;
-}
-function isRecord2(value) {
-  return Boolean(value && typeof value === "object" && !Array.isArray(value));
-}
-function normalizeEnv(value) {
-  if (!isRecord2(value)) {
-    return {};
-  }
-  const env = {};
-  for (const [key, rawValue] of Object.entries(value)) {
-    if (typeof rawValue === "string") {
-      env[key] = rawValue;
-    }
-  }
-  return env;
-}
-function createSandboxCapability(sandbox) {
-  return {
-    root: SANDBOX_WORKSPACE_ROOT,
-    juniorRoot: `${SANDBOX_WORKSPACE_ROOT}/.junior`,
-    async readFile(filePath) {
-      return await sandbox.readFileToBuffer({ path: filePath }) ?? null;
-    },
-    async run(input) {
-      const result = await sandbox.runCommand(input);
-      const [stdout, stderr] = await Promise.all([
-        result.stdout(),
-        result.stderr()
-      ]);
-      return {
-        exitCode: result.exitCode,
-        stdout,
-        stderr
-      };
-    },
-    async writeFile(input) {
-      await sandbox.writeFiles([
-        {
-          path: input.path,
-          content: input.content,
-          ...input.mode !== void 0 ? { mode: input.mode } : {}
-        }
-      ]);
-    }
-  };
-}
-function createAgentPluginHookRunner(input = {}) {
-  const loaded = getAgentPlugins();
-  return {
-    async prepareSandbox(sandbox) {
-      const sandboxCapability = createSandboxCapability(sandbox);
-      for (const plugin of loaded) {
-        const hook = plugin.hooks?.sandboxPrepare;
-        if (!hook) {
-          continue;
-        }
-        logInfo(
-          "agent_plugin_hook_sandbox_prepare",
-          {},
-          { "app.plugin.name": plugin.name },
-          "Running agent plugin sandbox prepare hook"
-        );
-        await hook({
-          plugin: { name: plugin.name },
-          log: createAgentPluginLogger(plugin.name),
-          requester: input.requester,
-          sandbox: sandboxCapability
-        });
-      }
-    },
-    async beforeToolExecute(tool2) {
-      let nextInput = { ...tool2.input };
-      const env = normalizeEnv(nextInput.env);
-      for (const plugin of loaded) {
-        const hook = plugin.hooks?.beforeToolExecute;
-        if (!hook) {
-          continue;
-        }
-        let replacement;
-        let denied;
-        await hook({
-          plugin: { name: plugin.name },
-          log: createAgentPluginLogger(plugin.name),
-          requester: input.requester,
-          tool: {
-            name: tool2.name,
-            input: nextInput
-          },
-          env: {
-            get(key) {
-              return env[key];
-            },
-            set(key, value) {
-              env[key] = value;
-            }
-          },
-          decision: {
-            deny(message) {
-              denied = message;
-            },
-            replaceInput(input2) {
-              replacement = input2;
-            }
-          }
-        });
-        if (denied) {
-          throw new AgentPluginHookDeniedError(denied);
-        }
-        if (replacement !== void 0) {
-          if (!isRecord2(replacement)) {
-            throw new Error(
-              `Plugin "${plugin.name}" replaced tool input with a non-object value`
-            );
-          }
-          nextInput = { ...replacement };
-          Object.assign(env, normalizeEnv(nextInput.env));
-        }
-      }
-      return {
-        input: {
-          ...nextInput,
-          ...Object.keys(env).length > 0 ? { env } : {}
-        },
-        env
-      };
-    }
-  };
-}
 // src/chat/respond.ts
 import { Agent as Agent2 } from "@earendil-works/pi-agent-core";
 import { THREAD_STATE_TTL_MS as THREAD_STATE_TTL_MS3 } from "chat";
@@ -1915,7 +1344,7 @@ function parseMcpProviderFromToolName(toolName) {
 // src/chat/pi/derived-state.ts
 var MCP_BRIDGE_TOOLS = /* @__PURE__ */ new Set(["callMcpTool", "searchMcpTools"]);
-function isRecord3(value) {
+function isRecord2(value) {
   return Boolean(value && typeof value === "object" && !Array.isArray(value));
 }
 function providerFromToolName(value) {
@@ -1937,7 +1366,7 @@ function addBridgeToolProvider(toolName, value, providers) {
   if (bridgeTool === "searchMcpTools") {
     for (const argsKey of ["input", "args", "arguments", "params"]) {
       const args = value[argsKey];
-      if (isRecord3(args)) {
+      if (isRecord2(args)) {
         addString(providers, args.provider);
       }
     }
@@ -1946,7 +1375,7 @@ function addBridgeToolProvider(toolName, value, providers) {
   if (bridgeTool === "callMcpTool") {
     for (const argsKey of ["input", "args", "arguments", "params"]) {
       const args = value[argsKey];
-      if (isRecord3(args)) {
+      if (isRecord2(args)) {
         addString(providers, providerFromToolName(args.tool_name));
       }
     }
@@ -1959,18 +1388,18 @@ function addMcpResultProvider(message, providers) {
     return;
   }
   if (toolName === "loadSkill") {
-    if (isRecord3(message.details)) {
+    if (isRecord2(message.details)) {
       addString(providers, message.details.mcp_provider);
     }
     addString(providers, message.mcp_provider);
     return;
   }
   if (toolName === "searchMcpTools") {
-    if (isRecord3(message.details)) {
+    if (isRecord2(message.details)) {
       addString(providers, message.details.provider);
       if (Array.isArray(message.details.tools)) {
         for (const tool2 of message.details.tools) {
-          if (isRecord3(tool2)) {
+          if (isRecord2(tool2)) {
             addString(providers, providerFromToolName(tool2.tool_name));
           }
         }
@@ -1982,11 +1411,11 @@ function addMcpResultProvider(message, providers) {
   if (toolName === "callMcpTool") {
     for (const argsKey of ["input", "args", "arguments", "params"]) {
       const args = message[argsKey];
-      if (isRecord3(args)) {
+      if (isRecord2(args)) {
         addString(providers, providerFromToolName(args.tool_name));
       }
     }
-    if (isRecord3(message.details)) {
+    if (isRecord2(message.details)) {
       addString(providers, message.details.provider);
       addString(providers, providerFromToolName(message.details.tool_name));
     }
@@ -1994,7 +1423,7 @@ function addMcpResultProvider(message, providers) {
   }
 }
 function scanMcpProviders(message, providers) {
-  if (!isRecord3(message)) {
+  if (!isRecord2(message)) {
     return;
   }
   if (message.role === "toolResult") {
@@ -2006,15 +1435,15 @@ function scanMcpProviders(message, providers) {
     return;
   }
   for (const part of content) {
-    if (!isRecord3(part)) {
+    if (!isRecord2(part)) {
       continue;
     }
     addBridgeToolProvider(getToolName(part), part, providers);
   }
 }
 function scanLoadedSkills(message, skills) {
-  if (isRecord3(message) && message.role === "toolResult" && message.toolName === "loadSkill" && message.isError !== true) {
-    if (isRecord3(message.details)) {
+  if (isRecord2(message) && message.role === "toolResult" && message.toolName === "loadSkill" && message.isError !== true) {
+    if (isRecord2(message.details)) {
       addString(skills, message.details.skill_name);
     }
     addString(skills, message.skill_name);
@@ -7308,7 +6737,7 @@ async function startOAuthFlow(provider, input) {
 }
 // src/chat/sandbox/egress-session.ts
-import { createHmac as createHmac2, randomUUID, timingSafeEqual as timingSafeEqual2 } from "crypto";
+import { createHmac, randomUUID, timingSafeEqual } from "crypto";
 var SANDBOX_EGRESS_PROXY_PATH = "/api/internal/sandbox-egress";
 var SANDBOX_EGRESS_TOKEN_VERSION = "v1";
 var SANDBOX_EGRESS_HMAC_CONTEXT = "junior.sandbox_egress.v1";
@@ -7332,16 +6761,16 @@ function base64Url(input) {
 function fromBase64Url(input) {
   return Buffer.from(input, "base64url").toString("utf8");
 }
-function signPayload2(payload) {
-  return createHmac2("sha256", getSandboxEgressSecret()).update(`${SANDBOX_EGRESS_HMAC_CONTEXT}:${payload}`).digest("base64url");
+function signPayload(payload) {
+  return createHmac("sha256", getSandboxEgressSecret()).update(`${SANDBOX_EGRESS_HMAC_CONTEXT}:${payload}`).digest("base64url");
 }
-function timingSafeMatch2(expected, actual) {
+function timingSafeMatch(expected, actual) {
   const expectedBuffer = Buffer.from(expected);
   const actualBuffer = Buffer.from(actual);
   if (expectedBuffer.length !== actualBuffer.length) {
     return false;
   }
-  return timingSafeEqual2(expectedBuffer, actualBuffer);
+  return timingSafeEqual(expectedBuffer, actualBuffer);
 }
 function parseSandboxEgressContext(value) {
   if (!value || typeof value !== "object") {
@@ -7400,7 +6829,7 @@ function createSandboxEgressCredentialToken(input) {
   const payload = `${SANDBOX_EGRESS_TOKEN_VERSION}.${base64Url(
     JSON.stringify(context)
   )}`;
-  return `${payload}.${signPayload2(payload)}`;
+  return `${payload}.${signPayload(payload)}`;
 }
 function parseSandboxEgressCredentialToken(token) {
   if (!token) {
@@ -7416,7 +6845,7 @@ function parseSandboxEgressCredentialToken(token) {
     return void 0;
   }
   const payload = `${parts[0]}.${encodedSession}`;
-  if (!timingSafeMatch2(signPayload2(payload), signature)) {
+  if (!timingSafeMatch(signPayload(payload), signature)) {
     return void 0;
   }
   try {
@@ -11125,6 +10554,7 @@ async function persistRunningSessionRecord(args) {
       sliceId: args.sliceId,
       state: "running",
       piMessages: args.messages,
+      ...args.surface ?? latestSessionRecord?.surface ? { surface: args.surface ?? latestSessionRecord?.surface } : {},
       ...args.loadedSkillNames ? { loadedSkillNames: args.loadedSkillNames } : {},
       ...args.requester ?? latestSessionRecord?.requester ? { requester: args.requester ?? latestSessionRecord?.requester } : {},
       ...getActiveTraceId() ?? latestSessionRecord?.traceId ? { traceId: getActiveTraceId() ?? latestSessionRecord?.traceId } : {}
@@ -11164,6 +10594,7 @@ async function persistCompletedSessionRecord(args) {
       sliceId: args.sliceId,
       state: "completed",
       piMessages: args.allMessages,
+      ...args.surface ?? latestSessionRecord?.surface ? { surface: args.surface ?? latestSessionRecord?.surface } : {},
       ...args.loadedSkillNames ? { loadedSkillNames: args.loadedSkillNames } : {},
       ...args.requester ?? latestSessionRecord?.requester ? { requester: args.requester ?? latestSessionRecord?.requester } : {},
       ...getActiveTraceId() ?? latestSessionRecord?.traceId ? { traceId: getActiveTraceId() ?? latestSessionRecord?.traceId } : {}
@@ -11209,6 +10640,7 @@ async function persistAuthPauseSessionRecord(args) {
       sliceId: nextSliceId,
       state: "awaiting_resume",
       piMessages,
+      ...args.surface ?? latestSessionRecord?.surface ? { surface: args.surface ?? latestSessionRecord?.surface } : {},
       ...args.loadedSkillNames ? { loadedSkillNames: args.loadedSkillNames } : {},
       resumeReason: "auth",
       resumedFromSliceId: args.currentSliceId,
@@ -11264,6 +10696,7 @@ async function persistTimeoutSessionRecord(args) {
         sliceId: args.currentSliceId,
         state: "failed",
         piMessages,
+        ...args.surface ?? latestSessionRecord?.surface ? { surface: args.surface ?? latestSessionRecord?.surface } : {},
         ...args.loadedSkillNames ? { loadedSkillNames: args.loadedSkillNames } : {},
         resumeReason: "timeout",
         resumedFromSliceId: latestSessionRecord?.resumedFromSliceId,
@@ -11281,6 +10714,7 @@ async function persistTimeoutSessionRecord(args) {
       sliceId: nextSliceId,
       state: "awaiting_resume",
       piMessages,
+      ...args.surface ?? latestSessionRecord?.surface ? { surface: args.surface ?? latestSessionRecord?.surface } : {},
       ...args.loadedSkillNames ? { loadedSkillNames: args.loadedSkillNames } : {},
       resumeReason: "timeout",
       resumedFromSliceId: args.currentSliceId,
@@ -11330,6 +10764,7 @@ async function persistYieldSessionRecord(args) {
       sliceId: args.currentSliceId,
       state: "awaiting_resume",
       piMessages,
+      ...args.surface ?? latestSessionRecord?.surface ? { surface: args.surface ?? latestSessionRecord?.surface } : {},
       ...args.loadedSkillNames ? { loadedSkillNames: args.loadedSkillNames } : {},
       resumeReason: "yield",
       resumedFromSliceId: latestSessionRecord?.resumedFromSliceId,
@@ -11797,6 +11232,23 @@ function requesterFromContext(requester, requesterId) {
   };
   return Object.keys(identity).length > 0 ? identity : void 0;
 }
+function surfaceFromContext(context) {
+  if (context.surface) {
+    return context.surface;
+  }
+  const conversationId = context.correlation?.conversationId ?? context.correlation?.threadId ?? context.correlation?.runId;
+  if (context.slackConversation || (conversationId ? parseSlackThreadId(conversationId) : void 0)) {
+    return "slack";
+  }
+  const actor = context.credentialContext?.actor;
+  if (actor?.type === "system" && actor.id === "scheduler") {
+    return "scheduler";
+  }
+  if (conversationId) {
+    return "api";
+  }
+  return void 0;
+}
 function supportsRouterTextPreview(mediaType) {
   const baseMediaType = mediaType.split(";", 1)[0]?.trim().toLowerCase();
   if (!baseMediaType) {
@@ -11912,6 +11364,7 @@ async function generateAssistantReply(messageText2, context = {}) {
     context.requester,
     context.correlation?.requesterId
   );
+  const surface = surfaceFromContext(context);
   const credentialActor = context.credentialContext?.actor;
   const credentialActorLogContext = credentialActor ? {
     actorType: credentialActor.type,
@@ -12437,7 +11890,8 @@ async function generateAssistantReply(messageText2, context = {}) {
         messages,
         loadedSkillNames: loadedSkillNamesForResume,
         logContext: sessionRecordLogContext,
-        requester
+        requester,
+        ...surface ? { surface } : {}
       });
       if (!persisted) {
         return false;
@@ -12750,7 +12204,8 @@ async function generateAssistantReply(messageText2, context = {}) {
         allMessages: agent.state.messages,
         loadedSkillNames: loadedSkillNamesForResume,
         logContext: sessionRecordLogContext,
-        requester
+        requester,
+        ...surface ? { surface } : {}
       });
     }
     return buildTurnResult({
@@ -12785,7 +12240,8 @@ async function generateAssistantReply(messageText2, context = {}) {
         errorMessage: error.message,
         loadedSkillNames: loadedSkillNamesForResume,
         logContext: sessionRecordLogContext,
-        requester
+        requester,
+        ...surface ? { surface } : {}
       });
       if (!sessionRecord) {
         throw new Error(
@@ -12808,7 +12264,8 @@ async function generateAssistantReply(messageText2, context = {}) {
         errorMessage: error instanceof Error ? error.message : String(error),
         loadedSkillNames: loadedSkillNamesForResume,
         logContext: sessionRecordLogContext,
-        requester
+        requester,
+        ...surface ? { surface } : {}
       });
       if (!sessionRecord) {
         throw new Error(
@@ -12850,7 +12307,8 @@ async function generateAssistantReply(messageText2, context = {}) {
         errorMessage: error.message,
         loadedSkillNames: loadedSkillNamesForResume,
         logContext: sessionRecordLogContext,
-        requester
+        requester,
+        ...surface ? { surface } : {}
       });
       if (sessionRecord) {
         throw new RetryableTurnError(
@@ -13630,7 +13088,7 @@ function finalizeFailedTurnReply(args) {
 }
 // src/chat/agent-dispatch/signing.ts
-import { createHmac as createHmac3, timingSafeEqual as timingSafeEqual3 } from "crypto";
+import { createHmac as createHmac2, timingSafeEqual as timingSafeEqual2 } from "crypto";
 var DISPATCH_CALLBACK_PATH = "/api/internal/agent-dispatch";
 var DISPATCH_HMAC_CONTEXT = "junior.agent_dispatch.v1";
 var DISPATCH_SIGNATURE_VERSION = "v1";
@@ -13645,16 +13103,16 @@ function buildSignedPayload(timestamp, body) {
   return `${DISPATCH_HMAC_CONTEXT}:${timestamp}:${body}`;
 }
 function signBody(secret, timestamp, body) {
-  const digest = createHmac3("sha256", secret).update(buildSignedPayload(timestamp, body)).digest("hex");
+  const digest = createHmac2("sha256", secret).update(buildSignedPayload(timestamp, body)).digest("hex");
   return `${DISPATCH_SIGNATURE_VERSION}=${digest}`;
 }
-function timingSafeMatch3(expected, actual) {
+function timingSafeMatch2(expected, actual) {
   const expectedBuffer = Buffer.from(expected);
   const actualBuffer = Buffer.from(actual);
   if (expectedBuffer.length !== actualBuffer.length) {
     return false;
   }
-  return timingSafeEqual3(expectedBuffer, actualBuffer);
+  return timingSafeEqual2(expectedBuffer, actualBuffer);
 }
 function parseDispatchCallback(value) {
   if (!value || typeof value !== "object") {
@@ -13713,7 +13171,7 @@ async function verifyDispatchCallbackRequest(request) {
   }
   const body = await request.text();
   const expectedSignature = signBody(secret, timestamp, body);
-  if (!timingSafeMatch3(expectedSignature, signature)) {
+  if (!timingSafeMatch2(expectedSignature, signature)) {
     return void 0;
   }
   try {
@@ -13724,7 +13182,7 @@ async function verifyDispatchCallbackRequest(request) {
 }
 // src/chat/agent-dispatch/store.ts
-import { createHash as createHash2 } from "crypto";
+import { createHash } from "crypto";
 var DISPATCH_PREFIX = "junior:agent_dispatch";
 var DISPATCH_LOCK_TTL_MS = 10 * 60 * 1e3;
 var DISPATCH_INDEX_LOCK_TTL_MS = 1e4;
@@ -13752,7 +13210,7 @@ function normalizeMetadata(metadata) {
   return entries.length > 0 ? Object.fromEntries(entries) : void 0;
 }
 function buildDispatchId(plugin, idempotencyKey) {
-  const digest = createHash2("sha256").update(plugin).update("\0").update(idempotencyKey).digest("hex").slice(0, 32);
+  const digest = createHash("sha256").update(plugin).update("\0").update(idempotencyKey).digest("hex").slice(0, 32);
   return `dispatch_${digest}`;
 }
 function getDispatchDestinationLockId(destination) {
@@ -14059,6 +13517,7 @@ async function runAgentDispatchSlice(callback, deps = {}) {
         channelId: dispatch.destination.channelId,
         teamId: dispatch.destination.teamId
       },
+      surface: dispatch.actor.id === "scheduler" ? "scheduler" : "api",
       toolChannelId: dispatch.destination.channelId,
       sandbox: {
         sandboxId,
@@ -14234,10 +13693,10 @@ async function POST(request, waitUntil) {
 }
 // src/handlers/heartbeat.ts
-import { timingSafeEqual as timingSafeEqual5 } from "crypto";
+import { timingSafeEqual as timingSafeEqual4 } from "crypto";
 // src/chat/services/timeout-resume.ts
-import { createHmac as createHmac4, timingSafeEqual as timingSafeEqual4 } from "crypto";
+import { createHmac as createHmac3, timingSafeEqual as timingSafeEqual3 } from "crypto";
 // src/chat/task-execution/store.ts
 import { randomUUID as randomUUID4 } from "crypto";
@@ -14836,16 +14295,16 @@ function buildSignedPayload2(timestamp, body) {
   return `${TURN_TIMEOUT_RESUME_HMAC_CONTEXT}:${timestamp}:${body}`;
 }
 function signTurnTimeoutResumeBody(secret, timestamp, body) {
-  const digest = createHmac4("sha256", secret).update(buildSignedPayload2(timestamp, body)).digest("hex");
+  const digest = createHmac3("sha256", secret).update(buildSignedPayload2(timestamp, body)).digest("hex");
   return `${TURN_TIMEOUT_RESUME_SIGNATURE_VERSION}=${digest}`;
 }
-function timingSafeMatch4(expected, actual) {
+function timingSafeMatch3(expected, actual) {
   const expectedBuffer = Buffer.from(expected);
   const actualBuffer = Buffer.from(actual);
   if (expectedBuffer.length !== actualBuffer.length) {
     return false;
   }
-  return timingSafeEqual4(expectedBuffer, actualBuffer);
+  return timingSafeEqual3(expectedBuffer, actualBuffer);
 }
 function parseTurnTimeoutResumeRequest(value) {
   if (!value || typeof value !== "object") {
@@ -14900,7 +14359,7 @@ async function verifyTurnTimeoutResumeRequest(request) {
   }
   const body = await request.text();
   const expectedSignature = signTurnTimeoutResumeBody(secret, timestamp, body);
-  if (!timingSafeMatch4(expectedSignature, signature)) {
+  if (!timingSafeMatch3(expectedSignature, signature)) {
     return void 0;
   }
   try {
@@ -15402,7 +14861,7 @@ function verifyHeartbeatRequest(request) {
   }
   const actual = Buffer.from(authorization.slice("Bearer ".length));
   const expected = Buffer.from(secret);
-  return actual.length === expected.length && timingSafeEqual5(actual, expected);
+  return actual.length === expected.length && timingSafeEqual4(actual, expected);
 }
 async function GET2(request, waitUntil, options = {}) {
   if (!verifyHeartbeatRequest(request)) {
@@ -20630,6 +20089,7 @@ function createReplyToThread(deps) {
             sliceId: 1,
             startedAtMs: message.metadata.dateSent.getTime(),
             state: "running",
+            surface: "slack",
             requester,
             traceId: getActiveTraceId()
           }).catch((error) => {
@@ -20817,6 +20277,7 @@ function createReplyToThread(deps) {
               omittedImageAttachmentCount,
               userAttachments,
               slackConversation,
+              surface: "slack",
               turnDeadlineAtMs: getTurnRequestDeadline()?.deadlineAtMs,
               correlation: {
                 conversationId,
@@ -22055,6 +21516,9 @@ function isExternalSlackUser(raw) {
 async function postEphemeral(event, text) {
   await event.channel.postEphemeral(event.user, text, { fallbackToDM: false });
 }
+function getCommandName() {
+  return getChatConfig().slack.slashCommand;
+}
 async function handleLink(event, provider) {
   if (!isPluginProvider(provider)) {
     await postEphemeral(event, `Unknown provider: \`${provider}\``);
@@ -22106,7 +21570,7 @@ async function handleUnlink(event, provider) {
     "slash_command_unlink",
     { slackUserId: event.user.userId },
     { "app.credential.provider": provider },
-    `Unlinked ${formatProviderLabel(provider)} account via /jr slash command`
+    `Unlinked ${formatProviderLabel(provider)} account via ${getCommandName()} slash command`
   );
   await postEphemeral(
     event,
@@ -22118,12 +21582,15 @@ async function handleSlashCommand(event) {
   if (!subcommand || !["link", "unlink"].includes(subcommand)) {
     await postEphemeral(
       event,
-      "Usage: `/jr link <provider>` or `/jr unlink <provider>`"
+      `Usage: \`${getCommandName()} link <provider>\` or \`${getCommandName()} unlink <provider>\``
     );
     return;
   }
   if (!provider || rest.length > 0) {
-    await postEphemeral(event, `Usage: \`/jr ${subcommand} <provider>\``);
+    await postEphemeral(
+      event,
+      `Usage: \`${getCommandName()} ${subcommand} <provider>\``
+    );
     return;
   }
   const normalized = provider.toLowerCase();
@@ -23242,16 +22709,16 @@ function mountAgentPluginRoutes(app, routes) {
 async function createApp(options) {
   const virtualConfig = await resolveVirtualConfig();
   const configuredPlugins = options?.plugins ?? virtualConfig?.pluginSet;
-  const agentPlugins2 = trustedPluginRegistrationsFromPluginSet(configuredPlugins);
+  const agentPlugins = trustedPluginRegistrationsFromPluginSet(configuredPlugins);
   const pluginConfig = configuredPlugins ? pluginCatalogConfigFromPluginSet(configuredPlugins) : virtualConfig?.plugins ?? resolveEnvPluginCatalogConfig();
   if (configuredPlugins) {
     validateBuildIncludesPluginPackages(pluginConfig, virtualConfig);
   }
-  validateBuildIncludesTrustedRegistrations(agentPlugins2, virtualConfig);
-  validateAgentPlugins(agentPlugins2);
+  validateBuildIncludesTrustedRegistrations(agentPlugins, virtualConfig);
+  validateAgentPlugins(agentPlugins);
   const shouldValidatePluginCatalog = hasConfiguredPluginCatalog(pluginConfig) || Boolean(configuredPlugins?.registrations.length) || Boolean(Object.keys(options?.configDefaults ?? {}).length);
   const previousPluginCatalogConfig = setPluginCatalogConfig(pluginConfig);
-  const previousAgentPlugins = setAgentPlugins(agentPlugins2);
+  const previousAgentPlugins = setAgentPlugins(agentPlugins);
   const previousConfigDefaults = getConfigDefaults();
   let agentPluginRoutes = [];
   try {