npm - @vellumai/assistant - Versions diffs - 0.4.9 → 0.4.11 - Mend

@vellumai/assistant 0.4.9 → 0.4.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (116) hide show

package/src/runtime/guardian-outbound-actions.ts CHANGED Viewed

@@ -7,17 +7,17 @@
  * IPC handler (config-channels.ts) and the HTTP route layer (integration-routes.ts).
  */
-import { createHash,randomBytes } from 'node:crypto';
-import { startGuardianVerificationCall } from '../calls/call-domain.js';
-import type { ChannelId } from '../channels/types.js';
-import { getGatewayInternalBaseUrl } from '../config/env.js';
-import { sendMessage as sendSms } from '../messaging/providers/sms/client.js';
-import { getCredentialMetadata } from '../tools/credentials/metadata-store.js';
-import { getLogger } from '../util/logger.js';
-import { normalizePhoneNumber } from '../util/phone.js';
-import { readHttpToken } from '../util/platform.js';
-import { DAEMON_INTERNAL_ASSISTANT_ID } from './assistant-scope.js';
+import { createHash, randomBytes } from "node:crypto";
+import { startGuardianVerificationCall } from "../calls/call-domain.js";
+import type { ChannelId } from "../channels/types.js";
+import { getGatewayInternalBaseUrl } from "../config/env.js";
+import { sendMessage as sendSms } from "../messaging/providers/sms/client.js";
+import { getCredentialMetadata } from "../tools/credentials/metadata-store.js";
+import { getLogger } from "../util/logger.js";
+import { normalizePhoneNumber } from "../util/phone.js";
+import { readHttpToken } from "../util/platform.js";
+import { DAEMON_INTERNAL_ASSISTANT_ID } from "./assistant-scope.js";
 import {
   countRecentSendsToDestination,
   createOutboundSession,
@@ -25,14 +25,15 @@ import {
   getGuardianBinding,
   updateSessionDelivery,
   updateSessionStatus,
-} from './channel-guardian-service.js';
+} from "./channel-guardian-service.js";
 import {
+  composeVerificationSlack,
   composeVerificationSms,
   composeVerificationTelegram,
   GUARDIAN_VERIFY_TEMPLATE_KEYS,
-} from './guardian-verification-templates.js';
+} from "./guardian-verification-templates.js";
-const log = getLogger('guardian-outbound-actions');
+const log = getLogger("guardian-outbound-actions");
 // ---------------------------------------------------------------------------
 // Rate limit constants for outbound verification
@@ -73,7 +74,7 @@ function isTelegramChatId(destination: string): boolean {
  */
 export function normalizeTelegramDestination(destination: string): string {
   if (isTelegramChatId(destination)) return destination;
-  return destination.replace(/^@/, '').toLowerCase();
+  return destination.replace(/^@/, "").toLowerCase();
 }
 /**
@@ -81,8 +82,12 @@ export function normalizeTelegramDestination(destination: string): string {
  * Falls back to process.env.TELEGRAM_BOT_USERNAME.
  */
 function getTelegramBotUsername(): string | undefined {
-  const meta = getCredentialMetadata('telegram', 'bot_token');
-  if (meta?.accountInfo && typeof meta.accountInfo === 'string' && meta.accountInfo.trim().length > 0) {
+  const meta = getCredentialMetadata("telegram", "bot_token");
+  if (
+    meta?.accountInfo &&
+    typeof meta.accountInfo === "string" &&
+    meta.accountInfo.trim().length > 0
+  ) {
     return meta.accountInfo.trim();
   }
   return process.env.TELEGRAM_BOT_USERNAME || undefined;
@@ -150,13 +155,15 @@ function deliverVerificationSms(
       const gatewayUrl = getGatewayInternalBaseUrl();
       const bearerToken = readHttpToken();
       if (!bearerToken) {
-        log.error('Cannot deliver verification SMS: no runtime HTTP token available');
+        log.error(
+          "Cannot deliver verification SMS: no runtime HTTP token available",
+        );
         return;
       }
       await sendSms(gatewayUrl, bearerToken, to, text, assistantId);
-      log.info({ to, assistantId }, 'Verification SMS delivered');
+      log.info({ to, assistantId }, "Verification SMS delivered");
     } catch (err) {
-      log.error({ err, to, assistantId }, 'Failed to deliver verification SMS');
+      log.error({ err, to, assistantId }, "Failed to deliver verification SMS");
     }
   })();
 }
@@ -179,26 +186,37 @@ function deliverVerificationTelegram(
       const gatewayUrl = getGatewayInternalBaseUrl();
       const bearerToken = readHttpToken();
       if (!bearerToken) {
-        log.error('Cannot deliver verification Telegram message: no runtime HTTP token available');
+        log.error(
+          "Cannot deliver verification Telegram message: no runtime HTTP token available",
+        );
         return;
       }
       const url = `${gatewayUrl}/deliver/telegram`;
       const resp = await fetch(url, {
-        method: 'POST',
+        method: "POST",
         headers: {
-          'Content-Type': 'application/json',
+          "Content-Type": "application/json",
           Authorization: `Bearer ${bearerToken}`,
         },
         body: JSON.stringify({ chatId, text, assistantId }),
       });
       if (!resp.ok) {
-        const body = await resp.text().catch(() => '<unreadable>');
-        log.error({ chatId, assistantId, status: resp.status, body }, 'Gateway /deliver/telegram failed for verification');
+        const body = await resp.text().catch(() => "<unreadable>");
+        log.error(
+          { chatId, assistantId, status: resp.status, body },
+          "Gateway /deliver/telegram failed for verification",
+        );
       } else {
-        log.info({ chatId, assistantId }, 'Verification Telegram message delivered');
+        log.info(
+          { chatId, assistantId },
+          "Verification Telegram message delivered",
+        );
       }
     } catch (err) {
-      log.error({ err, chatId, assistantId }, 'Failed to deliver verification Telegram message');
+      log.error(
+        { err, chatId, assistantId },
+        "Failed to deliver verification Telegram message",
+      );
     }
   })();
 }
@@ -226,12 +244,25 @@ function initiateGuardianVoiceCall(
         originConversationId,
       });
       if (result.ok) {
-        log.info({ phoneNumber, guardianVerificationSessionId, callSid: result.callSid }, 'Guardian verification call initiated');
+        log.info(
+          {
+            phoneNumber,
+            guardianVerificationSessionId,
+            callSid: result.callSid,
+          },
+          "Guardian verification call initiated",
+        );
       } else {
-        log.error({ phoneNumber, guardianVerificationSessionId, error: result.error }, 'Failed to initiate guardian verification call');
+        log.error(
+          { phoneNumber, guardianVerificationSessionId, error: result.error },
+          "Failed to initiate guardian verification call",
+        );
       }
     } catch (err) {
-      log.error({ err, phoneNumber, guardianVerificationSessionId }, 'Failed to initiate guardian verification call');
+      log.error(
+        { err, phoneNumber, guardianVerificationSessionId },
+        "Failed to initiate guardian verification call",
+      );
     }
   })();
 }
@@ -240,23 +271,51 @@ function initiateGuardianVoiceCall(
 // Start outbound
 // ---------------------------------------------------------------------------
-export function startOutbound(params: StartOutboundParams): OutboundActionResult {
+export function startOutbound(
+  params: StartOutboundParams,
+): OutboundActionResult {
   const assistantId = DAEMON_INTERNAL_ASSISTANT_ID;
   const channel = params.channel;
   const originConversationId = params.originConversationId;
-  if (channel === 'sms') {
-    return startOutboundSms(params.destination, assistantId, channel, params.rebind, originConversationId);
-  } else if (channel === 'telegram') {
-    return startOutboundTelegram(params.destination, assistantId, channel, params.rebind, originConversationId);
-  } else if (channel === 'voice') {
-    return startOutboundVoice(params.destination, assistantId, channel, params.rebind, originConversationId);
+  if (channel === "sms") {
+    return startOutboundSms(
+      params.destination,
+      assistantId,
+      channel,
+      params.rebind,
+      originConversationId,
+    );
+  } else if (channel === "telegram") {
+    return startOutboundTelegram(
+      params.destination,
+      assistantId,
+      channel,
+      params.rebind,
+      originConversationId,
+    );
+  } else if (channel === "voice") {
+    return startOutboundVoice(
+      params.destination,
+      assistantId,
+      channel,
+      params.rebind,
+      originConversationId,
+    );
+  } else if (channel === "slack") {
+    return startOutboundSlack(
+      params.destination,
+      assistantId,
+      channel,
+      params.rebind,
+      originConversationId,
+    );
   }
   return {
     success: false,
-    error: 'unsupported_channel',
-    message: `Outbound verification is only supported for SMS, Telegram, and voice. Got: ${channel}`,
+    error: "unsupported_channel",
+    message: `Outbound verification is only supported for SMS, Telegram, voice, and Slack. Got: ${channel}`,
     channel,
   };
 }
@@ -271,8 +330,9 @@ function startOutboundSms(
   if (!rawDestination) {
     return {
       success: false,
-      error: 'missing_destination',
-      message: 'A destination phone number is required for outbound SMS verification.',
+      error: "missing_destination",
+      message:
+        "A destination phone number is required for outbound SMS verification.",
       channel,
     };
   }
@@ -281,8 +341,9 @@ function startOutboundSms(
   if (!destination) {
     return {
       success: false,
-      error: 'invalid_destination',
-      message: 'Could not parse phone number. Please enter a valid number (e.g. +15551234567, (555) 123-4567, or 555-123-4567).',
+      error: "invalid_destination",
+      message:
+        "Could not parse phone number. Please enter a valid number (e.g. +15551234567, (555) 123-4567, or 555-123-4567).",
       channel,
     };
   }
@@ -291,18 +352,24 @@ function startOutboundSms(
   if (existingBinding && !rebind) {
     return {
       success: false,
-      error: 'already_bound',
-      message: 'A guardian is already bound for this channel. Set rebind: true to replace.',
+      error: "already_bound",
+      message:
+        "A guardian is already bound for this channel. Set rebind: true to replace.",
       channel,
     };
   }
-  const recentSendCount = countRecentSendsToDestination(channel, destination, DESTINATION_RATE_WINDOW_MS);
+  const recentSendCount = countRecentSendsToDestination(
+    channel,
+    destination,
+    DESTINATION_RATE_WINDOW_MS,
+  );
   if (recentSendCount >= MAX_SENDS_PER_DESTINATION_WINDOW) {
     return {
       success: false,
-      error: 'rate_limited',
-      message: 'Too many verification attempts to this phone number. Please try again later.',
+      error: "rate_limited",
+      message:
+        "Too many verification attempts to this phone number. Please try again later.",
       channel,
     };
   }
@@ -352,8 +419,9 @@ function startOutboundTelegram(
   if (!destination) {
     return {
       success: false,
-      error: 'missing_destination',
-      message: 'A destination (Telegram handle or chat ID) is required for outbound Telegram verification.',
+      error: "missing_destination",
+      message:
+        "A destination (Telegram handle or chat ID) is required for outbound Telegram verification.",
       channel,
     };
   }
@@ -362,20 +430,26 @@ function startOutboundTelegram(
   if (existingBinding && !rebind) {
     return {
       success: false,
-      error: 'already_bound',
-      message: 'A guardian is already bound for this channel. Set rebind: true to replace.',
+      error: "already_bound",
+      message:
+        "A guardian is already bound for this channel. Set rebind: true to replace.",
       channel,
     };
   }
   const normalizedDestination = normalizeTelegramDestination(destination);
-  const recentSendCount = countRecentSendsToDestination(channel, normalizedDestination, DESTINATION_RATE_WINDOW_MS);
+  const recentSendCount = countRecentSendsToDestination(
+    channel,
+    normalizedDestination,
+    DESTINATION_RATE_WINDOW_MS,
+  );
   if (recentSendCount >= MAX_SENDS_PER_DESTINATION_WINDOW) {
     return {
       success: false,
-      error: 'rate_limited',
-      message: 'Too many verification attempts to this destination. Please try again later.',
+      error: "rate_limited",
+      message:
+        "Too many verification attempts to this destination. Please try again later.",
       channel,
     };
   }
@@ -385,8 +459,9 @@ function startOutboundTelegram(
     if (isNaN(chatIdNum) || chatIdNum < 0) {
       return {
         success: false,
-        error: 'invalid_destination',
-        message: 'Telegram group chats are not supported for verification. Use a private chat ID or @handle.',
+        error: "invalid_destination",
+        message:
+          "Telegram group chats are not supported for verification. Use a private chat ID or @handle.",
         channel,
       };
     }
@@ -395,7 +470,7 @@ function startOutboundTelegram(
       assistantId,
       channel,
       expectedChatId: destination,
-      identityBindingStatus: 'bound',
+      identityBindingStatus: "bound",
       destinationAddress: normalizedDestination,
     });
@@ -411,7 +486,12 @@ function startOutboundTelegram(
     const nextResendAt = now + RESEND_COOLDOWN_MS;
     const sendCount = 1;
-    updateSessionDelivery(sessionResult.sessionId, now, sendCount, nextResendAt);
+    updateSessionDelivery(
+      sessionResult.sessionId,
+      now,
+      sendCount,
+      nextResendAt,
+    );
     deliverVerificationTelegram(destination, telegramBody, assistantId);
     return {
@@ -431,19 +511,22 @@ function startOutboundTelegram(
   if (!botUsername) {
     return {
       success: false,
-      error: 'no_bot_username',
-      message: 'Telegram bot username is not configured. Set up the Telegram integration first.',
+      error: "no_bot_username",
+      message:
+        "Telegram bot username is not configured. Set up the Telegram integration first.",
       channel,
     };
   }
-  const bootstrapToken = randomBytes(16).toString('hex');
-  const bootstrapTokenHash = createHash('sha256').update(bootstrapToken).digest('hex');
+  const bootstrapToken = randomBytes(16).toString("hex");
+  const bootstrapTokenHash = createHash("sha256")
+    .update(bootstrapToken)
+    .digest("hex");
   const sessionResult = createOutboundSession({
     assistantId,
     channel,
-    identityBindingStatus: 'pending_bootstrap',
+    identityBindingStatus: "pending_bootstrap",
     destinationAddress: normalizedDestination,
     bootstrapTokenHash,
   });
@@ -470,8 +553,9 @@ function startOutboundVoice(
   if (!rawDestination) {
     return {
       success: false,
-      error: 'missing_destination',
-      message: 'A destination phone number is required for outbound voice verification.',
+      error: "missing_destination",
+      message:
+        "A destination phone number is required for outbound voice verification.",
       channel,
     };
   }
@@ -480,8 +564,9 @@ function startOutboundVoice(
   if (!destination) {
     return {
       success: false,
-      error: 'invalid_destination',
-      message: 'Could not parse phone number. Please enter a valid number (e.g. +15551234567, (555) 123-4567, or 555-123-4567).',
+      error: "invalid_destination",
+      message:
+        "Could not parse phone number. Please enter a valid number (e.g. +15551234567, (555) 123-4567, or 555-123-4567).",
       channel,
     };
   }
@@ -490,18 +575,24 @@ function startOutboundVoice(
   if (existingBinding && !rebind) {
     return {
       success: false,
-      error: 'already_bound',
-      message: 'A guardian is already bound for this channel. Set rebind: true to replace.',
+      error: "already_bound",
+      message:
+        "A guardian is already bound for this channel. Set rebind: true to replace.",
       channel,
     };
   }
-  const recentSendCount = countRecentSendsToDestination(channel, destination, DESTINATION_RATE_WINDOW_MS);
+  const recentSendCount = countRecentSendsToDestination(
+    channel,
+    destination,
+    DESTINATION_RATE_WINDOW_MS,
+  );
   if (recentSendCount >= MAX_SENDS_PER_DESTINATION_WINDOW) {
     return {
       success: false,
-      error: 'rate_limited',
-      message: 'Too many verification attempts to this phone number. Please try again later.',
+      error: "rate_limited",
+      message:
+        "Too many verification attempts to this phone number. Please try again later.",
       channel,
     };
   }
@@ -520,7 +611,140 @@ function startOutboundVoice(
   const sendCount = 1;
   updateSessionDelivery(sessionResult.sessionId, now, sendCount, nextResendAt);
-  initiateGuardianVoiceCall(destination, sessionResult.sessionId, assistantId, originConversationId);
+  initiateGuardianVoiceCall(
+    destination,
+    sessionResult.sessionId,
+    assistantId,
+    originConversationId,
+  );
+  return {
+    success: true,
+    verificationSessionId: sessionResult.sessionId,
+    secret: sessionResult.secret,
+    expiresAt: sessionResult.expiresAt,
+    nextResendAt,
+    sendCount,
+    channel,
+    originConversationId,
+  };
+}
+// ---------------------------------------------------------------------------
+// Slack delivery helper
+// ---------------------------------------------------------------------------
+/**
+ * Deliver a verification Slack DM via the gateway's /deliver/slack endpoint.
+ * Fire-and-forget with error logging.
+ */
+function deliverVerificationSlack(
+  userId: string,
+  text: string,
+  assistantId: string,
+): void {
+  (async () => {
+    try {
+      const gatewayUrl = getGatewayInternalBaseUrl();
+      const bearerToken = readHttpToken();
+      if (!bearerToken) {
+        log.error(
+          "Cannot deliver verification Slack DM: no runtime HTTP token available",
+        );
+        return;
+      }
+      const url = `${gatewayUrl}/deliver/slack`;
+      const resp = await fetch(url, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${bearerToken}`,
+        },
+        body: JSON.stringify({ chatId: userId, text, assistantId }),
+      });
+      if (!resp.ok) {
+        const body = await resp.text().catch(() => "<unreadable>");
+        log.error(
+          { userId, assistantId, status: resp.status, body },
+          "Gateway /deliver/slack failed for verification",
+        );
+      } else {
+        log.info({ userId, assistantId }, "Verification Slack DM delivered");
+      }
+    } catch (err) {
+      log.error(
+        { err, userId, assistantId },
+        "Failed to deliver verification Slack DM",
+      );
+    }
+  })();
+}
+function startOutboundSlack(
+  destination: string | undefined,
+  assistantId: string,
+  channel: ChannelId,
+  rebind?: boolean,
+  originConversationId?: string,
+): OutboundActionResult {
+  if (!destination) {
+    return {
+      success: false,
+      error: "missing_destination",
+      message: "A Slack user ID is required for outbound Slack verification.",
+      channel,
+    };
+  }
+  const existingBinding = getGuardianBinding(assistantId, channel);
+  if (existingBinding && !rebind) {
+    return {
+      success: false,
+      error: "already_bound",
+      message:
+        "A guardian is already bound for this channel. Set rebind: true to replace.",
+      channel,
+    };
+  }
+  const recentSendCount = countRecentSendsToDestination(
+    channel,
+    destination,
+    DESTINATION_RATE_WINDOW_MS,
+  );
+  if (recentSendCount >= MAX_SENDS_PER_DESTINATION_WINDOW) {
+    return {
+      success: false,
+      error: "rate_limited",
+      message:
+        "Too many verification attempts to this Slack user. Please try again later.",
+      channel,
+    };
+  }
+  const sessionResult = createOutboundSession({
+    assistantId,
+    channel,
+    expectedExternalUserId: destination,
+    expectedChatId: destination,
+    identityBindingStatus: "bound",
+    destinationAddress: destination,
+  });
+  const slackBody = composeVerificationSlack(
+    GUARDIAN_VERIFY_TEMPLATE_KEYS.SLACK_CHALLENGE_REQUEST,
+    {
+      code: sessionResult.secret,
+      expiresInMinutes: Math.floor(SESSION_TTL_SECONDS / 60),
+    },
+  );
+  const now = Date.now();
+  const nextResendAt = now + RESEND_COOLDOWN_MS;
+  const sendCount = 1;
+  updateSessionDelivery(sessionResult.sessionId, now, sendCount, nextResendAt);
+  deliverVerificationSlack(destination, slackBody, assistantId);
   return {
     success: true,
@@ -538,7 +762,9 @@ function startOutboundVoice(
 // Resend outbound
 // ---------------------------------------------------------------------------
-export function resendOutbound(params: ResendOutboundParams): OutboundActionResult {
+export function resendOutbound(
+  params: ResendOutboundParams,
+): OutboundActionResult {
   const assistantId = DAEMON_INTERNAL_ASSISTANT_ID;
   const channel = params.channel;
   const originConversationId = params.originConversationId;
@@ -547,17 +773,18 @@ export function resendOutbound(params: ResendOutboundParams): OutboundActionResu
   if (!session) {
     return {
       success: false,
-      error: 'no_active_session',
-      message: 'No active outbound verification session found.',
+      error: "no_active_session",
+      message: "No active outbound verification session found.",
       channel,
     };
   }
-  if (session.identityBindingStatus === 'pending_bootstrap') {
+  if (session.identityBindingStatus === "pending_bootstrap") {
     return {
       success: false,
-      error: 'pending_bootstrap',
-      message: 'Cannot resend: waiting for bootstrap deep-link activation. The user must click the link first.',
+      error: "pending_bootstrap",
+      message:
+        "Cannot resend: waiting for bootstrap deep-link activation. The user must click the link first.",
       channel,
     };
   }
@@ -565,8 +792,8 @@ export function resendOutbound(params: ResendOutboundParams): OutboundActionResu
   if (session.nextResendAt != null && Date.now() < session.nextResendAt) {
     return {
       success: false,
-      error: 'rate_limited',
-      message: 'Please wait before requesting another verification code.',
+      error: "rate_limited",
+      message: "Please wait before requesting another verification code.",
       channel,
     };
   }
@@ -575,41 +802,52 @@ export function resendOutbound(params: ResendOutboundParams): OutboundActionResu
   if (currentSendCount >= MAX_SENDS_PER_SESSION) {
     return {
       success: false,
-      error: 'max_sends_exceeded',
-      message: 'Maximum number of verification sends reached for this session.',
+      error: "max_sends_exceeded",
+      message: "Maximum number of verification sends reached for this session.",
       channel,
     };
   }
-  const resendDestination = session.destinationAddress ?? session.expectedPhoneE164 ?? session.expectedChatId;
+  const resendDestination =
+    session.destinationAddress ??
+    session.expectedPhoneE164 ??
+    session.expectedChatId;
   if (resendDestination) {
-    const recentDestSends = countRecentSendsToDestination(channel, resendDestination, DESTINATION_RATE_WINDOW_MS);
+    const recentDestSends = countRecentSendsToDestination(
+      channel,
+      resendDestination,
+      DESTINATION_RATE_WINDOW_MS,
+    );
     if (recentDestSends >= MAX_SENDS_PER_DESTINATION_WINDOW) {
       return {
         success: false,
-        error: 'rate_limited',
-        message: 'Too many verification attempts to this destination. Please try again later.',
+        error: "rate_limited",
+        message:
+          "Too many verification attempts to this destination. Please try again later.",
         channel,
       };
     }
   }
-  const destination = session.destinationAddress ?? session.expectedPhoneE164 ?? session.expectedChatId;
+  const destination =
+    session.destinationAddress ??
+    session.expectedPhoneE164 ??
+    session.expectedChatId;
   if (!destination) {
     return {
       success: false,
-      error: 'no_destination',
-      message: 'Cannot resend: no destination address on the session.',
+      error: "no_destination",
+      message: "Cannot resend: no destination address on the session.",
       channel,
     };
   }
-  if (channel === 'telegram') {
+  if (channel === "telegram") {
     const newSession = createOutboundSession({
       assistantId,
       channel,
       expectedChatId: destination,
-      identityBindingStatus: 'bound',
+      identityBindingStatus: "bound",
       destinationAddress: destination,
     });
@@ -625,7 +863,12 @@ export function resendOutbound(params: ResendOutboundParams): OutboundActionResu
     const newSendCount = currentSendCount + 1;
     const nextResendAt = now + RESEND_COOLDOWN_MS;
-    updateSessionDelivery(newSession.sessionId, now, newSendCount, nextResendAt);
+    updateSessionDelivery(
+      newSession.sessionId,
+      now,
+      newSendCount,
+      nextResendAt,
+    );
     deliverVerificationTelegram(destination, telegramBody, assistantId);
     return {
@@ -637,7 +880,7 @@ export function resendOutbound(params: ResendOutboundParams): OutboundActionResu
       channel,
       originConversationId,
     };
-  } else if (channel === 'voice') {
+  } else if (channel === "voice") {
     const newSession = createOutboundSession({
       assistantId,
       channel,
@@ -651,8 +894,57 @@ export function resendOutbound(params: ResendOutboundParams): OutboundActionResu
     const newSendCount = currentSendCount + 1;
     const nextResendAt = now + RESEND_COOLDOWN_MS;
-    updateSessionDelivery(newSession.sessionId, now, newSendCount, nextResendAt);
-    initiateGuardianVoiceCall(destination, newSession.sessionId, assistantId, originConversationId);
+    updateSessionDelivery(
+      newSession.sessionId,
+      now,
+      newSendCount,
+      nextResendAt,
+    );
+    initiateGuardianVoiceCall(
+      destination,
+      newSession.sessionId,
+      assistantId,
+      originConversationId,
+    );
+    return {
+      success: true,
+      verificationSessionId: newSession.sessionId,
+      secret: newSession.secret,
+      nextResendAt,
+      sendCount: newSendCount,
+      channel,
+      originConversationId,
+    };
+  } else if (channel === "slack") {
+    const newSession = createOutboundSession({
+      assistantId,
+      channel,
+      expectedExternalUserId: destination,
+      expectedChatId: destination,
+      identityBindingStatus: "bound",
+      destinationAddress: destination,
+    });
+    const slackBody = composeVerificationSlack(
+      GUARDIAN_VERIFY_TEMPLATE_KEYS.SLACK_RESEND,
+      {
+        code: newSession.secret,
+        expiresInMinutes: Math.floor(SESSION_TTL_SECONDS / 60),
+      },
+    );
+    const now = Date.now();
+    const newSendCount = currentSendCount + 1;
+    const nextResendAt = now + RESEND_COOLDOWN_MS;
+    updateSessionDelivery(
+      newSession.sessionId,
+      now,
+      newSendCount,
+      nextResendAt,
+    );
+    deliverVerificationSlack(destination, slackBody, assistantId);
     return {
       success: true,
@@ -674,13 +966,10 @@ export function resendOutbound(params: ResendOutboundParams): OutboundActionResu
     destinationAddress: destination,
   });
-  const smsBody = composeVerificationSms(
-    GUARDIAN_VERIFY_TEMPLATE_KEYS.RESEND,
-    {
-      code: newSession.secret,
-      expiresInMinutes: Math.floor(SESSION_TTL_SECONDS / 60),
-    },
-  );
+  const smsBody = composeVerificationSms(GUARDIAN_VERIFY_TEMPLATE_KEYS.RESEND, {
+    code: newSession.secret,
+    expiresInMinutes: Math.floor(SESSION_TTL_SECONDS / 60),
+  });
   const now = Date.now();
   const newSendCount = currentSendCount + 1;
@@ -704,7 +993,9 @@ export function resendOutbound(params: ResendOutboundParams): OutboundActionResu
 // Cancel outbound
 // ---------------------------------------------------------------------------
-export function cancelOutbound(params: CancelOutboundParams): OutboundActionResult {
+export function cancelOutbound(
+  params: CancelOutboundParams,
+): OutboundActionResult {
   const assistantId = DAEMON_INTERNAL_ASSISTANT_ID;
   const channel = params.channel;
@@ -712,13 +1003,13 @@ export function cancelOutbound(params: CancelOutboundParams): OutboundActionResu
   if (!session) {
     return {
       success: false,
-      error: 'no_active_session',
-      message: 'No active outbound verification session found.',
+      error: "no_active_session",
+      message: "No active outbound verification session found.",
       channel,
     };
   }
-  updateSessionStatus(session.id, 'revoked');
+  updateSessionStatus(session.id, "revoked");
   return {
     success: true,