@vercel/slack-bolt 1.3.1 → 1.4.1

package/dist/preview-DAWKwXt1.mjs

@@ -0,0 +1,689 @@
+import fs from "node:fs";
+import path from "node:path";
+import { parse, stringify } from "yaml";
+import crypto from "node:crypto";
+//#region \0rolldown/runtime.js
+var __esmMin = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
+var __commonJSMin = (cb, mod) => () => (mod || cb((mod = { exports: {} }).exports, mod), mod.exports);
+//#endregion
+//#region src/internal/manifest/index.ts
+function rewriteUrl(originalUrl, branchUrl, bypassSecret) {
+	const pathStart = originalUrl.indexOf("/", originalUrl.indexOf("//") + 2);
+	const pathAndQuery = pathStart !== -1 ? originalUrl.slice(pathStart) : "/";
+	const url = new URL(pathAndQuery, `https://${branchUrl}`);
+	if (bypassSecret) url.searchParams.set("x-vercel-protection-bypass", bypassSecret);
+	return url.toString();
+}
+function createManifestDescription(params) {
+	const shortSha = params.commitSha?.slice(0, 7) ?? "unknown";
+	const safeCommitMsg = params.commitMessage ?? "";
+	const safeCommitAuthor = params.commitAuthor ?? "unknown";
+	const deploymentInfo = `\n:globe_with_meridians: *Deployment URL:* ${params.branchUrl}\n:seedling: *Branch:* ${params.branch}\n:technologist: *Commit:* ${shortSha} ${safeCommitMsg}\n:bust_in_silhouette: *Last updated by:* ${safeCommitAuthor}\n\n_Automatically created by ▲ Vercel_\n`;
+	const maxLongDesc = 4e3;
+	const combined = params.existingDescription + deploymentInfo;
+	let longDescription;
+	if (combined.length > maxLongDesc) {
+		const available = Math.max(0, maxLongDesc - deploymentInfo.length);
+		longDescription = (params.existingDescription.slice(0, available) + deploymentInfo).slice(0, maxLongDesc);
+	} else longDescription = combined;
+	const maxDisplayName = 35;
+	const cleanBranch = params.branch.replace(/^refs\/heads\//, "").replace(/\//g, "-");
+	let displayName = `${params.existingName} (${cleanBranch})`;
+	if (displayName.length > maxDisplayName) {
+		const prefix = `${params.existingName} (`;
+		const suffix = ")";
+		const availableForBranch = maxDisplayName - prefix.length - 1;
+		displayName = availableForBranch > 0 ? `${prefix}${cleanBranch.slice(0, availableForBranch)}${suffix}` : displayName.slice(0, maxDisplayName);
+	}
+	return {
+		longDescription,
+		displayName
+	};
+}
+function createNewManifest(params) {
+	const manifest = structuredClone(params.originalManifest);
+	if (manifest.settings?.event_subscriptions?.request_url) manifest.settings.event_subscriptions.request_url = rewriteUrl(manifest.settings.event_subscriptions.request_url, params.branchUrl, params.bypassSecret);
+	if (manifest.settings?.interactivity?.request_url) manifest.settings.interactivity.request_url = rewriteUrl(manifest.settings.interactivity.request_url, params.branchUrl, params.bypassSecret);
+	if (manifest.features?.slash_commands) {
+		for (const cmd of manifest.features.slash_commands) if (cmd.url) cmd.url = rewriteUrl(cmd.url, params.branchUrl, params.bypassSecret);
+	}
+	if (manifest.oauth_config?.redirect_urls) manifest.oauth_config.redirect_urls = manifest.oauth_config.redirect_urls.map((originalUrl) => rewriteUrl(originalUrl, params.branchUrl));
+	const { longDescription, displayName } = createManifestDescription({
+		existingDescription: manifest.display_information.long_description ?? "",
+		existingName: manifest.features?.bot_user?.display_name ?? manifest.display_information.name,
+		branchUrl: params.branchUrl,
+		branch: params.branch,
+		commitSha: params.commitSha,
+		commitMessage: params.commitMessage,
+		commitAuthor: params.commitAuthor
+	});
+	manifest.display_information.long_description = longDescription;
+	manifest.display_information.name = displayName;
+	if (manifest.features?.bot_user) manifest.features.bot_user.display_name = displayName;
+	return manifest;
+}
+var init_manifest = __esmMin((() => {}));
+//#endregion
+//#region src/internal/manifest/parse.ts
+function isYaml(filePath) {
+	const ext = path.extname(filePath).toLowerCase();
+	return ext === ".yaml" || ext === ".yml";
+}
+function parseManifest(raw, filePath) {
+	if (isYaml(filePath)) return parse(raw);
+	return JSON.parse(raw);
+}
+function stringifyManifest(manifest, filePath) {
+	if (isYaml(filePath)) return stringify(manifest);
+	return JSON.stringify(manifest, null, 2);
+}
+var init_parse = __esmMin((() => {}));
+//#endregion
+//#region src/internal/vercel/errors.ts
+var HTTPError;
+var init_errors$1 = __esmMin((() => {
+	HTTPError = class HTTPError extends Error {
+		constructor(message, status, statusText, body) {
+			const parts = [`${message}: ${status} ${statusText}`];
+			if (body) parts.push(body);
+			super(parts.join(" - "));
+			this.status = status;
+			this.statusText = statusText;
+			this.body = body;
+		}
+		static async fromResponse(message, response) {
+			let body;
+			try {
+				const text = await response.text();
+				if (text) body = text;
+			} catch {}
+			return new HTTPError(message, response.status, response.statusText, body);
+		}
+	};
+}));
+//#endregion
+//#region src/internal/slack/errors.ts
+var SlackManifestCreateError, SlackManifestUpdateError, SlackManifestExportError;
+var init_errors = __esmMin((() => {
+	SlackManifestCreateError = class extends Error {
+		constructor(message, errors) {
+			super(message);
+			this.errors = errors;
+		}
+	};
+	SlackManifestUpdateError = class extends Error {
+		constructor(message, errors) {
+			super(message);
+			this.errors = errors;
+		}
+	};
+	SlackManifestExportError = class extends Error {};
+}));
+//#endregion
+//#region src/internal/slack/index.ts
+async function createSlackApp({ token, manifest }) {
+	const response = await fetch("https://slack.com/api/apps.manifest.create", {
+		method: "POST",
+		headers: {
+			Authorization: `Bearer ${token}`,
+			"Content-Type": "application/json; charset=utf-8"
+		},
+		body: JSON.stringify({ manifest: JSON.stringify(manifest) })
+	});
+	if (!response.ok) throw new HTTPError("Failed to create Slack app", response.status, response.statusText);
+	const data = await response.json();
+	if (!data.ok) throw new SlackManifestCreateError(data?.error ?? "Unknown error", data?.errors);
+	return data;
+}
+async function updateSlackApp({ token, appId, manifest }) {
+	const response = await fetch("https://slack.com/api/apps.manifest.update", {
+		method: "POST",
+		headers: {
+			Authorization: `Bearer ${token}`,
+			"Content-Type": "application/json; charset=utf-8"
+		},
+		body: JSON.stringify({
+			app_id: appId,
+			manifest: JSON.stringify(manifest)
+		})
+	});
+	if (!response.ok) throw new HTTPError("Failed to update Slack app", response.status, response.statusText);
+	const data = await response.json();
+	if (!data.ok) throw new SlackManifestUpdateError(data?.error ?? "Unknown error", data?.errors);
+	return data;
+}
+async function exportSlackApp({ token, appId }) {
+	const response = await fetch("https://slack.com/api/apps.manifest.export", {
+		method: "POST",
+		headers: {
+			Authorization: `Bearer ${token}`,
+			"Content-Type": "application/json; charset=utf-8"
+		},
+		body: JSON.stringify({ app_id: appId })
+	});
+	if (!response.ok) throw new HTTPError("Failed to export Slack app", response.status, response.statusText);
+	const data = await response.json();
+	if (!data.ok) throw new SlackManifestExportError(data?.error ?? "Unknown error");
+	return data;
+}
+async function upsertSlackApp({ token, appId, manifest }) {
+	if (appId) try {
+		await exportSlackApp({
+			token,
+			appId
+		});
+		return {
+			isNew: false,
+			app: await updateSlackApp({
+				token,
+				appId,
+				manifest
+			})
+		};
+	} catch {}
+	return {
+		isNew: true,
+		app: await createSlackApp({
+			token,
+			manifest
+		})
+	};
+}
+async function deleteSlackApp({ token, appId }) {
+	const response = await fetch("https://slack.com/api/apps.manifest.delete", {
+		method: "POST",
+		headers: {
+			Authorization: `Bearer ${token}`,
+			"Content-Type": "application/json; charset=utf-8"
+		},
+		body: JSON.stringify({ app_id: appId })
+	});
+	if (!response.ok) throw new HTTPError("Failed to delete Slack app", response.status, response.statusText);
+	const data = await response.json();
+	if (!data.ok) throw new Error(data.error ?? "Unknown error");
+}
+async function rotateConfigToken({ refreshToken }) {
+	const response = await fetch("https://slack.com/api/tooling.tokens.rotate", {
+		method: "POST",
+		headers: { "Content-Type": "application/x-www-form-urlencoded" },
+		body: new URLSearchParams({ refresh_token: refreshToken })
+	});
+	if (!response.ok) throw new HTTPError("Failed to rotate configuration token", response.status, response.statusText);
+	const data = await response.json();
+	if (!data.ok || !data.token || !data.refresh_token) throw new Error(data.error ?? "Unknown error rotating token");
+	return {
+		token: data.token,
+		refreshToken: data.refresh_token,
+		exp: data.exp ?? 0
+	};
+}
+async function authTest({ token }) {
+	const response = await fetch("https://slack.com/api/auth.test", {
+		method: "POST",
+		headers: {
+			Authorization: `Bearer ${token}`,
+			"Content-Type": "application/json; charset=utf-8"
+		}
+	});
+	if (!response.ok) throw new HTTPError("Auth test failed", response.status, response.statusText);
+	const data = await response.json();
+	if (!data.ok) throw new Error(data.error ?? "Unknown error");
+	return {
+		userId: data.user_id ?? "",
+		teamId: data.team_id ?? ""
+	};
+}
+async function verifyServiceTokenAccess(params) {
+	try {
+		await exportSlackApp({
+			token: params.serviceToken,
+			appId: params.appId
+		});
+		return { hasAccess: true };
+	} catch {
+		return { hasAccess: false };
+	}
+}
+async function installApp(params) {
+	const { serviceToken, appId, botScopes, outgoingDomains } = params;
+	if (!serviceToken) return { status: "missing_service_token" };
+	const response = await fetch("https://slack.com/api/apps.developerInstall", {
+		method: "POST",
+		headers: {
+			Authorization: `Bearer ${serviceToken}`,
+			"Content-Type": "application/json; charset=utf-8"
+		},
+		body: JSON.stringify({
+			app_id: appId,
+			bot_scopes: botScopes,
+			outgoing_domains: outgoingDomains ?? []
+		})
+	});
+	if (!response.ok) return {
+		status: "slack_api_error",
+		error: response.statusText
+	};
+	const data = await response.json();
+	if (data.error) switch (data.error) {
+		case "app_approval_request_eligible": return { status: "app_approval_request_eligible" };
+		case "app_approval_request_pending": return { status: "app_approval_request_pending" };
+		case "app_approval_request_denied": return { status: "app_approval_request_denied" };
+		case "invalid_app_id":
+			if (serviceToken) {
+				const { hasAccess } = await verifyServiceTokenAccess({
+					serviceToken,
+					appId
+				});
+				if (!hasAccess) return { status: "no_access" };
+			}
+			return { status: "invalid_app_id" };
+		default: return { status: "unknown_error" };
+	}
+	return {
+		status: "installed",
+		botToken: data.api_access_tokens?.bot,
+		appLevelToken: data.api_access_tokens?.app_level,
+		userToken: data.api_access_tokens?.user
+	};
+}
+var init_slack = __esmMin((() => {
+	init_errors$1();
+	init_errors();
+}));
+//#endregion
+//#region src/internal/vercel/index.ts
+async function getProject({ projectId, token, teamId }) {
+	const url = new URL(`https://api.vercel.com/v9/projects/${encodeURIComponent(projectId)}`);
+	if (teamId) url.searchParams.set("teamId", teamId);
+	const response = await fetch(url, {
+		method: "GET",
+		headers: { Authorization: `Bearer ${token}` }
+	});
+	if (!response.ok) throw await HTTPError.fromResponse("Failed to access Vercel project", response);
+}
+async function updateProtectionBypass({ projectId, token, teamId }) {
+	const newSecret = crypto.randomBytes(16).toString("hex");
+	const note = "Created by @vercel/slack-bolt";
+	const url = new URL(`https://api.vercel.com/v1/projects/${encodeURIComponent(projectId)}/protection-bypass`);
+	if (teamId) url.searchParams.set("teamId", teamId);
+	const response = await fetch(url, {
+		method: "PATCH",
+		headers: {
+			Authorization: `Bearer ${token}`,
+			"Content-Type": "application/json"
+		},
+		body: JSON.stringify({ generate: {
+			secret: newSecret,
+			note
+		} })
+	});
+	if (!response.ok) throw await HTTPError.fromResponse("Failed to update protection bypass", response);
+	return newSecret;
+}
+async function addEnvironmentVariables({ projectId, token, teamId, envs, upsert = true }) {
+	const url = new URL(`https://api.vercel.com/v10/projects/${encodeURIComponent(projectId)}/env`);
+	if (teamId) url.searchParams.set("teamId", teamId);
+	if (upsert) url.searchParams.set("upsert", "true");
+	const response = await fetch(url, {
+		method: "POST",
+		headers: {
+			Authorization: `Bearer ${token}`,
+			"Content-Type": "application/json"
+		},
+		body: JSON.stringify(envs)
+	});
+	if (!response.ok) throw await HTTPError.fromResponse("Failed to create environment variables", response);
+	return response.json();
+}
+async function cancelDeployment({ deploymentId, token, teamId }) {
+	const url = new URL(`https://api.vercel.com/v12/deployments/${encodeURIComponent(deploymentId)}/cancel`);
+	if (teamId) url.searchParams.set("teamId", teamId);
+	const response = await fetch(url, {
+		method: "PATCH",
+		headers: { Authorization: `Bearer ${token}` }
+	});
+	if (!response.ok) throw await HTTPError.fromResponse("Failed to cancel deployment", response);
+}
+async function createDeployment({ deploymentId, projectId, token, teamId }) {
+	const url = new URL("https://api.vercel.com/v13/deployments");
+	if (teamId) url.searchParams.set("teamId", teamId);
+	url.searchParams.set("forceNew", "1");
+	const response = await fetch(url, {
+		method: "POST",
+		headers: {
+			Authorization: `Bearer ${token}`,
+			"Content-Type": "application/json"
+		},
+		body: JSON.stringify({
+			deploymentId,
+			name: projectId,
+			project: projectId
+		})
+	});
+	if (!response.ok) throw await HTTPError.fromResponse("Failed to create deployment", response);
+	const data = await response.json();
+	return {
+		id: data.id,
+		url: data.url
+	};
+}
+async function getActiveBranches({ projectId, token, teamId }) {
+	const params = new URLSearchParams({
+		active: "1",
+		limit: "100"
+	});
+	if (teamId) params.set("teamId", teamId);
+	const response = await fetch(`https://api.vercel.com/v5/projects/${encodeURIComponent(projectId)}/branches?${params}`, { headers: { Authorization: `Bearer ${token}` } });
+	if (!response.ok) throw await HTTPError.fromResponse("Failed to fetch active branches", response);
+	const data = await response.json();
+	return new Set(data.branches?.map((b) => b.branch) ?? []);
+}
+async function getEnvironmentVariables({ projectId, token, teamId }) {
+	const url = new URL(`https://api.vercel.com/v9/projects/${encodeURIComponent(projectId)}/env`);
+	if (teamId) url.searchParams.set("teamId", teamId);
+	const response = await fetch(url, { headers: { Authorization: `Bearer ${token}` } });
+	if (!response.ok) throw await HTTPError.fromResponse("Failed to fetch environment variables", response);
+	return (await response.json()).envs ?? [];
+}
+async function getEnvironmentVariable({ projectId, envId, token, teamId }) {
+	const url = new URL(`https://api.vercel.com/v9/projects/${encodeURIComponent(projectId)}/env/${encodeURIComponent(envId)}`);
+	if (teamId) url.searchParams.set("teamId", teamId);
+	const response = await fetch(url, { headers: { Authorization: `Bearer ${token}` } });
+	if (!response.ok) throw await HTTPError.fromResponse("Failed to fetch environment variable", response);
+	return (await response.json()).value ?? null;
+}
+async function deleteEnvironmentVariable({ projectId, envId, token, teamId }) {
+	const url = new URL(`https://api.vercel.com/v9/projects/${encodeURIComponent(projectId)}/env/${encodeURIComponent(envId)}`);
+	if (teamId) url.searchParams.set("teamId", teamId);
+	const response = await fetch(url, {
+		method: "DELETE",
+		headers: { Authorization: `Bearer ${token}` }
+	});
+	if (!response.ok) throw await HTTPError.fromResponse("Failed to delete environment variable", response);
+}
+var init_vercel = __esmMin((() => {
+	init_errors$1();
+}));
+//#endregion
+//#region src/logger.ts
+function isDebug() {
+	return process.env.VERCEL_SLACK_DEBUG === "1" || process.env.VERCEL_SLACK_DEBUG === "true";
+}
+function isSensitiveKey(key) {
+	const lower = key.toLowerCase();
+	if (SENSITIVE_BODY_KEYS.has(lower)) return true;
+	return SENSITIVE_KEY_PATTERNS.some((pattern) => lower.includes(pattern));
+}
+function redactValue(value) {
+	if (value.length <= 4) return "****";
+	return `****${value.slice(-4)}`;
+}
+function redactSensitiveFields(obj) {
+	if (Array.isArray(obj)) return obj.map((item) => redactSensitiveFields(item));
+	if (obj !== null && typeof obj === "object") {
+		const result = {};
+		for (const [key, val] of Object.entries(obj)) if (isSensitiveKey(key) && typeof val === "string") result[key] = redactValue(val);
+		else result[key] = redactSensitiveFields(val);
+		return result;
+	}
+	return obj;
+}
+function redactBody(body) {
+	try {
+		const redacted = redactSensitiveFields(JSON.parse(body));
+		return JSON.stringify(redacted);
+	} catch {
+		return `<non-JSON body, ${body.length} bytes>`;
+	}
+}
+function formatHeaders(headers) {
+	const redacted = (headers instanceof Headers ? [...headers.entries()] : Object.entries(headers ?? {})).map(([k, v]) => REDACTED_HEADERS.has(k.toLowerCase()) ? [k, `****${v.slice(-4)}`] : [k, v]);
+	return JSON.stringify(Object.fromEntries(redacted));
+}
+function enableFetchDebugLogging() {
+	if (globalThis.fetch.__debugPatched) return;
+	const originalFetch = globalThis.fetch;
+	const patched = async (input, init) => {
+		const method = init?.method ?? "GET";
+		const url = input instanceof Request ? input.url : input.toString();
+		const start = performance.now();
+		log.debug(`-> ${method} ${url}`);
+		log.debug(`   headers: ${formatHeaders(init?.headers)}`);
+		if (typeof init?.body === "string") log.debug(`   body: ${redactBody(init.body)}`);
+		const response = await originalFetch(input, init);
+		const ms = (performance.now() - start).toFixed(0);
+		log.debug(`<- ${response.status} ${response.statusText} (${ms}ms)`);
+		log.debug(`   headers: ${formatHeaders(response.headers)}`);
+		const clone = response.clone();
+		try {
+			const body = await clone.text();
+			if (body) log.debug(`   body: ${redactBody(body)}`);
+		} catch {}
+		return response;
+	};
+	patched.__debugPatched = true;
+	globalThis.fetch = patched;
+}
+var BOLD, RESET, DIM, GREEN, YELLOW, log, REDACTED_HEADERS, SENSITIVE_BODY_KEYS, SENSITIVE_KEY_PATTERNS, startMessage;
+var init_logger = __esmMin((() => {
+	BOLD = "\x1B[1m";
+	RESET = "\x1B[0m";
+	DIM = "\x1B[2m";
+	GREEN = "\x1B[32m";
+	YELLOW = "\x1B[33m";
+	log = {
+		step: (msg) => console.log(`  ${msg} ...`),
+		success: (msg) => console.log(`${GREEN}✓${RESET} ${msg}`),
+		info: (msg) => console.log(`  ${msg}`),
+		warning: (msg) => console.log(`${YELLOW}⚠${RESET} ${msg}`),
+		error: (...args) => console.error(...args),
+		debug: (...args) => {
+			if (isDebug()) {
+				const msg = args.map((a) => typeof a === "string" ? a : String(a)).join(" ");
+				console.debug(`${DIM}${msg}${RESET}`);
+			}
+		}
+	};
+	REDACTED_HEADERS = new Set(["authorization"]);
+	SENSITIVE_BODY_KEYS = new Set([
+		"token",
+		"bot",
+		"app_level",
+		"user",
+		"secret",
+		"client_secret",
+		"signing_secret",
+		"verification_token",
+		"bot_token",
+		"user_token",
+		"app_level_token",
+		"value",
+		"access_token",
+		"refresh_token",
+		"password"
+	]);
+	SENSITIVE_KEY_PATTERNS = [
+		"token",
+		"secret",
+		"password",
+		"credential"
+	];
+	startMessage = (version, branch, commit, appId) => {
+		const lines = [`▲ @vercel/slack-bolt ${version ?? ""}`];
+		if (branch) lines.push(`  - Branch: ${branch}`);
+		if (commit) lines.push(`  - Commit: ${commit.slice(0, 7)}`);
+		if (appId) lines.push(`  - App ID: ${appId}`);
+		return `${BOLD}${lines.join("\n")}${RESET}\n`;
+	};
+}));
+//#endregion
+//#region src/preview.ts
+var preview;
+var init_preview = __esmMin((() => {
+	init_manifest();
+	init_parse();
+	init_slack();
+	init_vercel();
+	init_logger();
+	preview = async (params, context) => {
+		const { branch, projectId, deploymentUrl, teamId, commitAuthor, commitMessage: commitMsg, commitSha, slackAppId, slackConfigurationToken, slackServiceToken, manifestPath, vercelApiToken } = params;
+		const cli = context === "cli";
+		const branchUrl = params.branchUrl ?? deploymentUrl;
+		let bypassSecret = params.automationBypassSecret;
+		if (!bypassSecret) {
+			if (cli) log.step("Generating automation bypass secret");
+			bypassSecret = await updateProtectionBypass({
+				projectId,
+				token: vercelApiToken,
+				teamId
+			});
+			if (cli) log.success("Automation bypass secret generated");
+		}
+		if (cli) log.step(`Reading manifest from ${manifestPath}`);
+		const manifest = parseManifest(fs.readFileSync(path.join(process.cwd(), manifestPath), "utf8"), manifestPath);
+		const newManifest = createNewManifest({
+			originalManifest: manifest,
+			branchUrl,
+			bypassSecret,
+			branch,
+			commitSha,
+			commitMessage: commitMsg,
+			commitAuthor
+		});
+		fs.writeFileSync(path.join(process.cwd(), manifestPath), stringifyManifest(newManifest, manifestPath), "utf8");
+		if (cli) log.success(`Manifest updated for ${branchUrl}`);
+		if (cli) log.step("Creating or updating Slack app");
+		const { isNew, app } = await upsertSlackApp({
+			token: slackConfigurationToken,
+			appId: slackAppId,
+			manifest: newManifest
+		});
+		if (isNew) {
+			const credentialEnvs = [];
+			if (app.app_id) credentialEnvs.push({
+				key: "SLACK_APP_ID",
+				value: app.app_id,
+				type: "encrypted",
+				target: ["preview"],
+				gitBranch: branch,
+				comment: `Created by @vercel/slack-bolt for app ${app.app_id} on branch ${branch}`
+			});
+			if (app.credentials?.client_id) credentialEnvs.push({
+				key: "SLACK_CLIENT_ID",
+				value: app.credentials.client_id,
+				type: "encrypted",
+				target: ["preview"],
+				gitBranch: branch,
+				comment: `Created by @vercel/slack-bolt for app ${app.app_id} on branch ${branch}`
+			});
+			if (app.credentials?.client_secret) credentialEnvs.push({
+				key: "SLACK_CLIENT_SECRET",
+				value: app.credentials.client_secret,
+				type: "encrypted",
+				target: ["preview"],
+				gitBranch: branch,
+				comment: `Created by @vercel/slack-bolt for app ${app.app_id} on branch ${branch}`
+			});
+			if (app.credentials?.signing_secret) credentialEnvs.push({
+				key: "SLACK_SIGNING_SECRET",
+				value: app.credentials.signing_secret,
+				type: "encrypted",
+				target: ["preview"],
+				gitBranch: branch,
+				comment: `Created by @vercel/slack-bolt for app ${app.app_id} on branch ${branch}`
+			});
+			if (credentialEnvs.length > 0) await addEnvironmentVariables({
+				projectId,
+				token: vercelApiToken,
+				teamId,
+				envs: credentialEnvs
+			});
+		}
+		if (cli) log.success(`${isNew ? "Created" : "Updated"} Slack app ${app.app_id}`);
+		if (cli) log.step("Installing Slack app");
+		const { status, botToken, appLevelToken, userToken } = await installApp({
+			serviceToken: slackServiceToken,
+			appId: app.app_id,
+			botScopes: manifest.oauth_config?.scopes?.bot ?? []
+		});
+		if (isNew) {
+			const tokenEnvs = [];
+			if (botToken) tokenEnvs.push({
+				key: "SLACK_BOT_TOKEN",
+				value: botToken,
+				type: "encrypted",
+				target: ["preview"],
+				gitBranch: branch,
+				comment: `Created by @vercel/slack-bolt for app ${app.app_id} on branch ${branch}`
+			});
+			if (appLevelToken) tokenEnvs.push({
+				key: "SLACK_APP_LEVEL_TOKEN",
+				value: appLevelToken,
+				type: "encrypted",
+				target: ["preview"],
+				gitBranch: branch,
+				comment: `Created by @vercel/slack-bolt for app ${app.app_id} on branch ${branch}`
+			});
+			if (userToken) tokenEnvs.push({
+				key: "SLACK_USER_TOKEN",
+				value: userToken,
+				type: "encrypted",
+				target: ["preview"],
+				gitBranch: branch,
+				comment: `Created by @vercel/slack-bolt for app ${app.app_id} on branch ${branch}`
+			});
+			if (tokenEnvs.length > 0) await addEnvironmentVariables({
+				projectId,
+				token: vercelApiToken,
+				teamId,
+				envs: tokenEnvs
+			});
+		}
+		if (cli) {
+			switch (status) {
+				case "missing_service_token":
+					log.warning("SLACK_SERVICE_TOKEN is not set — app must be installed manually");
+					log.info("https://docs.slack.dev/authentication/tokens/#service");
+					break;
+				case "installed":
+					log.success(`Installed Slack app ${app.app_id}`);
+					break;
+				case "app_approval_request_eligible":
+					log.warning("App requires approval before it can be installed");
+					break;
+				case "app_approval_request_pending":
+					log.warning("App is pending approval before it can be installed");
+					break;
+				case "app_approval_request_denied":
+					log.warning("App approval request was denied");
+					break;
+				case "no_access":
+					log.warning(`SLACK_SERVICE_TOKEN does not have access to app ${app.app_id}. This usually means the service token and configuration token were created by different users. Ensure both tokens are generated by the same Slack user.
+https://docs.slack.dev/authentication/tokens/#service`);
+					break;
+				case "invalid_app_id":
+					log.warning("Invalid app ID. This is a bug in the @vercel/slack-bolt package. Please open an issue at https://github.com/vercel/slack-bolt/issues");
+					break;
+				case "slack_api_error":
+					log.warning("Slack API error while installing the app");
+					break;
+				case "unknown_error":
+					log.warning("Unknown error while installing the app");
+					break;
+			}
+			console.log();
+			if (app.app_id) log.info(`View app: https://api.slack.com/apps/${app.app_id}`);
+			if (isNew && app.oauth_authorize_url) log.info(`Install URL: ${app.oauth_authorize_url}`);
+			console.log();
+		}
+		return {
+			isNew,
+			installStatus: status,
+			app
+		};
+	};
+}));
+//#endregion
+export { deleteSlackApp as _, log as a, __commonJSMin as b, cancelDeployment as c, getActiveBranches as d, getEnvironmentVariable as f, authTest as g, init_vercel as h, init_logger as i, createDeployment as l, getProject as m, preview as n, startMessage as o, getEnvironmentVariables as p, enableFetchDebugLogging as r, addEnvironmentVariables as s, init_preview as t, deleteEnvironmentVariable as u, init_slack as v, __esmMin as x, rotateConfigToken as y };
+
+//# sourceMappingURL=preview-DAWKwXt1.mjs.map