feat(eve): Bind Slack HITL to the verified requester

[remiconnesson]

Summary

• Bind Slack HITL prompts to the verified Slack user who triggered the current turn, independent of custom session auth.
• Carry the verified webhook actor through adapter delivery metadata so a different user continuing a shared thread becomes the responder for that turn.
• Reject cross-user button clicks and freeform submissions before opening a modal, resuming the parked turn, or updating the card.
• Keep responder identity out of the visible answered card and fail closed with recovery guidance for stale or unbound prompts.

Root cause

Slack HITL cards originally had no responder binding. send(..., { state }) seeds only a new session, so the signed webhook actor never reached hydrated adapter state when a different user continued an existing Slack thread. A later HITL prompt could therefore remain associated with the first user in the thread.

The channel now sends the verified Slack actor as adapter-owned delivery metadata and applies it before the resumed turn. Slack renders that binding into each HITL card and validates it before accepting buttons, selects, or freeform modal submissions.

Impact

Only the verified actor for the current Slack turn can answer its HITL prompt, including shared threads with multiple participants. Other users receive a private rejection without resuming the parked turn or updating the card. Answered cards hide responder identity, while stale or unbound prompts fail closed with recovery guidance.

Follow-up

Multi-action interaction semantics are intentionally out of scope and tracked in #147.

Verification

Full Slack scenario

packages/eve/test/scenarios/slack-hitl-authorization.scenario.test.ts boots a real eve dev process, sends signed Slack webhook and interaction payloads through the Slack channel route, and records outbound Slack API calls. It verifies that:

• User A creates and answers the first approval prompt.
• User B continues the same durable Slack thread and receives a new prompt bound to User B.
• The thread keeps the same durable session while the responder binding changes.
• User A is privately rejected from User B's prompt without updating the card.
• User B can answer the prompt and resume the parked turn.

Focused tests also verify that adapter-owned delivery metadata survives delivery, stale or unbound prompts show recovery guidance, responder block IDs stay unique and within Slack limits, cross-user button and freeform responses are rejected, and answered cards omit responder identity.

Slack dev sandbox

Verified manually in a Slack development sandbox.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
eve-docs	Ready	Preview, Comment, Open in v0	Jun 21, 2026 1:22am

[github-actions]

Bundle + Package Summary: apps/fixtures/weather-agent

Key takeaways

• No notable deltas vs main (c6d04a9).

Delta vs main (c6d04a9)

Area	Metric	Baseline	Current	Delta
Package	Packed tarball	3.24 MB	3.24 MB	+978 B ⚠️
Package	Unpacked publish size	11.61 MB	11.62 MB	+3.1 kB ⚠️
Package	Installed footprint	51.82 MB	51.82 MB	+3.1 kB ⚠️
Package	Published files	2173	2173	0
Package	Installed files	5378	5378	0
Runtime	Unique function payloads	2	2	0
Runtime	Total function bytes	9.34 MB	9.34 MB	-159 B ✅
Runtime	Public routes	9	9	0

Changed function payloads vs main (c6d04a9) (2)

Function	Status	Baseline	Current	Delta	Route changes
functions/__server.func	changed	3.86 MB	3.86 MB	-127 B ✅	none
functions/.well-known/workflow/v1/flow.func	changed	5.48 MB	5.48 MB	-32 B ✅	none

Build Metadata

• Preset: vercel
• Nitro: nitro@3.0.260610-beta
• Output directory: apps/fixtures/weather-agent/.vercel/output
• Build metadata timestamp: 2026-06-21T01:23:17.333Z
• Route aliases: 9 public, 1 internal (10 total aliases)
• Vercel routes in config: 10
• Severity legend: 🔴 dominant/large, 🟠 notable, 🟡 watch, ⚪ small

Package Drill-Down

Package Details

• Package: eve@0.11.10
• Package directory: packages/eve
• Tarball: 3.24 MB (eve-0.11.10.tgz)
• Unpacked payload: 11.62 MB across 2173 published files
• Installed footprint: 51.82 MB across 5378 installed files
• Installed root package: 10.50 MB
• Installed dependencies: 41.32 MB
• Runtime dependencies: 1
• Peer dependencies: 12 (11 optional)

Installed footprint is measured from an isolated temporary npm install of the packed tarball.

Heavy installed dependencies

• @rolldown/binding-linux-x64-gnu: 20.61 MB (39.8%)
• eve: 10.50 MB (20.3%)
• ai: 6.20 MB (12.0%)
• zod: 4.97 MB (9.6%)
• nitro: 2.41 MB (4.6%)

Publish payload breakdown

Published file size
🟠 dist/src/compiled/experimental-ai-sdk-code-mo... [#####...................] 1.51 MB 13.0%
🟡 dist/src/compiled/@workflow/core/runtime.js      [##......................] 775.4 kB 6.7%
🟡 dist/src/compiled/@vercel/sandbox/index.js       [##......................] 632.0 kB 5.4%
🟡 dist/src/compiled/@chat-adapter/slack/index.js   [#.......................] 436.9 kB 3.8%
🟡 dist/src/compiled/_chunks/workflow/attribute-... [#.......................] 370.9 kB 3.2%
🔴 Other published files                            [########################] 7.90 MB 68.0%

Installed footprint breakdown

Installed package size
🔴 @rolldown/binding-linux-x64-gnu [########################] 20.61 MB 39.8%
🔴 eve                             [############............] 10.50 MB 20.3%
🔴 ai                              [#######.................] 6.20 MB 12.0%
🟠 zod                             [######..................] 4.97 MB 9.6%
🟠 nitro                           [###.....................] 2.41 MB 4.6%
🟡 rolldown                        [#.......................] 771.0 kB 1.5%
🔴 Other installed packages        [#######.................] 6.37 MB 12.3%

Runtime dependencies (1)

Package	Range	Notes
nitro	3.0.260610-beta

Peer dependencies (12)

Package	Range	Notes
@opentelemetry/api	^1.0.0	optional peer
@sveltejs/kit	^2.0.0	optional peer
ai	catalog:
braintrust	^3.0.0	optional peer
just-bash	^3.0.0	optional peer
microsandbox	^0.5.0	optional peer
next	^16.0.0	optional peer
nuxt	^4.0.0	optional peer
react	^19.0.0	optional peer
svelte	^5.0.0	optional peer
vite	^8.0.0	optional peer
vue	^3.5.0	optional peer

Function Drill-Down

Payload Size Graph

Unique function payload size and share of total
🔴 functions/.well-known/workflow/v1/flow.func     [########################] 5.48 MB 58.6%
🔴 functions/__server.func                         [#################.......] 3.86 MB 41.4%

Top Function Payloads

🟠 functions/.well-known/workflow/v1/flow.func • 1 public route • 5.48 MB

Metric	Value
Public routes	/.well-known/workflow/v1/flow
Runtime	nodejs24.x
Handler	index.mjs
Payload	5.48 MB
Function files	5.48 MB across 27 files
Traced dependencies	0 B
Signal	🟠 Bundled file __eve_nitro_handler__.mjs is 1.51 MB (27.5%)

🟠 🔎 Dependency Analysis

📦 Bundled files:

Bundled file size
🟠 __eve_nitro_handler__.mjs              [########################] 1.51 MB 27.5%
🟠 _chunks/runtime.mjs                    [###############.........] 958.4 kB 17.5%
🟡 _chunks/sandbox.mjs                    [############............] 766.0 kB 14.0%
🟡 _chunks/attribute-changes-Bi5DLT8S.mjs [########................] 472.2 kB 8.6%
🟡 _chunks/dist-DTchiX0N.mjs              [#######.................] 460.6 kB 8.4%
🟠 Other bundled files                    [#####################...] 1.31 MB 24.0%

🧾 Vercel Config

{
  "handler": "index.mjs",
  "launcherType": "Nodejs",
  "shouldAddHelpers": false,
  "supportsResponseStreaming": true,
  "runtime": "nodejs24.x",
  "environment": {
    "NODE_OPTIONS": "--experimental-require-module",
    "WORKFLOW_QUEUE_NAMESPACE": "eve"
  },
  "maxDuration": "max",
  "experimentalTriggers": [
    {
      "type": "queue/v2beta",
      "topic": "__eve_wkf_workflow_*",
      "consumer": "default",
      "retryAfterSeconds": 5,
      "initialDelaySeconds": 0
    }
  ]
}

---

🟠 functions/__server.func • 8 public routes, 1 internal alias • 3.86 MB

Metric	Value
Public routes	/ /eve/v1/callback/[token] /eve/v1/connections/[name]/callback/[token] /eve/v1/health /eve/v1/info /eve/v1/session /eve/v1/session/[sessionId] /eve/v1/session/[sessionId]/stream
Internal aliases	/__server
Runtime	nodejs24.x
Handler	index.mjs
Payload	3.86 MB
Function files	3.86 MB across 21 files
Traced dependencies	0 B
Signal	🟠 Bundled file index.mjs is 1.40 MB (36.3%)

🟠 🔎 Dependency Analysis

📦 Bundled files:

Bundled file size
🟠 index.mjs                              [########################] 1.40 MB 36.3%
🟠 _chunks/runtime.mjs                    [###############.........] 875.8 kB 22.7%
🟠 _chunks/sandbox.mjs                    [#############...........] 766.0 kB 19.8%
🟡 _chunks/attribute-changes-Bi5DLT8S.mjs [########................] 448.5 kB 11.6%
⚪ _libs/zod.mjs                          [##......................] 114.2 kB 3.0%
🟡 Other bundled files                    [####....................] 258.8 kB 6.7%

🧾 Vercel Config

{
  "handler": "index.mjs",
  "launcherType": "Nodejs",
  "shouldAddHelpers": false,
  "supportsResponseStreaming": true,
  "runtime": "nodejs24.x"
}