feat(slack): add trogon-source-slack webhook receiver

Signed-off-by: Yordis Prieto <yordis.prieto@gmail.com>

Author: yordis

devops/docker/compose/SLACK_EVENTS.md

@@ -0,0 +1,77 @@
+# Receiving Slack Events Locally
+
+## Prerequisites
+
+- Docker Compose
+- A Slack App with Event Subscriptions enabled
+- A public URL for your local machine (e.g. via [ngrok](https://ngrok.com))
+
+## 1. Create a Slack App
+
+1. Go to [api.slack.com/apps](https://api.slack.com/apps) and click **Create New App**
+2. Choose **From scratch**, pick a name and workspace
+3. Under **Basic Information → App Credentials**, copy the **Signing Secret**
+
+## 2. Expose your local port
+
+Slack requires a publicly reachable HTTPS URL. Use ngrok or a similar tunnel:
+
+```bash
+ngrok http 3000
+```
+
+Copy the forwarding URL (e.g. `https://abc123.ngrok-free.app`).
+
+## 3. Enable Event Subscriptions
+
+1. In your Slack App settings, go to **Event Subscriptions**
+2. Toggle **Enable Events** to On
+3. Set the **Request URL** to `https://<your-ngrok-url>/webhook`
+4. Slack will send a `url_verification` challenge — the server responds
+   automatically
+5. Under **Subscribe to bot events**, add the events you need
+   (e.g. `message.channels`, `app_mention`, `message.im`)
+6. Click **Save Changes**
+
+## 4. Install the app to your workspace
+
+1. Go to **OAuth & Permissions**
+2. Under **Scopes → Bot Token Scopes**, ensure you have the scopes required
+   by the events you subscribed to
+3. Click **Install to Workspace** and authorize
+
+## 5. Start the stack
+
+```bash
+SLACK_SIGNING_SECRET=<signing-secret-from-step-1> \
+docker compose up trogon-source-slack
+```
+
+This starts NATS and the Slack webhook receiver. Events from Slack are
+published to NATS JetStream on `slack.{event.type}` subjects (e.g.
+`slack.message`, `slack.app_mention`).
+
+## 6. Verify
+
+Send a message in a channel where the app is installed. You should see:
+
+- The webhook receiver log the incoming event
+- The event published to NATS on `slack.message`
+
+You can inspect NATS with:
+
+```bash
+nats sub "slack.>"
+```
+
+## Environment variables
+
+| Variable | Required | Default | Description |
+|---|---|---|---|
+| `SLACK_SIGNING_SECRET` | yes | — | Slack app signing secret |
+| `SLACK_WEBHOOK_PORT` | no | `3000` | HTTP port for the webhook receiver |
+| `SLACK_SUBJECT_PREFIX` | no | `slack` | NATS subject prefix |
+| `SLACK_STREAM_NAME` | no | `SLACK` | JetStream stream name |
+| `SLACK_STREAM_MAX_AGE_SECS` | no | `604800` | Max message age in seconds (default 7 days) |
+| `SLACK_TIMESTAMP_MAX_DRIFT_SECS` | no | `300` | Max allowed clock drift in seconds (default 5 min) |
+| `RUST_LOG` | no | `info` | Log level |

devops/docker/compose/compose.yml

@@ -47,6 +47,34 @@ services:
       start_period: 10s
       retries: 3
 
+  trogon-source-slack:
+    build:
+      context: ../../../rsworkspace
+      dockerfile: crates/trogon-source-slack/Dockerfile
+    ports:
+      - "${SLACK_WEBHOOK_PORT:-3000}:${SLACK_WEBHOOK_PORT:-3000}"
+    environment:
+      NATS_URL: "nats:4222"
+      SLACK_SIGNING_SECRET: "${SLACK_SIGNING_SECRET:?SLACK_SIGNING_SECRET is required}"
+      SLACK_WEBHOOK_PORT: "${SLACK_WEBHOOK_PORT:-3000}"
+      SLACK_SUBJECT_PREFIX: "${SLACK_SUBJECT_PREFIX:-slack}"
+      SLACK_STREAM_NAME: "${SLACK_STREAM_NAME:-SLACK}"
+      SLACK_STREAM_MAX_AGE_SECS: "${SLACK_STREAM_MAX_AGE_SECS:-604800}"
+      SLACK_NATS_ACK_TIMEOUT_SECS: "${SLACK_NATS_ACK_TIMEOUT_SECS:-10}"
+      SLACK_MAX_BODY_SIZE: "${SLACK_MAX_BODY_SIZE:-1048576}"
+      SLACK_TIMESTAMP_MAX_DRIFT_SECS: "${SLACK_TIMESTAMP_MAX_DRIFT_SECS:-300}"
+      RUST_LOG: "${RUST_LOG:-info}"
+    depends_on:
+      nats:
+        condition: service_healthy
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "curl", "-sf", "http://localhost:${SLACK_WEBHOOK_PORT:-3000}/health"]
+      interval: 10s
+      timeout: 3s
+      start_period: 10s
+      retries: 3
+
   smee:
     image: node:alpine
     command:

rsworkspace/Cargo.lock

@@ -6,6 +6,7 @@ pub enum ServiceName {
     AcpNatsStdio,
     AcpNatsWs,
     TrogonSourceGithub,
+    TrogonSourceSlack,
 }
 
 impl ServiceName {
@@ -14,6 +15,7 @@ impl ServiceName {
             Self::AcpNatsStdio => "acp-nats-stdio",
             Self::AcpNatsWs => "acp-nats-ws",
             Self::TrogonSourceGithub => "trogon-source-github",
+            Self::TrogonSourceSlack => "trogon-source-slack",
         }
     }
 }
@@ -32,7 +34,14 @@ mod tests {
     fn as_str_returns_expected_values() {
         assert_eq!(ServiceName::AcpNatsStdio.as_str(), "acp-nats-stdio");
         assert_eq!(ServiceName::AcpNatsWs.as_str(), "acp-nats-ws");
-        assert_eq!(ServiceName::TrogonSourceGithub.as_str(), "trogon-source-github");
+        assert_eq!(
+            ServiceName::TrogonSourceGithub.as_str(),
+            "trogon-source-github"
+        );
+        assert_eq!(
+            ServiceName::TrogonSourceSlack.as_str(),
+            "trogon-source-slack"
+        );
     }
 
     #[test]
@@ -43,5 +52,9 @@ mod tests {
             format!("{}", ServiceName::TrogonSourceGithub),
             "trogon-source-github"
         );
+        assert_eq!(
+            format!("{}", ServiceName::TrogonSourceSlack),
+            "trogon-source-slack"
+        );
     }
 }

rsworkspace/crates/acp-telemetry/src/service_name.rs

@@ -1,6 +1,7 @@
 #[cfg(not(coverage))]
 pub mod client;
 pub mod message;
+pub mod publish;
 pub mod traits;
 
 #[cfg(feature = "test-support")]
@@ -15,6 +16,7 @@ pub use message::{
     JsAck, JsAckWith, JsDispatchMessage, JsDoubleAck, JsDoubleAckWith, JsMessageRef,
     JsRequestMessage,
 };
+pub use publish::{PublishOutcome, publish_event};
 pub use traits::{
     JetStreamConsumer, JetStreamContext, JetStreamCreateConsumer, JetStreamGetStream,
     JetStreamPublisher, JsMessageOf,

rsworkspace/crates/trogon-nats/src/jetstream/mod.rs

@@ -0,0 +1,101 @@
+use std::fmt;
+use std::time::Duration;
+
+use bytes::Bytes;
+use tracing::error;
+
+use crate::jetstream::JetStreamPublisher;
+
+#[derive(Debug)]
+pub enum PublishOutcome<E: fmt::Display> {
+    Published,
+    PublishFailed(E),
+    AckFailed(E),
+    AckTimedOut(Duration),
+}
+
+impl<E: fmt::Display> PublishOutcome<E> {
+    pub fn is_ok(&self) -> bool {
+        matches!(self, PublishOutcome::Published)
+    }
+
+    pub fn log_on_error(&self, source_name: &str) {
+        match self {
+            PublishOutcome::Published => {}
+            PublishOutcome::PublishFailed(e) => {
+                error!(error = %e, source = source_name, "Failed to publish event to NATS");
+            }
+            PublishOutcome::AckFailed(e) => {
+                error!(error = %e, source = source_name, "NATS ack failed");
+            }
+            PublishOutcome::AckTimedOut(timeout) => {
+                error!(?timeout, source = source_name, "NATS ack timed out");
+            }
+        }
+    }
+}
+
+pub async fn publish_event<P: JetStreamPublisher>(
+    js: &P,
+    subject: String,
+    headers: async_nats::HeaderMap,
+    body: Bytes,
+    ack_timeout: Duration,
+) -> PublishOutcome<P::PublishError> {
+    let ack_future = match js.publish_with_headers(subject, headers, body).await {
+        Ok(f) => f,
+        Err(e) => return PublishOutcome::PublishFailed(e),
+    };
+
+    match tokio::time::timeout(ack_timeout, ack_future).await {
+        Ok(Ok(_)) => PublishOutcome::Published,
+        Ok(Err(e)) => PublishOutcome::AckFailed(e),
+        Err(_) => PublishOutcome::AckTimedOut(ack_timeout),
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[cfg(feature = "test-support")]
+    mod with_mocks {
+        use super::*;
+        use crate::jetstream::MockJetStreamPublisher;
+
+        #[tokio::test]
+        async fn publish_event_returns_published_on_success() {
+            let publisher = MockJetStreamPublisher::new();
+            let result = publish_event(
+                &publisher,
+                "test.subject".to_string(),
+                async_nats::HeaderMap::new(),
+                Bytes::from_static(b"payload"),
+                Duration::from_secs(10),
+            )
+            .await;
+            assert!(result.is_ok());
+        }
+
+        #[tokio::test]
+        async fn publish_event_returns_publish_failed_on_error() {
+            let publisher = MockJetStreamPublisher::new();
+            publisher.fail_next_js_publish();
+            let result = publish_event(
+                &publisher,
+                "test.subject".to_string(),
+                async_nats::HeaderMap::new(),
+                Bytes::from_static(b"payload"),
+                Duration::from_secs(10),
+            )
+            .await;
+            assert!(matches!(result, PublishOutcome::PublishFailed(_)));
+        }
+    }
+
+    #[test]
+    fn log_on_error_does_nothing_for_published() {
+        let outcome: PublishOutcome<String> = PublishOutcome::Published;
+        outcome.log_on_error("test");
+    }
+}

rsworkspace/crates/trogon-nats/src/jetstream/publish.rs

@@ -15,8 +15,8 @@ use axum::{
 use std::future::Future;
 use std::pin::Pin;
 use tower_http::limit::RequestBodyLimitLayer;
-use tracing::{error, info, instrument, warn};
-use trogon_nats::jetstream::{JetStreamContext, JetStreamPublisher};
+use tracing::{info, instrument, warn};
+use trogon_nats::jetstream::{JetStreamContext, JetStreamPublisher, PublishOutcome, publish_event};
 
 #[cfg(not(coverage))]
 #[derive(Debug)]
@@ -53,52 +53,13 @@ impl From<std::io::Error> for ServeError {
     }
 }
 
-enum PublishOutcome<E: fmt::Display> {
-    Published,
-    PublishFailed(E),
-    AckFailed(E),
-    AckTimedOut(Duration),
-}
-
-impl<E: fmt::Display> PublishOutcome<E> {
-    fn into_status(self) -> StatusCode {
-        match self {
-            PublishOutcome::Published => {
-                info!("Published GitHub event to NATS");
-                StatusCode::OK
-            }
-            PublishOutcome::PublishFailed(e) => {
-                error!(error = %e, "Failed to publish GitHub event to NATS");
-                StatusCode::INTERNAL_SERVER_ERROR
-            }
-            PublishOutcome::AckFailed(e) => {
-                error!(error = %e, "NATS ack failed");
-                StatusCode::INTERNAL_SERVER_ERROR
-            }
-            PublishOutcome::AckTimedOut(timeout) => {
-                error!(?timeout, "NATS ack timed out");
-                StatusCode::INTERNAL_SERVER_ERROR
-            }
-        }
-    }
-}
-
-async fn publish_event<P: JetStreamPublisher>(
-    js: &P,
-    subject: String,
-    headers: async_nats::HeaderMap,
-    body: Bytes,
-    ack_timeout: Duration,
-) -> PublishOutcome<P::PublishError> {
-    let ack_future = match js.publish_with_headers(subject, headers, body).await {
-        Ok(f) => f,
-        Err(e) => return PublishOutcome::PublishFailed(e),
-    };
-
-    match tokio::time::timeout(ack_timeout, ack_future).await {
-        Ok(Ok(_)) => PublishOutcome::Published,
-        Ok(Err(e)) => PublishOutcome::AckFailed(e),
-        Err(_) => PublishOutcome::AckTimedOut(ack_timeout),
+fn outcome_to_status<E: fmt::Display>(outcome: PublishOutcome<E>) -> StatusCode {
+    if outcome.is_ok() {
+        info!("Published GitHub event to NATS");
+        StatusCode::OK
+    } else {
+        outcome.log_on_error("github");
+        StatusCode::INTERNAL_SERVER_ERROR
     }
 }
 
@@ -238,15 +199,16 @@ async fn handle_webhook_inner<P: JetStreamPublisher>(
     nats_headers.insert(NATS_HEADER_EVENT, event.as_str());
     nats_headers.insert(NATS_HEADER_DELIVERY, delivery.as_str());
 
-    publish_event(
+    let outcome = publish_event(
         &state.js,
         subject,
         nats_headers,
         body,
         state.nats_ack_timeout,
     )
-    .await
-    .into_status()
+    .await;
+
+    outcome_to_status(outcome)
 }
 
 #[cfg(test)]