Vercel Plugin
The Vercel plugin installs the Vercel CLI so Slack users can ask Junior to inspect deployments, fetch build logs, search runtime logs, and find deployments by project, environment, status, or commit metadata.
Junior keeps this plugin read-only. The packaged manifest installs the CLI and injects host-managed Vercel API auth, while the bundled skill limits Junior to vercel logs, vercel inspect, vercel list, and CLI help commands.
Install
Section titled “Install”Install the plugin package alongside @sentry/junior:
pnpm add @sentry/junior @sentry/junior-vercelRuntime setup
Section titled “Runtime setup”Add the plugin package to the plugin set exported from plugins.ts:
import { defineJuniorPlugins } from "@sentry/junior";
export const plugins = defineJuniorPlugins(["@sentry/junior-vercel"]);Point juniorNitro() at that plugin module:
juniorNitro({ plugins: "./plugins" });Set a Vercel token in your Junior deployment environment:
JUNIOR_VERCEL_TOKEN=...Use a Vercel service account or token with the smallest project/team access that covers the deployments users need to inspect. Vercel API permissions are still evolving, so the plugin’s read-only boundary comes from the command allowlist plus least-privilege account setup.
Optional channel defaults
Section titled “Optional channel defaults”If a Slack channel usually investigates the same Vercel project or team, store that as a conversation-scoped default:
jr-rpc config set vercel.project junior-prodjr-rpc config set vercel.team sentryThese defaults are optional fallbacks. If a user names a different project, team, deployment, or URL in a request, Junior follows the explicit request instead.
Auth model
Section titled “Auth model”- The plugin uses a deployment-level Vercel token, not per-user OAuth.
- Junior keeps the real
JUNIOR_VERCEL_TOKENvalue host-side. - Matching Vercel API requests from the CLI receive a host-managed
Authorizationheader. - The sandbox receives only a non-secret placeholder
VERCEL_TOKENso the Vercel CLI can perform its normal auth checks before making requests. - Users do not connect or disconnect individual Vercel accounts from Junior App Home for this plugin.
What users can do
Section titled “What users can do”- Search recent runtime logs for a project, environment, deployment, status code, level, source, or query string.
- Inspect production or preview deployment failures.
- Fetch build logs for a deployment ID or URL.
- List recent deployments for a project.
- Find deployments by status, environment, production flag, or Git commit SHA metadata.
- Stream live logs briefly when a user explicitly asks for live output.
Verify
Section titled “Verify”Confirm Junior can query Vercel successfully:
- Ask Junior a Vercel question in a channel, for example:
Show production error logs for junior-prod from the last hour. - Confirm the thread returns a bounded summary with the project, environment, time window, and filters used.
- Confirm Junior does not run mutation commands for requests such as deploys, rollbacks, env changes, cache purges, or domain changes.
Failure modes
Section titled “Failure modes”JUNIOR_VERCEL_TOKENmissing: add it to the Junior deployment environment and redeploy.401 Unauthorized: the token is invalid, expired, revoked, or not being injected for Vercel API requests.403 Forbiddenorpermission denied: the token or service account cannot read the requested project, deployment, or logs.- Project not found: confirm the project name,
vercel.project, andvercel.teamdefaults. - Empty logs: confirm the environment, deployment, branch, and time window before widening the search.
- Long-running live logs: live streaming is only for explicit user requests and should be stopped once enough evidence is captured.
- Mutation requests: the plugin is read-only and the skill will decline these.
Next step
Section titled “Next step”Review Credentials & OAuth and Sandbox Snapshots to understand how plugin credentials and CLI dependencies are delivered at runtime.