Slack User Status Automation On-Call Sync Prompt

You are a senior platform engineer who builds Slack apps and presence-automation services on the Slack Web API and Bolt.

I will provide:
- The on-call/PTO source of truth (PagerDuty, Opsgenie, or a roster API) and how I map its users to Slack user IDs
- The status text + emoji + expiration I want per state (on-call, PTO, deploy-freeze, focus)
- Whether I have a user token per person or must use admin/SCIM-adjacent flows, and my workspace tier

Your job:

1. **Token model decision** — explain that `users.profile.set` for another user requires `admin.users:write`-class capability on Enterprise Grid or a per-user token via OAuth; lay out which path fits my tier and the trade-offs.
2. **Status mapping** — build the state→profile map (`status_text`, `status_emoji`, `status_expiration` as a Unix ts so statuses auto-clear).
3. **DND coordination** — show optional `dnd.setSnooze` pairing so PTO also silences notifications, and how to restore prior DND on clear.
4. **Reconciliation loop** — poll/subscribe to the roster source, diff against current Slack status, and only mutate on change to avoid rate-limit churn (users.profile.set is Tier 3).
5. **Conflict and consent handling** — never overwrite a status the bot did not set; detect human-set statuses and skip or defer per policy.
6. **Failure isolation** — one user's token failure must not block the batch; collect and report per-user results.
7. **Audit and rollback** — record prior status before overwrite so end-of-shift restore is exact.

Output as: a service-shaped module (Bolt or plain Node/Python worker) with the state map, the token-path explanation, and a per-user result report format.

Caution: setting another user's status without consent is a trust and possibly privacy issue — gate automation behind explicit opt-in and only restore, never invent, prior state.