@gaud_erp/paperclip-github-manager 2.0.1 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/manifest.js +13 -1
  2. package/dist/manifest.js.map +2 -2
  3. package/dist/worker.js +15 -0
  4. package/dist/worker.js.map +2 -2
  5. package/package.json +1 -1
package/dist/manifest.js CHANGED
@@ -1,7 +1,7 @@
1
1
  // src/manifest.ts
2
2
  var manifest = {
3
3
  id: "cus.github-manager",
4
- version: "2.0.1",
4
+ version: "2.1.0",
5
5
  apiVersion: 1,
6
6
  displayName: "GitHub Manager",
7
7
  description: "Manage GitHub repos, PRs, issues, agent code reviews, and knowledge graphs \u2014 all from Paperclip",
@@ -54,6 +54,18 @@ var manifest = {
54
54
  default: 5,
55
55
  minimum: 1,
56
56
  maximum: 1440
57
+ },
58
+ webhookSecret: {
59
+ type: "string",
60
+ title: "Webhook Secret",
61
+ description: "Opcional. Cole o mesmo secret configurado no GitHub webhook para validar autenticidade dos eventos."
62
+ },
63
+ webhookInfo: {
64
+ type: "string",
65
+ title: "Webhook URL (Auto Review)",
66
+ description: "Configure no GitHub: Settings \u2192 Webhooks \u2192 Add webhook. Cole a URL abaixo. Events: Pull requests, Issues. Content type: application/json.",
67
+ default: "/plugins/cus.github-manager/webhooks/github-events",
68
+ readOnly: true
57
69
  }
58
70
  }
59
71
  },
package/dist/manifest.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../src/manifest.ts"],
4
- "sourcesContent": ["import type { PaperclipPluginManifestV1 } from \"@paperclipai/plugin-sdk\";\n\nconst manifest: PaperclipPluginManifestV1 = {\n id: \"cus.github-manager\",\n version: \"2.0.1\",\n apiVersion: 1,\n displayName: \"GitHub Manager\",\n description: \"Manage GitHub repos, PRs, issues, agent code reviews, and knowledge graphs \u2014 all from Paperclip\",\n author: \"Gaud ERP\",\n categories: [\"connector\", \"automation\"],\n\n capabilities: [\n \"events.subscribe\",\n \"events.emit\",\n \"http.outbound\",\n \"plugin.state.read\",\n \"plugin.state.write\",\n \"database.namespace.read\",\n \"database.namespace.write\",\n \"database.namespace.migrate\",\n \"jobs.schedule\",\n \"webhooks.receive\",\n \"agent.tools.register\",\n \"agents.managed\",\n \"agents.invoke\",\n \"agents.read\",\n \"issues.read\",\n \"issues.create\",\n \"companies.read\",\n \"ui.page.register\",\n \"ui.dashboardWidget.register\",\n \"ui.sidebar.register\",\n \"ui.detailTab.register\",\n \"ui.action.register\",\n \"instance.settings.register\",\n \"skills.managed\",\n ],\n\n instanceConfigSchema: {\n type: \"object\",\n required: [\"githubToken\"],\n properties: {\n githubToken: {\n type: \"string\",\n title: \"GitHub Personal Access Token\",\n description: \"Cole aqui o PAT do GitHub com permiss\u00F5es 'repo' e 'read:org'\",\n },\n defaultOrg: {\n type: \"string\",\n title: \"Default Organization\",\n description: \"GitHub organization to sync repositories from (optional)\",\n },\n syncIntervalMinutes: {\n type: \"number\",\n title: \"Sync Interval (minutes)\",\n description: \"How often to sync PRs and issues (default: 5)\",\n default: 5,\n minimum: 1,\n maximum: 1440,\n },\n },\n },\n\n entrypoints: {\n worker: \"./dist/worker.js\",\n ui: \"./dist/ui\",\n },\n\n database: {\n migrationsDir: \"src/db/migrations\",\n },\n\n jobs: [\n {\n jobKey: \"sync-github\",\n displayName: \"Sync GitHub PRs and Issues\",\n schedule: \"*/5 * * * *\",\n description: \"Incremental sync of open PRs and issues for tracked repositories\",\n },\n ],\n\n webhooks: [\n {\n endpointKey: \"github-events\",\n displayName: \"GitHub Events\",\n description: \"Receives GitHub webhook events (pull_request, issues)\",\n },\n ],\n\n tools: [\n {\n name: \"github_get_pull_request_diff\",\n displayName: \"Get PR Diff\",\n description: \"Retrieve the unified diff of a GitHub pull request\",\n parametersSchema: {\n type: \"object\",\n properties: {\n owner: { type: \"string\" },\n repo: { type: \"string\" },\n pull_number: { type: \"number\" },\n },\n required: [\"owner\", \"repo\", \"pull_number\"],\n },\n },\n {\n name: \"github_read_file_content\",\n displayName: \"Read File\",\n description: \"Read a file from a GitHub repository\",\n parametersSchema: {\n type: \"object\",\n properties: {\n owner: { type: \"string\" },\n repo: { type: \"string\" },\n path: { type: \"string\" },\n ref: { type: \"string\" },\n },\n required: [\"owner\", \"repo\", \"path\"],\n },\n },\n {\n name: \"github_create_review_comment\",\n displayName: \"Add Review Comment\",\n description: \"Post an inline review comment on a pull request\",\n parametersSchema: {\n type: \"object\",\n properties: {\n owner: { type: \"string\" },\n repo: { type: \"string\" },\n pull_number: { type: \"number\" },\n commit_id: { type: \"string\" },\n path: { type: \"string\" },\n line: { type: \"number\" },\n body: { type: \"string\" },\n },\n required: [\"owner\", \"repo\", \"pull_number\", \"commit_id\", \"path\", \"line\", \"body\"],\n },\n },\n {\n name: \"github_submit_pr_review\",\n displayName: \"Submit PR Review\",\n description: \"Submit a review verdict (approve, request changes, comment)\",\n parametersSchema: {\n type: \"object\",\n properties: {\n owner: { type: \"string\" },\n repo: { type: \"string\" },\n pull_number: { type: \"number\" },\n event: { type: \"string\", enum: [\"APPROVE\", \"REQUEST_CHANGES\", \"COMMENT\"] },\n body: { type: \"string\" },\n },\n required: [\"owner\", \"repo\", \"pull_number\", \"event\", \"body\"],\n },\n },\n {\n name: \"github_list_repositories\",\n displayName: \"List Repositories\",\n description: \"List all tracked GitHub repositories\",\n parametersSchema: { type: \"object\", properties: {} },\n },\n {\n name: \"github_search_issues\",\n displayName: \"Search Issues\",\n description: \"Search GitHub issues and PRs using search syntax\",\n parametersSchema: {\n type: \"object\",\n properties: {\n query: { type: \"string\" },\n },\n required: [\"query\"],\n },\n },\n {\n name: \"github_get_pr_checks\",\n displayName: \"Get PR CI/CD Status\",\n description: \"Get CI/CD check runs status for a pull request (pass/fail/pending)\",\n parametersSchema: {\n type: \"object\",\n properties: {\n owner: { type: \"string\" },\n repo: { type: \"string\" },\n pull_number: { type: \"number\" },\n },\n required: [\"owner\", \"repo\", \"pull_number\"],\n },\n },\n {\n name: \"github_get_pr_comments\",\n displayName: \"Get PR Review Comments\",\n description: \"Get all review comments, discussions, and review verdicts on a pull request\",\n parametersSchema: {\n type: \"object\",\n properties: {\n owner: { type: \"string\" },\n repo: { type: \"string\" },\n pull_number: { type: \"number\" },\n },\n required: [\"owner\", \"repo\", \"pull_number\"],\n },\n },\n {\n name: \"github_get_repo_structure\",\n displayName: \"Get Repo Structure\",\n description: \"Get the cached directory/file structure of a repository. Use this FIRST before reading files to understand the codebase layout and save tokens. Set refresh=true to regenerate from GitHub.\",\n parametersSchema: {\n type: \"object\",\n properties: {\n repo_full_name: { type: \"string\", description: \"owner/repo format\" },\n refresh: { type: \"boolean\", description: \"Set true to regenerate the structure from GitHub (use when cache is stale)\" },\n },\n required: [\"repo_full_name\"],\n },\n },\n ],\n\n agents: [\n {\n agentKey: \"github-reviewer\",\n displayName: \"GitHub Code Reviewer\",\n role: \"code-review\",\n title: \"Senior Code Reviewer\",\n capabilities: \"Reviews GitHub pull requests using plugin tools. Reads repo structure, analyzes diffs, posts inline comments, and submits review verdicts (approve/request changes).\",\n instructions: {\n entryFile: \"AGENTS.md\",\n content: `# GitHub Code Reviewer\n\nYou are an expert code reviewer. You review pull requests on GitHub repositories.\n\n## Available Tools\n\nYou MUST use these plugin tools to access code:\n\n1. **github_get_repo_structure** \u2014 Call FIRST to understand the codebase layout\n2. **github_get_pull_request_diff** \u2014 Get the PR diff to review\n3. **github_read_file_content** \u2014 Read specific files for context\n4. **github_create_review_comment** \u2014 Post inline comments on specific lines\n5. **github_submit_pr_review** \u2014 Submit your final verdict (APPROVE, REQUEST_CHANGES, or COMMENT)\n\n## Review Workflow\n\n1. Get the repo structure to understand the project\n2. Get the PR diff to see what changed\n3. Read surrounding files for context when needed\n4. Post inline comments on issues you find\n5. Submit your review with a summary\n\n## Review Criteria\n\n- Code correctness and logic errors\n- Security vulnerabilities (SQL injection, XSS, secrets in code)\n- Performance issues (N+1 queries, unnecessary allocations)\n- Code style and naming consistency\n- Missing error handling\n- Test coverage for changes\n- Breaking changes in public APIs\n\n## Tone\n\nBe constructive and specific. Explain WHY something is an issue and suggest a fix. Praise good patterns when you see them.\n`,\n },\n },\n ],\n\n skills: [\n {\n skillKey: \"github-codebase-access\",\n displayName: \"GitHub Codebase Access\",\n description: \"Provides agents with tools to read repository structure and files from GitHub without needing local filesystem access\",\n markdown: `# GitHub Codebase Access\n\nYou have access to GitHub repositories through the GitHub Manager plugin tools. NEVER say you don't have access to the codebase.\n\n## Available Tools\n\n### Codebase Navigation\n- **github_get_repo_structure** \u2014 Get directory/file structure. **Call FIRST** before reading files. Params: \\`repo_full_name\\`, optional \\`refresh=true\\`\n- **github_read_file_content** \u2014 Read a file. Params: \\`owner\\`, \\`repo\\`, \\`path\\`, optional \\`ref\\`\n- **github_list_repositories** \u2014 List all tracked repos (no params)\n- **github_search_issues** \u2014 Search issues/PRs. Params: \\`query\\`\n\n### PR Review\n- **github_get_pull_request_diff** \u2014 Get unified diff. Params: \\`owner\\`, \\`repo\\`, \\`pull_number\\`\n- **github_get_pr_checks** \u2014 Get CI/CD status (pass/fail/pending). Params: \\`owner\\`, \\`repo\\`, \\`pull_number\\`\n- **github_get_pr_comments** \u2014 Get all review comments, discussions, and verdicts. Params: \\`owner\\`, \\`repo\\`, \\`pull_number\\`\n- **github_create_review_comment** \u2014 Post inline comment. Params: \\`owner\\`, \\`repo\\`, \\`pull_number\\`, \\`commit_id\\`, \\`path\\`, \\`line\\`, \\`body\\`\n- **github_submit_pr_review** \u2014 Submit verdict. Params: \\`owner\\`, \\`repo\\`, \\`pull_number\\`, \\`event\\` (APPROVE/REQUEST_CHANGES/COMMENT), \\`body\\`\n\n## PR Review Workflow\n\nWhen reviewing a PR:\n1. \\`github_get_repo_structure\\` \u2014 understand the codebase\n2. \\`github_get_pull_request_diff\\` \u2014 see what changed\n3. \\`github_get_pr_checks\\` \u2014 verify CI/CD passed\n4. \\`github_get_pr_comments\\` \u2014 check existing reviews from others\n5. \\`github_read_file_content\\` \u2014 read surrounding code for context\n6. \\`github_create_review_comment\\` \u2014 post inline comments on issues\n7. \\`github_submit_pr_review\\` \u2014 approve or request changes with summary\n8. If CI failed or changes needed, tag the PR author to fix\n\n## Codebase Exploration Workflow\n\n1. **ALWAYS** start with \\`github_get_repo_structure\\` to understand layout\n2. Read only the files you need with \\`github_read_file_content\\`\n3. If structure seems outdated, call with \\`refresh=true\\`\n4. Never access the local filesystem \u2014 always use these tools\n`,\n },\n ],\n\n ui: {\n slots: [\n {\n type: \"sidebar\",\n id: \"github-sidebar\",\n exportName: \"GitHubSidebarLink\",\n displayName: \"GitHub\",\n },\n {\n type: \"page\",\n id: \"github-settings\",\n exportName: \"GitHubSettingsPage\",\n displayName: \"Configura\u00E7\u00F5es GitHub\",\n routePath: \"github-settings\",\n },\n {\n type: \"page\",\n id: \"github-repos\",\n exportName: \"GitHubReposPage\",\n displayName: \"Reposit\u00F3rios\",\n routePath: \"github-repos\",\n },\n {\n type: \"page\",\n id: \"github-prs\",\n exportName: \"GitHubPullRequestsPage\",\n displayName: \"Pull Requests\",\n routePath: \"github-prs\",\n },\n {\n type: \"page\",\n id: \"github-graphs\",\n exportName: \"GitHubGraphsPage\",\n displayName: \"Knowledge Graphs\",\n routePath: \"github-graphs\",\n },\n {\n type: \"dashboardWidget\",\n id: \"github-dashboard\",\n exportName: \"GitHubDashboardWidget\",\n displayName: \"GitHub Status\",\n },\n {\n type: \"detailTab\",\n id: \"github-detail\",\n exportName: \"GitHubDetailTab\",\n displayName: \"GitHub\",\n entityTypes: [\"issue\"],\n },\n {\n type: \"contextMenuItem\",\n id: \"github-context-menu\",\n exportName: \"GitHubContextMenu\",\n displayName: \"GitHub Actions\",\n entityTypes: [\"issue\"],\n },\n ],\n },\n};\n\nexport default manifest;\n"],
5
- "mappings": ";AAEA,IAAM,WAAsC;AAAA,EAC1C,IAAI;AAAA,EACJ,SAAS;AAAA,EACT,YAAY;AAAA,EACZ,aAAa;AAAA,EACb,aAAa;AAAA,EACb,QAAQ;AAAA,EACR,YAAY,CAAC,aAAa,YAAY;AAAA,EAEtC,cAAc;AAAA,IACZ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAAA,EAEA,sBAAsB;AAAA,IACpB,MAAM;AAAA,IACN,UAAU,CAAC,aAAa;AAAA,IACxB,YAAY;AAAA,MACV,aAAa;AAAA,QACX,MAAM;AAAA,QACN,OAAO;AAAA,QACP,aAAa;AAAA,MACf;AAAA,MACA,YAAY;AAAA,QACV,MAAM;AAAA,QACN,OAAO;AAAA,QACP,aAAa;AAAA,MACf;AAAA,MACA,qBAAqB;AAAA,QACnB,MAAM;AAAA,QACN,OAAO;AAAA,QACP,aAAa;AAAA,QACb,SAAS;AAAA,QACT,SAAS;AAAA,QACT,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AAAA,EAEA,aAAa;AAAA,IACX,QAAQ;AAAA,IACR,IAAI;AAAA,EACN;AAAA,EAEA,UAAU;AAAA,IACR,eAAe;AAAA,EACjB;AAAA,EAEA,MAAM;AAAA,IACJ;AAAA,MACE,QAAQ;AAAA,MACR,aAAa;AAAA,MACb,UAAU;AAAA,MACV,aAAa;AAAA,IACf;AAAA,EACF;AAAA,EAEA,UAAU;AAAA,IACR;AAAA,MACE,aAAa;AAAA,MACb,aAAa;AAAA,MACb,aAAa;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO;AAAA,IACL;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA,MACb,aAAa;AAAA,MACb,kBAAkB;AAAA,QAChB,MAAM;AAAA,QACN,YAAY;AAAA,UACV,OAAO,EAAE,MAAM,SAAS;AAAA,UACxB,MAAM,EAAE,MAAM,SAAS;AAAA,UACvB,aAAa,EAAE,MAAM,SAAS;AAAA,QAChC;AAAA,QACA,UAAU,CAAC,SAAS,QAAQ,aAAa;AAAA,MAC3C;AAAA,IACF;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA,MACb,aAAa;AAAA,MACb,kBAAkB;AAAA,QAChB,MAAM;AAAA,QACN,YAAY;AAAA,UACV,OAAO,EAAE,MAAM,SAAS;AAAA,UACxB,MAAM,EAAE,MAAM,SAAS;AAAA,UACvB,MAAM,EAAE,MAAM,SAAS;AAAA,UACvB,KAAK,EAAE,MAAM,SAAS;AAAA,QACxB;AAAA,QACA,UAAU,CAAC,SAAS,QAAQ,MAAM;AAAA,MACpC;AAAA,IACF;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA,MACb,aAAa;AAAA,MACb,kBAAkB;AAAA,QAChB,MAAM;AAAA,QACN,YAAY;AAAA,UACV,OAAO,EAAE,MAAM,SAAS;AAAA,UACxB,MAAM,EAAE,MAAM,SAAS;AAAA,UACvB,aAAa,EAAE,MAAM,SAAS;AAAA,UAC9B,WAAW,EAAE,MAAM,SAAS;AAAA,UAC5B,MAAM,EAAE,MAAM,SAAS;AAAA,UACvB,MAAM,EAAE,MAAM,SAAS;AAAA,UACvB,MAAM,EAAE,MAAM,SAAS;AAAA,QACzB;AAAA,QACA,UAAU,CAAC,SAAS,QAAQ,eAAe,aAAa,QAAQ,QAAQ,MAAM;AAAA,MAChF;AAAA,IACF;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA,MACb,aAAa;AAAA,MACb,kBAAkB;AAAA,QAChB,MAAM;AAAA,QACN,YAAY;AAAA,UACV,OAAO,EAAE,MAAM,SAAS;AAAA,UACxB,MAAM,EAAE,MAAM,SAAS;AAAA,UACvB,aAAa,EAAE,MAAM,SAAS;AAAA,UAC9B,OAAO,EAAE,MAAM,UAAU,MAAM,CAAC,WAAW,mBAAmB,SAAS,EAAE;AAAA,UACzE,MAAM,EAAE,MAAM,SAAS;AAAA,QACzB;AAAA,QACA,UAAU,CAAC,SAAS,QAAQ,eAAe,SAAS,MAAM;AAAA,MAC5D;AAAA,IACF;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA,MACb,aAAa;AAAA,MACb,kBAAkB,EAAE,MAAM,UAAU,YAAY,CAAC,EAAE;AAAA,IACrD;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA,MACb,aAAa;AAAA,MACb,kBAAkB;AAAA,QAChB,MAAM;AAAA,QACN,YAAY;AAAA,UACV,OAAO,EAAE,MAAM,SAAS;AAAA,QAC1B;AAAA,QACA,UAAU,CAAC,OAAO;AAAA,MACpB;AAAA,IACF;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA,MACb,aAAa;AAAA,MACb,kBAAkB;AAAA,QAChB,MAAM;AAAA,QACN,YAAY;AAAA,UACV,OAAO,EAAE,MAAM,SAAS;AAAA,UACxB,MAAM,EAAE,MAAM,SAAS;AAAA,UACvB,aAAa,EAAE,MAAM,SAAS;AAAA,QAChC;AAAA,QACA,UAAU,CAAC,SAAS,QAAQ,aAAa;AAAA,MAC3C;AAAA,IACF;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA,MACb,aAAa;AAAA,MACb,kBAAkB;AAAA,QAChB,MAAM;AAAA,QACN,YAAY;AAAA,UACV,OAAO,EAAE,MAAM,SAAS;AAAA,UACxB,MAAM,EAAE,MAAM,SAAS;AAAA,UACvB,aAAa,EAAE,MAAM,SAAS;AAAA,QAChC;AAAA,QACA,UAAU,CAAC,SAAS,QAAQ,aAAa;AAAA,MAC3C;AAAA,IACF;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA,MACb,aAAa;AAAA,MACb,kBAAkB;AAAA,QAChB,MAAM;AAAA,QACN,YAAY;AAAA,UACV,gBAAgB,EAAE,MAAM,UAAU,aAAa,oBAAoB;AAAA,UACnE,SAAS,EAAE,MAAM,WAAW,aAAa,6EAA6E;AAAA,QACxH;AAAA,QACA,UAAU,CAAC,gBAAgB;AAAA,MAC7B;AAAA,IACF;AAAA,EACF;AAAA,EAEA,QAAQ;AAAA,IACN;AAAA,MACE,UAAU;AAAA,MACV,aAAa;AAAA,MACb,MAAM;AAAA,MACN,OAAO;AAAA,MACP,cAAc;AAAA,MACd,cAAc;AAAA,QACZ,WAAW;AAAA,QACX,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAoCX;AAAA,IACF;AAAA,EACF;AAAA,EAEA,QAAQ;AAAA,IACN;AAAA,MACE,UAAU;AAAA,MACV,aAAa;AAAA,MACb,aAAa;AAAA,MACb,UAAU;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAsCZ;AAAA,EACF;AAAA,EAEA,IAAI;AAAA,IACF,OAAO;AAAA,MACL;AAAA,QACE,MAAM;AAAA,QACN,IAAI;AAAA,QACJ,YAAY;AAAA,QACZ,aAAa;AAAA,MACf;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,IAAI;AAAA,QACJ,YAAY;AAAA,QACZ,aAAa;AAAA,QACb,WAAW;AAAA,MACb;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,IAAI;AAAA,QACJ,YAAY;AAAA,QACZ,aAAa;AAAA,QACb,WAAW;AAAA,MACb;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,IAAI;AAAA,QACJ,YAAY;AAAA,QACZ,aAAa;AAAA,QACb,WAAW;AAAA,MACb;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,IAAI;AAAA,QACJ,YAAY;AAAA,QACZ,aAAa;AAAA,QACb,WAAW;AAAA,MACb;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,IAAI;AAAA,QACJ,YAAY;AAAA,QACZ,aAAa;AAAA,MACf;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,IAAI;AAAA,QACJ,YAAY;AAAA,QACZ,aAAa;AAAA,QACb,aAAa,CAAC,OAAO;AAAA,MACvB;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,IAAI;AAAA,QACJ,YAAY;AAAA,QACZ,aAAa;AAAA,QACb,aAAa,CAAC,OAAO;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;AAEA,IAAO,mBAAQ;",
4
+ "sourcesContent": ["import type { PaperclipPluginManifestV1 } from \"@paperclipai/plugin-sdk\";\n\nconst manifest: PaperclipPluginManifestV1 = {\n id: \"cus.github-manager\",\n version: \"2.1.0\",\n apiVersion: 1,\n displayName: \"GitHub Manager\",\n description: \"Manage GitHub repos, PRs, issues, agent code reviews, and knowledge graphs \u2014 all from Paperclip\",\n author: \"Gaud ERP\",\n categories: [\"connector\", \"automation\"],\n\n capabilities: [\n \"events.subscribe\",\n \"events.emit\",\n \"http.outbound\",\n \"plugin.state.read\",\n \"plugin.state.write\",\n \"database.namespace.read\",\n \"database.namespace.write\",\n \"database.namespace.migrate\",\n \"jobs.schedule\",\n \"webhooks.receive\",\n \"agent.tools.register\",\n \"agents.managed\",\n \"agents.invoke\",\n \"agents.read\",\n \"issues.read\",\n \"issues.create\",\n \"companies.read\",\n \"ui.page.register\",\n \"ui.dashboardWidget.register\",\n \"ui.sidebar.register\",\n \"ui.detailTab.register\",\n \"ui.action.register\",\n \"instance.settings.register\",\n \"skills.managed\",\n ],\n\n instanceConfigSchema: {\n type: \"object\",\n required: [\"githubToken\"],\n properties: {\n githubToken: {\n type: \"string\",\n title: \"GitHub Personal Access Token\",\n description: \"Cole aqui o PAT do GitHub com permiss\u00F5es 'repo' e 'read:org'\",\n },\n defaultOrg: {\n type: \"string\",\n title: \"Default Organization\",\n description: \"GitHub organization to sync repositories from (optional)\",\n },\n syncIntervalMinutes: {\n type: \"number\",\n title: \"Sync Interval (minutes)\",\n description: \"How often to sync PRs and issues (default: 5)\",\n default: 5,\n minimum: 1,\n maximum: 1440,\n },\n webhookSecret: {\n type: \"string\",\n title: \"Webhook Secret\",\n description: \"Opcional. Cole o mesmo secret configurado no GitHub webhook para validar autenticidade dos eventos.\",\n },\n webhookInfo: {\n type: \"string\",\n title: \"Webhook URL (Auto Review)\",\n description: \"Configure no GitHub: Settings \u2192 Webhooks \u2192 Add webhook. Cole a URL abaixo. Events: Pull requests, Issues. Content type: application/json.\",\n default: \"/plugins/cus.github-manager/webhooks/github-events\",\n readOnly: true,\n },\n },\n },\n\n entrypoints: {\n worker: \"./dist/worker.js\",\n ui: \"./dist/ui\",\n },\n\n database: {\n migrationsDir: \"src/db/migrations\",\n },\n\n jobs: [\n {\n jobKey: \"sync-github\",\n displayName: \"Sync GitHub PRs and Issues\",\n schedule: \"*/5 * * * *\",\n description: \"Incremental sync of open PRs and issues for tracked repositories\",\n },\n ],\n\n webhooks: [\n {\n endpointKey: \"github-events\",\n displayName: \"GitHub Events\",\n description: \"Receives GitHub webhook events (pull_request, issues)\",\n },\n ],\n\n tools: [\n {\n name: \"github_get_pull_request_diff\",\n displayName: \"Get PR Diff\",\n description: \"Retrieve the unified diff of a GitHub pull request\",\n parametersSchema: {\n type: \"object\",\n properties: {\n owner: { type: \"string\" },\n repo: { type: \"string\" },\n pull_number: { type: \"number\" },\n },\n required: [\"owner\", \"repo\", \"pull_number\"],\n },\n },\n {\n name: \"github_read_file_content\",\n displayName: \"Read File\",\n description: \"Read a file from a GitHub repository\",\n parametersSchema: {\n type: \"object\",\n properties: {\n owner: { type: \"string\" },\n repo: { type: \"string\" },\n path: { type: \"string\" },\n ref: { type: \"string\" },\n },\n required: [\"owner\", \"repo\", \"path\"],\n },\n },\n {\n name: \"github_create_review_comment\",\n displayName: \"Add Review Comment\",\n description: \"Post an inline review comment on a pull request\",\n parametersSchema: {\n type: \"object\",\n properties: {\n owner: { type: \"string\" },\n repo: { type: \"string\" },\n pull_number: { type: \"number\" },\n commit_id: { type: \"string\" },\n path: { type: \"string\" },\n line: { type: \"number\" },\n body: { type: \"string\" },\n },\n required: [\"owner\", \"repo\", \"pull_number\", \"commit_id\", \"path\", \"line\", \"body\"],\n },\n },\n {\n name: \"github_submit_pr_review\",\n displayName: \"Submit PR Review\",\n description: \"Submit a review verdict (approve, request changes, comment)\",\n parametersSchema: {\n type: \"object\",\n properties: {\n owner: { type: \"string\" },\n repo: { type: \"string\" },\n pull_number: { type: \"number\" },\n event: { type: \"string\", enum: [\"APPROVE\", \"REQUEST_CHANGES\", \"COMMENT\"] },\n body: { type: \"string\" },\n },\n required: [\"owner\", \"repo\", \"pull_number\", \"event\", \"body\"],\n },\n },\n {\n name: \"github_list_repositories\",\n displayName: \"List Repositories\",\n description: \"List all tracked GitHub repositories\",\n parametersSchema: { type: \"object\", properties: {} },\n },\n {\n name: \"github_search_issues\",\n displayName: \"Search Issues\",\n description: \"Search GitHub issues and PRs using search syntax\",\n parametersSchema: {\n type: \"object\",\n properties: {\n query: { type: \"string\" },\n },\n required: [\"query\"],\n },\n },\n {\n name: \"github_get_pr_checks\",\n displayName: \"Get PR CI/CD Status\",\n description: \"Get CI/CD check runs status for a pull request (pass/fail/pending)\",\n parametersSchema: {\n type: \"object\",\n properties: {\n owner: { type: \"string\" },\n repo: { type: \"string\" },\n pull_number: { type: \"number\" },\n },\n required: [\"owner\", \"repo\", \"pull_number\"],\n },\n },\n {\n name: \"github_get_pr_comments\",\n displayName: \"Get PR Review Comments\",\n description: \"Get all review comments, discussions, and review verdicts on a pull request\",\n parametersSchema: {\n type: \"object\",\n properties: {\n owner: { type: \"string\" },\n repo: { type: \"string\" },\n pull_number: { type: \"number\" },\n },\n required: [\"owner\", \"repo\", \"pull_number\"],\n },\n },\n {\n name: \"github_get_repo_structure\",\n displayName: \"Get Repo Structure\",\n description: \"Get the cached directory/file structure of a repository. Use this FIRST before reading files to understand the codebase layout and save tokens. Set refresh=true to regenerate from GitHub.\",\n parametersSchema: {\n type: \"object\",\n properties: {\n repo_full_name: { type: \"string\", description: \"owner/repo format\" },\n refresh: { type: \"boolean\", description: \"Set true to regenerate the structure from GitHub (use when cache is stale)\" },\n },\n required: [\"repo_full_name\"],\n },\n },\n ],\n\n agents: [\n {\n agentKey: \"github-reviewer\",\n displayName: \"GitHub Code Reviewer\",\n role: \"code-review\",\n title: \"Senior Code Reviewer\",\n capabilities: \"Reviews GitHub pull requests using plugin tools. Reads repo structure, analyzes diffs, posts inline comments, and submits review verdicts (approve/request changes).\",\n instructions: {\n entryFile: \"AGENTS.md\",\n content: `# GitHub Code Reviewer\n\nYou are an expert code reviewer. You review pull requests on GitHub repositories.\n\n## Available Tools\n\nYou MUST use these plugin tools to access code:\n\n1. **github_get_repo_structure** \u2014 Call FIRST to understand the codebase layout\n2. **github_get_pull_request_diff** \u2014 Get the PR diff to review\n3. **github_read_file_content** \u2014 Read specific files for context\n4. **github_create_review_comment** \u2014 Post inline comments on specific lines\n5. **github_submit_pr_review** \u2014 Submit your final verdict (APPROVE, REQUEST_CHANGES, or COMMENT)\n\n## Review Workflow\n\n1. Get the repo structure to understand the project\n2. Get the PR diff to see what changed\n3. Read surrounding files for context when needed\n4. Post inline comments on issues you find\n5. Submit your review with a summary\n\n## Review Criteria\n\n- Code correctness and logic errors\n- Security vulnerabilities (SQL injection, XSS, secrets in code)\n- Performance issues (N+1 queries, unnecessary allocations)\n- Code style and naming consistency\n- Missing error handling\n- Test coverage for changes\n- Breaking changes in public APIs\n\n## Tone\n\nBe constructive and specific. Explain WHY something is an issue and suggest a fix. Praise good patterns when you see them.\n`,\n },\n },\n ],\n\n skills: [\n {\n skillKey: \"github-codebase-access\",\n displayName: \"GitHub Codebase Access\",\n description: \"Provides agents with tools to read repository structure and files from GitHub without needing local filesystem access\",\n markdown: `# GitHub Codebase Access\n\nYou have access to GitHub repositories through the GitHub Manager plugin tools. NEVER say you don't have access to the codebase.\n\n## Available Tools\n\n### Codebase Navigation\n- **github_get_repo_structure** \u2014 Get directory/file structure. **Call FIRST** before reading files. Params: \\`repo_full_name\\`, optional \\`refresh=true\\`\n- **github_read_file_content** \u2014 Read a file. Params: \\`owner\\`, \\`repo\\`, \\`path\\`, optional \\`ref\\`\n- **github_list_repositories** \u2014 List all tracked repos (no params)\n- **github_search_issues** \u2014 Search issues/PRs. Params: \\`query\\`\n\n### PR Review\n- **github_get_pull_request_diff** \u2014 Get unified diff. Params: \\`owner\\`, \\`repo\\`, \\`pull_number\\`\n- **github_get_pr_checks** \u2014 Get CI/CD status (pass/fail/pending). Params: \\`owner\\`, \\`repo\\`, \\`pull_number\\`\n- **github_get_pr_comments** \u2014 Get all review comments, discussions, and verdicts. Params: \\`owner\\`, \\`repo\\`, \\`pull_number\\`\n- **github_create_review_comment** \u2014 Post inline comment. Params: \\`owner\\`, \\`repo\\`, \\`pull_number\\`, \\`commit_id\\`, \\`path\\`, \\`line\\`, \\`body\\`\n- **github_submit_pr_review** \u2014 Submit verdict. Params: \\`owner\\`, \\`repo\\`, \\`pull_number\\`, \\`event\\` (APPROVE/REQUEST_CHANGES/COMMENT), \\`body\\`\n\n## PR Review Workflow\n\nWhen reviewing a PR:\n1. \\`github_get_repo_structure\\` \u2014 understand the codebase\n2. \\`github_get_pull_request_diff\\` \u2014 see what changed\n3. \\`github_get_pr_checks\\` \u2014 verify CI/CD passed\n4. \\`github_get_pr_comments\\` \u2014 check existing reviews from others\n5. \\`github_read_file_content\\` \u2014 read surrounding code for context\n6. \\`github_create_review_comment\\` \u2014 post inline comments on issues\n7. \\`github_submit_pr_review\\` \u2014 approve or request changes with summary\n8. If CI failed or changes needed, tag the PR author to fix\n\n## Codebase Exploration Workflow\n\n1. **ALWAYS** start with \\`github_get_repo_structure\\` to understand layout\n2. Read only the files you need with \\`github_read_file_content\\`\n3. If structure seems outdated, call with \\`refresh=true\\`\n4. Never access the local filesystem \u2014 always use these tools\n`,\n },\n ],\n\n ui: {\n slots: [\n {\n type: \"sidebar\",\n id: \"github-sidebar\",\n exportName: \"GitHubSidebarLink\",\n displayName: \"GitHub\",\n },\n {\n type: \"page\",\n id: \"github-settings\",\n exportName: \"GitHubSettingsPage\",\n displayName: \"Configura\u00E7\u00F5es GitHub\",\n routePath: \"github-settings\",\n },\n {\n type: \"page\",\n id: \"github-repos\",\n exportName: \"GitHubReposPage\",\n displayName: \"Reposit\u00F3rios\",\n routePath: \"github-repos\",\n },\n {\n type: \"page\",\n id: \"github-prs\",\n exportName: \"GitHubPullRequestsPage\",\n displayName: \"Pull Requests\",\n routePath: \"github-prs\",\n },\n {\n type: \"page\",\n id: \"github-graphs\",\n exportName: \"GitHubGraphsPage\",\n displayName: \"Knowledge Graphs\",\n routePath: \"github-graphs\",\n },\n {\n type: \"dashboardWidget\",\n id: \"github-dashboard\",\n exportName: \"GitHubDashboardWidget\",\n displayName: \"GitHub Status\",\n },\n {\n type: \"detailTab\",\n id: \"github-detail\",\n exportName: \"GitHubDetailTab\",\n displayName: \"GitHub\",\n entityTypes: [\"issue\"],\n },\n {\n type: \"contextMenuItem\",\n id: \"github-context-menu\",\n exportName: \"GitHubContextMenu\",\n displayName: \"GitHub Actions\",\n entityTypes: [\"issue\"],\n },\n ],\n },\n};\n\nexport default manifest;\n"],
5
+ "mappings": ";AAEA,IAAM,WAAsC;AAAA,EAC1C,IAAI;AAAA,EACJ,SAAS;AAAA,EACT,YAAY;AAAA,EACZ,aAAa;AAAA,EACb,aAAa;AAAA,EACb,QAAQ;AAAA,EACR,YAAY,CAAC,aAAa,YAAY;AAAA,EAEtC,cAAc;AAAA,IACZ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAAA,EAEA,sBAAsB;AAAA,IACpB,MAAM;AAAA,IACN,UAAU,CAAC,aAAa;AAAA,IACxB,YAAY;AAAA,MACV,aAAa;AAAA,QACX,MAAM;AAAA,QACN,OAAO;AAAA,QACP,aAAa;AAAA,MACf;AAAA,MACA,YAAY;AAAA,QACV,MAAM;AAAA,QACN,OAAO;AAAA,QACP,aAAa;AAAA,MACf;AAAA,MACA,qBAAqB;AAAA,QACnB,MAAM;AAAA,QACN,OAAO;AAAA,QACP,aAAa;AAAA,QACb,SAAS;AAAA,QACT,SAAS;AAAA,QACT,SAAS;AAAA,MACX;AAAA,MACA,eAAe;AAAA,QACb,MAAM;AAAA,QACN,OAAO;AAAA,QACP,aAAa;AAAA,MACf;AAAA,MACA,aAAa;AAAA,QACX,MAAM;AAAA,QACN,OAAO;AAAA,QACP,aAAa;AAAA,QACb,SAAS;AAAA,QACT,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AAAA,EAEA,aAAa;AAAA,IACX,QAAQ;AAAA,IACR,IAAI;AAAA,EACN;AAAA,EAEA,UAAU;AAAA,IACR,eAAe;AAAA,EACjB;AAAA,EAEA,MAAM;AAAA,IACJ;AAAA,MACE,QAAQ;AAAA,MACR,aAAa;AAAA,MACb,UAAU;AAAA,MACV,aAAa;AAAA,IACf;AAAA,EACF;AAAA,EAEA,UAAU;AAAA,IACR;AAAA,MACE,aAAa;AAAA,MACb,aAAa;AAAA,MACb,aAAa;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO;AAAA,IACL;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA,MACb,aAAa;AAAA,MACb,kBAAkB;AAAA,QAChB,MAAM;AAAA,QACN,YAAY;AAAA,UACV,OAAO,EAAE,MAAM,SAAS;AAAA,UACxB,MAAM,EAAE,MAAM,SAAS;AAAA,UACvB,aAAa,EAAE,MAAM,SAAS;AAAA,QAChC;AAAA,QACA,UAAU,CAAC,SAAS,QAAQ,aAAa;AAAA,MAC3C;AAAA,IACF;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA,MACb,aAAa;AAAA,MACb,kBAAkB;AAAA,QAChB,MAAM;AAAA,QACN,YAAY;AAAA,UACV,OAAO,EAAE,MAAM,SAAS;AAAA,UACxB,MAAM,EAAE,MAAM,SAAS;AAAA,UACvB,MAAM,EAAE,MAAM,SAAS;AAAA,UACvB,KAAK,EAAE,MAAM,SAAS;AAAA,QACxB;AAAA,QACA,UAAU,CAAC,SAAS,QAAQ,MAAM;AAAA,MACpC;AAAA,IACF;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA,MACb,aAAa;AAAA,MACb,kBAAkB;AAAA,QAChB,MAAM;AAAA,QACN,YAAY;AAAA,UACV,OAAO,EAAE,MAAM,SAAS;AAAA,UACxB,MAAM,EAAE,MAAM,SAAS;AAAA,UACvB,aAAa,EAAE,MAAM,SAAS;AAAA,UAC9B,WAAW,EAAE,MAAM,SAAS;AAAA,UAC5B,MAAM,EAAE,MAAM,SAAS;AAAA,UACvB,MAAM,EAAE,MAAM,SAAS;AAAA,UACvB,MAAM,EAAE,MAAM,SAAS;AAAA,QACzB;AAAA,QACA,UAAU,CAAC,SAAS,QAAQ,eAAe,aAAa,QAAQ,QAAQ,MAAM;AAAA,MAChF;AAAA,IACF;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA,MACb,aAAa;AAAA,MACb,kBAAkB;AAAA,QAChB,MAAM;AAAA,QACN,YAAY;AAAA,UACV,OAAO,EAAE,MAAM,SAAS;AAAA,UACxB,MAAM,EAAE,MAAM,SAAS;AAAA,UACvB,aAAa,EAAE,MAAM,SAAS;AAAA,UAC9B,OAAO,EAAE,MAAM,UAAU,MAAM,CAAC,WAAW,mBAAmB,SAAS,EAAE;AAAA,UACzE,MAAM,EAAE,MAAM,SAAS;AAAA,QACzB;AAAA,QACA,UAAU,CAAC,SAAS,QAAQ,eAAe,SAAS,MAAM;AAAA,MAC5D;AAAA,IACF;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA,MACb,aAAa;AAAA,MACb,kBAAkB,EAAE,MAAM,UAAU,YAAY,CAAC,EAAE;AAAA,IACrD;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA,MACb,aAAa;AAAA,MACb,kBAAkB;AAAA,QAChB,MAAM;AAAA,QACN,YAAY;AAAA,UACV,OAAO,EAAE,MAAM,SAAS;AAAA,QAC1B;AAAA,QACA,UAAU,CAAC,OAAO;AAAA,MACpB;AAAA,IACF;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA,MACb,aAAa;AAAA,MACb,kBAAkB;AAAA,QAChB,MAAM;AAAA,QACN,YAAY;AAAA,UACV,OAAO,EAAE,MAAM,SAAS;AAAA,UACxB,MAAM,EAAE,MAAM,SAAS;AAAA,UACvB,aAAa,EAAE,MAAM,SAAS;AAAA,QAChC;AAAA,QACA,UAAU,CAAC,SAAS,QAAQ,aAAa;AAAA,MAC3C;AAAA,IACF;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA,MACb,aAAa;AAAA,MACb,kBAAkB;AAAA,QAChB,MAAM;AAAA,QACN,YAAY;AAAA,UACV,OAAO,EAAE,MAAM,SAAS;AAAA,UACxB,MAAM,EAAE,MAAM,SAAS;AAAA,UACvB,aAAa,EAAE,MAAM,SAAS;AAAA,QAChC;AAAA,QACA,UAAU,CAAC,SAAS,QAAQ,aAAa;AAAA,MAC3C;AAAA,IACF;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,aAAa;AAAA,MACb,aAAa;AAAA,MACb,kBAAkB;AAAA,QAChB,MAAM;AAAA,QACN,YAAY;AAAA,UACV,gBAAgB,EAAE,MAAM,UAAU,aAAa,oBAAoB;AAAA,UACnE,SAAS,EAAE,MAAM,WAAW,aAAa,6EAA6E;AAAA,QACxH;AAAA,QACA,UAAU,CAAC,gBAAgB;AAAA,MAC7B;AAAA,IACF;AAAA,EACF;AAAA,EAEA,QAAQ;AAAA,IACN;AAAA,MACE,UAAU;AAAA,MACV,aAAa;AAAA,MACb,MAAM;AAAA,MACN,OAAO;AAAA,MACP,cAAc;AAAA,MACd,cAAc;AAAA,QACZ,WAAW;AAAA,QACX,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAoCX;AAAA,IACF;AAAA,EACF;AAAA,EAEA,QAAQ;AAAA,IACN;AAAA,MACE,UAAU;AAAA,MACV,aAAa;AAAA,MACb,aAAa;AAAA,MACb,UAAU;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAsCZ;AAAA,EACF;AAAA,EAEA,IAAI;AAAA,IACF,OAAO;AAAA,MACL;AAAA,QACE,MAAM;AAAA,QACN,IAAI;AAAA,QACJ,YAAY;AAAA,QACZ,aAAa;AAAA,MACf;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,IAAI;AAAA,QACJ,YAAY;AAAA,QACZ,aAAa;AAAA,QACb,WAAW;AAAA,MACb;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,IAAI;AAAA,QACJ,YAAY;AAAA,QACZ,aAAa;AAAA,QACb,WAAW;AAAA,MACb;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,IAAI;AAAA,QACJ,YAAY;AAAA,QACZ,aAAa;AAAA,QACb,WAAW;AAAA,MACb;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,IAAI;AAAA,QACJ,YAAY;AAAA,QACZ,aAAa;AAAA,QACb,WAAW;AAAA,MACb;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,IAAI;AAAA,QACJ,YAAY;AAAA,QACZ,aAAa;AAAA,MACf;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,IAAI;AAAA,QACJ,YAAY;AAAA,QACZ,aAAa;AAAA,QACb,aAAa,CAAC,OAAO;AAAA,MACvB;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,IAAI;AAAA,QACJ,YAAY;AAAA,QACZ,aAAa;AAAA,QACb,aAAa,CAAC,OAAO;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;AAEA,IAAO,mBAAQ;",
6
6
  "names": []
7
7
  }
package/dist/worker.js CHANGED
@@ -9634,6 +9634,7 @@ ${diff}`,
9634
9634
 
9635
9635
  // src/sync/webhook-handler.ts
9636
9636
  init_queries();
9637
+ import { createHmac, timingSafeEqual } from "node:crypto";
9637
9638
 
9638
9639
  // src/sync/link-detector.ts
9639
9640
  init_queries();
@@ -9659,7 +9660,21 @@ async function detectAndLinkCards(ctx, prId, branch, title) {
9659
9660
  }
9660
9661
 
9661
9662
  // src/sync/webhook-handler.ts
9663
+ function verifyWebhookSignature(rawBody, signature, secret) {
9664
+ const expected = "sha256=" + createHmac("sha256", secret).update(rawBody).digest("hex");
9665
+ if (expected.length !== signature.length) return false;
9666
+ return timingSafeEqual(Buffer.from(expected), Buffer.from(signature));
9667
+ }
9662
9668
  async function handleGithubWebhook(ctx, input) {
9669
+ const config = await ctx.config.get();
9670
+ const webhookSecret = config?.webhookSecret;
9671
+ if (webhookSecret) {
9672
+ const signature = input.headers["x-hub-signature-256"];
9673
+ if (!signature || !verifyWebhookSignature(input.rawBody, signature, webhookSecret)) {
9674
+ ctx.logger.warn("Webhook signature verification failed \u2014 rejecting");
9675
+ return;
9676
+ }
9677
+ }
9663
9678
  const event = input.headers["x-github-event"];
9664
9679
  const payload = input.parsedBody;
9665
9680
  if (!payload || !event) {