@hailer/mcp 0.1.15 → 0.1.16

package/dist/mcp/utils/hailer-api-client.js

@@ -14,6 +14,12 @@ class HailerApiClient {
     constructor(clients) {
         this.clients = clients;
     }
+    /**
+     * Get the underlying HailerClient for direct access (e.g., SignalHandler)
+     */
+    getClient() {
+        return this.clients;
+    }
     /**
      * Makes a socket API call - thin wrapper around clients.socket.request
      */
@@ -77,6 +83,7 @@ class HailerApiClient {
             sortOrder: options?.sortOrder || "desc",
             includeStats: options?.includeStats !== undefined ? options?.includeStats : true,
             returnFlat: options?.returnFlat !== undefined ? options?.returnFlat : true,
+            fields: options?.fields || undefined,
         };
         this.logger.debug('📋 V3 Activity List API Call', {
             endpoint: 'v3.activity.list',
@@ -201,10 +208,35 @@ class HailerApiClient {
     }
     /**
      * Fetch activity by ID - uses Socket API
+     * WARNING: This uses activities.load which evaluates function fields and may fail
+     * For bot config, prefer fetchActivityByIdSafe()
      */
     async fetchActivityById(activityId) {
         return await this.request('activities.load', [activityId]);
     }
+    /**
+     * Fetch activity by ID safely using v3.activity.list API
+     * This doesn't evaluate function fields so it works even when function fields are broken
+     */
+    async fetchActivityByIdSafe(activityId, workflowId, phaseId) {
+        // v3.activity.list doesn't support filtering by _id, so we list and filter client-side
+        if (!workflowId || !phaseId) {
+            throw new Error('fetchActivityByIdSafe requires workflowId and phaseId');
+        }
+        const query = { processId: workflowId, phaseId };
+        const options = { limit: 100, returnFlat: true };
+        const result = await this.request('v3.activity.list', [query, options]);
+        const activities = result?.activities || result?.list || result?.data || [];
+        this.logger.debug('fetchActivityByIdSafe response', {
+            activityId,
+            workflowId,
+            phaseId,
+            resultKeys: Object.keys(result || {}),
+            activityCount: activities.length,
+            activityIds: activities.slice(0, 5).map((a) => a._id)
+        });
+        return activities.find((a) => a._id === activityId) || null;
+    }
     /**
      * Send discussion message - uses Socket API
      */
@@ -291,9 +323,103 @@ class HailerApiClient {
     }
     /**
      * Fetch workspace initialization data - uses Socket API
+     * @param include - What to include: 'users', 'network', 'networks', 'teams', etc.
+     */
+    async fetchInit(include = ['users', 'network']) {
+        return await this.request('v2.core.init', [include]);
+    }
+    /**
+     * Update current user's profile info (firstname, lastname, etc.)
+     * Only works for the currently authenticated user
+     * @param key - Field to update: firstname, lastname, email, status, etc.
+     * @param value - New value as string
+     */
+    async setUserInfo(key, value) {
+        await this.request('user.set_user_info', [key, [value]]);
+        this.logger.debug('User info updated', { key, value });
+    }
+    /**
+     * Update current user's display name (firstname + lastname)
+     * Parses a full name into first/last parts
+     * @param fullName - Full display name like "HAL 9000"
+     */
+    async setUserDisplayName(fullName) {
+        const parts = fullName.trim().split(/\s+/);
+        const firstname = parts[0] || fullName;
+        const lastname = parts.slice(1).join(' ') || '';
+        await this.setUserInfo('firstname', firstname);
+        if (lastname) {
+            await this.setUserInfo('lastname', lastname);
+        }
+        this.logger.info('User display name updated', { fullName, firstname, lastname });
+    }
+    /**
+     * Find user by name - searches init data for firstname/lastname match
+     * @param name - Full name to search for (firstname lastname)
+     * @returns User ID if found, null otherwise
+     */
+    async findUserByName(name) {
+        try {
+            const init = await this.fetchInit(['users']);
+            const users = Object.values(init?.users || {});
+            const searchName = name.toLowerCase().trim();
+            // Try to find user by full name match
+            const matchingUser = users.find(u => {
+                const fullName = `${u.firstname || ''} ${u.lastname || ''}`.toLowerCase().trim();
+                return fullName === searchName;
+            });
+            if (matchingUser) {
+                this.logger.debug('findUserByName: found user', { name, userId: matchingUser._id });
+                return matchingUser._id;
+            }
+            return null;
+        }
+        catch (error) {
+            this.logger.debug('findUserByName failed', { name, error });
+            return null;
+        }
+    }
+    /**
+     * List all workflows in the workspace - extracts from init data
+     * @param workspaceId - Optional workspace ID to filter workflows (uses CID field)
      */
-    async fetchInit() {
-        return await this.request('v2.core.init', [{}]);
+    async listWorkflows(workspaceId) {
+        // Must include 'processes' to get workflows
+        const init = await this.fetchInit(['users', 'network', 'processes']);
+        // Init returns processes (workflows) as an object keyed by process ID
+        if (init?.processes) {
+            let workflows = Object.entries(init.processes).map(([id, process]) => ({
+                _id: id,
+                ...process
+            }));
+            // Filter by workspace ID if specified (fixes API caching issue after workspace switch)
+            if (workspaceId) {
+                workflows = workflows.filter(w => w.cid === workspaceId);
+                this.logger.debug('Filtered workflows by workspace', {
+                    workspaceId,
+                    totalCount: Object.keys(init.processes).length,
+                    filteredCount: workflows.length
+                });
+            }
+            return workflows;
+        }
+        return [];
+    }
+    /**
+     * Get workflow details including phases and fields
+     */
+    async getWorkflow(workflowId) {
+        // Must include 'processes' to get workflow data
+        const init = await this.fetchInit(['processes']);
+        if (init?.processes?.[workflowId]) {
+            return {
+                _id: workflowId,
+                ...init.processes[workflowId],
+                phases: init.processes[workflowId].phases || {},
+                fields: init.processes[workflowId].fields || {}
+            };
+        }
+        throw new Error(`Workflow ${workflowId} not found`);
     }
     /**
      * Global search across workspace - uses Socket API

package/dist/mcp/webhook-handler.d.ts

@@ -0,0 +1,87 @@
+/**
+ * Webhook Handler for Bot Config Updates
+ *
+ * Receives activity updates from Hailer workflow webhooks and updates
+ * local .bot-config/{workspaceId}.json files.
+ */
+/**
+ * Generate HMAC-SHA256 signature for webhook payload
+ */
+export declare function generateWebhookSignature(payload: string, secret: string): string;
+/**
+ * Verify HMAC-SHA256 signature of webhook payload
+ * @returns true if signature is valid, false otherwise
+ */
+export declare function verifyWebhookSignature(payload: string, signature: string, secret: string): boolean;
+/**
+ * Get webhook token for secure endpoints.
+ *
+ * Production: WEBHOOK_TOKEN env var (injected by AWS Secrets Manager)
+ * Development: Falls back to file-based token for local testing
+ */
+export declare function getWebhookToken(): string;
+/**
+ * Get the full webhook path with token (no prefix for security through obscurity)
+ */
+export declare function getWebhookPath(): string;
+interface WebhookField {
+    id: string;
+    type: string;
+    value: any;
+    key: string;
+}
+interface WebhookPayload {
+    _id: string;
+    name: string;
+    fields: WebhookField[];
+    currentPhase: string;
+    process: string;
+    cid: string;
+    uid: string;
+    created: number;
+    updated: number;
+}
+interface BotEntry {
+    activityId: string;
+    userId: string | null;
+    email: string;
+    password: string;
+    botType: string;
+    enabled: boolean;
+    displayName?: string;
+}
+interface WorkspaceConfig {
+    workspaceId: string;
+    workspaceName: string;
+    orchestrator?: {
+        activityId: string;
+        userId: string;
+        email: string;
+        password: string;
+        displayName?: string;
+    };
+    specialists: BotEntry[];
+    lastSynced: string;
+}
+type BotUpdateCallback = (workspaceId: string, bot: BotEntry, action: 'add' | 'update' | 'remove') => void;
+export declare function onBotUpdate(callback: BotUpdateCallback): void;
+/**
+ * Process webhook payload and update workspace config
+ */
+export declare function handleBotConfigWebhook(payload: WebhookPayload): {
+    success: boolean;
+    action: string;
+    workspaceId: string;
+    botType: string | null;
+    error?: string;
+};
+/**
+ * Get workspace config (for debugging/status)
+ */
+export declare function getWorkspaceConfig(workspaceId: string): WorkspaceConfig | null;
+/**
+ * List all workspace configs
+ */
+export declare function listWorkspaceConfigs(): WorkspaceConfig[];
+export {};
+//# sourceMappingURL=webhook-handler.d.ts.map

package/dist/mcp/webhook-handler.js

@@ -0,0 +1,343 @@
+"use strict";
+/**
+ * Webhook Handler for Bot Config Updates
+ *
+ * Receives activity updates from Hailer workflow webhooks and updates
+ * local .bot-config/{workspaceId}.json files.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateWebhookSignature = generateWebhookSignature;
+exports.verifyWebhookSignature = verifyWebhookSignature;
+exports.getWebhookToken = getWebhookToken;
+exports.getWebhookPath = getWebhookPath;
+exports.onBotUpdate = onBotUpdate;
+exports.handleBotConfigWebhook = handleBotConfigWebhook;
+exports.getWorkspaceConfig = getWorkspaceConfig;
+exports.listWorkspaceConfigs = listWorkspaceConfigs;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const crypto = __importStar(require("crypto"));
+const logger_1 = require("../lib/logger");
+const config_1 = require("../config");
+const logger = (0, logger_1.createLogger)({ component: 'webhook-handler' });
+const BOT_CONFIG_DIR = '.bot-config';
+const WEBHOOK_SECRET_FILE = 'webhook-secret.txt';
+// ============================================================================
+// WEBHOOK TOKEN SECURITY
+// ============================================================================
+/**
+ * Constant-time string comparison to prevent timing attacks
+ */
+function timingSafeEqual(a, b) {
+    if (a.length !== b.length) {
+        // Still perform comparison to maintain constant time
+        crypto.timingSafeEqual(Buffer.from(a), Buffer.from(a));
+        return false;
+    }
+    return crypto.timingSafeEqual(Buffer.from(a), Buffer.from(b));
+}
+/**
+ * Generate HMAC-SHA256 signature for webhook payload
+ */
+function generateWebhookSignature(payload, secret) {
+    return crypto.createHmac('sha256', secret).update(payload).digest('hex');
+}
+/**
+ * Verify HMAC-SHA256 signature of webhook payload
+ * @returns true if signature is valid, false otherwise
+ */
+function verifyWebhookSignature(payload, signature, secret) {
+    if (!signature || !secret) {
+        logger.warn('Missing signature or secret for webhook verification');
+        return false;
+    }
+    const expectedSignature = generateWebhookSignature(payload, secret);
+    // Use constant-time comparison to prevent timing attacks
+    const isValid = timingSafeEqual(signature, expectedSignature);
+    if (!isValid) {
+        logger.warn('Invalid webhook signature', {
+            provided: signature.slice(0, 8) + '...',
+            expected: expectedSignature.slice(0, 8) + '...',
+        });
+    }
+    return isValid;
+}
+/**
+ * Get webhook token for secure endpoints.
+ *
+ * Production: WEBHOOK_TOKEN env var (injected by AWS Secrets Manager)
+ * Development: Falls back to file-based token for local testing
+ */
+function getWebhookToken() {
+    // Production: Always use environment variable (AWS Secrets Manager injects this)
+    if (process.env.WEBHOOK_TOKEN) {
+        logger.debug('Using webhook token from environment');
+        return process.env.WEBHOOK_TOKEN;
+    }
+    // Development only: File-based fallback
+    if (process.env.NODE_ENV === 'production') {
+        throw new Error('WEBHOOK_TOKEN environment variable is required in production');
+    }
+    const configDir = path.join(process.cwd(), BOT_CONFIG_DIR);
+    const secretPath = path.join(configDir, WEBHOOK_SECRET_FILE);
+    // Try to read existing dev token
+    if (fs.existsSync(secretPath)) {
+        try {
+            const token = fs.readFileSync(secretPath, 'utf-8').trim();
+            if (token.length >= 16) {
+                logger.debug('Using webhook token from file (dev mode)');
+                return token;
+            }
+        }
+        catch (error) {
+            logger.warn('Failed to read webhook secret file', { error });
+        }
+    }
+    // Generate new dev token
+    const token = crypto.randomBytes(16).toString('hex');
+    if (!fs.existsSync(configDir)) {
+        fs.mkdirSync(configDir, { recursive: true });
+    }
+    fs.writeFileSync(secretPath, token, { mode: 0o600 });
+    const maskedToken = `${token.slice(0, 4)}...${token.slice(-4)}`;
+    logger.info('Generated dev webhook token', { maskedToken, path: secretPath });
+    return token;
+}
+/**
+ * Get the full webhook path with token (no prefix for security through obscurity)
+ */
+function getWebhookPath() {
+    return `/${getWebhookToken()}`;
+}
+let botUpdateCallback = null;
+function onBotUpdate(callback) {
+    botUpdateCallback = callback;
+}
+/**
+ * Get field value from webhook payload by key
+ */
+function getFieldValue(fields, key) {
+    const field = fields.find((f) => f.key === key);
+    return field?.value ?? null;
+}
+/**
+ * Load existing workspace config or create empty one
+ */
+function loadWorkspaceConfig(workspaceId) {
+    const configDir = path.join(process.cwd(), BOT_CONFIG_DIR);
+    const configPath = path.join(configDir, `${workspaceId}.json`);
+    if (fs.existsSync(configPath)) {
+        try {
+            return JSON.parse(fs.readFileSync(configPath, 'utf-8'));
+        }
+        catch (error) {
+            logger.warn('Failed to load workspace config', { workspaceId, error: String(error) });
+        }
+    }
+    return {
+        workspaceId,
+        workspaceName: workspaceId,
+        specialists: [],
+        lastSynced: new Date().toISOString(),
+    };
+}
+/**
+ * Save workspace config to file
+ */
+function saveWorkspaceConfig(config) {
+    const configDir = path.join(process.cwd(), BOT_CONFIG_DIR);
+    // Ensure directory exists
+    if (!fs.existsSync(configDir)) {
+        fs.mkdirSync(configDir, { recursive: true });
+    }
+    const configPath = path.join(configDir, `${config.workspaceId}.json`);
+    config.lastSynced = new Date().toISOString();
+    fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
+    logger.info('Saved workspace config', {
+        workspaceId: config.workspaceId,
+        path: configPath,
+    });
+}
+/**
+ * Process webhook payload and update workspace config
+ */
+function handleBotConfigWebhook(payload) {
+    const workspaceId = payload.cid;
+    logger.info('Processing bot config webhook', {
+        activityId: payload._id,
+        activityName: payload.name,
+        workspaceId,
+        phase: payload.currentPhase,
+    });
+    // Extract fields
+    const email = getFieldValue(payload.fields, 'agentEmailInHailer');
+    const password = getFieldValue(payload.fields, 'password');
+    const botType = getFieldValue(payload.fields, 'botType');
+    const userId = getFieldValue(payload.fields, 'hailerProfile');
+    const schemaConfigStr = getFieldValue(payload.fields, 'schemaConfig');
+    // Validate required fields
+    if (!email || !password) {
+        logger.warn('Webhook missing credentials', {
+            activityId: payload._id,
+            hasEmail: !!email,
+            hasPassword: !!password,
+        });
+        return {
+            success: false,
+            action: 'skip',
+            workspaceId,
+            botType,
+            error: 'Missing email or password',
+        };
+    }
+    // Parse schema config to determine if deployed or retired
+    let deployedPhaseId = null;
+    let retiredPhaseId = null;
+    if (schemaConfigStr) {
+        try {
+            const schemaConfig = JSON.parse(schemaConfigStr);
+            deployedPhaseId = schemaConfig.deployedPhaseId;
+            retiredPhaseId = schemaConfig.retiredPhaseId;
+        }
+        catch (e) {
+            logger.warn('Failed to parse schemaConfig', { schemaConfigStr });
+        }
+    }
+    const isDeployed = deployedPhaseId ? payload.currentPhase === deployedPhaseId : true;
+    const isRetired = retiredPhaseId ? payload.currentPhase === retiredPhaseId : false;
+    const enabled = isDeployed && !isRetired;
+    // Load existing config
+    const config = loadWorkspaceConfig(workspaceId);
+    const botEntry = {
+        activityId: payload._id,
+        userId: userId || null,
+        email,
+        password,
+        botType: botType || 'unknown',
+        enabled,
+        displayName: payload.name, // Activity name from Agent Directory
+    };
+    let action;
+    // Handle orchestrator
+    if (botType === 'orchestrator') {
+        if (enabled) {
+            config.orchestrator = {
+                activityId: payload._id,
+                userId: userId || '',
+                email,
+                password,
+                displayName: payload.name,
+            };
+            action = 'update';
+            logger.info('Updated orchestrator', { workspaceId, email: (0, config_1.maskEmail)(email), displayName: payload.name });
+        }
+        else {
+            // Orchestrator disabled - remove it
+            if (config.orchestrator?.activityId === payload._id) {
+                delete config.orchestrator;
+                action = 'remove';
+                logger.info('Removed orchestrator', { workspaceId, email: (0, config_1.maskEmail)(email) });
+            }
+            else {
+                action = 'update';
+            }
+        }
+    }
+    else {
+        // Handle specialist
+        const existingIndex = config.specialists.findIndex((s) => s.activityId === payload._id);
+        if (existingIndex >= 0) {
+            // Update existing
+            config.specialists[existingIndex] = botEntry;
+            action = enabled ? 'update' : 'remove';
+        }
+        else if (enabled) {
+            // Add new
+            config.specialists.push(botEntry);
+            action = 'add';
+        }
+        else {
+            action = 'update';
+        }
+        logger.info('Updated specialist', {
+            workspaceId,
+            email,
+            botType,
+            enabled,
+            action,
+        });
+    }
+    // Save config
+    saveWorkspaceConfig(config);
+    // Trigger callback for hot reload
+    if (botUpdateCallback) {
+        botUpdateCallback(workspaceId, botEntry, action);
+    }
+    return {
+        success: true,
+        action,
+        workspaceId,
+        botType,
+    };
+}
+/**
+ * Get workspace config (for debugging/status)
+ */
+function getWorkspaceConfig(workspaceId) {
+    const config = loadWorkspaceConfig(workspaceId);
+    return config.orchestrator || config.specialists.length > 0 ? config : null;
+}
+/**
+ * List all workspace configs
+ */
+function listWorkspaceConfigs() {
+    const configDir = path.join(process.cwd(), BOT_CONFIG_DIR);
+    if (!fs.existsSync(configDir))
+        return [];
+    const files = fs.readdirSync(configDir).filter((f) => f.endsWith('.json'));
+    const configs = [];
+    for (const file of files) {
+        try {
+            const content = fs.readFileSync(path.join(configDir, file), 'utf-8');
+            configs.push(JSON.parse(content));
+        }
+        catch (error) {
+            logger.warn('Failed to load workspace config', { file, error: String(error) });
+        }
+    }
+    return configs;
+}
+//# sourceMappingURL=webhook-handler.js.map

package/dist/mcp/workspace-cache.d.ts

@@ -5,6 +5,7 @@ export interface UserInfo {
     firstname: string;
     lastname: string;
     fullName: string;
+    email?: string;
     companies: string[];
     default_profilepic?: string;
     lastSeen: number;
@@ -31,6 +32,10 @@ export declare function createWorkspaceCache(init: HailerV2CoreInitResponse, con
  * Gets user information by ID
  */
 export declare function getUserById(cache: WorkspaceCache, userId: string): UserInfo | undefined;
+/**
+ * Gets user information by email (case-insensitive)
+ */
+export declare function getUserByEmail(cache: WorkspaceCache, email: string): UserInfo | undefined;
 /**
  * Gets workspace by name (case-insensitive)
  */

package/dist/mcp/workspace-cache.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createWorkspaceCache = createWorkspaceCache;
 exports.getUserById = getUserById;
+exports.getUserByEmail = getUserByEmail;
 exports.getWorkspaceByName = getWorkspaceByName;
 exports.resolveWorkspaceId = resolveWorkspaceId;
 /**
@@ -33,11 +34,14 @@ function createWorkspaceCache(init, config) {
     const users = [];
     const usersById = {};
     Object.values(init.users || {}).forEach((user) => {
+        // Cast to any to access email field (API returns it but type doesn't include it)
+        const userAny = user;
         let userInfo = {
             id: user._id,
             firstname: user.firstname,
             lastname: user.lastname,
             fullName: `${user.firstname} ${user.lastname}`,
+            email: userAny.email, // Include email if available
             companies: user.companies || [],
             default_profilepic: config.compactUserData ? undefined : user.default_profilepic,
             lastSeen: config.compactUserData ? 0 : (user.lastSeen || 0),
@@ -76,6 +80,13 @@ function createWorkspaceCache(init, config) {
 function getUserById(cache, userId) {
     return cache.usersById[userId];
 }
+/**
+ * Gets user information by email (case-insensitive)
+ */
+function getUserByEmail(cache, email) {
+    const lowerEmail = email.toLowerCase();
+    return cache.users.find(user => user.email?.toLowerCase() === lowerEmail);
+}
 /**
  * Gets workspace by name (case-insensitive)
  */