@hailer/mcp 1.0.29 → 1.1.3

package/dist/mcp/webhook-handler.js

@@ -1,8 +1,9 @@
 "use strict";
 /**
- * Webhook Handler Utilities
+ * Webhook Handler for Bot Config Updates
  *
- * Provides webhook token generation and verification for secure endpoints.
+ * Receives activity updates from Hailer workflow webhooks and updates
+ * local .bot-config/{workspaceId}.json files.
  */
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
@@ -42,10 +43,23 @@ exports.generateWebhookSignature = generateWebhookSignature;
 exports.verifyWebhookSignature = verifyWebhookSignature;
 exports.getWebhookToken = getWebhookToken;
 exports.getWebhookPath = getWebhookPath;
+exports.onBotUpdate = onBotUpdate;
+exports.handleBotConfigWebhook = handleBotConfigWebhook;
+exports.getWorkspaceConfig = getWorkspaceConfig;
+exports.listWorkspaceConfigs = listWorkspaceConfigs;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const crypto = __importStar(require("crypto"));
 const logger_1 = require("../lib/logger");
+const config_1 = require("../config");
+// Optional: bot-config only available in bot server mode, not MCP terminal
+let invalidateConfigCache = null;
+try {
+    invalidateConfigCache = require('../bot-config').invalidateConfigCache;
+}
+catch {
+    // Not available in MCP-only installs — safe to skip
+}
 const logger = (0, logger_1.createLogger)({ component: 'webhook-handler' });
 const BOT_CONFIG_DIR = '.bot-config';
 const WEBHOOK_SECRET_FILE = 'webhook-secret.txt';
@@ -56,12 +70,15 @@ const WEBHOOK_SECRET_FILE = 'webhook-secret.txt';
  * Constant-time string comparison to prevent timing attacks
  */
 function timingSafeEqual(a, b) {
-    if (a.length !== b.length) {
-        // Still perform comparison to maintain constant time
-        crypto.timingSafeEqual(Buffer.from(a), Buffer.from(a));
+    const bufA = Buffer.from(a);
+    const bufB = Buffer.from(b);
+    if (bufA.length !== bufB.length) {
+        // Compare against dummy buffer of same length to maintain constant time
+        const dummy = Buffer.alloc(bufA.length);
+        crypto.timingSafeEqual(bufA, dummy);
         return false;
     }
-    return crypto.timingSafeEqual(Buffer.from(a), Buffer.from(b));
+    return crypto.timingSafeEqual(bufA, bufB);
 }
 /**
  * Generate HMAC-SHA256 signature for webhook payload
@@ -103,7 +120,7 @@ function getWebhookToken() {
     }
     // Production without WEBHOOK_TOKEN: webhooks disabled (optional feature)
     if (process.env.NODE_ENV === 'production') {
-        logger.info('WEBHOOK_TOKEN not set - webhook endpoint disabled');
+        logger.debug('WEBHOOK_TOKEN not set - webhook endpoint disabled');
         return null;
     }
     const configDir = path.join(process.cwd(), BOT_CONFIG_DIR);
@@ -128,14 +145,215 @@ function getWebhookToken() {
     }
     fs.writeFileSync(secretPath, token, { mode: 0o600 });
     const maskedToken = `${token.slice(0, 4)}...${token.slice(-4)}`;
-    logger.info('Generated dev webhook token', { maskedToken, path: secretPath });
+    logger.debug('Generated dev webhook token', { maskedToken, path: secretPath });
     return token;
 }
 /**
- * Get the full webhook path with token
+ * Get the full webhook path with token (no prefix for security through obscurity)
  */
 function getWebhookPath() {
     const token = getWebhookToken();
     return token ? `/${token}` : null;
 }
+let botUpdateCallback = null;
+function onBotUpdate(callback) {
+    botUpdateCallback = callback;
+}
+/**
+ * Get field value from webhook payload by key
+ */
+function getFieldValue(fields, key) {
+    const field = fields.find((f) => f.key === key);
+    return field?.value ?? null;
+}
+/**
+ * Load existing workspace config or create empty one
+ */
+function loadWorkspaceConfig(workspaceId) {
+    const configDir = path.join(process.cwd(), BOT_CONFIG_DIR);
+    const configPath = path.join(configDir, `${workspaceId}.json`);
+    if (fs.existsSync(configPath)) {
+        try {
+            return JSON.parse(fs.readFileSync(configPath, 'utf-8'));
+        }
+        catch (error) {
+            logger.warn('Failed to load workspace config', { workspaceId, error: String(error) });
+        }
+    }
+    return {
+        workspaceId,
+        workspaceName: workspaceId,
+        specialists: [],
+        lastSynced: new Date().toISOString(),
+    };
+}
+/**
+ * Save workspace config to file
+ */
+function saveWorkspaceConfig(config) {
+    const configDir = path.join(process.cwd(), BOT_CONFIG_DIR);
+    // Ensure directory exists
+    if (!fs.existsSync(configDir)) {
+        fs.mkdirSync(configDir, { recursive: true });
+    }
+    const configPath = path.join(configDir, `${config.workspaceId}.json`);
+    config.lastSynced = new Date().toISOString();
+    fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
+    logger.info('Saved workspace config', {
+        workspaceId: config.workspaceId,
+        path: configPath,
+    });
+}
+/**
+ * Process webhook payload and update workspace config
+ */
+function handleBotConfigWebhook(payload) {
+    const workspaceId = payload.cid;
+    logger.debug('Processing bot config webhook', {
+        activityId: payload._id,
+        activityName: payload.name,
+        workspaceId,
+        phase: payload.currentPhase,
+    });
+    // Extract fields
+    const email = getFieldValue(payload.fields, 'agentEmailInHailer');
+    const password = getFieldValue(payload.fields, 'password');
+    const botType = getFieldValue(payload.fields, 'botType');
+    const userId = getFieldValue(payload.fields, 'hailerProfile');
+    const schemaConfigStr = getFieldValue(payload.fields, 'schemaConfig');
+    // Validate required fields
+    if (!email || !password) {
+        logger.warn('Webhook missing credentials', {
+            activityId: payload._id,
+            hasEmail: !!email,
+            hasPassword: !!password,
+        });
+        return {
+            success: false,
+            action: 'skip',
+            workspaceId,
+            botType,
+            error: 'Missing email or password',
+        };
+    }
+    // Parse schema config to determine if deployed or retired
+    let deployedPhaseId = null;
+    let retiredPhaseId = null;
+    if (schemaConfigStr) {
+        try {
+            const schemaConfig = JSON.parse(schemaConfigStr);
+            deployedPhaseId = schemaConfig.deployedPhaseId;
+            retiredPhaseId = schemaConfig.retiredPhaseId;
+        }
+        catch (e) {
+            logger.warn('Failed to parse schemaConfig', { schemaConfigStr });
+        }
+    }
+    const isDeployed = deployedPhaseId ? payload.currentPhase === deployedPhaseId : true;
+    const isRetired = retiredPhaseId ? payload.currentPhase === retiredPhaseId : false;
+    const enabled = isDeployed && !isRetired;
+    // Load existing config
+    const config = loadWorkspaceConfig(workspaceId);
+    const botEntry = {
+        activityId: payload._id,
+        userId: userId || null,
+        email,
+        password,
+        botType: botType || 'unknown',
+        enabled,
+        displayName: payload.name, // Activity name from Agent Directory
+    };
+    let action;
+    // Handle orchestrator
+    if (botType === 'orchestrator') {
+        if (enabled) {
+            config.orchestrator = {
+                activityId: payload._id,
+                userId: userId || '',
+                email,
+                password,
+                displayName: payload.name,
+            };
+            action = 'update';
+            logger.info('Updated orchestrator', { workspaceId, email: (0, config_1.maskEmail)(email), displayName: payload.name });
+        }
+        else {
+            // Orchestrator disabled - remove it
+            if (config.orchestrator?.activityId === payload._id) {
+                delete config.orchestrator;
+                action = 'remove';
+                logger.info('Removed orchestrator', { workspaceId, email: (0, config_1.maskEmail)(email) });
+            }
+            else {
+                action = 'update';
+            }
+        }
+    }
+    else {
+        // Handle specialist
+        const existingIndex = config.specialists.findIndex((s) => s.activityId === payload._id);
+        if (existingIndex >= 0) {
+            // Update existing
+            config.specialists[existingIndex] = botEntry;
+            action = enabled ? 'update' : 'remove';
+        }
+        else if (enabled) {
+            // Add new
+            config.specialists.push(botEntry);
+            action = 'add';
+        }
+        else {
+            action = 'update';
+        }
+        logger.info('Updated specialist', {
+            workspaceId,
+            email,
+            botType,
+            enabled,
+            action,
+        });
+    }
+    // Save config
+    saveWorkspaceConfig(config);
+    // Invalidate config cache so loadBotConfigs() reads fresh data
+    if (invalidateConfigCache)
+        invalidateConfigCache();
+    // Trigger callback for hot reload
+    if (botUpdateCallback) {
+        botUpdateCallback(workspaceId, botEntry, action);
+    }
+    return {
+        success: true,
+        action,
+        workspaceId,
+        botType,
+    };
+}
+/**
+ * Get workspace config (for debugging/status)
+ */
+function getWorkspaceConfig(workspaceId) {
+    const config = loadWorkspaceConfig(workspaceId);
+    return config.orchestrator || config.specialists.length > 0 ? config : null;
+}
+/**
+ * List all workspace configs
+ */
+function listWorkspaceConfigs() {
+    const configDir = path.join(process.cwd(), BOT_CONFIG_DIR);
+    if (!fs.existsSync(configDir))
+        return [];
+    const files = fs.readdirSync(configDir).filter((f) => f.endsWith('.json'));
+    const configs = [];
+    for (const file of files) {
+        try {
+            const content = fs.readFileSync(path.join(configDir, file), 'utf-8');
+            configs.push(JSON.parse(content));
+        }
+        catch (error) {
+            logger.warn('Failed to load workspace config', { file, error: String(error) });
+        }
+    }
+    return configs;
+}
 //# sourceMappingURL=webhook-handler.js.map

package/dist/mcp-server.d.ts

@@ -16,6 +16,10 @@ export interface MCPServerConfig {
     port: number;
     corsOrigins: string[];
     toolRegistry: ToolRegistry;
+    getDaemonStatus?: () => Record<string, Array<{
+        botId: string;
+        state: any;
+    }>>;
 }
 export declare class MCPServerService {
     private app;

package/dist/mcp-server.js

@@ -5,6 +5,39 @@
  * Implements JSON-RPC 2.0 MCP protocol over HTTP with Server-Sent Events (SSE)
  * for LLM clients (Claude Desktop, etc.)
  */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -16,12 +49,13 @@ const logger_1 = require("./lib/logger");
 const config_1 = require("./config");
 const UserContextCache_1 = require("./mcp/UserContextCache");
 const tool_registry_1 = require("./mcp/tool-registry");
+const webhook_handler_1 = require("./mcp/webhook-handler");
 class MCPServerService {
     app;
     server;
     logger;
     config;
-    toolRegistry;
+    toolRegistry; // ← Injected
     constructor(config) {
         this.config = config;
         this.toolRegistry = config.toolRegistry;
@@ -32,7 +66,7 @@ class MCPServerService {
         this.app = (0, express_1.default)();
         this.setupMiddleware();
         this.setupRoutes();
-        this.logger.info('MCP Server initialized', {
+        this.logger.debug('MCP Server initialized', {
             port: config.port,
             corsOrigins: config.corsOrigins
         });
@@ -48,16 +82,17 @@ class MCPServerService {
             }));
         }
         this.app.use(express_1.default.json());
-        // Request logging middleware (skip health endpoint to reduce noise)
+        // Request logging middleware (skip noise: health checks, OAuth discovery probes)
         this.app.use((req, res, next) => {
             const isHealthCheck = req.path === '/health';
+            const isOAuthProbe = req.path.startsWith('/.well-known/') || (req.method === 'GET' && req.path === '/api/mcp');
             const start = Date.now();
             const requestLogger = this.logger.child({
                 requestId: `req-${Date.now()}-${Math.random().toString(36).substring(2, 11)}`,
                 method: req.method,
                 path: req.path
             });
-            if (!isHealthCheck) {
+            if (!isHealthCheck && !isOAuthProbe) {
                 requestLogger.debug('Incoming request', {
                     url: req.url,
                     headers: req.headers['content-type'],
@@ -87,15 +122,31 @@ class MCPServerService {
                 status: 'ok',
                 timestamp: new Date().toISOString(),
                 service: 'hailer-mcp-server',
-                version: '0.1.0'
+                version: config_1.APP_VERSION
             };
             res.json(health);
         });
-        // MCP Protocol endpoint - JSON-RPC 2.0 over SSE
-        this.app.post('/api/mcp', async (req, res) => {
-            req.logger.debug('MCP request received', { method: req.body?.method });
+        // Daemon status endpoint - monitor LLM context
+        this.app.get('/daemon/status', (_, res) => {
+            if (!this.config.getDaemonStatus) {
+                res.status(404).json({ error: 'Daemon mode not enabled' });
+                return;
+            }
+            const status = this.config.getDaemonStatus();
+            if (!status) {
+                res.status(503).json({ error: 'Daemon not running' });
+                return;
+            }
+            res.json({
+                timestamp: new Date().toISOString(),
+                daemons: status
+            });
+        });
+        // MCP Protocol handler - shared by both routes
+        const mcpHandler = async (req, res, apiKeyOverride) => {
+            const apiKey = apiKeyOverride || req.query.apiKey;
+            req.logger.debug('MCP request received', { method: req.body?.method, apiKey: apiKey?.slice(0, 8) + '...' });
             try {
-                const apiKey = req.query.apiKey;
                 const mcpRequest = req.body;
                 let result;
                 if (mcpRequest.method === 'tools/list') {
@@ -118,19 +169,23 @@ class MCPServerService {
                     }
                     // Apply default tool group filtering
                     // - NUCLEAR: Only if ENABLE_NUCLEAR_TOOLS=true
+                    // - BOT_INTERNAL: Only if explicitly requested via params.includeBotInternal (for daemons)
+                    const includeBotInternal = mcpRequest.params?.includeBotInternal === true;
                     if (!filterConfig) {
-                        // No filter yet - create default excluding NUCLEAR
+                        // No filter yet - create default excluding NUCLEAR and BOT_INTERNAL
                         filterConfig = {
                             allowedGroups: [tool_registry_1.ToolGroup.READ, tool_registry_1.ToolGroup.WRITE, tool_registry_1.ToolGroup.PLAYGROUND]
                         };
-                        req.logger.debug('Using default tool filter (excludes NUCLEAR)');
+                        req.logger.debug('Using default tool filter (excludes NUCLEAR and BOT_INTERNAL)');
                     }
                     else if (filterConfig.allowedGroups) {
-                        // Filter groups - remove NUCLEAR unless enabled
-                        filterConfig.allowedGroups = filterConfig.allowedGroups.filter(g => (config_1.environment.ENABLE_NUCLEAR_TOOLS || g !== tool_registry_1.ToolGroup.NUCLEAR));
+                        // Filter groups - remove BOT_INTERNAL unless explicitly requested, remove NUCLEAR unless enabled
+                        filterConfig.allowedGroups = filterConfig.allowedGroups.filter(g => (includeBotInternal || g !== tool_registry_1.ToolGroup.BOT_INTERNAL) &&
+                            (config_1.environment.ENABLE_NUCLEAR_TOOLS || g !== tool_registry_1.ToolGroup.NUCLEAR));
                         req.logger.debug('Filtered tool groups', {
                             allowedGroups: filterConfig.allowedGroups,
-                            nuclearEnabled: config_1.environment.ENABLE_NUCLEAR_TOOLS
+                            nuclearEnabled: config_1.environment.ENABLE_NUCLEAR_TOOLS,
+                            includeBotInternal
                         });
                     }
                     result = {
@@ -154,7 +209,7 @@ class MCPServerService {
                         return this.sendMcpError(res, mcpRequest.id, -32602, 'API key required for tools/call', 400);
                     }
                     const { name, arguments: args = {} } = mcpRequest.params;
-                    req.logger.debug('Handling tools/call request', { toolName: name });
+                    req.logger.info('Tool call', { tool: name });
                     // Check access control
                     if (!this.canAccessTool(name, apiKey, appConfig)) {
                         return this.sendMcpError(res, mcpRequest.id, -32603, `Access denied to tool: ${name}`, 403);
@@ -163,20 +218,20 @@ class MCPServerService {
                     result = await this.toolRegistry.executeTool(name, args, userContext);
                 }
                 else if (mcpRequest.method === 'initialize') {
-                    req.logger.info('MCP initialize request received');
                     const sessionId = `session-${Date.now()}-${Math.random().toString(36).substring(2, 11)}`;
                     res.setHeader('Mcp-Session-Id', sessionId);
+                    req.logger.info('Client connected', { sessionId, clientInfo: mcpRequest.params?.clientInfo });
                     result = {
                         protocolVersion: '2024-11-05',
                         capabilities: { tools: {} },
                         serverInfo: {
                             name: 'hailer-mcp-server',
-                            version: '1.0.0'
+                            version: config_1.APP_VERSION
                         }
                     };
                 }
                 else if (mcpRequest.method === 'notifications/initialized') {
-                    req.logger.info('MCP handshake completed - client initialized');
+                    req.logger.debug('MCP handshake completed - client initialized');
                     res.setHeader('Content-Type', 'text/event-stream');
                     res.status(204).end();
                     return;
@@ -210,13 +265,170 @@ class MCPServerService {
                     this.sendMcpError(res, req.body?.id || null, -32000, `Server error: ${errorMessage}`, 500);
                 }
             }
+        };
+        // MCP Protocol endpoint - JSON-RPC 2.0 over SSE
+        // Route 1: /api/mcp?apiKey=xxx (standard format)
+        this.app.post('/api/mcp', (req, res) => mcpHandler(req, res));
+        // Route 2: /:apiKey (simplified format - API key as path)
+        // Matches 16-64 char alphanumeric keys, but ONLY for MCP requests (has jsonrpc field)
+        // Non-MCP requests (webhooks) pass through to later routes
+        this.app.post('/:apiKey([a-zA-Z0-9_-]{16,64})', (req, res, next) => {
+            if (req.body?.jsonrpc) {
+                // MCP request - handle it
+                mcpHandler(req, res, req.params.apiKey);
+            }
+            else {
+                // Not MCP (likely webhook) - pass to next route
+                next();
+            }
         });
-        this.logger.debug('Routes configured', {
-            routes: [
-                '/health',
-                '/api/mcp'
-            ]
-        });
+        // ===== Bot Configuration API (only when MCP_CLIENT_ENABLED=true) =====
+        if (config_1.environment.MCP_CLIENT_ENABLED) {
+            // GET /api/bots - List all bots and their status
+            this.app.get('/api/bots', async (req, res) => {
+                req.logger.debug('List bots requested');
+                try {
+                    const { AVAILABLE_BOTS, getBotState } = await Promise.resolve().then(() => __importStar(require('./bot-config')));
+                    const state = getBotState();
+                    const bots = AVAILABLE_BOTS.map(bot => ({
+                        ...bot,
+                        enabled: state[bot.id] || false
+                    }));
+                    res.json({ bots });
+                }
+                catch (error) {
+                    req.logger.error('Failed to list bots', { error });
+                    res.status(500).json({ error: 'Failed to list bots' });
+                }
+            });
+            // POST /api/bots/:id/enable - Enable a bot
+            this.app.post('/api/bots/:id/enable', async (req, res) => {
+                const { id } = req.params;
+                req.logger.debug('Enable bot requested', { botId: id });
+                try {
+                    const { AVAILABLE_BOTS, setBotEnabled } = await Promise.resolve().then(() => __importStar(require('./bot-config')));
+                    const bot = AVAILABLE_BOTS.find(b => b.id === id);
+                    if (!bot) {
+                        return res.status(404).json({ error: `Unknown bot: ${id}` });
+                    }
+                    setBotEnabled(id, true);
+                    res.json({ success: true, botId: id, enabled: true });
+                }
+                catch (error) {
+                    req.logger.error('Failed to enable bot', { botId: id, error });
+                    res.status(500).json({ error: 'Failed to enable bot' });
+                }
+            });
+            // POST /api/bots/:id/disable - Disable a bot
+            this.app.post('/api/bots/:id/disable', async (req, res) => {
+                const { id } = req.params;
+                req.logger.debug('Disable bot requested', { botId: id });
+                try {
+                    const { AVAILABLE_BOTS, setBotEnabled } = await Promise.resolve().then(() => __importStar(require('./bot-config')));
+                    const bot = AVAILABLE_BOTS.find(b => b.id === id);
+                    if (!bot) {
+                        return res.status(404).json({ error: `Unknown bot: ${id}` });
+                    }
+                    setBotEnabled(id, false);
+                    res.json({ success: true, botId: id, enabled: false });
+                }
+                catch (error) {
+                    req.logger.error('Failed to disable bot', { botId: id, error });
+                    res.status(500).json({ error: 'Failed to disable bot' });
+                }
+            });
+            // POST /api/bots/:id/toggle - Toggle a bot
+            this.app.post('/api/bots/:id/toggle', async (req, res) => {
+                const { id } = req.params;
+                req.logger.debug('Toggle bot requested', { botId: id });
+                try {
+                    const { AVAILABLE_BOTS, getBotState, setBotEnabled } = await Promise.resolve().then(() => __importStar(require('./bot-config')));
+                    const bot = AVAILABLE_BOTS.find(b => b.id === id);
+                    if (!bot) {
+                        return res.status(404).json({ error: `Unknown bot: ${id}` });
+                    }
+                    const currentState = getBotState();
+                    const newState = !currentState[id];
+                    setBotEnabled(id, newState);
+                    res.json({ success: true, botId: id, enabled: newState });
+                }
+                catch (error) {
+                    req.logger.error('Failed to toggle bot', { botId: id, error });
+                    res.status(500).json({ error: 'Failed to toggle bot' });
+                }
+            });
+            // ===== Bot Config Webhook API =====
+            // Get secure webhook path (auto-generated token) - null if disabled
+            const webhookPath = (0, webhook_handler_1.getWebhookPath)();
+            if (webhookPath) {
+                // POST /webhook/{token} - Receives updates from Hailer workflow webhooks
+                this.app.post(webhookPath, (req, res) => {
+                    req.logger.debug('Bot config webhook received', {
+                        activityId: req.body?._id,
+                        activityName: req.body?.name,
+                        workspaceId: req.body?.cid,
+                    });
+                    try {
+                        const result = (0, webhook_handler_1.handleBotConfigWebhook)(req.body);
+                        if (result.success) {
+                            req.logger.debug('Bot config updated via webhook', {
+                                action: result.action,
+                                workspaceId: result.workspaceId,
+                                botType: result.botType,
+                            });
+                            res.status(200).json(result);
+                        }
+                        else {
+                            req.logger.warn('Bot config webhook failed', { error: result.error });
+                            res.status(400).json(result);
+                        }
+                    }
+                    catch (error) {
+                        req.logger.error('Bot config webhook error', { error });
+                        res.status(500).json({
+                            success: false,
+                            error: error instanceof Error ? error.message : 'Internal error',
+                        });
+                    }
+                });
+                // GET /webhook/{token}/status - Status endpoint to see all workspace configs
+                this.app.get(`${webhookPath}/status`, (_req, res) => {
+                    const configs = (0, webhook_handler_1.listWorkspaceConfigs)();
+                    res.json({
+                        timestamp: new Date().toISOString(),
+                        workspaceCount: configs.length,
+                        workspaces: configs.map((c) => ({
+                            workspaceId: c.workspaceId,
+                            workspaceName: c.workspaceName,
+                            hasOrchestrator: !!c.orchestrator,
+                            specialistCount: c.specialists.length,
+                            enabledSpecialists: c.specialists.filter((s) => s.enabled).length,
+                            lastSynced: c.lastSynced,
+                        })),
+                    });
+                });
+            }
+            else {
+                this.logger.debug('Webhook endpoint disabled (no WEBHOOK_TOKEN)');
+            }
+            this.logger.debug('Routes configured', {
+                routes: [
+                    '/health',
+                    '/daemon/status',
+                    '/api/mcp',
+                    '/api/bots'
+                ]
+            });
+        }
+        else {
+            this.logger.debug('Routes configured', {
+                routes: [
+                    '/health',
+                    '/daemon/status',
+                    '/api/mcp'
+                ]
+            });
+        }
     }
     /**
      * Check if agent has access to a specific tool
@@ -275,7 +487,7 @@ class MCPServerService {
             const server = this.server;
             return new Promise((resolve) => {
                 server.close(() => {
-                    this.logger.info('MCP Server stopped gracefully');
+                    this.logger.debug('MCP Server stopped gracefully');
                     resolve();
                 });
             });

package/dist/plugins/bug-fixer/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./tools";
+//# sourceMappingURL=index.d.ts.map

package/dist/plugins/bug-fixer/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./tools"), exports);
+//# sourceMappingURL=index.js.map