@hailer/mcp 1.2.0 → 2.0.0-beta.1

package/dist/mcp/webhook-handler.js

@@ -39,11 +39,12 @@ var __importStar = (this && this.__importStar) || (function () {
     };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.clearAdminKeyErrors = clearAdminKeyErrors;
 exports.generateWebhookSignature = generateWebhookSignature;
 exports.verifyWebhookSignature = verifyWebhookSignature;
 exports.getWebhookToken = getWebhookToken;
 exports.getWebhookPath = getWebhookPath;
-exports.onBotUpdate = onBotUpdate;
+exports.destroyBot = destroyBot;
 exports.handleBotConfigWebhook = handleBotConfigWebhook;
 exports.listWorkspaceConfigs = listWorkspaceConfigs;
 const fs = __importStar(require("fs"));
@@ -52,23 +53,608 @@ const crypto = __importStar(require("crypto"));
 const logger_1 = require("../lib/logger");
 const config_1 = require("../config");
 const constants_1 = require("../bot-config/constants");
-// Optional: bot-config only available in bot server mode, not MCP terminal
-let invalidateConfigCache = null;
-let _loadConfigFile = null;
-let _saveConfigFile = null;
-let _listConfigFiles = null;
-try {
-    const botConfig = require('../bot-config');
-    invalidateConfigCache = botConfig.invalidateConfigCache;
-    _loadConfigFile = botConfig.loadWorkspaceConfigFile;
-    _saveConfigFile = botConfig.saveWorkspaceConfigFile;
-    _listConfigFiles = botConfig.listWorkspaceConfigFiles;
-}
-catch {
-    // Not available in MCP-only installs — safe to skip
-}
+const loader_1 = require("../bot-config/loader");
+const activity_error_1 = require("../bot-config/activity-error");
+const events_1 = require("../bot-config/events");
+const workspace_admin_store_1 = require("./workspace-admin-store");
+const hailer_clients_1 = require("./hailer-clients");
+const hailer_rpc_1 = require("./hailer-rpc");
+const tool_helpers_1 = require("./utils/tool-helpers");
+const hailer_api_client_1 = require("./utils/hailer-api-client");
 const logger = (0, logger_1.createLogger)({ component: 'webhook-handler' });
 const WEBHOOK_SECRET_FILE = 'webhook-secret.txt';
+// AI Hub writes a "pending-…" placeholder into the password field at activity
+// create time; we treat that as absent so we know to generate a real one.
+const PENDING_PASSWORD_PREFIX = 'pending-';
+const BOT_EMAIL_DOMAIN = 'hailer.com';
+function generateSecurePassword() {
+    return crypto.randomBytes(16).toString('hex');
+}
+/**
+ * Mirror of AI Hub's `generateBotEmail` (ai-hub/src/api.ts) — used by the
+ * collision-retry path when Hailer rejects the AI Hub-supplied email with a
+ * duplicate (code:409) AND no sibling activity provisioned the bot. We
+ * regenerate locally, write the new email back to the activity, and retry
+ * the register call.
+ */
+function generateBotEmail(firstname, lastname, workspaceId) {
+    const sanitize = (s) => s.toLowerCase().replace(/[^a-z0-9]/g, '');
+    const first = sanitize(firstname) || 'bot';
+    const last = sanitize(lastname);
+    const wsPrefix = sanitize(workspaceId).slice(0, 8);
+    const suffix = crypto.randomBytes(3).toString('hex');
+    const parts = [last ? `${first}.${last}` : first];
+    if (wsPrefix) {
+        parts.push(wsPrefix);
+    }
+    parts.push(suffix);
+    return `${parts.join('-')}@${BOT_EMAIL_DOMAIN}`;
+}
+// Hailer fires multiple webhooks per phase change (one per phase listening),
+// so siblings race to provision the same bot. Re-read the activity to detect
+// a sibling that already wrote hailerProfile/password — and to detect that
+// the activity has been deleted out from under us.
+//
+// activities.load returns `fields` as an object keyed by the field's logical
+// key (e.g. `hailerProfile`, `password`) — same shape v3.activity.updateMany
+// accepts. No workflow-definition lookup needed.
+async function probeActivity(adminClient, activityId) {
+    try {
+        const activity = await adminClient.socket.request(hailer_rpc_1.HailerRpc.Activities.load, [activityId]);
+        const fields = activity?.fields ?? {};
+        const uid = fields.hailerProfile || undefined;
+        const activityEmail = fields.agentEmailInHailer || undefined;
+        const rawPassword = fields.password;
+        const password = rawPassword && !String(rawPassword).startsWith(PENDING_PASSWORD_PREFIX)
+            ? String(rawPassword)
+            : undefined;
+        return { uid, password, email: activityEmail, discussion: activity?.discussion };
+    }
+    catch (err) {
+        if ((0, activity_error_1.isActivityGone)(err)) {
+            logger.debug('[Webhook] probe: activity is deleted', { activityId });
+            return { gone: true };
+        }
+        logger.debug('[Webhook] activities.load (probe) failed', {
+            activityId,
+            error: (0, tool_helpers_1.extractErrorMessage)(err),
+        });
+        return {};
+    }
+}
+// Hailer's concurrent-registration rejection codes:
+//   409 "Email already registered!"   — a sibling already created the user
+//   127 "Unable to create new user."  — race-guard
+function isRegisterRaceError(err) {
+    const msg = (0, tool_helpers_1.extractErrorMessage)(err);
+    return msg.includes('"code":409') || msg.includes('"code":127');
+}
+function resolveUserDisplayName(users, uid) {
+    if (!uid || !users) {
+        return undefined;
+    }
+    const u = users[uid];
+    if (!u) {
+        return undefined;
+    }
+    const name = [u.firstname, u.lastname].filter(Boolean).join(' ').trim();
+    return name || u.email || undefined;
+}
+// Per-activity provisioning mutex. Hailer fires multiple webhooks per activity
+// create (initial create + phase transition + …) and they hit Express in
+// parallel. Without serialization each one independently calls v2.user.register
+// before any sibling has written its uid back to the activity, so probeActivity
+// keeps missing the in-flight provision — net result is N orphan Hailer users
+// per bot and a final activity whose password no longer matches Hailer's record.
+const provisionLocks = new Map();
+// Track the last admin-key value we successfully persisted per workspace so we
+// skip the Hailer-login validation roundtrip on every subsequent webhook that
+// carries the same key. SHA-256 of the raw value — never store the plaintext.
+// Cleared on process restart, which is fine: the first webhook re-validates and
+// re-caches.
+const lastAdminKeyHashByWorkspace = new Map();
+/**
+ * Decode an admin API key stored in schemaConfig. AI Hub writes the key as
+ * `hex:<hex-encoded-utf8>` so a casual reader of the workspace data doesn't
+ * see the plaintext credential. Values without the `hex:` prefix are
+ * treated as legacy plaintext for backward compatibility with carriers
+ * written before this change shipped.
+ */
+function decodeAdminKey(raw) {
+    if (!raw.startsWith('hex:')) {
+        return raw;
+    }
+    try {
+        return Buffer.from(raw.slice(4), 'hex').toString('utf8');
+    }
+    catch {
+        return raw;
+    }
+}
+/**
+ * Surface an admin-key rejection reason back to AI Hub through the activity's
+ * `schemaConfig.adminKeyError` — the only channel AI Hub can read without
+ * reaching the (browser-blocked, HTTP) MCP server directly. Writes only on a
+ * state change, so a re-delivered webhook can't loop. Best-effort: a failure
+ * here must never break the webhook flow.
+ */
+async function markAdminKeyError(client, activityId, schemaConfig, error) {
+    const current = typeof schemaConfig.adminKeyError === 'string' ? schemaConfig.adminKeyError : null;
+    if (current === error) {
+        return;
+    }
+    const next = { ...schemaConfig };
+    if (error) {
+        next.adminKeyError = error;
+    }
+    if (!error) {
+        delete next.adminKeyError;
+    }
+    try {
+        await client.socket.request(hailer_rpc_1.HailerRpc.Activities.updateMany, [[
+                { _id: activityId, fields: { schemaConfig: JSON.stringify(next) } },
+            ]]);
+    }
+    catch (err) {
+        logger.warn('[Webhook] Failed to write adminKeyError status to activity', {
+            activityId, error: (0, tool_helpers_1.extractErrorMessage)(err),
+        });
+    }
+}
+// v2.core.init returns processes as an object keyed by process id on the
+// live API, but parts of this codebase have also seen the array form (see
+// normalizeInitProcesses in mcp/utils/types.ts and the array iteration in
+// bot-config/workflow-installer.ts). Accept both so a shape drift can't
+// silently turn the sweep into a no-op.
+function toProcessMap(raw) {
+    if (!Array.isArray(raw)) {
+        return (raw ?? {});
+    }
+    const withIds = raw.filter((proc) => Boolean(proc?._id));
+    const map = {};
+    for (const proc of withIds) {
+        map[proc._id] = proc;
+    }
+    return map;
+}
+// Identify the Agent Directory structurally (field keys written by AI Hub's
+// installer) rather than by name — names are localized ('🤖 Agent Directory'
+// / '🤖 Agentit') and user-editable.
+function looksLikeAgentDirectory(wf) {
+    const fieldKeys = new Set(Object.values(wf?.fields ?? {}).map((field) => field?.key));
+    return fieldKeys.has('schemaConfig') && fieldKeys.has('agentEmailInHailer');
+}
+async function clearAdminKeyErrorOnActivity(client, activityId) {
+    try {
+        const activity = await client.socket.request(hailer_rpc_1.HailerRpc.Activities.load, [activityId]);
+        const raw = activity?.fields?.schemaConfig;
+        if (typeof raw !== 'string' || !raw) {
+            return;
+        }
+        const parsed = JSON.parse(raw);
+        if (typeof parsed.adminKeyError !== 'string') {
+            return;
+        }
+        delete parsed.adminKeyError;
+        await client.socket.request(hailer_rpc_1.HailerRpc.Activities.updateMany, [[
+                { _id: activityId, fields: { schemaConfig: JSON.stringify(parsed) } },
+            ]]);
+        logger.info('[AdminKey] Cleared stale adminKeyError marker', { activityId });
+    }
+    catch (err) {
+        logger.debug('[AdminKey] clearAdminKeyErrors: skipped activity (non-fatal)', {
+            activityId, error: (0, tool_helpers_1.extractErrorMessage)(err),
+        });
+    }
+}
+async function clearAdminKeyErrorsInPhase(client, workflowId, phaseId) {
+    const result = await client.socket.request(hailer_rpc_1.HailerRpc.Activities.list, [
+        { processId: workflowId, phaseId },
+        { limit: 100, returnFlat: true },
+    ]);
+    const entries = result?.activities || result?.list || result?.data || [];
+    for (const entry of entries) {
+        if (!entry?._id) {
+            continue;
+        }
+        await clearAdminKeyErrorOnActivity(client, entry._id);
+    }
+}
+/**
+ * Sweep ALL activities of the workspace's Agent Directory and remove stale
+ * `schemaConfig.adminKeyError` markers. markAdminKeyError only clears the
+ * single activity whose webhook delivered a verified key, and the popup
+ * /admin-authorize path bypasses webhooks entirely — either way a marker
+ * left on a sibling (carrier or other bot) wedges AI Hub's red 'Verify
+ * email' pill: readAdminKeyErrorFromWorkflow scans every activity and any
+ * error wins over connected. Called from both success paths once a verified
+ * admin key is persisted. Best-effort by contract: never throws.
+ */
+async function clearAdminKeyErrors(client, workspaceId, workflowId) {
+    try {
+        await (0, hailer_clients_1.withApiKeyLock)(client.sessionKey, async () => {
+            // Pin the key's ambient workspace pointer — it follows whatever
+            // the admin last viewed (same reason provisionBotUserLocked pins).
+            await client.socket.request(hailer_rpc_1.HailerRpc.Core.switchEcosystem, [workspaceId]);
+            const init = await client.socket.request(hailer_rpc_1.HailerRpc.Core.init, [['processes']]);
+            const processes = toProcessMap(init?.processes);
+            // init [['processes']] returns workflows from EVERY workspace the
+            // key can reach (see findExistingWorkflow in workflow-installer.ts)
+            // — without the cid filter a multi-workspace admin could resolve a
+            // sibling workspace's directory and leave the real markers wedged.
+            const resolvedId = workflowId ?? Object.keys(processes).find((id) => processes[id]?.cid === workspaceId && looksLikeAgentDirectory(processes[id]));
+            const phaseIds = resolvedId ? Object.keys(processes[resolvedId]?.phases ?? {}) : [];
+            if (!resolvedId || phaseIds.length === 0) {
+                logger.debug('[AdminKey] clearAdminKeyErrors: agent workflow not resolvable — nothing to clear', {
+                    workspaceId, workflowId,
+                });
+                return;
+            }
+            for (const phaseId of phaseIds) {
+                await clearAdminKeyErrorsInPhase(client, resolvedId, phaseId);
+            }
+        });
+    }
+    catch (err) {
+        logger.warn('[AdminKey] clearAdminKeyErrors failed (non-fatal)', {
+            workspaceId, error: (0, tool_helpers_1.extractErrorMessage)(err),
+        });
+    }
+}
+/**
+ * If a webhook operation failed with an auth-shaped error ('Invalid
+ * Session', Unauthorized, "code":401/403), decide whether the ADMIN KEY
+ * itself is dead before forgetting it. Hailer uses code 403 for every
+ * permission denial — invite.send 'Validate your email.', a per-activity
+ * updateMany rejection — and none of those say anything about the key.
+ * So re-probe the key directly: getValidatedAdminRecord runs core.init
+ * with the stored key alone and removes the record only when THAT call
+ * is rejected (transient errors keep it). On removal, also clear the
+ * dedupe hash so a re-pasted key re-validates. Subsequent webhooks then
+ * skip cleanly ('No admin credentials') instead of hammering 403.
+ * Returns true if the credentials were cleared.
+ */
+async function forgetAdminKeyOnAuthFailure(workspaceId, err) {
+    if (!(0, workspace_admin_store_1.looksLikeAuthFailure)((0, tool_helpers_1.extractErrorMessage)(err))) {
+        return false;
+    }
+    const record = await (0, workspace_admin_store_1.getValidatedAdminRecord)(workspaceId);
+    if (record) {
+        logger.warn('[Webhook] Operation failed with 401/403 but the stored admin key still validates — keeping credentials', {
+            workspaceId, error: (0, tool_helpers_1.extractErrorMessage)(err),
+        });
+        return false;
+    }
+    lastAdminKeyHashByWorkspace.delete(workspaceId);
+    logger.warn('[Webhook] Admin key rejected (auth failure) — cleared stored credentials; webhooks will skip until a valid key is re-connected', { workspaceId });
+    return true;
+}
+/**
+ * If the webhook payload's schemaConfig carries `adminApiKey`, validate it and
+ * persist as the workspace's admin credentials. This is the workflow-field
+ * delivery path: AI Hub writes the admin's user-api-key into schemaConfig and
+ * Hailer's phase webhook brings it server-side here, sidestepping the
+ * mixed-content blocker on the old browser-mediated /admin-authorize flow.
+ *
+ * Safe to call on every webhook — same-value writes are short-circuited by
+ * the hash cache, so we don't hammer Hailer with a v2.core.init per phase
+ * toggle.
+ */
+async function maybePersistAdminKeyFromSchema(workspaceId, schemaConfig, activityId, workflowId) {
+    const stored = schemaConfig?.adminApiKey;
+    if (!schemaConfig || typeof stored !== 'string' || !stored) {
+        return;
+    }
+    const apiKey = decodeAdminKey(stored);
+    const hash = crypto.createHash('sha256').update(apiKey).digest('hex');
+    if (lastAdminKeyHashByWorkspace.get(workspaceId) === hash) {
+        return;
+    }
+    try {
+        const client = await (0, hailer_clients_1.createHailerClientByApiKey)(apiKey);
+        const identity = await (0, workspace_admin_store_1.resolveAdminIdentity)(client);
+        if (!identity.uid) {
+            logger.warn('[Webhook] schemaConfig.adminApiKey: identity resolution returned no uid — not persisting', { workspaceId });
+            return;
+        }
+        if (!identity.emailVerified) {
+            // Unverified admin email: Hailer's invite.send rejects the bot invite
+            // (403 'Validate your email.'), the activity never gets its
+            // hailerProfile stamp, and every webhook redelivery re-fires the
+            // invite — the reinvite doom loop. Skip persist, and deliberately do
+            // NOT set lastAdminKeyHashByWorkspace, so a re-check fires once the
+            // admin verifies. Fail-closed: missing/false counts as unverified.
+            logger.warn('[Webhook] schemaConfig.adminApiKey: admin email not verified — not persisting', { workspaceId, adminUid: identity.uid });
+            await markAdminKeyError(client, activityId, schemaConfig, 'email-not-verified');
+            return;
+        }
+        (0, workspace_admin_store_1.persistAdminCredentials)(workspaceId, apiKey, identity);
+        lastAdminKeyHashByWorkspace.set(workspaceId, hash);
+        // Clear rejection markers on ALL Agent Directory activities (not just
+        // this one) now that a verified key is stored — a marker left on a
+        // sibling carrier/bot would wedge AI Hub's 'Verify email' pill.
+        await clearAdminKeyErrors(client, workspaceId, workflowId);
+        logger.info('[Webhook] Admin credentials updated from schemaConfig.adminApiKey', { workspaceId, adminUid: identity.uid });
+    }
+    catch (err) {
+        logger.warn('[Webhook] schemaConfig.adminApiKey: validation failed (key may be invalid or revoked)', {
+            workspaceId,
+            error: (0, tool_helpers_1.extractErrorMessage)(err),
+        });
+    }
+}
+// In-memory cache of the freshly-provisioned user, keyed by activityId. The
+// lock alone is not enough: even after the leader's `activities.updateMany`
+// resolves, Hailer's `activities.load` (used by probeActivity) can return a
+// stale snapshot for a brief window, so a freshly-released sibling re-enters
+// the register loop and orphans another user. Caching the leader's result
+// in memory lets the sibling skip Hailer entirely. TTL is generous because
+// the burst of sibling webhooks all fires within seconds of activity create.
+const PROVISIONED_RESULT_TTL_MS = 5 * 60 * 1000;
+const provisionedResults = new Map();
+async function withProvisionLock(activityId, fn) {
+    const prev = provisionLocks.get(activityId) ?? Promise.resolve();
+    const next = prev.then(fn, fn);
+    provisionLocks.set(activityId, next);
+    try {
+        return await next;
+    }
+    finally {
+        if (provisionLocks.get(activityId) === next) {
+            provisionLocks.delete(activityId);
+        }
+    }
+}
+async function provisionBotUser(adminClient, payload, workspaceId, email) {
+    // No inner withProvisionLock — handleBotConfigWebhook already holds the
+    // per-activity lock for the entire flow. Re-entering here would deadlock
+    // (same activityId waits on the outer's still-running promise). The
+    // provisionedResults cache still serves its purpose: a later webhook for
+    // the same activity within TTL skips the register loop entirely.
+    const cached = provisionedResults.get(payload._id);
+    if (cached) {
+        logger.info('[Webhook] Activity provisioned this session — reusing cached result', {
+            activityId: payload._id, uid: cached.uid, workspaceId,
+        });
+        return { ...cached, freshlyProvisioned: false };
+    }
+    const result = await provisionBotUserInner(adminClient, payload, workspaceId, email);
+    if (result?.uid && result.password) {
+        provisionedResults.set(payload._id, result);
+        const timer = setTimeout(() => {
+            provisionedResults.delete(payload._id);
+        }, PROVISIONED_RESULT_TTL_MS);
+        timer.unref?.();
+    }
+    return result;
+}
+async function provisionBotUserInner(adminClient, payload, workspaceId, email) {
+    // Wrap the entire provision flow in a per-API-key lock. The admin key's
+    // server-side "current workspace" is mutated by switchEcosystem and
+    // implicitly read by every subsequent call (init, probe, register).
+    // Without this lock, two workspaces sharing the same admin user would
+    // race the workspace context and provision into the wrong workspace.
+    return (0, hailer_clients_1.withApiKeyLock)(adminClient.sessionKey, () => provisionBotUserLocked(adminClient, payload, workspaceId, email));
+}
+async function provisionBotUserLocked(adminClient, payload, workspaceId, email) {
+    // Pin the admin's API-key context to the webhook's workspace. The key's
+    // current workspace follows whatever the admin last viewed in their
+    // browser, so we can't assume it matches `payload.cid`.
+    await adminClient.socket.request(hailer_rpc_1.HailerRpc.Core.switchEcosystem, [workspaceId]);
+    const sibling = await probeActivity(adminClient, payload._id);
+    if (sibling.gone) {
+        await removeBotFromConfig(workspaceId, payload._id);
+        logger.info('[Webhook] Activity no longer exists — skipping provision', {
+            activityId: payload._id, workspaceId,
+        });
+        return null;
+    }
+    if (sibling.uid) {
+        logger.info('[Webhook] Activity already provisioned — skipping register', {
+            activityId: payload._id, uid: sibling.uid, workspaceId,
+        });
+    }
+    if (sibling.uid && !sibling.password) {
+        return null;
+    }
+    if (sibling.uid && sibling.password) {
+        // The stamp proves the bot USER exists, not that the invite landed —
+        // hailerProfile/password are written BEFORE inviteSend (doom-loop
+        // fix below), so a transiently failed invite leaves a user that is
+        // not a workspace member. Verify membership and re-fire the invite
+        // before handing the credentials back for the config upsert.
+        await ensureWorkspaceMembership(adminClient, payload, workspaceId, sibling.email || email, sibling.uid);
+        return { uid: sibling.uid, password: sibling.password, freshlyProvisioned: false, discussion: sibling.discussion };
+    }
+    // teams → invite target; users → audit-message display name attribution.
+    const init = await adminClient.socket.request(hailer_rpc_1.HailerRpc.Core.init, [
+        ['teams', 'users'],
+    ]);
+    const newPassword = generateSecurePassword();
+    const firstname = getFieldValue(payload.fields, 'firstName') || 'Bot';
+    const lastname = getFieldValue(payload.fields, 'lastName') || payload.name;
+    const teamIds = init.teams ? Object.keys(init.teams) : [];
+    if (teamIds.length === 0) {
+        throw new Error('Workspace has no teams — cannot send invite');
+    }
+    const triggerUserName = resolveUserDisplayName(init.users, payload.uid);
+    // Register with retry-on-collision. 409 ("Email already registered") may be:
+    //   (a) sibling activity won the race — recheck shows their uid, use it
+    //   (b) email genuinely taken by an unrelated user (cross-workspace clash,
+    //       birthday-paradox collision in random suffix) — regenerate and retry
+    // Bounded so we never spin against a permanently-stuck name.
+    const MAX_REGISTER_RETRIES = 3;
+    let uid = null;
+    for (let attempt = 0; attempt <= MAX_REGISTER_RETRIES; attempt++) {
+        try {
+            const result = await adminClient.socket.request(hailer_rpc_1.HailerRpc.User.register, [
+                { email, firstname, lastname, password: newPassword },
+                {},
+                'en',
+            ]);
+            uid = result.uid;
+            break;
+        }
+        catch (registerErr) {
+            if (!isRegisterRaceError(registerErr)) {
+                throw registerErr;
+            }
+            // Sibling-race recheck only matters on the first 409. After that no
+            // sibling can appear (we hold the only provisioning attempt for this
+            // activity), so subsequent 409s are pure email collisions.
+            if (attempt === 0) {
+                const recheck = await probeActivity(adminClient, payload._id);
+                if (recheck.gone) {
+                    logger.info('[Webhook] register hit race but activity is now gone — skipping', {
+                        activityId: payload._id, workspaceId,
+                    });
+                    return null;
+                }
+                if (recheck.uid) {
+                    logger.info('[Webhook] register lost race — using sibling-provisioned user', {
+                        activityId: payload._id, uid: recheck.uid, workspaceId,
+                    });
+                    return recheck.password
+                        ? { uid: recheck.uid, password: recheck.password, freshlyProvisioned: false, discussion: recheck.discussion }
+                        : null;
+                }
+            }
+            if (attempt >= MAX_REGISTER_RETRIES) {
+                logger.warn('[Webhook] register: email collision exhausted retries — giving up', {
+                    activityId: payload._id, lastEmail: (0, config_1.maskEmail)(email),
+                    error: (0, tool_helpers_1.extractErrorMessage)(registerErr),
+                });
+                return null;
+            }
+            const nextEmail = generateBotEmail(firstname, lastname, workspaceId);
+            logger.info('[Webhook] register: email already registered — retrying with regenerated email', {
+                activityId: payload._id, attempt: attempt + 1,
+                previous: (0, config_1.maskEmail)(email), next: (0, config_1.maskEmail)(nextEmail),
+            });
+            // Write the new email back to the activity *before* the next register
+            // attempt — if a later step crashes after register succeeds, the
+            // activity must already show the email the user was registered with,
+            // not the original (now-taken) one.
+            await adminClient.socket.request(hailer_rpc_1.HailerRpc.Activities.updateMany, [[
+                    { _id: payload._id, fields: { agentEmailInHailer: nextEmail } },
+                ]]);
+            email = nextEmail;
+        }
+    }
+    if (!uid) {
+        // Defensive: the loop above either breaks with a uid set, returns, or
+        // exhausts retries (which returns null). Ending here means the control
+        // flow regressed — surface loudly rather than write empty strings to
+        // hailerProfile / use an unauthenticated invite.
+        throw new Error(`provisionBotUser: register loop fell through without a uid (activityId=${payload._id})`);
+    }
+    // Hailer member role on the workspace. Defaults to 'user' to match the
+    // AI Hub bot pattern; public-chat graduation hints 'admin' via the
+    // schemaConfig field so the freshly-graduated workspace's bot has the
+    // permission to install workflows, invite users, and otherwise act as
+    // the workspace's first administrator on the visitor's behalf.
+    const memberRole = readMemberRoleFromSchemaConfig(payload.fields);
+    // Stamp the activity with the freshly-registered uid BEFORE sending the
+    // invite. inviteSend can fail (e.g. Hailer returns 403 'Validate your
+    // email.' for an unverified admin); if the stamp came after, the activity
+    // would stay unprovisioned and every webhook redelivery would re-register a
+    // NEW bot user (email collision → regenerated email) and re-fire the invite
+    // — the reinvite doom loop. Stamping first means the next probeActivity
+    // short-circuits on sibling.uid, so a failed invite costs one attempt, not
+    // a storm (and never spawns duplicate bot users).
+    await adminClient.socket.request(hailer_rpc_1.HailerRpc.Activities.updateMany, [[
+            { _id: payload._id, fields: { hailerProfile: uid, password: newPassword } },
+        ]]);
+    await adminClient.socket.request(hailer_rpc_1.HailerRpc.Network.inviteSend, [
+        { email, teams: [teamIds[0]], role: memberRole, name: `${firstname} ${lastname}`, cid: workspaceId },
+    ]);
+    logger.info('[Webhook] Auto-created bot user', { email: (0, config_1.maskEmail)(email), uid, workspaceId });
+    return { uid, password: newPassword, freshlyProvisioned: true, discussion: sibling.discussion, triggerUserName };
+}
+/**
+ * Recovery for the stamp-before-invite orphan: provisionBotUserLocked
+ * deliberately stamps hailerProfile/password before inviteSend, so a
+ * transient invite failure leaves a Hailer user that never became a
+ * workspace member while every later webhook short-circuits on
+ * sibling.uid. Detect the orphan (bot uid missing from
+ * init.network.members) and retry the invite. invite.send is safe to
+ * repeat: an existing member returns success without side effects, and a
+ * fresh bot user (member of no workspace) is added directly without a
+ * pending-invite record. Throws on failure so the caller's catch skips
+ * the config upsert — never start a bot that can't reach its workspace.
+ * Must run after switchEcosystem has pinned the admin context to
+ * workspaceId (the caller holds the API-key lock).
+ */
+async function ensureWorkspaceMembership(adminClient, payload, workspaceId, email, uid) {
+    const init = await adminClient.socket.request(hailer_rpc_1.HailerRpc.Core.init, [
+        ['network', 'teams'],
+    ]);
+    const isMember = (init.network?.members || []).some((member) => member.uid === uid);
+    if (isMember) {
+        return;
+    }
+    const teamIds = init.teams ? Object.keys(init.teams) : [];
+    if (teamIds.length === 0) {
+        throw new Error('Workspace has no teams — cannot retry bot invite');
+    }
+    const firstname = getFieldValue(payload.fields, 'firstName') || 'Bot';
+    const lastname = getFieldValue(payload.fields, 'lastName') || payload.name;
+    const memberRole = readMemberRoleFromSchemaConfig(payload.fields);
+    logger.warn('[Webhook] Provisioned bot user is not a workspace member (earlier invite failed) — retrying invite', {
+        activityId: payload._id, uid, workspaceId, email: (0, config_1.maskEmail)(email),
+    });
+    await adminClient.socket.request(hailer_rpc_1.HailerRpc.Network.inviteSend, [
+        { email, teams: [teamIds[0]], role: memberRole, name: `${firstname} ${lastname}`, cid: workspaceId },
+    ]);
+    logger.info('[Webhook] Invite retry succeeded — bot user joined workspace', {
+        activityId: payload._id, uid, workspaceId,
+    });
+}
+// Best-effort audit trail in the bot's activity discussion. Failures must
+// not surface — auto-provisioning has already succeeded by the time we get here.
+//
+// Held inside withApiKeyLock + a fresh switchEcosystem because provisionBotUser
+// released the lock before returning. Without re-pinning the admin's server-
+// side workspace pointer, a concurrent webhook for a different workspace
+// could repoint the context and make activities.load resolve in the wrong
+// workspace (or fail), even though messenger.send is discussion-scoped.
+async function postProvisioningAudit(adminClient, workspaceId, activityId, result) {
+    await (0, hailer_clients_1.withApiKeyLock)(adminClient.sessionKey, async () => {
+        try {
+            await adminClient.socket.request(hailer_rpc_1.HailerRpc.Core.switchEcosystem, [workspaceId]);
+            let discussionId = result.discussion;
+            if (!discussionId) {
+                const activity = await adminClient.socket.request(hailer_rpc_1.HailerRpc.Activities.load, [activityId]);
+                discussionId = activity?.discussion;
+            }
+            if (!discussionId) {
+                return;
+            }
+            // activities.follow is a TOGGLE — calling it raw on an admin who's
+            // already following (e.g. they created the activity in AI Hub) flips
+            // them OFF and they get kicked out of the discussion. Use the toggle-
+            // aware wrapper so the admin ends up following regardless of prior state.
+            try {
+                await new hailer_api_client_1.HailerApiClient(adminClient).joinActivityDiscussion(activityId);
+            }
+            catch (joinErr) {
+                logger.debug('[Webhook] joinActivityDiscussion on audit join failed (non-fatal)', {
+                    activityId, error: (0, tool_helpers_1.extractErrorMessage)(joinErr),
+                });
+            }
+            const msg = result.triggerUserName
+                ? `User auto-provisioned by ${result.triggerUserName}.`
+                : `User auto-provisioned.`;
+            await adminClient.socket.request(hailer_rpc_1.HailerRpc.Messenger.send, [{ msg }, discussionId]);
+            logger.debug('[Webhook] Posted audit discussion message', { activityId, discussionId });
+        }
+        catch (auditErr) {
+            logger.warn('[Webhook] Failed to post audit discussion message (non-fatal)', {
+                activityId, error: (0, tool_helpers_1.extractErrorMessage)(auditErr),
+            });
+        }
+    });
+}
 // ============================================================================
 // WEBHOOK TOKEN SECURITY
 // ============================================================================
@@ -161,71 +747,107 @@ function getWebhookPath() {
     const token = getWebhookToken();
     return token ? `/${token}` : null;
 }
-let botUpdateCallback = null;
-function onBotUpdate(callback) {
-    botUpdateCallback = callback;
-}
-/**
- * Get field value from webhook payload by key
- */
 function getFieldValue(fields, key) {
     const field = fields.find((f) => f.key === key);
     return field?.value ?? null;
 }
 /**
- * Load existing workspace config or create empty one.
- * Delegates to bot-config/loader (single owner of .bot-config/*.json files).
- * Falls back to direct file I/O if bot-config module not available.
+ * Pull the optional `memberRole` hint out of the activity's schemaConfig
+ * JSON. Used by provisionBotUserInner to decide what Hailer member role
+ * to invite the bot account with: 'user' (default, matches AI Hub) or
+ * 'admin' (set by public-chat graduation so the first bot in a brand-new
+ * workspace can install workflows and invite users).
+ *
+ * Anything we don't recognize falls back to 'user' so a malformed config
+ * can't accidentally elevate a bot.
  */
-function loadBotConfigFile(workspaceId) {
-    if (_loadConfigFile) {
-        return _loadConfigFile(workspaceId);
+const ALLOWED_MEMBER_ROLES = ['user', 'admin'];
+function readMemberRoleFromSchemaConfig(fields) {
+    const raw = getFieldValue(fields, 'schemaConfig');
+    if (typeof raw !== 'string' || raw.length === 0) {
+        return 'user';
     }
-    // Fallback for MCP-only installs (no bot-config module)
-    const configDir = constants_1.BOT_CONFIG_DIR;
-    const configPath = path.join(configDir, `${workspaceId}.json`);
-    if (fs.existsSync(configPath)) {
-        try {
-            return JSON.parse(fs.readFileSync(configPath, 'utf-8'));
-        }
-        catch (error) {
-            logger.warn('Failed to load workspace config', { workspaceId, error: String(error) });
+    try {
+        const parsed = JSON.parse(raw);
+        const candidate = parsed?.memberRole;
+        if (typeof candidate === 'string' &&
+            ALLOWED_MEMBER_ROLES.includes(candidate)) {
+            return candidate;
         }
     }
-    return {
-        workspaceId,
-        workspaceName: workspaceId,
-        bots: [],
-        lastSynced: new Date().toISOString(),
-    };
+    catch {
+        // Falls through — schemaConfig will be reported as unparseable
+        // by the main handler later; no need to duplicate the warning.
+    }
+    return 'user';
 }
 /**
- * Save workspace config to file.
- * Delegates to bot-config/loader (single owner of .bot-config/*.json files).
- * Falls back to direct file I/O if bot-config module not available.
+ * Remove a bot entry from a workspace's config and emit a remove event so
+ * BotManager can shut the running bot down. Returns the removed entry if any.
  */
-function saveBotConfigFile(config) {
-    if (_saveConfigFile) {
-        _saveConfigFile(config);
-        return;
+async function removeBotFromConfig(workspaceId, activityId) {
+    const config = (0, loader_1.loadWorkspaceConfigFile)(workspaceId);
+    const idx = config.bots.findIndex((b) => b.activityId === activityId);
+    if (idx < 0) {
+        return null;
     }
-    // Fallback for MCP-only installs (no bot-config module)
-    const configDir = constants_1.BOT_CONFIG_DIR;
-    if (!fs.existsSync(configDir)) {
-        fs.mkdirSync(configDir, { recursive: true });
+    const [removed] = config.bots.splice(idx, 1);
+    (0, loader_1.saveWorkspaceConfigFile)(config);
+    (0, loader_1.invalidateConfigCache)();
+    await (0, events_1.emitBotEvent)({ workspaceId, bot: removed, action: 'remove' });
+    logger.info('Removed bot from config (activity deleted in Hailer)', {
+        workspaceId, activityId, email: (0, config_1.maskEmail)(removed.email),
+    });
+    return removed;
+}
+async function destroyBot(workspaceId, activityId, actor = {}) {
+    const config = (0, loader_1.loadWorkspaceConfigFile)(workspaceId);
+    const idx = config.bots.findIndex((b) => b.activityId === activityId);
+    if (idx < 0) {
+        logger.info('destroyBot: no config entry found', { workspaceId, activityId, actor });
+        return { removed: null, teardownOk: true };
     }
-    const configPath = path.join(configDir, `${config.workspaceId}.json`);
-    config.lastSynced = new Date().toISOString();
-    fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
-    logger.info('Saved workspace config', {
-        workspaceId: config.workspaceId,
-        path: configPath,
+    const [removed] = config.bots.splice(idx, 1);
+    (0, loader_1.saveWorkspaceConfigFile)(config);
+    (0, loader_1.invalidateConfigCache)();
+    const emit = await (0, events_1.emitBotEvent)({ workspaceId, bot: removed, action: 'destroy' });
+    if (emit.error !== undefined) {
+        const errMsg = (0, tool_helpers_1.extractErrorMessage)(emit.error);
+        logger.error('Destroyed bot config entry but session teardown failed', {
+            workspaceId, activityId, email: (0, config_1.maskEmail)(removed.email),
+            actorUid: actor.uid, actorName: actor.name, error: errMsg,
+        });
+        return { removed, teardownOk: false, teardownError: errMsg };
+    }
+    if (emit.listenerCount === 0) {
+        const errMsg = 'no destroy listener registered (MCP-only mode?)';
+        logger.warn('Destroyed bot config entry but no listener ran', {
+            workspaceId, activityId, email: (0, config_1.maskEmail)(removed.email),
+            actorUid: actor.uid, actorName: actor.name,
+        });
+        return { removed, teardownOk: false, teardownError: errMsg };
+    }
+    // NOTE: the Hailer user account is intentionally NOT deleted here — see
+    // Bot.destroy() in bot.ts. Hailer's inactive-user prune sweeps them
+    // out-of-band. The activity is removed by AI Hub separately.
+    logger.info('Destroyed bot (config entry + running session)', {
+        workspaceId, activityId, email: (0, config_1.maskEmail)(removed.email),
+        actorUid: actor.uid, actorName: actor.name,
     });
+    return { removed, teardownOk: true };
 }
 /**
  * Process webhook payload and update workspace config
  */
-function handleBotConfigWebhook(payload) {
+async function handleBotConfigWebhook(payload) {
+    // Serialize ALL webhook processing per activity. Hailer fires multiple
+    // webhooks per activity create/phase transition and they hit Express in
+    // parallel — without an outer lock the load → modify → save → emit
+    // sequence races and bot-manager sees out-of-order add/remove events.
+    // Net result: bots not turning on/off reliably under burst traffic.
+    return withProvisionLock(payload._id, () => handleBotConfigWebhookLocked(payload));
+}
+async function handleBotConfigWebhookLocked(payload) {
     const workspaceId = payload.cid;
     logger.debug('Processing bot config webhook', {
         activityId: payload._id,
@@ -233,17 +855,151 @@ function handleBotConfigWebhook(payload) {
         workspaceId,
         phase: payload.currentPhase,
     });
-    // Extract fields
+    // Extract fields. password/userId are reassigned by auto-provisioning below.
     const email = getFieldValue(payload.fields, 'agentEmailInHailer');
-    const password = getFieldValue(payload.fields, 'password');
+    let password = getFieldValue(payload.fields, 'password');
     const botType = getFieldValue(payload.fields, 'botType');
-    const userId = getFieldValue(payload.fields, 'hailerProfile');
+    let userId = getFieldValue(payload.fields, 'hailerProfile');
     const schemaConfigStr = getFieldValue(payload.fields, 'schemaConfig');
     const systemPrompt = getFieldValue(payload.fields, 'systemPrompt') || undefined;
     const accessLevel = getFieldValue(payload.fields, 'accessLevel') || undefined;
+    const seedContext = getFieldValue(payload.fields, 'seedContext') || undefined;
     // responseMode and allowBotMessages are stored inside schemaConfig JSON, not as separate fields
     let responseMode;
     let allowBotMessages = false;
+    let helperMode = false;
+    // Parse schemaConfig once, up here, so we can read `adminApiKey` from it
+    // before any code path that depends on workspace admin credentials runs
+    // (probe path, auto-provisioning, etc.). Reused later for the bot-config
+    // update without re-parsing.
+    let schemaConfig = null;
+    if (schemaConfigStr) {
+        try {
+            schemaConfig = JSON.parse(schemaConfigStr);
+        }
+        catch (e) {
+            logger.warn('Failed to parse schemaConfig', { schemaConfigStr });
+        }
+    }
+    // If the activity carries an admin api key in schemaConfig.adminApiKey,
+    // validate and persist it now — downstream getAdminApiKey() calls will
+    // see it immediately. Safe to run before the probe/provision branches.
+    await maybePersistAdminKeyFromSchema(workspaceId, schemaConfig, payload._id, payload.process);
+    // Carrier activities exist solely to deliver workspace-scoped config via
+    // schemaConfig (admin API key when no real bots exist). Not bots — skip
+    // the provisioning + bot-config branches. AI Hub filters them out of the
+    // bot list.
+    if (schemaConfig?._isCarrier) {
+        logger.info('[Webhook] Carrier activity processed — admin key persisted, skipping bot logic', {
+            workspaceId,
+            activityId: payload._id,
+        });
+        return {
+            success: true,
+            action: 'skip-carrier',
+            workspaceId,
+            botType,
+        };
+    }
+    // For already-provisioned bots (userId set), probe Hailer to confirm the
+    // activity still exists. Hailer queues webhooks during/after delete, so an
+    // orphan webhook for a deleted activity would otherwise re-add the bot
+    // entry and start a doomed bot. The auto-provision branch below has its
+    // own gone-detection — we only need this for the userId-already-set path.
+    if (userId) {
+        const adminApiKey = (0, workspace_admin_store_1.getAdminApiKey)(workspaceId);
+        if (adminApiKey) {
+            try {
+                const adminClient = await (0, hailer_clients_1.createHailerClientByApiKey)(adminApiKey);
+                // Hold the API-key lock across switchEcosystem + probe so a
+                // concurrent webhook for a different workspace using the same
+                // admin key can't repoint the server context mid-probe.
+                const probe = await (0, hailer_clients_1.withApiKeyLock)(adminClient.sessionKey, async () => {
+                    await adminClient.socket.request(hailer_rpc_1.HailerRpc.Core.switchEcosystem, [workspaceId]);
+                    return probeActivity(adminClient, payload._id);
+                });
+                if (probe.gone) {
+                    const removed = await removeBotFromConfig(workspaceId, payload._id);
+                    return {
+                        success: true,
+                        action: removed ? 'remove' : 'skip',
+                        workspaceId,
+                        botType,
+                    };
+                }
+            }
+            catch (err) {
+                // Probe failures are non-fatal — fall through to the normal flow
+                // and let the bot-config update happen as usual. But if the admin
+                // key itself was rejected (auth failure), forget it so we don't
+                // keep hammering 403 on every webhook.
+                await forgetAdminKeyOnAuthFailure(workspaceId, err);
+                logger.debug('[Webhook] existence probe failed (non-fatal)', {
+                    activityId: payload._id,
+                    error: (0, tool_helpers_1.extractErrorMessage)(err),
+                });
+            }
+        }
+    }
+    // Auto-create bot Hailer account if email is set but no profile/password yet.
+    // A null result means a sibling webhook is mid-provision but hasn't written
+    // the password yet — fall through so the missing-credentials check below skips.
+    if (!userId && email) {
+        const adminApiKey = (0, workspace_admin_store_1.getAdminApiKey)(workspaceId);
+        if (!adminApiKey) {
+            logger.warn('[Webhook] No admin credentials for workspace — cannot auto-create bot user', { workspaceId });
+            return {
+                success: false,
+                action: 'skip',
+                workspaceId,
+                botType,
+                error: 'Missing admin credentials for auto-provisioning',
+            };
+        }
+        try {
+            const adminClient = await (0, hailer_clients_1.createHailerClientByApiKey)(adminApiKey);
+            const provisioned = await provisionBotUser(adminClient, payload, workspaceId, email);
+            if (!provisioned) {
+                // null means the activity was deleted, a sibling is mid-provision, or
+                // a dangling user blocks register. In every case the payload data is
+                // stale or the entry, if any, is in a transient state — do NOT fall
+                // through to upsert: that would re-add an entry for a deleted
+                // activity (bug seen with queued webhooks for already-deleted bots).
+                return {
+                    success: true,
+                    action: 'skip',
+                    workspaceId,
+                    botType,
+                };
+            }
+            userId = provisioned.uid;
+            password = provisioned.password;
+            if (provisioned.freshlyProvisioned) {
+                await postProvisioningAudit(adminClient, workspaceId, payload._id, provisioned);
+            }
+        }
+        catch (err) {
+            // Auto-provision failure is logged loudly but we return success so
+            // Hailer doesn't suspend webhook delivery after consecutive 500s.
+            // The activity update is real either way; the operator fixes the
+            // underlying cause (permissions, dangling users) and retries by
+            // toggling the bot in AI Hub.
+            const errMsg = (0, tool_helpers_1.extractErrorMessage)(err);
+            await forgetAdminKeyOnAuthFailure(workspaceId, err);
+            logger.error('[Webhook] Failed to auto-create bot user (returning 200 to avoid webhook suspension)', {
+                err: errMsg,
+                email: (0, config_1.maskEmail)(email),
+                activityId: payload._id,
+            });
+            return {
+                success: false,
+                action: 'skip',
+                workspaceId,
+                botType,
+                error: errMsg,
+            };
+        }
+    }
     // Validate required fields
     if (!email || !password) {
         logger.warn('Webhook missing credentials', {
@@ -263,26 +1019,26 @@ function handleBotConfigWebhook(payload) {
     let deployedPhaseId = null;
     let retiredPhaseId = null;
     let allowedWorkflows;
-    if (schemaConfigStr) {
-        try {
-            const schemaConfig = JSON.parse(schemaConfigStr);
-            deployedPhaseId = schemaConfig.deployedPhaseId;
-            retiredPhaseId = schemaConfig.retiredPhaseId;
-            responseMode = schemaConfig.responseMode || undefined;
-            allowBotMessages = !!schemaConfig.allowBotMessages;
-            if (Array.isArray(schemaConfig.allowedWorkflows)) {
-                allowedWorkflows = schemaConfig.allowedWorkflows;
-            }
-        }
-        catch (e) {
-            logger.warn('Failed to parse schemaConfig', { schemaConfigStr });
+    if (schemaConfig) {
+        deployedPhaseId = schemaConfig.deployedPhaseId ?? null;
+        retiredPhaseId = schemaConfig.retiredPhaseId ?? null;
+        responseMode = schemaConfig.responseMode || undefined;
+        allowBotMessages = !!schemaConfig.allowBotMessages;
+        helperMode = !!schemaConfig.helperMode;
+        if (Array.isArray(schemaConfig.allowedWorkflows)) {
+            allowedWorkflows = schemaConfig.allowedWorkflows;
         }
     }
-    const isDeployed = deployedPhaseId ? payload.currentPhase === deployedPhaseId : true;
+    // Fail-closed: if we don't know the deployed phase, treat the bot as
+    // disabled. New activities start in the Retired phase, and trailing
+    // webhooks (e.g. from a delete in AI Hub) often arrive with empty
+    // schemaConfig — defaulting to enabled would re-start a bot the user
+    // just disabled.
+    const isDeployed = deployedPhaseId ? payload.currentPhase === deployedPhaseId : false;
     const isRetired = retiredPhaseId ? payload.currentPhase === retiredPhaseId : false;
     const enabled = isDeployed && !isRetired;
-    // Load existing config
-    const config = loadBotConfigFile(workspaceId);
+    const config = (0, loader_1.loadWorkspaceConfigFile)(workspaceId);
+    const existingEntry = config.bots.find((b) => b.activityId === payload._id);
     const botEntry = {
         activityId: payload._id,
         userId: userId || null,
@@ -296,12 +1052,28 @@ function handleBotConfigWebhook(payload) {
         allowedWorkflows,
         allowBotMessages,
         responseMode,
+        helperMode,
+        // Preserve the previously-stored seedContext if Hailer omitted the
+        // field from this webhook (it only re-sends fields that changed in
+        // the phase event, so subsequent transitions can wipe it).
+        seedContext: seedContext ?? existingEntry?.seedContext,
+        introPosted: existingEntry?.introPosted,
     };
-    // Find existing bot by activityId, or add new
-    const existingIndex = config.bots.findIndex(b => b.activityId === payload._id);
+    const existingIndex = existingEntry
+        ? config.bots.indexOf(existingEntry)
+        : -1;
     let action;
     if (existingIndex >= 0) {
-        config.bots[existingIndex] = botEntry;
+        // Carry forward "this bot has already done X" flags. Without this, a
+        // phase toggle (e.g. Retire → Deploy) reconstructs the entry from the
+        // webhook payload alone and the bot re-runs its one-shot self-intro
+        // — which also re-toggles its activity-discussion membership and
+        // produces a "left → joined" sequence in the UI.
+        const existing = config.bots[existingIndex];
+        config.bots[existingIndex] = {
+            ...botEntry,
+            introPosted: existing.introPosted,
+        };
         action = enabled ? 'update' : 'remove';
     }
     else if (enabled) {
@@ -312,45 +1084,18 @@ function handleBotConfigWebhook(payload) {
         action = 'update';
     }
     logger.info('Updated bot', { workspaceId, email: (0, config_1.maskEmail)(email), botType, enabled, action });
-    // Save config
-    saveBotConfigFile(config);
-    // Invalidate config cache so loadBotConfigs() reads fresh data
-    if (invalidateConfigCache)
-        invalidateConfigCache();
-    // Trigger callback for hot reload
-    if (botUpdateCallback) {
-        botUpdateCallback(workspaceId, botEntry, action);
-    }
+    (0, loader_1.saveWorkspaceConfigFile)(config);
+    (0, loader_1.invalidateConfigCache)();
+    await (0, events_1.emitBotEvent)({ workspaceId, bot: botEntry, action });
     return {
         success: true,
         action,
         workspaceId,
         botType,
+        userId: userId || null,
     };
 }
-/**
- * List all workspace configs.
- * Delegates to bot-config/loader when available.
- */
 function listWorkspaceConfigs() {
-    if (_listConfigFiles) {
-        return _listConfigFiles();
-    }
-    // Fallback for MCP-only installs
-    const configDir = constants_1.BOT_CONFIG_DIR;
-    if (!fs.existsSync(configDir))
-        return [];
-    const files = fs.readdirSync(configDir).filter((f) => f.endsWith('.json'));
-    const configs = [];
-    for (const file of files) {
-        try {
-            const content = fs.readFileSync(path.join(configDir, file), 'utf-8');
-            configs.push(JSON.parse(content));
-        }
-        catch (error) {
-            logger.warn('Failed to load workspace config', { file, error: String(error) });
-        }
-    }
-    return configs;
+    return (0, loader_1.listWorkspaceConfigFiles)();
 }
 //# sourceMappingURL=webhook-handler.js.map