@inkeep/agents-work-apps 0.0.0-dev-20260203033642

package/dist/github/routes/webhooks.js

@@ -0,0 +1,278 @@
+import { getLogger } from "../../logger.js";
+import runDbClient_default from "../../db/runDbClient.js";
+import { getWebhookSecret, isWebhookConfigured } from "../config.js";
+import { addRepositories, deleteInstallation, getInstallationByGitHubId, removeRepositories, updateInstallationStatusByGitHubId } from "@inkeep/agents-core";
+import { Hono } from "hono";
+import { createHmac, timingSafeEqual } from "node:crypto";
+
+//#region src/github/routes/webhooks.ts
+const logger = getLogger("github-webhooks");
+function verifyWebhookSignature(payload, signature, secret) {
+	if (!signature) return {
+		success: false,
+		error: "Missing X-Hub-Signature-256 header"
+	};
+	if (!signature.startsWith("sha256=")) return {
+		success: false,
+		error: "Invalid signature format"
+	};
+	const providedSignature = signature.slice(7);
+	const hmac = createHmac("sha256", secret);
+	hmac.update(payload);
+	const expectedSignature = hmac.digest("hex");
+	try {
+		const providedBuffer = Buffer.from(providedSignature, "hex");
+		const expectedBuffer = Buffer.from(expectedSignature, "hex");
+		if (providedBuffer.length !== expectedBuffer.length) return {
+			success: false,
+			error: "Invalid signature"
+		};
+		if (!timingSafeEqual(providedBuffer, expectedBuffer)) return {
+			success: false,
+			error: "Invalid signature"
+		};
+		return { success: true };
+	} catch {
+		return {
+			success: false,
+			error: "Invalid signature format"
+		};
+	}
+}
+const app = new Hono();
+app.post("/", async (c) => {
+	if (!isWebhookConfigured()) {
+		logger.error({}, "GitHub webhook secret not configured");
+		return c.json({ error: "GitHub webhook secret not configured" }, 500);
+	}
+	const rawBody = await c.req.text();
+	const signature = c.req.header("X-Hub-Signature-256");
+	const eventType = c.req.header("X-GitHub-Event");
+	const deliveryId = c.req.header("X-GitHub-Delivery");
+	logger.info({
+		eventType,
+		deliveryId
+	}, "Received GitHub webhook");
+	const verificationResult = verifyWebhookSignature(rawBody, signature, getWebhookSecret());
+	if (!verificationResult.success) {
+		logger.warn({
+			eventType,
+			deliveryId,
+			error: verificationResult.error
+		}, "Webhook signature verification failed");
+		return c.json({ error: verificationResult.error }, 401);
+	}
+	logger.info({
+		eventType,
+		deliveryId
+	}, "Webhook signature verified");
+	if (!eventType) {
+		logger.warn({ deliveryId }, "Missing X-GitHub-Event header");
+		return c.json({ error: "Missing X-GitHub-Event header" }, 400);
+	}
+	const payload = JSON.parse(rawBody);
+	if (eventType === "installation") return handleInstallationEvent(c, payload, deliveryId);
+	if (eventType === "installation_repositories") return handleInstallationRepositoriesEvent(c, payload, deliveryId);
+	logger.info({
+		eventType,
+		deliveryId
+	}, "Received unhandled event type, acknowledging");
+	return c.json({ received: true }, 200);
+});
+async function handleInstallationEvent(c, payload, deliveryId) {
+	const { action, installation } = payload;
+	const installationId = String(installation.id);
+	logger.info({
+		action,
+		deliveryId,
+		installationId,
+		accountLogin: installation.account.login,
+		accountType: installation.account.type
+	}, "Processing installation webhook event");
+	try {
+		switch (action) {
+			case "created": {
+				const existing = await getInstallationByGitHubId(runDbClient_default)(installationId);
+				if (existing) if (existing.status === "pending") {
+					logger.info({
+						installationId,
+						existingId: existing.id
+					}, "Activating pending installation");
+					await updateInstallationStatusByGitHubId(runDbClient_default)({
+						gitHubInstallationId: installationId,
+						status: "active"
+					});
+				} else logger.info({
+					installationId,
+					existingId: existing.id,
+					currentStatus: existing.status
+				}, "Installation already exists, no action needed");
+				else logger.warn({
+					installationId,
+					accountLogin: installation.account.login
+				}, "Received created event for unknown installation - cannot create without tenant association");
+				if (existing && payload.repositories && payload.repositories.length > 0) {
+					const repos = payload.repositories.map((repo) => ({
+						repositoryId: String(repo.id),
+						repositoryName: repo.name,
+						repositoryFullName: repo.full_name,
+						private: repo.private
+					}));
+					await addRepositories(runDbClient_default)({
+						installationId: existing.id,
+						repositories: repos
+					});
+					logger.info({
+						installationId,
+						repositoryCount: repos.length
+					}, "Added initial repositories from installation created event");
+				}
+				break;
+			}
+			case "deleted": {
+				const existing = await getInstallationByGitHubId(runDbClient_default)(installationId);
+				if (existing) {
+					logger.info({
+						installationId,
+						existingId: existing.id
+					}, "Deleting installation");
+					await deleteInstallation(runDbClient_default)({
+						tenantId: existing.tenantId,
+						id: existing.id
+					});
+				} else logger.warn({ installationId }, "Received deleted event for unknown installation");
+				break;
+			}
+			case "suspend": {
+				const existing = await getInstallationByGitHubId(runDbClient_default)(installationId);
+				if (existing) {
+					logger.info({
+						installationId,
+						existingId: existing.id
+					}, "Suspending installation");
+					await updateInstallationStatusByGitHubId(runDbClient_default)({
+						gitHubInstallationId: installationId,
+						status: "suspended"
+					});
+				} else logger.warn({ installationId }, "Received suspend event for unknown installation");
+				break;
+			}
+			case "unsuspend": {
+				const existing = await getInstallationByGitHubId(runDbClient_default)(installationId);
+				if (existing) {
+					logger.info({
+						installationId,
+						existingId: existing.id
+					}, "Unsuspending installation");
+					await updateInstallationStatusByGitHubId(runDbClient_default)({
+						gitHubInstallationId: installationId,
+						status: "active"
+					});
+				} else logger.warn({ installationId }, "Received unsuspend event for unknown installation");
+				break;
+			}
+			case "new_permissions_accepted":
+				logger.info({ installationId }, "New permissions accepted for installation");
+				break;
+			default: logger.info({
+				action,
+				deliveryId
+			}, "Received unhandled installation action");
+		}
+		return c.json({
+			received: true,
+			action
+		}, 200);
+	} catch (error) {
+		logger.error({
+			error,
+			action,
+			installationId,
+			deliveryId
+		}, "Failed to process installation event");
+		return c.json({
+			received: true,
+			error: "Processing failed"
+		}, 200);
+	}
+}
+async function handleInstallationRepositoriesEvent(c, payload, deliveryId) {
+	const { action, installation, repositories_added, repositories_removed } = payload;
+	const installationId = String(installation.id);
+	logger.info({
+		action,
+		deliveryId,
+		installationId,
+		accountLogin: installation.account.login,
+		addedCount: repositories_added?.length ?? 0,
+		removedCount: repositories_removed?.length ?? 0
+	}, "Processing installation_repositories webhook event");
+	try {
+		const existing = await getInstallationByGitHubId(runDbClient_default)(installationId);
+		if (!existing) {
+			logger.warn({
+				installationId,
+				accountLogin: installation.account.login
+			}, "Received repository event for unknown installation");
+			return c.json({
+				received: true,
+				warning: "Unknown installation"
+			}, 200);
+		}
+		if (existing.status === "deleted") {
+			logger.info({ installationId }, "Ignoring repository event for deleted installation");
+			return c.json({
+				received: true,
+				skipped: "Installation deleted"
+			}, 200);
+		}
+		if (action === "added" && repositories_added && repositories_added.length > 0) {
+			const repos = repositories_added.map((repo) => ({
+				repositoryId: String(repo.id),
+				repositoryName: repo.name,
+				repositoryFullName: repo.full_name,
+				private: repo.private
+			}));
+			const added = await addRepositories(runDbClient_default)({
+				installationId: existing.id,
+				repositories: repos
+			});
+			logger.info({
+				installationId,
+				addedCount: added.length,
+				requestedCount: repos.length
+			}, "Added repositories to installation");
+		}
+		if (action === "removed" && repositories_removed && repositories_removed.length > 0) {
+			const repoIds = repositories_removed.map((repo) => String(repo.id));
+			const removedCount = await removeRepositories(runDbClient_default)({
+				installationId: existing.id,
+				repositoryIds: repoIds
+			});
+			logger.info({
+				installationId,
+				removedCount,
+				requestedCount: repoIds.length
+			}, "Removed repositories from installation");
+		}
+		return c.json({
+			received: true,
+			action
+		}, 200);
+	} catch (error) {
+		logger.error({
+			error,
+			action,
+			installationId,
+			deliveryId
+		}, "Failed to process installation_repositories event");
+		return c.json({
+			received: true,
+			error: "Processing failed"
+		}, 200);
+	}
+}
+var webhooks_default = app;
+
+//#endregion
+export { webhooks_default as default, verifyWebhookSignature };

package/dist/logger.d.ts

@@ -0,0 +1,2 @@
+import { getLogger } from "@inkeep/agents-core";
+export { getLogger };

package/dist/logger.js

@@ -0,0 +1,3 @@
+import { getLogger } from "@inkeep/agents-core";
+
+export { getLogger };

package/package.json

@@ -0,0 +1,65 @@
+{
+  "name": "@inkeep/agents-work-apps",
+  "version": "0.0.0-dev-20260203033642",
+  "description": "First party integrations for Inkeep Agents",
+  "type": "module",
+  "license": "SEE LICENSE IN LICENSE.md",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./github": {
+      "types": "./dist/github/index.d.ts",
+      "import": "./dist/github/index.js"
+    }
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.25.3",
+    "@octokit/auth-app": "^8.1.2",
+    "@octokit/rest": "^22.0.1",
+    "drizzle-orm": "^0.44.7",
+    "fetch-to-node": "^2.1.0",
+    "hono": "^4.10.4",
+    "jose": "^6.1.0",
+    "minimatch": "^10.1.1",
+    "@inkeep/agents-core": "0.0.0-dev-20260203033642"
+  },
+  "peerDependencies": {
+    "@hono/zod-openapi": "^1.1.5",
+    "zod": "^4.1.11"
+  },
+  "devDependencies": {
+    "@types/node": "^20.11.24",
+    "typescript": "^5.9.2",
+    "vitest": "^3.2.4"
+  },
+  "engines": {
+    "node": ">=22.18.0"
+  },
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE.md"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/inkeep/agents.git",
+    "directory": "packages/agents-workapps"
+  },
+  "scripts": {
+    "build": "tsdown",
+    "dev": "pnpm build --watch",
+    "test": "vitest --run",
+    "lint": "biome lint --error-on-warnings",
+    "lint:fix": "biome check --write src",
+    "format": "biome format --write src",
+    "format:check": "biome format src",
+    "typecheck": "tsc --noEmit"
+  }
+}