npm - @lobu/gateway - Versions diffs - 3.0.5 → 3.0.7 - Mend

@lobu/gateway 3.0.5 → 3.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (175) hide show

package/package.json +2 -2
package/src/__tests__/agent-config-routes.test.ts +254 -0
package/src/__tests__/agent-history-routes.test.ts +72 -0
package/src/__tests__/agent-routes.test.ts +68 -0
package/src/__tests__/agent-schedules-routes.test.ts +59 -0
package/src/__tests__/agent-settings-store.test.ts +323 -0
package/src/__tests__/chat-instance-manager-slack.test.ts +204 -0
package/src/__tests__/chat-response-bridge.test.ts +131 -0
package/src/__tests__/config-memory-plugins.test.ts +92 -0
package/src/__tests__/config-request-store.test.ts +127 -0
package/src/__tests__/connection-routes.test.ts +144 -0
package/src/__tests__/core-services-store-selection.test.ts +92 -0
package/src/__tests__/docker-deployment.test.ts +1211 -0
package/src/__tests__/embedded-deployment.test.ts +342 -0
package/src/__tests__/grant-store.test.ts +148 -0
package/src/__tests__/http-proxy.test.ts +281 -0
package/src/__tests__/instruction-service.test.ts +37 -0
package/src/__tests__/link-buttons.test.ts +112 -0
package/src/__tests__/lobu.test.ts +32 -0
package/src/__tests__/mcp-config-service.test.ts +347 -0
package/src/__tests__/mcp-proxy.test.ts +696 -0
package/src/__tests__/message-handler-bridge.test.ts +17 -0
package/src/__tests__/model-selection.test.ts +172 -0
package/src/__tests__/oauth-templates.test.ts +39 -0
package/src/__tests__/platform-adapter-slack-send.test.ts +114 -0
package/src/__tests__/platform-helpers-model-resolution.test.ts +253 -0
package/src/__tests__/provider-inheritance.test.ts +212 -0
package/src/__tests__/routes/cli-auth.test.ts +337 -0
package/src/__tests__/routes/interactions.test.ts +121 -0
package/src/__tests__/secret-proxy.test.ts +85 -0
package/src/__tests__/session-manager.test.ts +572 -0
package/src/__tests__/setup.ts +133 -0
package/src/__tests__/skill-and-mcp-registry.test.ts +203 -0
package/src/__tests__/slack-routes.test.ts +161 -0
package/src/__tests__/system-config-resolver.test.ts +75 -0
package/src/__tests__/system-message-limiter.test.ts +89 -0
package/src/__tests__/system-skills-service.test.ts +362 -0
package/src/__tests__/transcription-service.test.ts +222 -0
package/src/__tests__/utils/rate-limiter.test.ts +102 -0
package/src/__tests__/worker-connection-manager.test.ts +497 -0
package/src/__tests__/worker-job-router.test.ts +722 -0
package/src/api/index.ts +1 -0
package/src/api/platform.ts +292 -0
package/src/api/response-renderer.ts +157 -0
package/src/auth/agent-metadata-store.ts +168 -0
package/src/auth/api-auth-middleware.ts +69 -0
package/src/auth/api-key-provider-module.ts +213 -0
package/src/auth/base-provider-module.ts +201 -0
package/src/auth/chatgpt/chatgpt-oauth-module.ts +185 -0
package/src/auth/chatgpt/device-code-client.ts +218 -0
package/src/auth/chatgpt/index.ts +1 -0
package/src/auth/claude/oauth-module.ts +280 -0
package/src/auth/cli/token-service.ts +249 -0
package/src/auth/external/client.ts +560 -0
package/src/auth/external/device-code-client.ts +225 -0
package/src/auth/mcp/config-service.ts +392 -0
package/src/auth/mcp/proxy.ts +1088 -0
package/src/auth/mcp/string-substitution.ts +17 -0
package/src/auth/mcp/tool-cache.ts +90 -0
package/src/auth/oauth/base-client.ts +267 -0
package/src/auth/oauth/client.ts +153 -0
package/src/auth/oauth/credentials.ts +7 -0
package/src/auth/oauth/providers.ts +69 -0
package/src/auth/oauth/state-store.ts +150 -0
package/src/auth/oauth-templates.ts +179 -0
package/src/auth/provider-catalog.ts +220 -0
package/src/auth/provider-model-options.ts +41 -0
package/src/auth/settings/agent-settings-store.ts +565 -0
package/src/auth/settings/auth-profiles-manager.ts +216 -0
package/src/auth/settings/index.ts +12 -0
package/src/auth/settings/model-preference-store.ts +52 -0
package/src/auth/settings/model-selection.ts +135 -0
package/src/auth/settings/resolved-settings-view.ts +298 -0
package/src/auth/settings/template-utils.ts +44 -0
package/src/auth/settings/token-service.ts +88 -0
package/src/auth/system-env-store.ts +98 -0
package/src/auth/user-agents-store.ts +68 -0
package/src/channels/binding-service.ts +214 -0
package/src/channels/index.ts +4 -0
package/src/cli/gateway.ts +1304 -0
package/src/cli/index.ts +74 -0
package/src/commands/built-in-commands.ts +80 -0
package/src/commands/command-dispatcher.ts +94 -0
package/src/commands/command-reply-adapters.ts +27 -0
package/src/config/file-loader.ts +618 -0
package/src/config/index.ts +588 -0
package/src/config/network-allowlist.ts +71 -0
package/src/connections/chat-instance-manager.ts +1284 -0
package/src/connections/chat-response-bridge.ts +618 -0
package/src/connections/index.ts +7 -0
package/src/connections/interaction-bridge.ts +831 -0
package/src/connections/message-handler-bridge.ts +415 -0
package/src/connections/platform-auth-methods.ts +15 -0
package/src/connections/types.ts +84 -0
package/src/gateway/connection-manager.ts +291 -0
package/src/gateway/index.ts +700 -0
package/src/gateway/job-router.ts +201 -0
package/src/gateway-main.ts +200 -0
package/src/index.ts +41 -0
package/src/infrastructure/queue/index.ts +12 -0
package/src/infrastructure/queue/queue-producer.ts +148 -0
package/src/infrastructure/queue/redis-queue.ts +361 -0
package/src/infrastructure/queue/types.ts +133 -0
package/src/infrastructure/redis/system-message-limiter.ts +94 -0
package/src/interactions/config-request-store.ts +198 -0
package/src/interactions.ts +363 -0
package/src/lobu.ts +311 -0
package/src/metrics/prometheus.ts +159 -0
package/src/modules/module-system.ts +179 -0
package/src/orchestration/base-deployment-manager.ts +900 -0
package/src/orchestration/deployment-utils.ts +98 -0
package/src/orchestration/impl/docker-deployment.ts +620 -0
package/src/orchestration/impl/embedded-deployment.ts +268 -0
package/src/orchestration/impl/index.ts +8 -0
package/src/orchestration/impl/k8s/deployment.ts +1061 -0
package/src/orchestration/impl/k8s/helpers.ts +610 -0
package/src/orchestration/impl/k8s/index.ts +1 -0
package/src/orchestration/index.ts +333 -0
package/src/orchestration/message-consumer.ts +584 -0
package/src/orchestration/scheduled-wakeup.ts +704 -0
package/src/permissions/approval-policy.ts +36 -0
package/src/permissions/grant-store.ts +219 -0
package/src/platform/file-handler.ts +66 -0
package/src/platform/link-buttons.ts +57 -0
package/src/platform/renderer-utils.ts +44 -0
package/src/platform/response-renderer.ts +84 -0
package/src/platform/unified-thread-consumer.ts +187 -0
package/src/platform.ts +318 -0
package/src/proxy/http-proxy.ts +752 -0
package/src/proxy/proxy-manager.ts +81 -0
package/src/proxy/secret-proxy.ts +402 -0
package/src/proxy/token-refresh-job.ts +143 -0
package/src/routes/internal/audio.ts +141 -0
package/src/routes/internal/device-auth.ts +566 -0
package/src/routes/internal/files.ts +226 -0
package/src/routes/internal/history.ts +69 -0
package/src/routes/internal/images.ts +127 -0
package/src/routes/internal/interactions.ts +84 -0
package/src/routes/internal/middleware.ts +23 -0
package/src/routes/internal/schedule.ts +226 -0
package/src/routes/internal/types.ts +22 -0
package/src/routes/openapi-auto.ts +239 -0
package/src/routes/public/agent-access.ts +23 -0
package/src/routes/public/agent-config.ts +675 -0
package/src/routes/public/agent-history.ts +422 -0
package/src/routes/public/agent-schedules.ts +296 -0
package/src/routes/public/agent.ts +1086 -0
package/src/routes/public/agents.ts +373 -0
package/src/routes/public/channels.ts +191 -0
package/src/routes/public/cli-auth.ts +883 -0
package/src/routes/public/connections.ts +574 -0
package/src/routes/public/landing.ts +16 -0
package/src/routes/public/oauth.ts +147 -0
package/src/routes/public/settings-auth.ts +104 -0
package/src/routes/public/slack.ts +173 -0
package/src/routes/shared/agent-ownership.ts +101 -0
package/src/routes/shared/token-verifier.ts +34 -0
package/src/services/core-services.ts +1053 -0
package/src/services/image-generation-service.ts +257 -0
package/src/services/instruction-service.ts +318 -0
package/src/services/mcp-registry.ts +94 -0
package/src/services/platform-helpers.ts +287 -0
package/src/services/session-manager.ts +262 -0
package/src/services/settings-resolver.ts +74 -0
package/src/services/system-config-resolver.ts +90 -0
package/src/services/system-skills-service.ts +229 -0
package/src/services/transcription-service.ts +684 -0
package/src/session.ts +110 -0
package/src/spaces/index.ts +1 -0
package/src/spaces/space-resolver.ts +17 -0
package/src/stores/in-memory-agent-store.ts +403 -0
package/src/stores/redis-agent-store.ts +279 -0
package/src/utils/public-url.ts +44 -0
package/src/utils/rate-limiter.ts +94 -0
package/tsconfig.json +33 -0

package/src/routes/public/agents.ts ADDED Viewed

@@ -0,0 +1,373 @@
+/**
+ * Agent Management Routes - Create, list, update, and delete user agents
+ *
+ * Routes:
+ * - POST /api/v1/agents - Create a new agent
+ * - GET /api/v1/agents - List user's agents (requires token)
+ * - PATCH /api/v1/agents/{agentId} - Update agent name/description
+ * - DELETE /api/v1/agents/{agentId} - Delete an agent
+ */
+import { createLogger } from "@lobu/core";
+import { Hono } from "hono";
+import type { AgentMetadataStore } from "../../auth/agent-metadata-store";
+import type { AgentSettings, AgentSettingsStore } from "../../auth/settings";
+import { buildDefaultSettingsFromSource } from "../../auth/settings/template-utils";
+import type { SettingsTokenPayload } from "../../auth/settings/token-service";
+import type { UserAgentsStore } from "../../auth/user-agents-store";
+import type { ChannelBindingService } from "../../channels";
+import {
+  resolveSettingsLookupUserId,
+  verifyOwnedAgentAccess,
+} from "../shared/agent-ownership";
+import { verifySettingsSession } from "./settings-auth";
+const logger = createLogger("agent-routes");
+/** Environment-configurable limits */
+const MAX_AGENTS_PER_USER = parseInt(
+  process.env.MAX_AGENTS_PER_USER || "0",
+  10
+);
+export interface AgentRoutesConfig {
+  userAgentsStore: UserAgentsStore;
+  agentMetadataStore: AgentMetadataStore;
+  agentSettingsStore: AgentSettingsStore;
+  channelBindingService: ChannelBindingService;
+}
+async function listOwnedAgentIds(
+  payload: SettingsTokenPayload,
+  config: Pick<AgentRoutesConfig, "userAgentsStore" | "agentMetadataStore">
+): Promise<string[]> {
+  const lookupUserId = resolveSettingsLookupUserId(payload);
+  const agentIds = new Set(
+    await config.userAgentsStore.listAgents(payload.platform, lookupUserId)
+  );
+  if (payload.platform === "external") {
+    const allAgents = await config.agentMetadataStore.listAllAgents();
+    for (const agent of allAgents) {
+      if (agent.owner.userId === lookupUserId) {
+        agentIds.add(agent.agentId);
+      }
+    }
+  }
+  return [...agentIds];
+}
+/**
+ * Sanitize user-provided agentId.
+ * Lowercase alphanumeric with hyphens, 3-60 chars, must start with a letter.
+ */
+function sanitizeAgentId(input: string): string | null {
+  const cleaned = input.toLowerCase().replace(/[^a-z0-9-]/g, "-");
+  if (cleaned.length < 3 || cleaned.length > 60) return null;
+  if (!/^[a-z]/.test(cleaned)) return null;
+  return cleaned;
+}
+export function createAgentRoutes(config: AgentRoutesConfig): Hono {
+  const router = new Hono();
+  // POST /api/v1/agents - Create a new agent
+  router.post("/", async (c) => {
+    const payload = verifySettingsSession(c);
+    if (!payload) {
+      return c.json({ error: "Invalid or expired token" }, 401);
+    }
+    try {
+      const lookupUserId = resolveSettingsLookupUserId(payload);
+      const body = await c.req.json<{
+        agentId: string;
+        name: string;
+        description?: string;
+        channelId?: string;
+      }>();
+      if (!body.agentId || !body.name) {
+        return c.json({ error: "agentId and name are required" }, 400);
+      }
+      const agentId = sanitizeAgentId(body.agentId);
+      if (!agentId) {
+        return c.json(
+          {
+            error:
+              "Invalid agentId. Must be 3-40 chars, lowercase alphanumeric with hyphens, starting with a letter.",
+          },
+          400
+        );
+      }
+      // Check if agentId already exists
+      const existing = await config.agentMetadataStore.hasAgent(agentId);
+      if (existing) {
+        return c.json({ error: "An agent with this ID already exists" }, 409);
+      }
+      // Check per-user limit (admins bypass)
+      if (!payload.isAdmin && MAX_AGENTS_PER_USER > 0) {
+        const userAgents = await listOwnedAgentIds(payload, config);
+        if (userAgents.length >= MAX_AGENTS_PER_USER) {
+          return c.json(
+            {
+              error: `Agent limit reached (${MAX_AGENTS_PER_USER}). Delete an existing agent first.`,
+            },
+            429
+          );
+        }
+      }
+      // Create metadata
+      await config.agentMetadataStore.createAgent(
+        agentId,
+        body.name,
+        payload.platform,
+        lookupUserId,
+        { description: body.description }
+      );
+      // Create default settings, seeded from the current workspace/channel agent when available.
+      let defaultSettings: Omit<AgentSettings, "updatedAt"> = {};
+      try {
+        let sourceAgentId = payload.agentId;
+        if (!sourceAgentId && body.channelId) {
+          const binding = await config.channelBindingService.getBinding(
+            payload.platform,
+            body.channelId,
+            payload.teamId
+          );
+          sourceAgentId = binding?.agentId;
+        }
+        if (sourceAgentId) {
+          const sourceSettings =
+            await config.agentSettingsStore.getSettings(sourceAgentId);
+          defaultSettings = buildDefaultSettingsFromSource(sourceSettings);
+        }
+      } catch (error) {
+        logger.warn("Failed to derive source defaults for new agent", {
+          error,
+        });
+      }
+      await config.agentSettingsStore.saveSettings(agentId, defaultSettings);
+      // Associate with user
+      await config.userAgentsStore.addAgent(
+        payload.platform,
+        lookupUserId,
+        agentId
+      );
+      // Auto-bind to channel if channelId provided (from session context)
+      if (body.channelId) {
+        await config.channelBindingService.createBinding(
+          agentId,
+          payload.platform,
+          body.channelId,
+          payload.teamId,
+          { configuredBy: payload.userId }
+        );
+      }
+      logger.info(
+        `Created agent ${agentId} for user ${payload.platform}/${payload.userId}${body.channelId ? ` (bound to ${body.channelId})` : ""}`
+      );
+      return c.json({
+        agentId,
+        name: body.name,
+        settingsUrl: `/api/v1/agents/${encodeURIComponent(agentId)}/config`,
+      });
+    } catch (error) {
+      logger.error("Failed to create agent", { error });
+      return c.json(
+        {
+          error: "Internal server error",
+        },
+        500
+      );
+    }
+  });
+  // GET /api/v1/agents - List user's agents
+  router.get("/", async (c) => {
+    const payload = verifySettingsSession(c);
+    if (!payload) {
+      return c.json({ error: "Invalid or expired token" }, 401);
+    }
+    try {
+      const agentIds = await listOwnedAgentIds(payload, config);
+      const agents = [];
+      for (const agentId of agentIds) {
+        const metadata = await config.agentMetadataStore.getMetadata(agentId);
+        if (metadata) {
+          // Skip sandbox agents (auto-created under a connection)
+          if (metadata.parentConnectionId) continue;
+          const bindings =
+            await config.channelBindingService.listBindings(agentId);
+          agents.push({
+            agentId,
+            name: metadata.name,
+            description: metadata.description,
+            isWorkspaceAgent: metadata.isWorkspaceAgent,
+            createdAt: metadata.createdAt,
+            lastUsedAt: metadata.lastUsedAt,
+            channelCount: bindings.length,
+          });
+        }
+      }
+      return c.json({ agents });
+    } catch (error) {
+      logger.error("Failed to list agents", { error });
+      return c.json({ error: "Failed to list agents" }, 500);
+    }
+  });
+  // PATCH /api/v1/agents/{agentId} - Update agent name/description
+  router.patch("/:agentId", async (c) => {
+    const payload = verifySettingsSession(c);
+    if (!payload) {
+      return c.json({ error: "Invalid or expired token" }, 401);
+    }
+    const agentId = c.req.param("agentId");
+    if (!agentId) {
+      return c.json({ error: "Missing agentId" }, 400);
+    }
+    try {
+      // Verify ownership (admins bypass)
+      if (!payload.isAdmin) {
+        const access = await verifyOwnedAgentAccess(payload, agentId, {
+          userAgentsStore: config.userAgentsStore,
+          agentMetadataStore: config.agentMetadataStore,
+        });
+        if (!access.authorized) {
+          return c.json({ error: "Agent not found or not owned by you" }, 404);
+        }
+      }
+      const body = await c.req.json<{ name?: string; description?: string }>();
+      const updates: { name?: string; description?: string } = {};
+      if (body.name !== undefined) {
+        const name = body.name.trim();
+        if (!name || name.length > 100) {
+          return c.json({ error: "Name must be 1-100 characters" }, 400);
+        }
+        updates.name = name;
+      }
+      if (body.description !== undefined) {
+        const desc = body.description.trim();
+        if (desc.length > 200) {
+          return c.json(
+            { error: "Description must be at most 200 characters" },
+            400
+          );
+        }
+        updates.description = desc;
+      }
+      if (Object.keys(updates).length === 0) {
+        return c.json({ error: "No fields to update" }, 400);
+      }
+      await config.agentMetadataStore.updateMetadata(agentId, updates);
+      logger.info(`Updated agent identity for ${agentId}`);
+      return c.json({ success: true });
+    } catch (error) {
+      logger.error("Failed to update agent", { error, agentId });
+      return c.json(
+        {
+          error: "Internal server error",
+        },
+        500
+      );
+    }
+  });
+  // DELETE /api/v1/agents/{agentId} - Delete an agent
+  router.delete("/:agentId", async (c) => {
+    const payload = verifySettingsSession(c);
+    if (!payload) {
+      return c.json({ error: "Invalid or expired token" }, 401);
+    }
+    const agentId = c.req.param("agentId");
+    if (!agentId) {
+      return c.json({ error: "Missing agentId" }, 400);
+    }
+    try {
+      // Verify ownership (admins bypass)
+      let ownerPlatform: string | undefined;
+      let ownerUserId: string | undefined;
+      if (!payload.isAdmin) {
+        const access = await verifyOwnedAgentAccess(payload, agentId, {
+          userAgentsStore: config.userAgentsStore,
+          agentMetadataStore: config.agentMetadataStore,
+        });
+        if (!access.authorized) {
+          return c.json({ error: "Agent not found or not owned by you" }, 404);
+        }
+        ownerPlatform = access.ownerPlatform;
+        ownerUserId = access.ownerUserId;
+      }
+      // Auto-unbind all channels
+      const unboundCount =
+        await config.channelBindingService.deleteAllBindings(agentId);
+      // Delete settings
+      await config.agentSettingsStore.deleteSettings(agentId);
+      // Delete metadata
+      await config.agentMetadataStore.deleteAgent(agentId);
+      // Remove from user's list
+      await config.userAgentsStore.removeAgent(
+        payload.platform,
+        resolveSettingsLookupUserId(payload),
+        agentId
+      );
+      if (
+        ownerPlatform &&
+        ownerUserId &&
+        (ownerPlatform !== payload.platform || ownerUserId !== payload.userId)
+      ) {
+        await config.userAgentsStore.removeAgent(
+          ownerPlatform,
+          ownerUserId,
+          agentId
+        );
+      }
+      logger.info(
+        `Deleted agent ${agentId} (unbound ${unboundCount} channels)`
+      );
+      return c.json({ success: true, unboundChannels: unboundCount });
+    } catch (error) {
+      logger.error("Failed to delete agent", { error, agentId });
+      return c.json(
+        {
+          error: "Internal server error",
+        },
+        500
+      );
+    }
+  });
+  logger.debug("Agent management routes registered");
+  return router;
+}

package/src/routes/public/channels.ts ADDED Viewed

@@ -0,0 +1,191 @@
+/**
+ * Channel Binding Routes - Manage channel-to-agent bindings
+ *
+ * Routes (under /api/v1/agents/{agentId}/channels):
+ * - GET / - List all bindings for an agent
+ * - POST / - Create a new binding
+ * - DELETE /{platform}/{channelId} - Delete a binding
+ */
+import { createLogger } from "@lobu/core";
+import { Hono } from "hono";
+import type { AgentMetadataStore } from "../../auth/agent-metadata-store";
+import type { UserAgentsStore } from "../../auth/user-agents-store";
+import type { ChannelBindingService } from "../../channels";
+import { createTokenVerifier } from "../shared/token-verifier";
+import { verifySettingsSession } from "./settings-auth";
+const logger = createLogger("channel-binding-routes");
+export interface ChannelBindingRoutesConfig {
+  channelBindingService: ChannelBindingService;
+  userAgentsStore?: UserAgentsStore;
+  agentMetadataStore?: AgentMetadataStore;
+}
+/**
+ * Create channel binding routes
+ * These are mounted under /api/v1/agents/{agentId}/channels
+ */
+export function createChannelBindingRoutes(
+  config: ChannelBindingRoutesConfig
+): Hono {
+  const router = new Hono();
+  const verifyToken = createTokenVerifier(config);
+  const verifyAuth = async (c: any, agentId: string) => {
+    return verifyToken(verifySettingsSession(c), agentId);
+  };
+  // GET /api/v1/agents/{agentId}/channels - List all bindings for an agent
+  router.get("/", async (c) => {
+    const agentId = c.req.param("agentId");
+    if (!agentId) {
+      return c.json({ error: "Missing agentId" }, 400);
+    }
+    if (!(await verifyAuth(c, agentId))) {
+      return c.json({ error: "Unauthorized" }, 401);
+    }
+    try {
+      const bindings = await config.channelBindingService.listBindings(agentId);
+      return c.json({
+        agentId,
+        bindings: bindings.map((b) => ({
+          platform: b.platform,
+          channelId: b.channelId,
+          teamId: b.teamId,
+          createdAt: b.createdAt,
+        })),
+      });
+    } catch (error) {
+      logger.error("Failed to list bindings", { error, agentId });
+      return c.json({ error: "Failed to list bindings" }, 500);
+    }
+  });
+  // POST /api/v1/agents/{agentId}/channels - Create a new binding
+  router.post("/", async (c) => {
+    const agentId = c.req.param("agentId");
+    if (!agentId) {
+      return c.json({ error: "Missing agentId" }, 400);
+    }
+    const authPayload = await verifyAuth(c, agentId);
+    if (!authPayload) {
+      return c.json({ error: "Unauthorized" }, 401);
+    }
+    try {
+      const body = await c.req.json<{
+        platform: string;
+        channelId: string;
+        teamId?: string;
+      }>();
+      // Validate required fields
+      if (!body.platform || !body.channelId) {
+        return c.json(
+          { error: "Missing required fields: platform, channelId" },
+          400
+        );
+      }
+      // Validate platform format (alphanumeric, lowercase)
+      if (!/^[a-z][a-z0-9_-]*$/.test(body.platform)) {
+        return c.json(
+          { error: "Invalid platform format. Must be lowercase alphanumeric." },
+          400
+        );
+      }
+      // Validate channelId format
+      if (typeof body.channelId !== "string" || !body.channelId.trim()) {
+        return c.json({ error: "Invalid channelId" }, 400);
+      }
+      // Validate optional teamId
+      if (
+        body.teamId &&
+        (typeof body.teamId !== "string" || !body.teamId.trim())
+      ) {
+        return c.json({ error: "Invalid teamId" }, 400);
+      }
+      await config.channelBindingService.createBinding(
+        agentId,
+        body.platform,
+        body.channelId.trim(),
+        body.teamId?.trim(),
+        { configuredBy: authPayload.userId }
+      );
+      logger.info(
+        `Created binding: ${body.platform}/${body.channelId} -> ${agentId}`
+      );
+      return c.json({
+        success: true,
+        agentId,
+        platform: body.platform,
+        channelId: body.channelId,
+        teamId: body.teamId,
+      });
+    } catch (error) {
+      logger.error("Failed to create binding", { error, agentId });
+      return c.json(
+        {
+          error: "Failed to create binding",
+        },
+        400
+      );
+    }
+  });
+  // DELETE /api/v1/agents/{agentId}/channels/{platform}/{channelId} - Delete a binding
+  router.delete("/:platform/:channelId", async (c) => {
+    const agentId = c.req.param("agentId");
+    const platform = c.req.param("platform");
+    const channelId = c.req.param("channelId");
+    const teamId = c.req.query("teamId"); // Optional query param for multi-tenant platforms
+    if (!agentId || !platform || !channelId) {
+      return c.json({ error: "Missing required parameters" }, 400);
+    }
+    if (!(await verifyAuth(c, agentId))) {
+      return c.json({ error: "Unauthorized" }, 401);
+    }
+    // Validate platform format
+    if (!/^[a-z][a-z0-9_-]*$/.test(platform)) {
+      return c.json({ error: "Invalid platform format" }, 400);
+    }
+    try {
+      const deleted = await config.channelBindingService.deleteBinding(
+        agentId,
+        platform,
+        channelId,
+        teamId || undefined
+      );
+      if (!deleted) {
+        return c.json({ error: "Binding not found" }, 404);
+      }
+      logger.info(`Deleted binding: ${platform}/${channelId} -> ${agentId}`);
+      return c.json({ success: true });
+    } catch (error) {
+      logger.error("Failed to delete binding", { error, agentId });
+      return c.json({ error: "Failed to delete binding" }, 500);
+    }
+  });
+  return router;
+}