npm - apteva - Versions diffs - 0.4.17 → 0.4.18 - Mend

apteva 0.4.17 → 0.4.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/dist/ActivityPage.yv28a2vj.js +3 -0
package/dist/ApiDocsPage.4ccwjjbk.js +4 -0
package/dist/App.155wke5v.js +4 -0
package/dist/App.2e19nvn4.js +13 -0
package/dist/App.2ye1b5n0.js +4 -0
package/dist/App.4da4ycbe.js +4 -0
package/dist/App.b6wtzd1j.js +4 -0
package/dist/App.fjrh28tf.js +4 -0
package/dist/App.htc36cy8.js +4 -0
package/dist/App.me6reaa6.js +4 -0
package/dist/App.n5q6p960.js +4 -0
package/dist/App.nft7h9jt.js +4 -0
package/dist/App.np463xvy.js +4 -0
package/dist/App.nps62kvt.js +4 -0
package/dist/App.q8ws33cc.js +181 -0
package/dist/App.tb0y0jmt.js +40 -0
package/dist/ConnectionsPage.52evzrp7.js +3 -0
package/dist/McpPage.bjqrp0n2.js +3 -0
package/dist/SettingsPage.es76hnj2.js +3 -0
package/dist/SkillsPage.06h8yf0h.js +3 -0
package/dist/TasksPage.99df66mk.js +3 -0
package/dist/TelemetryPage.bmdnxhq7.js +3 -0
package/dist/TestsPage.denxrg8c.js +3 -0
package/dist/index.html +1 -1
package/dist/styles.css +1 -1
package/package.json +1 -1
package/src/auth/middleware.ts +2 -0
package/src/db.ts +162 -11
package/src/mcp-platform.ts +41 -1
package/src/routes/api/agent-utils.ts +38 -2
package/src/routes/api/agents.ts +65 -2
package/src/routes/api/projects.ts +19 -2
package/src/routes/api/system.ts +26 -12
package/src/routes/api/triggers.ts +458 -0
package/src/routes/api/webhooks.ts +171 -0
package/src/routes/api.ts +4 -0
package/src/routes/static.ts +12 -3
package/src/server.ts +4 -2
package/src/triggers/agentdojo.ts +248 -0
package/src/triggers/composio.ts +264 -0
package/src/triggers/index.ts +71 -0
package/src/web/App.tsx +17 -10
package/src/web/components/agents/AgentCard.tsx +14 -7
package/src/web/components/agents/AgentPanel.tsx +105 -115
package/src/web/components/common/Icons.tsx +8 -0
package/src/web/components/common/index.ts +1 -0
package/src/web/components/connections/ConnectionsPage.tsx +54 -0
package/src/web/components/connections/IntegrationsTab.tsx +144 -0
package/src/web/components/connections/OverviewTab.tsx +183 -0
package/src/web/components/connections/TriggersTab.tsx +690 -0
package/src/web/components/index.ts +1 -0
package/src/web/components/layout/Sidebar.tsx +7 -1
package/src/web/components/mcp/IntegrationsPanel.tsx +19 -3
package/src/web/components/settings/SettingsPage.tsx +96 -2
package/src/web/components/tasks/TasksPage.tsx +2 -2
package/src/web/components/tests/TestsPage.tsx +1 -2
package/src/web/hooks/useAgents.ts +15 -11
package/src/web/types.ts +1 -1
package/dist/App.fq4xbpcz.js +0 -228

package/src/routes/api/triggers.ts ADDED Viewed

@@ -0,0 +1,458 @@
+import { json } from "./helpers";
+import { ProviderKeys } from "../../providers";
+import { SubscriptionDB, SettingsDB } from "../../db";
+import {
+  getTriggerProvider,
+  getTriggerProviderIds,
+  registerTriggerProvider,
+} from "../../triggers";
+import { ComposioTriggerProvider } from "../../triggers/composio";
+import { AgentDojoTriggerProvider } from "../../triggers/agentdojo";
+import type { AuthContext } from "../../auth/middleware";
+// Register trigger providers on module load
+registerTriggerProvider(ComposioTriggerProvider);
+registerTriggerProvider(AgentDojoTriggerProvider);
+export async function handleTriggerRoutes(
+  req: Request,
+  path: string,
+  method: string,
+  authContext?: AuthContext,
+): Promise<Response | null> {
+  // GET /api/settings/instance-url
+  if (path === "/api/settings/instance-url" && method === "GET") {
+    const url = SettingsDB.get("instance_url") || "";
+    return json({ instance_url: url });
+  }
+  // PUT /api/settings/instance-url
+  if (path === "/api/settings/instance-url" && method === "PUT") {
+    try {
+      const body = await req.json();
+      const { instance_url } = body;
+      if (instance_url) {
+        SettingsDB.set("instance_url", instance_url.replace(/\/+$/, "")); // strip trailing slash
+      } else {
+        SettingsDB.set("instance_url", "");
+      }
+      return json({ success: true, instance_url: SettingsDB.get("instance_url") });
+    } catch (e: any) {
+      return json({ error: e.message || "Failed to save instance URL" }, 500);
+    }
+  }
+  // GET /api/triggers/providers - List available trigger providers
+  if (path === "/api/triggers/providers" && method === "GET") {
+    const providerIds = getTriggerProviderIds();
+    const providers = providerIds.map(id => {
+      const provider = getTriggerProvider(id);
+      const hasKey = !!ProviderKeys.getDecrypted(id);
+      return { id, name: provider?.name || id, connected: hasKey };
+    });
+    return json({ providers });
+  }
+  // ============ Trigger Type Browsing ============
+  // GET /api/triggers/types?provider=composio&toolkit_slugs=github,gmail
+  if (path === "/api/triggers/types" && method === "GET") {
+    const url = new URL(req.url);
+    const providerId = url.searchParams.get("provider") || "composio";
+    const toolkitSlugsParam = url.searchParams.get("toolkit_slugs");
+    const toolkitSlugs = toolkitSlugsParam ? toolkitSlugsParam.split(",") : undefined;
+    const projectId = url.searchParams.get("project_id") || null;
+    const provider = getTriggerProvider(providerId);
+    if (!provider) {
+      return json({ error: `Unknown trigger provider: ${providerId}` }, 404);
+    }
+    const apiKey = ProviderKeys.getDecryptedForProject(providerId, projectId);
+    if (!apiKey) {
+      return json({ error: `${provider.name} API key not configured`, types: [] }, 200);
+    }
+    try {
+      const types = await provider.listTriggerTypes(apiKey, toolkitSlugs);
+      return json({ types });
+    } catch (e) {
+      console.error(`Failed to list trigger types from ${providerId}:`, e);
+      return json({ error: "Failed to fetch trigger types" }, 500);
+    }
+  }
+  // GET /api/triggers/types/:slug?provider=composio
+  const typeMatch = path.match(/^\/api\/triggers\/types\/([^/]+)$/);
+  if (typeMatch && method === "GET") {
+    const slug = typeMatch[1];
+    const url = new URL(req.url);
+    const providerId = url.searchParams.get("provider") || "composio";
+    const projectId = url.searchParams.get("project_id") || null;
+    const provider = getTriggerProvider(providerId);
+    if (!provider) {
+      return json({ error: `Unknown trigger provider: ${providerId}` }, 404);
+    }
+    const apiKey = ProviderKeys.getDecryptedForProject(providerId, projectId);
+    if (!apiKey) {
+      return json({ error: `${provider.name} API key not configured` }, 401);
+    }
+    try {
+      const triggerType = await provider.getTriggerType(apiKey, slug);
+      if (!triggerType) {
+        return json({ error: "Trigger type not found" }, 404);
+      }
+      return json({ type: triggerType });
+    } catch (e) {
+      console.error(`Failed to get trigger type ${slug}:`, e);
+      return json({ error: "Failed to fetch trigger type" }, 500);
+    }
+  }
+  // ============ Trigger Instance Management ============
+  // GET /api/triggers?provider=composio
+  if (path === "/api/triggers" && method === "GET") {
+    const url = new URL(req.url);
+    const providerId = url.searchParams.get("provider") || "composio";
+    const projectId = url.searchParams.get("project_id") || null;
+    const provider = getTriggerProvider(providerId);
+    if (!provider) {
+      return json({ error: `Unknown trigger provider: ${providerId}` }, 404);
+    }
+    const apiKey = ProviderKeys.getDecryptedForProject(providerId, projectId);
+    if (!apiKey) {
+      return json({ error: `${provider.name} API key not configured`, triggers: [] }, 200);
+    }
+    try {
+      const triggers = await provider.listTriggers(apiKey);
+      return json({ triggers });
+    } catch (e) {
+      console.error(`Failed to list triggers from ${providerId}:`, e);
+      return json({ error: "Failed to fetch triggers" }, 500);
+    }
+  }
+  // POST /api/triggers?provider=composio
+  if (path === "/api/triggers" && method === "POST") {
+    const url = new URL(req.url);
+    const providerId = url.searchParams.get("provider") || "composio";
+    const projectId = url.searchParams.get("project_id") || null;
+    const provider = getTriggerProvider(providerId);
+    if (!provider) {
+      return json({ error: `Unknown trigger provider: ${providerId}` }, 404);
+    }
+    const apiKey = ProviderKeys.getDecryptedForProject(providerId, projectId);
+    if (!apiKey) {
+      return json({ error: `${provider.name} API key not configured` }, 401);
+    }
+    try {
+      const body = await req.json();
+      const { slug, connectedAccountId, config } = body;
+      if (!slug || !connectedAccountId) {
+        return json({ error: "slug and connectedAccountId are required" }, 400);
+      }
+      const result = await provider.createTrigger(apiKey, slug, connectedAccountId, config);
+      return json(result, 201);
+    } catch (e: any) {
+      console.error(`Failed to create trigger:`, e);
+      return json({ error: e.message || "Failed to create trigger" }, 500);
+    }
+  }
+  // POST /api/triggers/:id/enable?provider=composio
+  const enableMatch = path.match(/^\/api\/triggers\/([^/]+)\/enable$/);
+  if (enableMatch && method === "POST") {
+    const triggerId = enableMatch[1];
+    const url = new URL(req.url);
+    const providerId = url.searchParams.get("provider") || "composio";
+    const projectId = url.searchParams.get("project_id") || null;
+    const provider = getTriggerProvider(providerId);
+    if (!provider) {
+      return json({ error: `Unknown trigger provider: ${providerId}` }, 404);
+    }
+    const apiKey = ProviderKeys.getDecryptedForProject(providerId, projectId);
+    if (!apiKey) {
+      return json({ error: `${provider.name} API key not configured` }, 401);
+    }
+    try {
+      const success = await provider.enableTrigger(apiKey, triggerId);
+      return json({ success });
+    } catch (e) {
+      console.error(`Failed to enable trigger ${triggerId}:`, e);
+      return json({ error: "Failed to enable trigger" }, 500);
+    }
+  }
+  // POST /api/triggers/:id/disable?provider=composio
+  const disableMatch = path.match(/^\/api\/triggers\/([^/]+)\/disable$/);
+  if (disableMatch && method === "POST") {
+    const triggerId = disableMatch[1];
+    const url = new URL(req.url);
+    const providerId = url.searchParams.get("provider") || "composio";
+    const projectId = url.searchParams.get("project_id") || null;
+    const provider = getTriggerProvider(providerId);
+    if (!provider) {
+      return json({ error: `Unknown trigger provider: ${providerId}` }, 404);
+    }
+    const apiKey = ProviderKeys.getDecryptedForProject(providerId, projectId);
+    if (!apiKey) {
+      return json({ error: `${provider.name} API key not configured` }, 401);
+    }
+    try {
+      const success = await provider.disableTrigger(apiKey, triggerId);
+      return json({ success });
+    } catch (e) {
+      console.error(`Failed to disable trigger ${triggerId}:`, e);
+      return json({ error: "Failed to disable trigger" }, 500);
+    }
+  }
+  // DELETE /api/triggers/:id?provider=composio
+  const deleteMatch = path.match(/^\/api\/triggers\/([^/]+)$/);
+  if (deleteMatch && method === "DELETE") {
+    const triggerId = deleteMatch[1];
+    const url = new URL(req.url);
+    const providerId = url.searchParams.get("provider") || "composio";
+    const projectId = url.searchParams.get("project_id") || null;
+    const provider = getTriggerProvider(providerId);
+    if (!provider) {
+      return json({ error: `Unknown trigger provider: ${providerId}` }, 404);
+    }
+    const apiKey = ProviderKeys.getDecryptedForProject(providerId, projectId);
+    if (!apiKey) {
+      return json({ error: `${provider.name} API key not configured` }, 401);
+    }
+    try {
+      const success = await provider.deleteTrigger(apiKey, triggerId);
+      return json({ success });
+    } catch (e) {
+      console.error(`Failed to delete trigger ${triggerId}:`, e);
+      return json({ error: "Failed to delete trigger" }, 500);
+    }
+  }
+  // ============ Webhook Configuration ============
+  // POST /api/triggers/webhook/setup?provider=composio
+  if (path === "/api/triggers/webhook/setup" && method === "POST") {
+    const url = new URL(req.url);
+    const providerId = url.searchParams.get("provider") || "composio";
+    const projectId = url.searchParams.get("project_id") || null;
+    const provider = getTriggerProvider(providerId);
+    if (!provider) {
+      return json({ error: `Unknown trigger provider: ${providerId}` }, 404);
+    }
+    const apiKey = ProviderKeys.getDecryptedForProject(providerId, projectId);
+    if (!apiKey) {
+      return json({ error: `${provider.name} API key not configured` }, 401);
+    }
+    try {
+      const body = await req.json();
+      const { webhookUrl } = body;
+      if (!webhookUrl) {
+        return json({ error: "webhookUrl is required" }, 400);
+      }
+      const result = await provider.setupWebhook(apiKey, webhookUrl);
+      // Store the webhook secret locally for HMAC verification
+      if (result.secret) {
+        SettingsDB.set(`${providerId}_webhook_secret`, result.secret);
+      }
+      // Store the webhook URL for reference
+      SettingsDB.set(`${providerId}_webhook_url`, webhookUrl);
+      return json({ success: true, ...result });
+    } catch (e: any) {
+      console.error(`Failed to setup webhook for ${providerId}:`, e);
+      return json({ error: e.message || "Failed to setup webhook" }, 500);
+    }
+  }
+  // GET /api/triggers/webhook/status?provider=composio
+  if (path === "/api/triggers/webhook/status" && method === "GET") {
+    const url = new URL(req.url);
+    const providerId = url.searchParams.get("provider") || "composio";
+    const projectId = url.searchParams.get("project_id") || null;
+    const provider = getTriggerProvider(providerId);
+    if (!provider) {
+      return json({ error: `Unknown trigger provider: ${providerId}` }, 404);
+    }
+    const apiKey = ProviderKeys.getDecryptedForProject(providerId, projectId);
+    if (!apiKey) {
+      return json({ error: `${provider.name} API key not configured` }, 401);
+    }
+    try {
+      const config = await provider.getWebhookConfig(apiKey);
+      return json(config);
+    } catch (e) {
+      console.error(`Failed to get webhook status for ${providerId}:`, e);
+      return json({ error: "Failed to get webhook status" }, 500);
+    }
+  }
+  // ============ Subscription Management (local routing) ============
+  // GET /api/subscriptions?agent_id=xxx&project_id=xxx
+  if (path === "/api/subscriptions" && method === "GET") {
+    const url = new URL(req.url);
+    const agentId = url.searchParams.get("agent_id") || null;
+    const projectId = url.searchParams.get("project_id") || null;
+    let subscriptions;
+    if (agentId) {
+      subscriptions = SubscriptionDB.findByAgentId(agentId);
+    } else {
+      subscriptions = SubscriptionDB.findAll(projectId);
+    }
+    return json({ subscriptions });
+  }
+  // POST /api/subscriptions
+  if (path === "/api/subscriptions" && method === "POST") {
+    try {
+      const body = await req.json();
+      const { trigger_slug, trigger_instance_id, agent_id, project_id, public_url, provider: providerParam } = body;
+      if (!trigger_slug || !agent_id) {
+        return json({ error: "trigger_slug and agent_id are required" }, 400);
+      }
+      // Determine provider (default to composio for backward compat)
+      const providerId = providerParam || "composio";
+      const projId = project_id || null;
+      const provider = getTriggerProvider(providerId);
+      const apiKey = provider ? ProviderKeys.getDecryptedForProject(providerId, projId) : null;
+      if (provider && apiKey) {
+        const existingWebhook = SettingsDB.get(`${providerId}_webhook_url`);
+        if (!existingWebhook) {
+          try {
+            // Use instance_url setting first, then provided value, then request origin
+            const instanceUrl = SettingsDB.get("instance_url");
+            const origin = instanceUrl || public_url || new URL(req.url).origin;
+            const webhookUrl = `${origin}/api/webhooks/${providerId}`;
+            const result = await provider.setupWebhook(apiKey, webhookUrl);
+            if (result.secret) {
+              SettingsDB.set(`${providerId}_webhook_secret`, result.secret);
+            }
+            SettingsDB.set(`${providerId}_webhook_url`, webhookUrl);
+            console.log(`[subscriptions] Auto-configured ${providerId} webhook: ${webhookUrl}`);
+          } catch (e) {
+            console.warn(`[subscriptions] Failed to auto-setup ${providerId} webhook:`, e);
+            // Continue creating subscription — webhook can be set up manually later
+          }
+        }
+      }
+      const subscription = SubscriptionDB.create({
+        trigger_slug,
+        trigger_instance_id: trigger_instance_id || null,
+        agent_id,
+        enabled: true,
+        project_id: projId,
+      });
+      return json({ subscription }, 201);
+    } catch (e: any) {
+      console.error("Failed to create subscription:", e);
+      return json({ error: e.message || "Failed to create subscription" }, 500);
+    }
+  }
+  // GET /api/subscriptions/:id
+  const subGetMatch = path.match(/^\/api\/subscriptions\/([^/]+)$/);
+  if (subGetMatch && method === "GET") {
+    const subscription = SubscriptionDB.findById(subGetMatch[1]);
+    if (!subscription) {
+      return json({ error: "Subscription not found" }, 404);
+    }
+    return json({ subscription });
+  }
+  // PUT /api/subscriptions/:id
+  const subUpdateMatch = path.match(/^\/api\/subscriptions\/([^/]+)$/);
+  if (subUpdateMatch && method === "PUT") {
+    const id = subUpdateMatch[1];
+    const existing = SubscriptionDB.findById(id);
+    if (!existing) {
+      return json({ error: "Subscription not found" }, 404);
+    }
+    try {
+      const body = await req.json();
+      const updates: Record<string, unknown> = {};
+      if (body.trigger_slug !== undefined) updates.trigger_slug = body.trigger_slug;
+      if (body.trigger_instance_id !== undefined) updates.trigger_instance_id = body.trigger_instance_id;
+      if (body.agent_id !== undefined) updates.agent_id = body.agent_id;
+      if (body.enabled !== undefined) updates.enabled = body.enabled;
+      const updated = SubscriptionDB.update(id, updates);
+      return json({ subscription: updated });
+    } catch (e: any) {
+      console.error("Failed to update subscription:", e);
+      return json({ error: e.message || "Failed to update subscription" }, 500);
+    }
+  }
+  // DELETE /api/subscriptions/:id
+  const subDeleteMatch = path.match(/^\/api\/subscriptions\/([^/]+)$/);
+  if (subDeleteMatch && method === "DELETE") {
+    const success = SubscriptionDB.delete(subDeleteMatch[1]);
+    if (!success) {
+      return json({ error: "Subscription not found" }, 404);
+    }
+    return json({ success: true });
+  }
+  // POST /api/subscriptions/:id/enable
+  const subEnableMatch = path.match(/^\/api\/subscriptions\/([^/]+)\/enable$/);
+  if (subEnableMatch && method === "POST") {
+    const sub = SubscriptionDB.findById(subEnableMatch[1]);
+    if (!sub) return json({ error: "Subscription not found" }, 404);
+    const updated = SubscriptionDB.update(subEnableMatch[1], { enabled: true });
+    return json({ subscription: updated });
+  }
+  // POST /api/subscriptions/:id/disable
+  const subDisableMatch = path.match(/^\/api\/subscriptions\/([^/]+)\/disable$/);
+  if (subDisableMatch && method === "POST") {
+    const sub = SubscriptionDB.findById(subDisableMatch[1]);
+    if (!sub) return json({ error: "Subscription not found" }, 404);
+    const updated = SubscriptionDB.update(subDisableMatch[1], { enabled: false });
+    return json({ subscription: updated });
+  }
+  return null;
+}

package/src/routes/api/webhooks.ts ADDED Viewed

@@ -0,0 +1,171 @@
+import { json } from "./helpers";
+import { AgentDB, SubscriptionDB, SettingsDB } from "../../db";
+import { getTriggerProvider } from "../../triggers";
+import { agentFetch } from "./agent-utils";
+/**
+ * Central webhook receiver for trigger providers.
+ * POST /api/webhooks/:provider — receives trigger events from any registered provider,
+ * verifies HMAC, looks up local subscriptions, and dispatches to the appropriate agent(s).
+ *
+ * This endpoint is public (HMAC-verified, no JWT/API key auth).
+ */
+export async function handleWebhookRoutes(
+  req: Request,
+  path: string,
+  method: string,
+): Promise<Response | null> {
+  // POST /api/webhooks/composio
+  if (path === "/api/webhooks/composio" && method === "POST") {
+    return handleProviderWebhook(req, "composio");
+  }
+  // POST /api/webhooks/agentdojo
+  if (path === "/api/webhooks/agentdojo" && method === "POST") {
+    return handleProviderWebhook(req, "agentdojo");
+  }
+  return null;
+}
+async function handleProviderWebhook(req: Request, providerId: string): Promise<Response> {
+  const provider = getTriggerProvider(providerId);
+  if (!provider) {
+    return json({ error: `${providerId} provider not registered` }, 500);
+  }
+  // Read raw body for HMAC verification
+  let rawBody: string;
+  try {
+    rawBody = await req.text();
+  } catch {
+    return json({ error: "Failed to read request body" }, 400);
+  }
+  // Verify HMAC signature using stored webhook secret
+  const webhookSecret = SettingsDB.get(`${providerId}_webhook_secret`);
+  if (webhookSecret) {
+    const valid = provider.verifyWebhook(req, rawBody, webhookSecret);
+    if (!valid) {
+      console.warn(`[webhook] Invalid HMAC signature for ${providerId} webhook`);
+      return json({ error: "Invalid signature" }, 401);
+    }
+  } else {
+    console.warn(`[webhook] No ${providerId} webhook secret configured — skipping HMAC verification`);
+  }
+  // Parse the payload
+  let body: Record<string, unknown>;
+  try {
+    body = JSON.parse(rawBody);
+  } catch {
+    return json({ error: "Invalid JSON" }, 400);
+  }
+  // Log raw webhook for debugging
+  console.log(`[webhook:${providerId}] Raw payload:`, JSON.stringify(body, null, 2));
+  const { triggerSlug, triggerInstanceId, payload } = provider.parseWebhookPayload(body);
+  console.log(`[webhook:${providerId}] Parsed:`, { triggerSlug, triggerInstanceId });
+  // Respond 200 immediately — dispatch async
+  const dispatchPromise = dispatchToSubscribers(providerId, triggerSlug, triggerInstanceId, payload);
+  // Fire and forget — but log errors
+  dispatchPromise.catch(err => {
+    console.error(`[webhook:${providerId}] Dispatch error:`, err);
+  });
+  return json({ received: true, provider: providerId, trigger: triggerSlug });
+}
+async function dispatchToSubscribers(
+  providerId: string,
+  triggerSlug: string,
+  triggerInstanceId: string | null,
+  payload: Record<string, unknown>,
+): Promise<void> {
+  // Find matching subscriptions:
+  // 1. Exact match by trigger_instance_id (most specific)
+  // 2. Match by trigger_slug (broader)
+  let subscriptions = triggerInstanceId
+    ? SubscriptionDB.findByTriggerInstanceId(triggerInstanceId)
+    : [];
+  // If no instance-level matches, fall back to slug-level
+  if (subscriptions.length === 0) {
+    subscriptions = SubscriptionDB.findByTriggerSlug(triggerSlug);
+  }
+  // Filter to enabled only
+  subscriptions = subscriptions.filter(s => s.enabled);
+  if (subscriptions.length === 0) {
+    console.log(`[webhook:${providerId}] No subscriptions for trigger ${triggerSlug} (instance: ${triggerInstanceId || "none"})`);
+    return;
+  }
+  // Dispatch to each subscribed agent
+  const results = await Promise.allSettled(
+    subscriptions.map(sub => dispatchToAgent(sub.agent_id, triggerSlug, payload)),
+  );
+  for (let i = 0; i < results.length; i++) {
+    const result = results[i];
+    const sub = subscriptions[i];
+    if (result.status === "rejected") {
+      console.error(`[webhook:${providerId}] Failed to dispatch to agent ${sub.agent_id}:`, result.reason);
+    } else {
+      console.log(`[webhook:${providerId}] Dispatched ${triggerSlug} to agent ${sub.agent_id}: ${result.value}`);
+    }
+  }
+}
+async function dispatchToAgent(
+  agentId: string,
+  triggerSlug: string,
+  payload: Record<string, unknown>,
+): Promise<string> {
+  const agent = AgentDB.findById(agentId);
+  if (!agent) {
+    return "agent_not_found";
+  }
+  if (agent.status !== "running" || !agent.port) {
+    return "agent_not_running";
+  }
+  // Format the trigger event as a chat message
+  const triggerName = triggerSlug.replace(/_/g, " ").replace(/:/g, " → ");
+  const message = [
+    `[Trigger: ${triggerName}]`,
+    "",
+    "```json",
+    JSON.stringify(payload, null, 2),
+    "```",
+    "",
+    "Process this event and take appropriate action.",
+  ].join("\n");
+  const response = await agentFetch(agent.id, agent.port, "/chat", {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ message }),
+  });
+  // Consume the streaming response
+  if (response.body) {
+    try {
+      const reader = response.body.getReader();
+      while (true) {
+        const { done } = await reader.read();
+        if (done) break;
+      }
+    } catch {
+      // Ignore read errors
+    }
+  }
+  return response.ok ? "sent" : "agent_error";
+}

package/src/routes/api.ts CHANGED Viewed

@@ -8,6 +8,8 @@ import { handleAgentRoutes } from "./api/agents";
 import { handleMcpRoutes } from "./api/mcp";
 import { handleSkillRoutes } from "./api/skills";
 import { handleIntegrationRoutes } from "./api/integrations";
+import { handleTriggerRoutes } from "./api/triggers";
+import { handleWebhookRoutes } from "./api/webhooks";
 import { handleMetaAgentRoutes } from "./api/meta-agent";
 import { handleTelemetryRoutes } from "./api/telemetry";
 import { handleTestRoutes } from "./api/tests";
@@ -30,6 +32,7 @@ export async function handleApiRequest(
   }
   return (
+    (await handleWebhookRoutes(req, path, method)) ?? // Public, HMAC-verified — before auth
     (await handleSystemRoutes(req, path, method, authContext)) ??
     (await handleApiKeyRoutes(req, path, method, authContext)) ?? // Must be before provider routes to handle /api/keys/personal
     (await handleProviderRoutes(req, path, method, authContext)) ??
@@ -39,6 +42,7 @@ export async function handleApiRequest(
     (await handleMcpRoutes(req, path, method)) ??
     (await handleSkillRoutes(req, path, method)) ??
     (await handleIntegrationRoutes(req, path, method)) ??
+    (await handleTriggerRoutes(req, path, method, authContext)) ??
     (await handleMetaAgentRoutes(req, path, method)) ??
     (await handleTelemetryRoutes(req, path, method)) ??
     (await handleTestRoutes(req, path, method)) ??

package/src/routes/static.ts CHANGED Viewed

@@ -69,9 +69,18 @@ export async function serveStatic(req: Request, path: string): Promise<Response>
         if (stat.isFile()) {
           const file = Bun.file(fullPath);
           const mimeType = getMimeType(filePath);
-          return new Response(file, {
-            headers: { "Content-Type": mimeType },
-          });
+          const headers: Record<string, string> = { "Content-Type": mimeType };
+          // Hashed assets (e.g. App.fq4xbpcz.js) are immutable — cache aggressively
+          // index.html must never be cached (it references the hashed assets)
+          const hasHash = /\.[a-z0-9]{6,}\.(js|css|map)$/.test(filePath);
+          if (hasHash) {
+            headers["Cache-Control"] = "public, max-age=31536000, immutable";
+          } else if (filePath !== "/index.html") {
+            headers["Cache-Control"] = "public, max-age=3600";
+          }
+          return new Response(file, { headers });
         }
       } catch {
         // Fall through to SPA handling