npm - apteva - Versions diffs - 0.4.17 → 0.4.19 - Mend

apteva 0.4.17 → 0.4.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (78) hide show

package/dist/ActivityPage.9a1qg4bp.js +3 -0
package/dist/ApiDocsPage.rfpf7ws1.js +4 -0
package/dist/App.1nmg2h01.js +4 -0
package/dist/App.5qw2dtxs.js +4 -0
package/dist/App.6nc5acvk.js +4 -0
package/dist/App.7vzbaz56.js +4 -0
package/dist/App.8rfz30p1.js +4 -0
package/dist/App.amwp54wf.js +4 -0
package/dist/App.e4202qb4.js +267 -0
package/dist/App.errxz2q4.js +4 -0
package/dist/App.f8qsyhpr.js +4 -0
package/dist/App.g8vq68n0.js +20 -0
package/dist/App.kfyrnznw.js +13 -0
package/dist/{App.mq6jqare.js → App.p02f4ret.js} +1 -1
package/dist/App.p93mmyqw.js +4 -0
package/dist/App.qmg33p02.js +4 -0
package/dist/App.sdsc0258.js +4 -0
package/dist/ConnectionsPage.7zqba1r0.js +3 -0
package/dist/McpPage.kf2g327t.js +3 -0
package/dist/SettingsPage.472c15ep.js +3 -0
package/dist/SkillsPage.xdxnh68a.js +3 -0
package/dist/TasksPage.7g0b8xwc.js +3 -0
package/dist/TelemetryPage.pr7rbz4r.js +3 -0
package/dist/TestsPage.zhc6rqjm.js +3 -0
package/dist/apteva-kit.css +1 -1
package/dist/index.html +1 -1
package/dist/styles.css +1 -1
package/package.json +9 -4
package/src/auth/middleware.ts +2 -0
package/src/channels/index.ts +40 -0
package/src/channels/telegram.ts +306 -0
package/src/db.ts +342 -11
package/src/integrations/agentdojo.ts +1 -1
package/src/mcp-handler.ts +31 -24
package/src/mcp-platform.ts +41 -1
package/src/providers.ts +22 -9
package/src/routes/api/agent-utils.ts +38 -2
package/src/routes/api/agents.ts +65 -2
package/src/routes/api/channels.ts +182 -0
package/src/routes/api/integrations.ts +13 -5
package/src/routes/api/mcp.ts +27 -9
package/src/routes/api/projects.ts +19 -2
package/src/routes/api/system.ts +26 -12
package/src/routes/api/telemetry.ts +30 -0
package/src/routes/api/triggers.ts +478 -0
package/src/routes/api/webhooks.ts +171 -0
package/src/routes/api.ts +7 -1
package/src/routes/static.ts +12 -3
package/src/server.ts +43 -6
package/src/triggers/agentdojo.ts +253 -0
package/src/triggers/composio.ts +264 -0
package/src/triggers/index.ts +71 -0
package/src/tui/AgentList.tsx +145 -0
package/src/tui/App.tsx +102 -0
package/src/tui/Login.tsx +104 -0
package/src/tui/api.ts +72 -0
package/src/tui/index.tsx +7 -0
package/src/web/App.tsx +18 -11
package/src/web/components/agents/AgentCard.tsx +14 -7
package/src/web/components/agents/AgentPanel.tsx +94 -137
package/src/web/components/common/Icons.tsx +16 -0
package/src/web/components/common/index.ts +1 -0
package/src/web/components/connections/ConnectionsPage.tsx +54 -0
package/src/web/components/connections/IntegrationsTab.tsx +144 -0
package/src/web/components/connections/OverviewTab.tsx +137 -0
package/src/web/components/connections/TriggersTab.tsx +1169 -0
package/src/web/components/index.ts +1 -0
package/src/web/components/layout/Header.tsx +196 -4
package/src/web/components/layout/Sidebar.tsx +7 -1
package/src/web/components/mcp/IntegrationsPanel.tsx +19 -3
package/src/web/components/settings/SettingsPage.tsx +364 -2
package/src/web/components/tasks/TasksPage.tsx +2 -2
package/src/web/components/tests/TestsPage.tsx +1 -2
package/src/web/context/TelemetryContext.tsx +14 -1
package/src/web/context/index.ts +1 -1
package/src/web/hooks/useAgents.ts +15 -11
package/src/web/types.ts +1 -1
package/dist/App.fq4xbpcz.js +0 -228

package/src/routes/static.ts CHANGED Viewed

@@ -69,9 +69,18 @@ export async function serveStatic(req: Request, path: string): Promise<Response>
         if (stat.isFile()) {
           const file = Bun.file(fullPath);
           const mimeType = getMimeType(filePath);
-          return new Response(file, {
-            headers: { "Content-Type": mimeType },
-          });
+          const headers: Record<string, string> = { "Content-Type": mimeType };
+          // Hashed assets (e.g. App.fq4xbpcz.js) are immutable — cache aggressively
+          // index.html must never be cached (it references the hashed assets)
+          const hasHash = /\.[a-z0-9]{6,}\.(js|css|map)$/.test(filePath);
+          if (hasHash) {
+            headers["Cache-Control"] = "public, max-age=31536000, immutable";
+          } else if (filePath !== "/index.html") {
+            headers["Cache-Control"] = "public, max-age=3600";
+          }
+          return new Response(file, { headers });
         }
       } catch {
         // Fall through to SPA handling

package/src/server.ts CHANGED Viewed

@@ -5,7 +5,7 @@ import { serveStatic } from "./routes/static";
 import { join } from "path";
 import { homedir } from "os";
 import { mkdirSync, existsSync } from "fs";
-import { initDatabase, AgentDB, ProviderKeysDB, McpServerDB, type McpServer, type Agent } from "./db";
+import { initDatabase, AgentDB, ProviderKeysDB, McpServerDB, ChannelDB, type McpServer, type Agent } from "./db";
 import { authMiddleware, type AuthContext } from "./auth/middleware";
 import { startMcpProcess } from "./mcp-client";
 import {
@@ -106,13 +106,18 @@ initDatabase(DATA_DIR);
 // Initialize version tracking
 initVersionTracking(DATA_DIR);
-// Get agents and MCP servers that were running before restart (for auto-restart)
+// Get agents, MCP servers, and channels that were running before restart (for auto-restart)
 const agentsToRestart = AgentDB.findRunning();
 const mcpServersToRestart = McpServerDB.findRunning();
+const channelsToRestart = ChannelDB.findRunning();
 // Reset all agents and MCP servers to stopped on startup (processes don't survive restart)
 AgentDB.resetAllStatus();
 McpServerDB.resetAllStatus();
+// Reset channels too (bot polling doesn't survive restart)
+for (const ch of channelsToRestart) {
+  ChannelDB.setStatus(ch.id, "stopped");
+}
 // Clean up orphaned processes on agent ports (targeted cleanup based on DB)
 async function cleanupOrphanedProcesses(): Promise<void> {
@@ -167,7 +172,9 @@ export const agentProcesses: Map<string, { proc: Subprocess; port: number }> = n
 // Track agents currently being started (to prevent race conditions)
 export const agentsStarting: Set<string> = new Set();
-// Graceful shutdown handler - stop all agents when server exits
+// Graceful shutdown handler - stop all agent processes when server exits
+// NOTE: We intentionally do NOT update DB status here — agents marked "running"
+// in the DB will be auto-restarted on next boot via findRunning() + resetAllStatus().
 async function shutdownAllAgents() {
   if (agentProcesses.size === 0) return;
@@ -182,7 +189,6 @@ async function shutdownAllAgents() {
       }).catch(() => {});
       proc.kill();
-      AgentDB.setStatus(agentId, "stopped");
     } catch {
       // Ignore errors during shutdown
     }
@@ -192,15 +198,27 @@ async function shutdownAllAgents() {
 // Handle process termination signals
 let shuttingDown = false;
+export function isShuttingDown(): boolean { return shuttingDown; }
+async function shutdownAllChannels() {
+  try {
+    const { stopAllChannels } = await import("./channels");
+    await stopAllChannels();
+  } catch {
+    // Ignore import/stop errors during shutdown
+  }
+}
 process.on("SIGINT", async () => {
   if (shuttingDown) return;
   shuttingDown = true;
+  await shutdownAllChannels();
   await shutdownAllAgents();
   process.exit(0);
 });
 process.on("SIGTERM", async () => {
   if (shuttingDown) return;
   shuttingDown = true;
+  await shutdownAllChannels();
   await shutdownAllAgents();
   process.exit(0);
 });
@@ -414,8 +432,8 @@ console.log(`
             ${c.darkGray}Click link or Cmd/Ctrl+C to copy${c.reset}
 `);
-// Auto-restart agents and MCP servers that were running before restart
-const hasRestarts = agentsToRestart.length > 0 || mcpServersToRestart.length > 0;
+// Auto-restart agents, MCP servers, and channels that were running before restart
+const hasRestarts = agentsToRestart.length > 0 || mcpServersToRestart.length > 0 || channelsToRestart.length > 0;
 if (hasRestarts) {
   // Restart in background to not block startup
@@ -490,6 +508,25 @@ if (hasRestarts) {
         }
       }
     }
+    // Restart channels (after agents, since channels depend on running agents)
+    if (channelsToRestart.length > 0) {
+      const { startChannel } = await import("./channels");
+      console.log(`  ${c.darkGray}Channels${c.reset}  ${c.gray}Restarting ${channelsToRestart.length} channel(s)...${c.reset}`);
+      for (const channel of channelsToRestart) {
+        try {
+          const result = await startChannel(channel.id);
+          if (result.success) {
+            console.log(`  ${c.gray}  ✓ ${channel.name} (${channel.type})${c.reset}`);
+          } else {
+            console.log(`  ${c.gray}  ✗ ${channel.name}: ${result.error}${c.reset}`);
+          }
+        } catch (err) {
+          console.log(`  ${c.gray}  ✗ ${channel.name}: ${err}${c.reset}`);
+        }
+      }
+    }
   })();
 }

package/src/triggers/agentdojo.ts ADDED Viewed

@@ -0,0 +1,253 @@
+// AgentDojo Trigger Provider
+// Uses our MCP API's subscription and trigger system
+// Docs: POST /subscribe, GET /subscriptions, GET /triggers
+import { createHmac, timingSafeEqual } from "crypto";
+import type { TriggerProvider, TriggerType, TriggerInstance } from "./index";
+const AGENTDOJO_API_BASE = process.env.AGENTDOJO_API_BASE || "https://api.agentdojo.dev";
+function headers(apiKey: string) {
+  return { "X-API-Key": apiKey, "Content-Type": "application/json" };
+}
+export const AgentDojoTriggerProvider: TriggerProvider = {
+  id: "agentdojo",
+  name: "AgentDojo",
+  async listTriggerTypes(apiKey: string, toolkitSlugs?: string[]): Promise<TriggerType[]> {
+    const params = new URLSearchParams({ is_active: "true", limit: "200" });
+    if (toolkitSlugs?.length) {
+      // Filter by toolkit name(s) — API supports one at a time, so fetch each
+      const allItems: any[] = [];
+      for (const slug of toolkitSlugs) {
+        const res = await fetch(
+          `${AGENTDOJO_API_BASE}/triggers?${new URLSearchParams({ toolkit_name: slug, is_active: "true", limit: "200" })}`,
+          { headers: headers(apiKey) },
+        );
+        if (res.ok) {
+          const data = await res.json();
+          const items = data.data || data.triggers || [];
+          allItems.push(...items);
+        }
+      }
+      return mapTriggerTypes(allItems);
+    }
+    const res = await fetch(`${AGENTDOJO_API_BASE}/triggers?${params}`, {
+      headers: headers(apiKey),
+    });
+    if (!res.ok) {
+      console.error("AgentDojo listTriggerTypes error:", res.status, await res.text());
+      return [];
+    }
+    const data = await res.json();
+    const items = data.data || data.triggers || [];
+    return mapTriggerTypes(items);
+  },
+  async getTriggerType(apiKey: string, slug: string): Promise<TriggerType | null> {
+    const res = await fetch(
+      `${AGENTDOJO_API_BASE}/triggers/${encodeURIComponent(slug)}`,
+      { headers: headers(apiKey) },
+    );
+    if (!res.ok) {
+      if (res.status === 404) return null;
+      console.error("AgentDojo getTriggerType error:", res.status, await res.text());
+      return null;
+    }
+    const data = await res.json();
+    const item = data.data || data;
+    return {
+      slug: item.slug,
+      name: item.display_name || item.event_name || item.slug,
+      description: item.description || "",
+      type: (item.mechanism as "webhook" | "poll") || "webhook",
+      toolkit_slug: item.toolkit?.name || item.toolkit_name || "",
+      toolkit_name: item.toolkit?.display_name || item.toolkit_display_name || "",
+      logo: item.toolkit?.icon_url || null,
+      config_schema: item.config_schema || {},
+      payload_schema: item.payload_schema || {},
+    };
+  },
+  async createTrigger(
+    apiKey: string,
+    slug: string,
+    connectedAccountId: string,
+    config?: Record<string, unknown>,
+  ): Promise<{ triggerId: string }> {
+    // AgentDojo uses subscriptions — we create a subscription for this trigger
+    // The callback_url should be set in config or from stored webhook URL
+    const callbackUrl = (config?.callback_url as string) || "";
+    if (!callbackUrl) {
+      throw new Error("callback_url is required in config for AgentDojo triggers");
+    }
+    // Separate known top-level fields from extra config (e.g. owner, repo for GitHub)
+    const { callback_url, title, events, server, prompt, agent_id, ...extraConfig } = config || {} as Record<string, unknown>;
+    const body: Record<string, unknown> = {
+      trigger_type_slug: slug,
+      credential_id: connectedAccountId,
+      callback_url: callbackUrl,
+      title: (title as string) || `Trigger: ${slug}`,
+    };
+    if (events) body.events = events;
+    if (server) body.server = server;
+    if (prompt) body.prompt = prompt;
+    if (agent_id) body.agent_id = agent_id;
+    // Pass extra config fields (owner, repo, etc.) as the config object
+    // mcp-subscribe spreads this into the webhook register payload
+    if (Object.keys(extraConfig).length > 0) {
+      body.config = extraConfig;
+      console.log("AgentDojo createTrigger: extra config:", JSON.stringify(extraConfig));
+    }
+    const res = await fetch(`${AGENTDOJO_API_BASE}/subscribe`, {
+      method: "POST",
+      headers: headers(apiKey),
+      body: JSON.stringify(body),
+    });
+    if (!res.ok) {
+      const errText = await res.text();
+      console.error("AgentDojo createTrigger error:", res.status, errText);
+      throw new Error(`Failed to create AgentDojo subscription: ${errText}`);
+    }
+    const data = await res.json();
+    return { triggerId: String(data.subscription_id || data.id) };
+  },
+  async listTriggers(apiKey: string): Promise<TriggerInstance[]> {
+    const res = await fetch(`${AGENTDOJO_API_BASE}/subscriptions?status=active`, {
+      headers: headers(apiKey),
+    });
+    if (!res.ok) {
+      console.error("AgentDojo listTriggers error:", res.status, await res.text());
+      return [];
+    }
+    const data = await res.json();
+    const items = data.subscriptions || data.data || [];
+    return items.map((item: any) => ({
+      id: String(item.id || item.subscription_id),
+      trigger_slug: item.title || item.server || "",
+      connected_account_id: item.credential_id || null,
+      status: item.status === "active" ? "active" as const : "disabled" as const,
+      config: {
+        server: item.server,
+        events: item.events,
+        callback_url: item.callback_url,
+        prompt: item.prompt,
+        title: item.title,
+      },
+      created_at: item.created_at || "",
+    }));
+  },
+  async enableTrigger(apiKey: string, triggerId: string): Promise<boolean> {
+    const res = await fetch(`${AGENTDOJO_API_BASE}/subscription/update`, {
+      method: "POST",
+      headers: headers(apiKey),
+      body: JSON.stringify({ subscription_id: parseInt(triggerId), status: "active" }),
+    });
+    return res.ok;
+  },
+  async disableTrigger(apiKey: string, triggerId: string): Promise<boolean> {
+    const res = await fetch(`${AGENTDOJO_API_BASE}/subscription/update`, {
+      method: "POST",
+      headers: headers(apiKey),
+      body: JSON.stringify({ subscription_id: parseInt(triggerId), status: "disabled" }),
+    });
+    return res.ok;
+  },
+  async deleteTrigger(apiKey: string, triggerId: string): Promise<boolean> {
+    const res = await fetch(`${AGENTDOJO_API_BASE}/unsubscribe`, {
+      method: "POST",
+      headers: headers(apiKey),
+      body: JSON.stringify({ subscription_id: parseInt(triggerId) }),
+    });
+    return res.ok;
+  },
+  async setupWebhook(apiKey: string, webhookUrl: string): Promise<{ secret?: string }> {
+    // AgentDojo uses per-subscription callback URLs, not a global webhook.
+    // We just store the base URL locally — it will be passed when creating subscriptions.
+    // No remote API call needed.
+    return {};
+  },
+  async getWebhookConfig(apiKey: string): Promise<{ url: string | null; secret: string | null }> {
+    // AgentDojo doesn't have a global webhook config — each subscription has its own callback_url.
+    // Return null to indicate per-subscription mode.
+    return { url: null, secret: null };
+  },
+  verifyWebhook(req: Request, body: string, secret: string): boolean {
+    // AgentDojo forwards webhooks with an HMAC signature
+    const signature = req.headers.get("x-webhook-signature") || "";
+    if (!signature) {
+      // If no signature header, check for a simple shared token
+      const token = req.headers.get("x-webhook-token") || "";
+      return token === secret;
+    }
+    // HMAC-SHA256 verification: signature is "sha256=<hex>"
+    const sig = signature.startsWith("sha256=") ? signature.slice(7) : signature;
+    try {
+      const expected = createHmac("sha256", secret).update(body).digest("hex");
+      return timingSafeEqual(Buffer.from(sig, "hex"), Buffer.from(expected, "hex"));
+    } catch {
+      return false;
+    }
+  },
+  parseWebhookPayload(body: Record<string, unknown>): {
+    triggerSlug: string;
+    triggerInstanceId: string | null;
+    payload: Record<string, unknown>;
+  } {
+    // AgentDojo forwarded payload format:
+    // { type: "webhook", server: "stripe-payments", event: "payment_intent.succeeded",
+    //   data: { ... }, prompt: "...", subscription_id: 123, timestamp: "..." }
+    const server = (body.server as string) || "";
+    const event = (body.event as string) || "";
+    const triggerSlug = event ? `${server}:${event}` : server || (body.type as string) || "unknown";
+    const triggerInstanceId = body.subscription_id
+      ? String(body.subscription_id)
+      : null;
+    const payload = (body.data as Record<string, unknown>) || {};
+    return { triggerSlug, triggerInstanceId, payload };
+  },
+};
+function mapTriggerTypes(items: any[]): TriggerType[] {
+  return items.map((item: any) => ({
+    slug: item.slug,
+    name: item.display_name || item.event_name || item.slug,
+    description: item.description || "",
+    type: (item.mechanism as "webhook" | "poll") || "webhook",
+    toolkit_slug: item.toolkit?.name || item.toolkit_name || "",
+    toolkit_name: item.toolkit?.display_name || item.toolkit_display_name || "",
+    logo: item.toolkit?.icon_url || null,
+    config_schema: item.config_schema || {},
+    payload_schema: item.payload_schema || {},
+  }));
+}

package/src/triggers/composio.ts ADDED Viewed

@@ -0,0 +1,264 @@
+// Composio Trigger Provider
+// https://docs.composio.dev/api-reference/triggers
+import { createHmac, timingSafeEqual } from "crypto";
+import type { TriggerProvider, TriggerType, TriggerInstance } from "./index";
+const COMPOSIO_API_BASE = "https://backend.composio.dev";
+function headers(apiKey: string) {
+  return { "x-api-key": apiKey, "Content-Type": "application/json" };
+}
+export const ComposioTriggerProvider: TriggerProvider = {
+  id: "composio",
+  name: "Composio",
+  async listTriggerTypes(apiKey: string, toolkitSlugs?: string[]): Promise<TriggerType[]> {
+    const params = new URLSearchParams();
+    if (toolkitSlugs?.length) {
+      params.set("toolkit_slugs", toolkitSlugs.join(","));
+    }
+    const res = await fetch(`${COMPOSIO_API_BASE}/api/v3/triggers_types?${params}`, {
+      headers: headers(apiKey),
+    });
+    if (!res.ok) {
+      console.error("Composio listTriggerTypes error:", res.status, await res.text());
+      return [];
+    }
+    const data = await res.json();
+    const items = data.items || data || [];
+    return items.map((item: any) => ({
+      slug: item.slug || item.enum,
+      name: item.name || item.slug,
+      description: item.description || "",
+      type: item.type || "webhook",
+      toolkit_slug: item.toolkit?.slug || item.app_slug || "",
+      toolkit_name: item.toolkit?.name || item.app_name || "",
+      logo: item.toolkit?.logo || item.logo || null,
+      config_schema: item.config || {},
+      payload_schema: item.payload || {},
+    }));
+  },
+  async getTriggerType(apiKey: string, slug: string): Promise<TriggerType | null> {
+    const res = await fetch(`${COMPOSIO_API_BASE}/api/v3/triggers_types/${encodeURIComponent(slug)}`, {
+      headers: headers(apiKey),
+    });
+    if (!res.ok) {
+      if (res.status === 404) return null;
+      console.error("Composio getTriggerType error:", res.status, await res.text());
+      return null;
+    }
+    const item = await res.json();
+    return {
+      slug: item.slug || item.enum,
+      name: item.name || item.slug,
+      description: item.description || "",
+      type: item.type || "webhook",
+      toolkit_slug: item.toolkit?.slug || item.app_slug || "",
+      toolkit_name: item.toolkit?.name || item.app_name || "",
+      logo: item.toolkit?.logo || item.logo || null,
+      config_schema: item.config || {},
+      payload_schema: item.payload || {},
+    };
+  },
+  async createTrigger(
+    apiKey: string,
+    slug: string,
+    connectedAccountId: string,
+    config?: Record<string, unknown>,
+  ): Promise<{ triggerId: string }> {
+    const body: any = {
+      connected_account_id: connectedAccountId,
+    };
+    if (config) {
+      body.trigger_config = config;
+    }
+    const res = await fetch(
+      `${COMPOSIO_API_BASE}/api/v3/trigger_instances/${encodeURIComponent(slug)}/upsert`,
+      {
+        method: "POST",
+        headers: headers(apiKey),
+        body: JSON.stringify(body),
+      },
+    );
+    if (!res.ok) {
+      const errText = await res.text();
+      console.error("Composio createTrigger error:", res.status, errText);
+      throw new Error(`Failed to create trigger: ${errText}`);
+    }
+    const data = await res.json();
+    return { triggerId: data.trigger_id || data.deprecated?.uuid || data.id };
+  },
+  async listTriggers(apiKey: string): Promise<TriggerInstance[]> {
+    const res = await fetch(`${COMPOSIO_API_BASE}/api/v3/trigger_instances/active`, {
+      headers: headers(apiKey),
+    });
+    if (!res.ok) {
+      console.error("Composio listTriggers error:", res.status, await res.text());
+      return [];
+    }
+    const data = await res.json();
+    const items = data.items || data.triggers || data || [];
+    return items.map((item: any) => ({
+      id: item.id || item.trigger_id,
+      trigger_slug: item.trigger_name || item.trigger_slug || item.slug || "",
+      connected_account_id: item.connected_account_id || item.connectedAccountId || null,
+      status: item.disabled ? "disabled" : "active",
+      config: item.trigger_config || item.triggerConfig || {},
+      created_at: item.created_at || item.createdAt || "",
+    }));
+  },
+  async enableTrigger(apiKey: string, triggerId: string): Promise<boolean> {
+    const res = await fetch(
+      `${COMPOSIO_API_BASE}/api/v3/trigger_instances/manage/${encodeURIComponent(triggerId)}`,
+      {
+        method: "PATCH",
+        headers: headers(apiKey),
+        body: JSON.stringify({ status: "enable" }),
+      },
+    );
+    return res.ok;
+  },
+  async disableTrigger(apiKey: string, triggerId: string): Promise<boolean> {
+    const res = await fetch(
+      `${COMPOSIO_API_BASE}/api/v3/trigger_instances/manage/${encodeURIComponent(triggerId)}`,
+      {
+        method: "PATCH",
+        headers: headers(apiKey),
+        body: JSON.stringify({ status: "disable" }),
+      },
+    );
+    return res.ok;
+  },
+  async deleteTrigger(apiKey: string, triggerId: string): Promise<boolean> {
+    const res = await fetch(
+      `${COMPOSIO_API_BASE}/api/v3/trigger_instances/manage/${encodeURIComponent(triggerId)}`,
+      {
+        method: "DELETE",
+        headers: headers(apiKey),
+      },
+    );
+    return res.ok;
+  },
+  async setupWebhook(apiKey: string, webhookUrl: string): Promise<{ secret?: string }> {
+    // Use webhook_subscriptions API (requires HTTPS)
+    const res = await fetch(`${COMPOSIO_API_BASE}/api/v3/webhook_subscriptions`, {
+      method: "POST",
+      headers: headers(apiKey),
+      body: JSON.stringify({
+        webhook_url: webhookUrl,
+        enabled_events: ["composio.trigger.message"],
+        version: "V3",
+      }),
+    });
+    if (!res.ok) {
+      const errText = await res.text();
+      console.error("Composio setupWebhook error:", res.status, errText);
+      throw new Error(`Failed to set webhook URL: ${errText}`);
+    }
+    const data = await res.json();
+    const secret = data.secret || data.webhook_secret || undefined;
+    return { secret };
+  },
+  async getWebhookConfig(apiKey: string): Promise<{ url: string | null; secret: string | null }> {
+    const res = await fetch(`${COMPOSIO_API_BASE}/api/v3/webhook_subscriptions`, {
+      headers: headers(apiKey),
+    });
+    if (!res.ok) {
+      console.error("Composio getWebhookConfig error:", res.status, await res.text());
+      return { url: null, secret: null };
+    }
+    const data = await res.json();
+    const items = data.items || data.subscriptions || (Array.isArray(data) ? data : [data]);
+    const sub = items[0];
+    return {
+      url: sub?.webhook_url || sub?.callback_url || sub?.url || null,
+      secret: sub?.secret || sub?.webhook_secret || null,
+    };
+  },
+  verifyWebhook(req: Request, body: string, secret: string): boolean {
+    const signature = req.headers.get("webhook-signature") || "";
+    const webhookId = req.headers.get("webhook-id") || "";
+    const timestamp = req.headers.get("webhook-timestamp") || "";
+    if (!signature || !webhookId || !timestamp) return false;
+    // Check timestamp freshness (5-minute window to prevent replay)
+    const now = Math.floor(Date.now() / 1000);
+    const ts = parseInt(timestamp, 10);
+    if (isNaN(ts) || Math.abs(now - ts) > 300) return false;
+    // Composio signature: HMAC-SHA256("{webhook-id}.{timestamp}.{body}", secret)
+    const signedContent = `${webhookId}.${timestamp}.${body}`;
+    const expectedSignature = createHmac("sha256", secret)
+      .update(signedContent)
+      .digest("base64");
+    // Signature header format: "v1,<base64>"
+    const sig = signature.startsWith("v1,") ? signature.slice(3) : signature;
+    try {
+      return timingSafeEqual(
+        Buffer.from(sig, "base64"),
+        Buffer.from(expectedSignature, "base64"),
+      );
+    } catch {
+      return false;
+    }
+  },
+  parseWebhookPayload(body: Record<string, unknown>): {
+    triggerSlug: string;
+    triggerInstanceId: string | null;
+    payload: Record<string, unknown>;
+  } {
+    // V3 format: { type: "composio.trigger.message", metadata: { trigger_slug, trigger_id, ... }, data: { ... } }
+    // V2/V1 format: { trigger_name, trigger_id, payload: { ... } }
+    const metadata = (body.metadata as Record<string, unknown>) || {};
+    const data = (body.data as Record<string, unknown>) || {};
+    const triggerSlug =
+      (metadata.trigger_slug as string) ||
+      (body.trigger_name as string) ||
+      ((body.type as string) !== "composio.trigger.message" ? (body.type as string) : null) ||
+      "unknown";
+    const triggerInstanceId =
+      (metadata.trigger_id as string) ||
+      (body.trigger_id as string) ||
+      (body.triggerId as string) ||
+      null;
+    const payload =
+      (body.payload as Record<string, unknown>) ||
+      data;
+    return { triggerSlug, triggerInstanceId, payload };
+  },
+};