apteva 0.4.18 → 0.4.19

package/src/routes/api/channels.ts

@@ -0,0 +1,182 @@
+import { json } from "./helpers";
+import { ChannelDB, AgentDB } from "../../db";
+import { encryptObject } from "../../crypto";
+import { startChannel, stopChannel } from "../../channels";
+
+export async function handleChannelRoutes(
+  req: Request,
+  path: string,
+  method: string,
+): Promise<Response | null> {
+  // GET /api/channels - List all channels
+  if (path === "/api/channels" && method === "GET") {
+    const channels = ChannelDB.findAll();
+    // Strip encrypted config from list response
+    const safe = channels.map(ch => ({
+      id: ch.id,
+      type: ch.type,
+      name: ch.name,
+      agent_id: ch.agent_id,
+      status: ch.status,
+      error: ch.error,
+      project_id: ch.project_id,
+      created_at: ch.created_at,
+      updated_at: ch.updated_at,
+    }));
+    return json({ channels: safe });
+  }
+
+  // POST /api/channels - Create a new channel
+  if (path === "/api/channels" && method === "POST") {
+    const body = await req.json();
+    const { type, name, agent_id, config, project_id } = body;
+
+    if (!type || !name || !agent_id || !config) {
+      return json({ error: "Missing required fields: type, name, agent_id, config" }, 400);
+    }
+
+    if (type !== "telegram") {
+      return json({ error: `Unsupported channel type: ${type}. Supported: telegram` }, 400);
+    }
+
+    // Validate agent exists
+    const agent = AgentDB.findById(agent_id);
+    if (!agent) {
+      return json({ error: "Agent not found" }, 404);
+    }
+
+    // Validate config has required fields
+    if (!config.botToken) {
+      return json({ error: "Missing botToken in config" }, 400);
+    }
+
+    // Encrypt config before storing
+    const encryptedConfig = encryptObject(config);
+
+    const channel = ChannelDB.create({
+      type,
+      name,
+      agent_id,
+      config: encryptedConfig,
+      project_id: project_id || null,
+    });
+
+    return json({
+      channel: {
+        id: channel.id,
+        type: channel.type,
+        name: channel.name,
+        agent_id: channel.agent_id,
+        status: channel.status,
+        error: channel.error,
+        project_id: channel.project_id,
+        created_at: channel.created_at,
+      },
+    }, 201);
+  }
+
+  // Routes with channel ID
+  const channelMatch = path.match(/^\/api\/channels\/([^/]+)$/);
+  const channelActionMatch = path.match(/^\/api\/channels\/([^/]+)\/(start|stop)$/);
+
+  // GET /api/channels/:id - Get channel detail
+  if (channelMatch && method === "GET") {
+    const channel = ChannelDB.findById(channelMatch[1]);
+    if (!channel) return json({ error: "Channel not found" }, 404);
+
+    return json({
+      channel: {
+        id: channel.id,
+        type: channel.type,
+        name: channel.name,
+        agent_id: channel.agent_id,
+        status: channel.status,
+        error: channel.error,
+        project_id: channel.project_id,
+        created_at: channel.created_at,
+        updated_at: channel.updated_at,
+      },
+    });
+  }
+
+  // PUT /api/channels/:id - Update channel
+  if (channelMatch && method === "PUT") {
+    const channel = ChannelDB.findById(channelMatch[1]);
+    if (!channel) return json({ error: "Channel not found" }, 404);
+
+    if (channel.status === "running") {
+      return json({ error: "Stop the channel before updating" }, 400);
+    }
+
+    const body = await req.json();
+    const updates: Record<string, any> = {};
+
+    if (body.name !== undefined) updates.name = body.name;
+    if (body.agent_id !== undefined) {
+      const agent = AgentDB.findById(body.agent_id);
+      if (!agent) return json({ error: "Agent not found" }, 404);
+      updates.agent_id = body.agent_id;
+    }
+    if (body.config !== undefined) {
+      if (!body.config.botToken) {
+        return json({ error: "Missing botToken in config" }, 400);
+      }
+      updates.config = encryptObject(body.config);
+    }
+    if (body.project_id !== undefined) updates.project_id = body.project_id;
+
+    const updated = ChannelDB.update(channelMatch[1], updates);
+    return json({
+      channel: updated ? {
+        id: updated.id,
+        type: updated.type,
+        name: updated.name,
+        agent_id: updated.agent_id,
+        status: updated.status,
+        project_id: updated.project_id,
+      } : null,
+    });
+  }
+
+  // DELETE /api/channels/:id - Delete channel
+  if (channelMatch && method === "DELETE") {
+    const channel = ChannelDB.findById(channelMatch[1]);
+    if (!channel) return json({ error: "Channel not found" }, 404);
+
+    // Stop if running
+    if (channel.status === "running") {
+      await stopChannel(channel.id);
+    }
+
+    ChannelDB.delete(channelMatch[1]);
+    return json({ deleted: true });
+  }
+
+  // POST /api/channels/:id/start - Start channel
+  if (channelActionMatch && channelActionMatch[2] === "start" && method === "POST") {
+    const channel = ChannelDB.findById(channelActionMatch[1]);
+    if (!channel) return json({ error: "Channel not found" }, 404);
+
+    if (channel.status === "running") {
+      return json({ error: "Channel is already running" }, 400);
+    }
+
+    const result = await startChannel(channel.id);
+    if (!result.success) {
+      return json({ error: result.error || "Failed to start channel" }, 500);
+    }
+
+    return json({ started: true });
+  }
+
+  // POST /api/channels/:id/stop - Stop channel
+  if (channelActionMatch && channelActionMatch[2] === "stop" && method === "POST") {
+    const channel = ChannelDB.findById(channelActionMatch[1]);
+    if (!channel) return json({ error: "Channel not found" }, 404);
+
+    await stopChannel(channel.id);
+    return json({ stopped: true });
+  }
+
+  return null;
+}

package/src/routes/api/integrations.ts

@@ -77,19 +77,25 @@ export async function handleIntegrationRoutes(
 
     const url = new URL(req.url);
     const projectId = url.searchParams.get("project_id") || null;
+    console.log(`[integrations/connected] provider=${providerId}, projectId=${projectId}`);
     const apiKey = ProviderKeys.getDecryptedForProject(providerId, projectId);
+    console.log(`[integrations/connected] apiKey found: ${!!apiKey}, length: ${apiKey?.length || 0}`);
     if (!apiKey) {
+      console.log(`[integrations/connected] NO API KEY for ${providerId}`);
       return json({ error: `${provider.name} API key not configured`, accounts: [] }, 200);
     }
 
     // Use Apteva user ID as the entity ID for the provider
-    const userId = user?.id || "default";
+    if (!user?.id) {
+      return json({ error: "Authentication required" }, 401);
+    }
 
     try {
-      const accounts = await provider.listConnectedAccounts(apiKey, userId);
+      const accounts = await provider.listConnectedAccounts(apiKey, user.id);
+      console.log(`[integrations/connected] Got ${accounts.length} accounts from ${providerId}`);
       return json({ accounts });
     } catch (e) {
-      console.error(`Failed to list connected accounts from ${providerId}:`, e);
+      console.error(`[integrations/connected] Failed from ${providerId}:`, e);
       return json({ error: "Failed to fetch connected accounts" }, 500);
     }
   }
@@ -116,12 +122,14 @@ export async function handleIntegrationRoutes(
       }
 
       // Use Apteva user ID as the entity ID
-      const userId = user?.id || "default";
+      if (!user?.id) {
+        return json({ error: "Authentication required" }, 401);
+      }
 
       // Default redirect URL back to our integrations page
       const callbackUrl = redirectUrl || `http://localhost:${process.env.PORT || 4280}/mcp?tab=hosted&connected=${appSlug}`;
 
-      const result = await provider.initiateConnection(apiKey, userId, appSlug, callbackUrl, credentials);
+      const result = await provider.initiateConnection(apiKey, user.id, appSlug, callbackUrl, credentials);
       return json(result);
     } catch (e) {
       console.error(`Failed to initiate connection for ${providerId}:`, e);

package/src/routes/api/mcp.ts

@@ -221,6 +221,21 @@ export async function handleMcpRoutes(
       });
     };
 
+    // Validate package/command names to prevent injection
+    const SAFE_PACKAGE_RE = /^(@[a-z0-9._-]+\/)?[a-z0-9._-]+(@[a-z0-9^~>=<.*-]+)?(\[[\w,]+\])?$/i;
+
+    // Parse args safely — split on whitespace but respect quoted strings
+    const parseArgs = (raw: string, env: Record<string, string>): string[] => {
+      const substituted = substituteEnvVars(raw, env);
+      const args: string[] = [];
+      const re = /"([^"]*?)"|'([^']*?)'|(\S+)/g;
+      let m;
+      while ((m = re.exec(substituted)) !== null) {
+        args.push(m[1] ?? m[2] ?? m[3]);
+      }
+      return args;
+    };
+
     let cmd: string[];
     const serverEnv = server.env || {};
 
@@ -228,17 +243,19 @@ export async function handleMcpRoutes(
       // Custom command - substitute env vars in args
       cmd = server.command.split(" ");
       if (server.args) {
-        const substitutedArgs = substituteEnvVars(server.args, serverEnv);
-        cmd.push(...substitutedArgs.split(" "));
+        cmd.push(...parseArgs(server.args, serverEnv));
       }
     } else if (server.type === "pip" && server.package) {
       // Python pip package - install first, then run module
       const pipPackage = server.package;
+      if (!SAFE_PACKAGE_RE.test(pipPackage)) {
+        return json({ error: "Invalid pip package name" }, 400);
+      }
       const pipModule = server.pip_module || server.package.split("[")[0]; // Default: package name without extras
 
       console.log(`Installing pip package: ${pipPackage}...`);
       const installResult = spawn({
-        cmd: ["pip", "install", "--quiet", "--break-system-packages", pipPackage],
+        cmd: ["pip", "install", "--quiet", "--no-scripts", pipPackage],
         env: { ...process.env as Record<string, string>, ...serverEnv },
         stdout: "pipe",
         stderr: "pipe",
@@ -254,15 +271,16 @@ export async function handleMcpRoutes(
       // Now run the module
       cmd = ["python", "-m", pipModule];
       if (server.args) {
-        const substitutedArgs = substituteEnvVars(server.args, serverEnv);
-        cmd.push(...substitutedArgs.split(" "));
+        cmd.push(...parseArgs(server.args, serverEnv));
       }
     } else if (server.package) {
-      // npm package - use npx
-      cmd = ["npx", "-y", server.package];
+      // npm package - use npx with --ignore-scripts to prevent supply chain attacks
+      if (!SAFE_PACKAGE_RE.test(server.package)) {
+        return json({ error: "Invalid npm package name" }, 400);
+      }
+      cmd = ["npx", "--ignore-scripts", "-y", server.package];
       if (server.args) {
-        const substitutedArgs = substituteEnvVars(server.args, serverEnv);
-        cmd.push(...substitutedArgs.split(" "));
+        cmd.push(...parseArgs(server.args, serverEnv));
       }
     } else {
       return json({ error: "No command or package specified" }, 400);

package/src/routes/api/telemetry.ts

@@ -139,5 +139,35 @@ export async function handleTelemetryRoutes(
     return json({ deleted });
   }
 
+  // --- Notification endpoints (piggyback on telemetry `seen` flag) ---
+
+  // GET /api/notifications - Get notification-worthy events
+  if (path === "/api/notifications" && method === "GET") {
+    const url = new URL(req.url);
+    const limit = parseInt(url.searchParams.get("limit") || "50");
+    const notifications = TelemetryDB.getNotifications(limit);
+    return json({ notifications });
+  }
+
+  // GET /api/notifications/count - Get unseen notification count
+  if (path === "/api/notifications/count" && method === "GET") {
+    const count = TelemetryDB.getUnseenCount();
+    return json({ count });
+  }
+
+  // POST /api/notifications/mark-seen - Mark specific notifications as seen
+  if (path === "/api/notifications/mark-seen" && method === "POST") {
+    const body = await req.json() as { ids?: string[]; all?: boolean };
+    if (body.all) {
+      const updated = TelemetryDB.markAllSeen();
+      return json({ updated });
+    }
+    if (body.ids && body.ids.length > 0) {
+      const updated = TelemetryDB.markSeen(body.ids);
+      return json({ updated });
+    }
+    return json({ error: "Provide ids array or all: true" }, 400);
+  }
+
   return null;
 }

package/src/routes/api/triggers.ts

@@ -45,10 +45,12 @@ export async function handleTriggerRoutes(
 
   // GET /api/triggers/providers - List available trigger providers
   if (path === "/api/triggers/providers" && method === "GET") {
+    const url = new URL(req.url);
+    const projectId = url.searchParams.get("project_id") || null;
     const providerIds = getTriggerProviderIds();
     const providers = providerIds.map(id => {
       const provider = getTriggerProvider(id);
-      const hasKey = !!ProviderKeys.getDecrypted(id);
+      const hasKey = !!ProviderKeys.getDecryptedForProject(id, projectId);
       return { id, name: provider?.name || id, connected: hasKey };
     });
     return json({ providers });
@@ -65,20 +67,24 @@ export async function handleTriggerRoutes(
     const projectId = url.searchParams.get("project_id") || null;
 
     const provider = getTriggerProvider(providerId);
+    console.log(`[triggers/types] provider=${providerId}, toolkitSlugs=${toolkitSlugsParam}, projectId=${projectId}, providerFound=${!!provider}`);
     if (!provider) {
       return json({ error: `Unknown trigger provider: ${providerId}` }, 404);
     }
 
     const apiKey = ProviderKeys.getDecryptedForProject(providerId, projectId);
+    console.log(`[triggers/types] apiKey found: ${!!apiKey}, length: ${apiKey?.length || 0}, first4: ${apiKey?.substring(0, 4) || 'none'}`);
     if (!apiKey) {
+      console.log(`[triggers/types] NO API KEY for ${providerId} (projectId=${projectId})`);
       return json({ error: `${provider.name} API key not configured`, types: [] }, 200);
     }
 
     try {
       const types = await provider.listTriggerTypes(apiKey, toolkitSlugs);
+      console.log(`[triggers/types] Got ${types.length} types from ${providerId}`);
       return json({ types });
     } catch (e) {
-      console.error(`Failed to list trigger types from ${providerId}:`, e);
+      console.error(`[triggers/types] Failed to list trigger types from ${providerId}:`, e);
       return json({ error: "Failed to fetch trigger types" }, 500);
     }
   }
@@ -165,6 +171,20 @@ export async function handleTriggerRoutes(
       }
 
       const result = await provider.createTrigger(apiKey, slug, connectedAccountId, config);
+
+      // Also create a local subscription for webhook routing
+      if (config?.agent_id && result.triggerId) {
+        const triggerSlug = config.server ? `${config.server}:${slug.replace(/^.*?-/, '')}` : slug;
+        SubscriptionDB.create({
+          trigger_slug: slug,
+          trigger_instance_id: result.triggerId,
+          agent_id: config.agent_id,
+          enabled: true,
+          project_id: projectId,
+        });
+        console.log(`[triggers] Created local subscription: ${slug} (instance=${result.triggerId}) → agent ${config.agent_id}`);
+      }
+
       return json(result, 201);
     } catch (e: any) {
       console.error(`Failed to create trigger:`, e);

package/src/routes/api.ts

@@ -14,6 +14,7 @@ import { handleMetaAgentRoutes } from "./api/meta-agent";
 import { handleTelemetryRoutes } from "./api/telemetry";
 import { handleTestRoutes } from "./api/tests";
 import { handleApiKeyRoutes } from "./api/api-keys";
+import { handleChannelRoutes } from "./api/channels";
 import { handlePlatformMcpRequest } from "../mcp-platform";
 
 // Re-export for backward compatibility (server.ts dynamic import)
@@ -41,8 +42,9 @@ export async function handleApiRequest(
     (await handleAgentRoutes(req, path, method, authContext)) ??
     (await handleMcpRoutes(req, path, method)) ??
     (await handleSkillRoutes(req, path, method)) ??
-    (await handleIntegrationRoutes(req, path, method)) ??
+    (await handleIntegrationRoutes(req, path, method, authContext)) ??
     (await handleTriggerRoutes(req, path, method, authContext)) ??
+    (await handleChannelRoutes(req, path, method)) ??
     (await handleMetaAgentRoutes(req, path, method)) ??
     (await handleTelemetryRoutes(req, path, method)) ??
     (await handleTestRoutes(req, path, method)) ??

package/src/server.ts

@@ -5,7 +5,7 @@ import { serveStatic } from "./routes/static";
 import { join } from "path";
 import { homedir } from "os";
 import { mkdirSync, existsSync } from "fs";
-import { initDatabase, AgentDB, ProviderKeysDB, McpServerDB, type McpServer, type Agent } from "./db";
+import { initDatabase, AgentDB, ProviderKeysDB, McpServerDB, ChannelDB, type McpServer, type Agent } from "./db";
 import { authMiddleware, type AuthContext } from "./auth/middleware";
 import { startMcpProcess } from "./mcp-client";
 import {
@@ -106,13 +106,18 @@ initDatabase(DATA_DIR);
 // Initialize version tracking
 initVersionTracking(DATA_DIR);
 
-// Get agents and MCP servers that were running before restart (for auto-restart)
+// Get agents, MCP servers, and channels that were running before restart (for auto-restart)
 const agentsToRestart = AgentDB.findRunning();
 const mcpServersToRestart = McpServerDB.findRunning();
+const channelsToRestart = ChannelDB.findRunning();
 
 // Reset all agents and MCP servers to stopped on startup (processes don't survive restart)
 AgentDB.resetAllStatus();
 McpServerDB.resetAllStatus();
+// Reset channels too (bot polling doesn't survive restart)
+for (const ch of channelsToRestart) {
+  ChannelDB.setStatus(ch.id, "stopped");
+}
 
 // Clean up orphaned processes on agent ports (targeted cleanup based on DB)
 async function cleanupOrphanedProcesses(): Promise<void> {
@@ -194,15 +199,26 @@ async function shutdownAllAgents() {
 // Handle process termination signals
 let shuttingDown = false;
 export function isShuttingDown(): boolean { return shuttingDown; }
+async function shutdownAllChannels() {
+  try {
+    const { stopAllChannels } = await import("./channels");
+    await stopAllChannels();
+  } catch {
+    // Ignore import/stop errors during shutdown
+  }
+}
+
 process.on("SIGINT", async () => {
   if (shuttingDown) return;
   shuttingDown = true;
+  await shutdownAllChannels();
   await shutdownAllAgents();
   process.exit(0);
 });
 process.on("SIGTERM", async () => {
   if (shuttingDown) return;
   shuttingDown = true;
+  await shutdownAllChannels();
   await shutdownAllAgents();
   process.exit(0);
 });
@@ -416,8 +432,8 @@ console.log(`
             ${c.darkGray}Click link or Cmd/Ctrl+C to copy${c.reset}
 `);
 
-// Auto-restart agents and MCP servers that were running before restart
-const hasRestarts = agentsToRestart.length > 0 || mcpServersToRestart.length > 0;
+// Auto-restart agents, MCP servers, and channels that were running before restart
+const hasRestarts = agentsToRestart.length > 0 || mcpServersToRestart.length > 0 || channelsToRestart.length > 0;
 
 if (hasRestarts) {
   // Restart in background to not block startup
@@ -492,6 +508,25 @@ if (hasRestarts) {
         }
       }
     }
+
+    // Restart channels (after agents, since channels depend on running agents)
+    if (channelsToRestart.length > 0) {
+      const { startChannel } = await import("./channels");
+      console.log(`  ${c.darkGray}Channels${c.reset}  ${c.gray}Restarting ${channelsToRestart.length} channel(s)...${c.reset}`);
+
+      for (const channel of channelsToRestart) {
+        try {
+          const result = await startChannel(channel.id);
+          if (result.success) {
+            console.log(`  ${c.gray}  ✓ ${channel.name} (${channel.type})${c.reset}`);
+          } else {
+            console.log(`  ${c.gray}  ✗ ${channel.name}: ${result.error}${c.reset}`);
+          }
+        } catch (err) {
+          console.log(`  ${c.gray}  ✗ ${channel.name}: ${err}${c.reset}`);
+        }
+      }
+    }
   })();
 }
 

package/src/triggers/agentdojo.ts

@@ -1,6 +1,6 @@
 // AgentDojo Trigger Provider
 // Uses our MCP API's subscription and trigger system
-// Docs: POST /mcp/subscribe, GET /mcp/subscriptions, GET /mcp/triggers
+// Docs: POST /subscribe, GET /subscriptions, GET /triggers
 
 import { createHmac, timingSafeEqual } from "crypto";
 import type { TriggerProvider, TriggerType, TriggerInstance } from "./index";
@@ -22,7 +22,7 @@ export const AgentDojoTriggerProvider: TriggerProvider = {
       const allItems: any[] = [];
       for (const slug of toolkitSlugs) {
         const res = await fetch(
-          `${AGENTDOJO_API_BASE}/mcp/triggers?${new URLSearchParams({ toolkit_name: slug, is_active: "true", limit: "200" })}`,
+          `${AGENTDOJO_API_BASE}/triggers?${new URLSearchParams({ toolkit_name: slug, is_active: "true", limit: "200" })}`,
           { headers: headers(apiKey) },
         );
         if (res.ok) {
@@ -34,7 +34,7 @@ export const AgentDojoTriggerProvider: TriggerProvider = {
       return mapTriggerTypes(allItems);
     }
 
-    const res = await fetch(`${AGENTDOJO_API_BASE}/mcp/triggers?${params}`, {
+    const res = await fetch(`${AGENTDOJO_API_BASE}/triggers?${params}`, {
       headers: headers(apiKey),
     });
 
@@ -50,7 +50,7 @@ export const AgentDojoTriggerProvider: TriggerProvider = {
 
   async getTriggerType(apiKey: string, slug: string): Promise<TriggerType | null> {
     const res = await fetch(
-      `${AGENTDOJO_API_BASE}/mcp/triggers/${encodeURIComponent(slug)}`,
+      `${AGENTDOJO_API_BASE}/triggers/${encodeURIComponent(slug)}`,
       { headers: headers(apiKey) },
     );
 
@@ -88,24 +88,29 @@ export const AgentDojoTriggerProvider: TriggerProvider = {
       throw new Error("callback_url is required in config for AgentDojo triggers");
     }
 
+    // Separate known top-level fields from extra config (e.g. owner, repo for GitHub)
+    const { callback_url, title, events, server, prompt, agent_id, ...extraConfig } = config || {} as Record<string, unknown>;
+
     const body: Record<string, unknown> = {
       trigger_type_slug: slug,
       credential_id: connectedAccountId,
       callback_url: callbackUrl,
-      title: (config?.title as string) || `Trigger: ${slug}`,
+      title: (title as string) || `Trigger: ${slug}`,
     };
 
-    if (config?.events) {
-      body.events = config.events;
-    }
-    if (config?.server) {
-      body.server = config.server;
-    }
-    if (config?.prompt) {
-      body.prompt = config.prompt;
+    if (events) body.events = events;
+    if (server) body.server = server;
+    if (prompt) body.prompt = prompt;
+    if (agent_id) body.agent_id = agent_id;
+
+    // Pass extra config fields (owner, repo, etc.) as the config object
+    // mcp-subscribe spreads this into the webhook register payload
+    if (Object.keys(extraConfig).length > 0) {
+      body.config = extraConfig;
+      console.log("AgentDojo createTrigger: extra config:", JSON.stringify(extraConfig));
     }
 
-    const res = await fetch(`${AGENTDOJO_API_BASE}/mcp/subscribe`, {
+    const res = await fetch(`${AGENTDOJO_API_BASE}/subscribe`, {
       method: "POST",
       headers: headers(apiKey),
       body: JSON.stringify(body),
@@ -122,7 +127,7 @@ export const AgentDojoTriggerProvider: TriggerProvider = {
   },
 
   async listTriggers(apiKey: string): Promise<TriggerInstance[]> {
-    const res = await fetch(`${AGENTDOJO_API_BASE}/mcp/subscriptions?status=active`, {
+    const res = await fetch(`${AGENTDOJO_API_BASE}/subscriptions?status=active`, {
       headers: headers(apiKey),
     });
 
@@ -151,7 +156,7 @@ export const AgentDojoTriggerProvider: TriggerProvider = {
   },
 
   async enableTrigger(apiKey: string, triggerId: string): Promise<boolean> {
-    const res = await fetch(`${AGENTDOJO_API_BASE}/mcp/subscription/update`, {
+    const res = await fetch(`${AGENTDOJO_API_BASE}/subscription/update`, {
       method: "POST",
       headers: headers(apiKey),
       body: JSON.stringify({ subscription_id: parseInt(triggerId), status: "active" }),
@@ -160,7 +165,7 @@ export const AgentDojoTriggerProvider: TriggerProvider = {
   },
 
   async disableTrigger(apiKey: string, triggerId: string): Promise<boolean> {
-    const res = await fetch(`${AGENTDOJO_API_BASE}/mcp/subscription/update`, {
+    const res = await fetch(`${AGENTDOJO_API_BASE}/subscription/update`, {
       method: "POST",
       headers: headers(apiKey),
       body: JSON.stringify({ subscription_id: parseInt(triggerId), status: "disabled" }),
@@ -169,7 +174,7 @@ export const AgentDojoTriggerProvider: TriggerProvider = {
   },
 
   async deleteTrigger(apiKey: string, triggerId: string): Promise<boolean> {
-    const res = await fetch(`${AGENTDOJO_API_BASE}/mcp/unsubscribe`, {
+    const res = await fetch(`${AGENTDOJO_API_BASE}/unsubscribe`, {
       method: "POST",
       headers: headers(apiKey),
       body: JSON.stringify({ subscription_id: parseInt(triggerId) }),