npm - lokicms-plugin-webhooks - Versions diffs - 1.0.0 - Mend

lokicms-plugin-webhooks 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2024 MauricioPerera
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,214 @@
+# Webhooks Plugin for LokiCMS
+Send HTTP webhooks when events occur in LokiCMS. Compatible with n8n, Zapier, Make, and any webhook receiver.
+## Features
+- **Event-driven**: Trigger webhooks on content and user events
+- **Multiple endpoints**: Configure different URLs for different events
+- **Content type filtering**: Only trigger for specific content types
+- **HMAC signatures**: Secure webhooks with SHA-256 signatures
+- **Custom headers**: Add authentication or custom headers
+- **Automatic retries**: Configurable retry on failure
+- **Delivery logs**: Track all webhook deliveries
+- **MCP tools**: AI-accessible webhook management
+## Installation
+```bash
+npm install lokicms-plugin-webhooks
+```
+## Configuration
+Add to `plugins.json`:
+```json
+{
+  "name": "webhooks",
+  "enabled": true,
+  "source": "npm",
+  "package": "lokicms-plugin-webhooks",
+  "settings": {
+    "maxRetries": 3,
+    "retryDelay": 5000,
+    "timeout": 30000
+  }
+}
+```
+## Supported Events
+| Event | Description |
+|-------|-------------|
+| `entry:afterCreate` | Content entry created |
+| `entry:afterUpdate` | Content entry updated |
+| `entry:afterDelete` | Content entry deleted |
+| `entry:afterPublish` | Content entry published |
+| `entry:afterUnpublish` | Content entry unpublished |
+| `user:afterCreate` | User account created |
+| `user:afterUpdate` | User account updated |
+| `user:afterDelete` | User account deleted |
+| `media:afterUpload` | Media file uploaded |
+| `media:afterDelete` | Media file deleted |
+## API Endpoints
+Base path: `/api/plugins/webhooks`
+### Endpoints Management
+```bash
+# List all endpoints
+GET /endpoints
+# Get endpoint details
+GET /endpoints/:id
+# Create endpoint
+POST /endpoints
+{
+  "name": "n8n Workflow",
+  "url": "https://n8n.example.com/webhook/abc123",
+  "events": ["entry:afterCreate", "entry:afterUpdate"],
+  "secret": "my-secret-key",
+  "headers": {
+    "X-Custom-Header": "value"
+  },
+  "enabled": true,
+  "contentTypeFilter": ["post", "page"]
+}
+# Update endpoint
+PUT /endpoints/:id
+# Delete endpoint
+DELETE /endpoints/:id
+# Test endpoint
+POST /endpoints/:id/test
+```
+### Deliveries & Events
+```bash
+# List delivery logs
+GET /deliveries
+GET /deliveries?endpointId=xxx&status=failed&limit=50
+# List supported events
+GET /events
+# Reload endpoints (after manual changes)
+POST /reload
+```
+## Webhook Payload
+```json
+{
+  "id": "550e8400-e29b-41d4-a716-446655440000",
+  "event": "entry:afterCreate",
+  "timestamp": 1703980800000,
+  "contentType": "post",
+  "data": {
+    "id": "abc123",
+    "title": "My Post",
+    "slug": "my-post",
+    "content": { ... },
+    "status": "published",
+    "createdAt": 1703980800000
+  }
+}
+```
+## Webhook Headers
+Every webhook request includes:
+| Header | Description |
+|--------|-------------|
+| `Content-Type` | `application/json` |
+| `User-Agent` | `LokiCMS-Webhooks/1.0` |
+| `X-Webhook-ID` | Unique delivery ID |
+| `X-Webhook-Event` | Event name |
+| `X-Webhook-Timestamp` | Unix timestamp |
+| `X-Webhook-Signature` | HMAC-SHA256 signature (if secret configured) |
+## Signature Verification
+If you configure a secret, the plugin signs payloads with HMAC-SHA256:
+```javascript
+// Node.js verification example
+const crypto = require('crypto');
+function verifySignature(payload, signature, secret) {
+  const expected = 'sha256=' + crypto
+    .createHmac('sha256', secret)
+    .update(JSON.stringify(payload))
+    .digest('hex');
+  return crypto.timingSafeEqual(
+    Buffer.from(signature),
+    Buffer.from(expected)
+  );
+}
+// Express middleware
+app.post('/webhook', (req, res) => {
+  const signature = req.headers['x-webhook-signature'];
+  if (!verifySignature(req.body, signature, 'your-secret')) {
+    return res.status(401).send('Invalid signature');
+  }
+  // Process webhook...
+});
+```
+## n8n Integration
+1. In n8n, create a new workflow with a **Webhook** trigger
+2. Copy the webhook URL (e.g., `https://n8n.example.com/webhook/abc123`)
+3. Create endpoint in LokiCMS:
+```bash
+curl -X POST http://localhost:3005/api/plugins/webhooks/endpoints \
+  -H "Content-Type: application/json" \
+  -d '{
+    "name": "n8n Content Updates",
+    "url": "https://n8n.example.com/webhook/abc123",
+    "events": ["entry:afterCreate", "entry:afterUpdate", "entry:afterDelete"],
+    "enabled": true
+  }'
+```
+## Zapier Integration
+1. Create a Zap with **Webhooks by Zapier** trigger
+2. Choose "Catch Hook" and copy the webhook URL
+3. Create endpoint in LokiCMS with the Zapier URL
+## MCP Tools
+Available tools for AI agents:
+| Tool | Description |
+|------|-------------|
+| `webhooks_create_webhook` | Create a new endpoint |
+| `webhooks_update_webhook` | Update an endpoint |
+| `webhooks_delete_webhook` | Delete an endpoint |
+| `webhooks_test_webhook` | Test an endpoint |
+| `webhooks_list_webhooks` | List all endpoints |
+| `webhooks_list_deliveries` | View delivery logs |
+| `webhooks_list_webhook_events` | List supported events |
+## Content Types
+The plugin creates these content types:
+- `webhooks-webhook-endpoint` - Endpoint configurations
+- `webhooks-webhook-delivery` - Delivery logs
+## License
+MIT

package/package.json ADDED Viewed

@@ -0,0 +1,42 @@
+{
+  "name": "lokicms-plugin-webhooks",
+  "version": "1.0.0",
+  "description": "Outbound webhooks plugin for LokiCMS - Send HTTP notifications on CMS events",
+  "main": "src/index.ts",
+  "types": "src/index.ts",
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch"
+  },
+  "keywords": [
+    "lokicms",
+    "plugin",
+    "webhooks",
+    "n8n",
+    "zapier",
+    "make",
+    "automation",
+    "events",
+    "notifications"
+  ],
+  "author": "MauricioPerera",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/MauricioPerera/lokicms-plugin-webhooks.git"
+  },
+  "bugs": {
+    "url": "https://github.com/MauricioPerera/lokicms-plugin-webhooks/issues"
+  },
+  "homepage": "https://github.com/MauricioPerera/lokicms-plugin-webhooks#readme",
+  "peerDependencies": {
+    "hono": "^4.0.0",
+    "zod": "^3.0.0"
+  },
+  "lokicms": {
+    "displayName": "Webhooks",
+    "description": "Send HTTP webhooks when events occur (n8n, Zapier, Make compatible)",
+    "icon": "🔔",
+    "minVersion": "1.0.0"
+  }
+}

package/src/index.ts ADDED Viewed

@@ -0,0 +1,838 @@
+/**
+ * Webhooks Plugin for LokiCMS
+ * Send HTTP webhooks when events occur in the CMS
+ */
+import { Hono } from 'hono';
+import { z } from 'zod';
+import * as crypto from 'crypto';
+import type {
+  PluginDefinition,
+  PluginAPI,
+  ContentTypeRegistration,
+  WebhookEvent,
+  WebhookEndpoint,
+  WebhookDelivery,
+  WebhookPayload,
+  WebhookConfig,
+  WEBHOOK_EVENTS,
+} from './types';
+// ============================================================================
+// Constants
+// ============================================================================
+const CT_ENDPOINT = 'webhooks-webhook-endpoint';
+const CT_DELIVERY = 'webhooks-webhook-delivery';
+const DEFAULT_CONFIG: WebhookConfig = {
+  maxRetries: 3,
+  retryDelay: 5000,
+  timeout: 30000,
+  maxPayloadSize: 1024 * 1024, // 1MB
+};
+const SUPPORTED_EVENTS: WebhookEvent[] = [
+  'entry:afterCreate',
+  'entry:afterUpdate',
+  'entry:afterDelete',
+  'entry:afterPublish',
+  'entry:afterUnpublish',
+  'user:afterCreate',
+  'user:afterUpdate',
+  'user:afterDelete',
+  'media:afterUpload',
+  'media:afterDelete',
+];
+// ============================================================================
+// Content Types
+// ============================================================================
+const CONTENT_TYPES: ContentTypeRegistration[] = [
+  {
+    name: 'Webhook Endpoint',
+    slug: 'webhook-endpoint',
+    description: 'Webhook endpoint configuration',
+    fields: [
+      { name: 'name', label: 'Name', type: 'text', required: true },
+      { name: 'url', label: 'URL', type: 'url', required: true },
+      { name: 'events', label: 'Events', type: 'json', required: true, description: 'Array of event names' },
+      { name: 'secret', label: 'Secret', type: 'text', description: 'Secret for signing payloads' },
+      { name: 'headers', label: 'Headers', type: 'json', description: 'Custom headers as JSON object' },
+      { name: 'enabled', label: 'Enabled', type: 'boolean', defaultValue: true },
+      { name: 'contentTypeFilter', label: 'Content Type Filter', type: 'json', description: 'Array of content type slugs' },
+      { name: 'retryCount', label: 'Retry Count', type: 'number', defaultValue: 3 },
+      { name: 'retryDelay', label: 'Retry Delay (ms)', type: 'number', defaultValue: 5000 },
+    ],
+    titleField: 'name',
+  },
+  {
+    name: 'Webhook Delivery',
+    slug: 'webhook-delivery',
+    description: 'Webhook delivery logs',
+    fields: [
+      { name: 'endpointId', label: 'Endpoint ID', type: 'text', required: true },
+      { name: 'endpointName', label: 'Endpoint Name', type: 'text' },
+      { name: 'event', label: 'Event', type: 'text', required: true },
+      { name: 'payload', label: 'Payload', type: 'json' },
+      { name: 'status', label: 'Status', type: 'select', validation: { options: ['pending', 'success', 'failed'] } },
+      { name: 'statusCode', label: 'Status Code', type: 'number' },
+      { name: 'response', label: 'Response', type: 'textarea' },
+      { name: 'error', label: 'Error', type: 'textarea' },
+      { name: 'attempts', label: 'Attempts', type: 'number', defaultValue: 0 },
+      { name: 'completedAt', label: 'Completed At', type: 'datetime' },
+    ],
+    titleField: 'event',
+  },
+];
+// ============================================================================
+// MCP Tool Schemas
+// ============================================================================
+const CreateEndpointSchema = z.object({
+  name: z.string().min(1).describe('Friendly name for the endpoint'),
+  url: z.string().url().describe('Webhook URL to call'),
+  events: z.array(z.string()).min(1).describe('Events to trigger this webhook'),
+  secret: z.string().optional().describe('Secret for HMAC signature'),
+  headers: z.record(z.string()).optional().describe('Custom headers'),
+  enabled: z.boolean().optional().default(true),
+  contentTypeFilter: z.array(z.string()).optional().describe('Filter by content type slugs'),
+});
+const UpdateEndpointSchema = z.object({
+  id: z.string().describe('Endpoint ID'),
+  name: z.string().optional(),
+  url: z.string().url().optional(),
+  events: z.array(z.string()).optional(),
+  secret: z.string().optional(),
+  headers: z.record(z.string()).optional(),
+  enabled: z.boolean().optional(),
+  contentTypeFilter: z.array(z.string()).optional(),
+});
+const DeleteEndpointSchema = z.object({
+  id: z.string().describe('Endpoint ID to delete'),
+});
+const TestEndpointSchema = z.object({
+  id: z.string().describe('Endpoint ID to test'),
+});
+const ListDeliveriesSchema = z.object({
+  endpointId: z.string().optional().describe('Filter by endpoint'),
+  status: z.enum(['pending', 'success', 'failed']).optional(),
+  limit: z.number().positive().max(100).optional().default(20),
+});
+// ============================================================================
+// Webhook Service
+// ============================================================================
+class WebhookService {
+  private api: PluginAPI;
+  private config: WebhookConfig;
+  private endpoints: Map<string, WebhookEndpoint> = new Map();
+  constructor(api: PluginAPI, config: WebhookConfig) {
+    this.api = api;
+    this.config = config;
+  }
+  async loadEndpoints(): Promise<void> {
+    try {
+      const result = await this.api.services.entries.findAll({
+        contentTypeSlug: CT_ENDPOINT,
+        status: 'published',
+      }) as { entries: Array<{ id: string; content: Record<string, unknown> }> };
+      this.endpoints.clear();
+      for (const entry of result.entries || []) {
+        const endpoint = this.mapEntryToEndpoint(entry);
+        if (endpoint.enabled) {
+          this.endpoints.set(endpoint.id, endpoint);
+        }
+      }
+      this.api.logger.info(`Loaded ${this.endpoints.size} active webhook endpoints`);
+    } catch (error) {
+      this.api.logger.error('Failed to load webhook endpoints:', error);
+    }
+  }
+  private mapEntryToEndpoint(entry: { id: string; content: Record<string, unknown> }): WebhookEndpoint {
+    const c = entry.content;
+    return {
+      id: entry.id,
+      name: (c.name as string) || '',
+      url: (c.url as string) || '',
+      events: (c.events as WebhookEvent[]) || [],
+      secret: c.secret as string | undefined,
+      headers: c.headers as Record<string, string> | undefined,
+      enabled: c.enabled !== false,
+      contentTypeFilter: c.contentTypeFilter as string[] | undefined,
+      retryCount: (c.retryCount as number) || this.config.maxRetries,
+      retryDelay: (c.retryDelay as number) || this.config.retryDelay,
+      createdAt: Date.now(),
+      updatedAt: Date.now(),
+    };
+  }
+  async createEndpoint(params: z.infer<typeof CreateEndpointSchema>): Promise<WebhookEndpoint> {
+    const slug = `webhook-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+    const entry = await this.api.services.entries.create({
+      contentTypeSlug: CT_ENDPOINT,
+      title: params.name,
+      slug,
+      content: {
+        name: params.name,
+        url: params.url,
+        events: params.events,
+        secret: params.secret,
+        headers: params.headers,
+        enabled: params.enabled ?? true,
+        contentTypeFilter: params.contentTypeFilter,
+        retryCount: this.config.maxRetries,
+        retryDelay: this.config.retryDelay,
+      },
+      status: 'published',
+    }, 'system', 'Webhooks Plugin') as { id: string; content: Record<string, unknown> };
+    const endpoint = this.mapEntryToEndpoint(entry);
+    if (endpoint.enabled) {
+      this.endpoints.set(endpoint.id, endpoint);
+    }
+    return endpoint;
+  }
+  async updateEndpoint(params: z.infer<typeof UpdateEndpointSchema>): Promise<WebhookEndpoint | null> {
+    const existing = await this.api.services.entries.findById(params.id) as { id: string; content: Record<string, unknown> } | null;
+    if (!existing) return null;
+    const updatedContent = { ...existing.content };
+    if (params.name !== undefined) updatedContent.name = params.name;
+    if (params.url !== undefined) updatedContent.url = params.url;
+    if (params.events !== undefined) updatedContent.events = params.events;
+    if (params.secret !== undefined) updatedContent.secret = params.secret;
+    if (params.headers !== undefined) updatedContent.headers = params.headers;
+    if (params.enabled !== undefined) updatedContent.enabled = params.enabled;
+    if (params.contentTypeFilter !== undefined) updatedContent.contentTypeFilter = params.contentTypeFilter;
+    const entry = await this.api.services.entries.update(params.id, {
+      title: updatedContent.name as string,
+      content: updatedContent,
+    }) as { id: string; content: Record<string, unknown> };
+    const endpoint = this.mapEntryToEndpoint(entry);
+    if (endpoint.enabled) {
+      this.endpoints.set(endpoint.id, endpoint);
+    } else {
+      this.endpoints.delete(endpoint.id);
+    }
+    return endpoint;
+  }
+  async deleteEndpoint(id: string): Promise<boolean> {
+    try {
+      await this.api.services.entries.delete(id);
+      this.endpoints.delete(id);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  async getEndpoint(id: string): Promise<WebhookEndpoint | null> {
+    const cached = this.endpoints.get(id);
+    if (cached) return cached;
+    const entry = await this.api.services.entries.findById(id) as { id: string; content: Record<string, unknown> } | null;
+    if (!entry) return null;
+    return this.mapEntryToEndpoint(entry);
+  }
+  getActiveEndpoints(): WebhookEndpoint[] {
+    return Array.from(this.endpoints.values());
+  }
+  getEndpointsForEvent(event: WebhookEvent, contentType?: string): WebhookEndpoint[] {
+    return Array.from(this.endpoints.values()).filter(endpoint => {
+      if (!endpoint.events.includes(event)) return false;
+      if (contentType && endpoint.contentTypeFilter?.length) {
+        return endpoint.contentTypeFilter.includes(contentType);
+      }
+      return true;
+    });
+  }
+  async dispatchWebhook(
+    event: WebhookEvent,
+    data: unknown,
+    contentType?: string
+  ): Promise<void> {
+    const endpoints = this.getEndpointsForEvent(event, contentType);
+    if (endpoints.length === 0) {
+      return;
+    }
+    const payload: WebhookPayload = {
+      id: crypto.randomUUID(),
+      event,
+      timestamp: Date.now(),
+      data,
+      contentType,
+    };
+    for (const endpoint of endpoints) {
+      this.sendWebhook(endpoint, payload).catch(error => {
+        this.api.logger.error(`Webhook dispatch failed for ${endpoint.name}:`, error);
+      });
+    }
+  }
+  private async sendWebhook(
+    endpoint: WebhookEndpoint,
+    payload: WebhookPayload,
+    attempt: number = 1
+  ): Promise<void> {
+    const deliveryId = crypto.randomUUID();
+    const bodyStr = JSON.stringify(payload);
+    // Create delivery log
+    const deliverySlug = `delivery-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+    try {
+      await this.api.services.entries.create({
+        contentTypeSlug: CT_DELIVERY,
+        title: `${payload.event} - ${endpoint.name}`,
+        slug: deliverySlug,
+        content: {
+          endpointId: endpoint.id,
+          endpointName: endpoint.name,
+          event: payload.event,
+          payload,
+          status: 'pending',
+          attempts: attempt,
+        },
+        status: 'published',
+      }, 'system', 'Webhooks Plugin');
+    } catch (error) {
+      this.api.logger.debug('Failed to create delivery log:', error);
+    }
+    // Prepare headers
+    const headers: Record<string, string> = {
+      'Content-Type': 'application/json',
+      'User-Agent': 'LokiCMS-Webhooks/1.0',
+      'X-Webhook-ID': payload.id,
+      'X-Webhook-Event': payload.event,
+      'X-Webhook-Timestamp': payload.timestamp.toString(),
+      ...endpoint.headers,
+    };
+    // Add signature if secret is configured
+    if (endpoint.secret) {
+      const signature = crypto
+        .createHmac('sha256', endpoint.secret)
+        .update(bodyStr)
+        .digest('hex');
+      headers['X-Webhook-Signature'] = `sha256=${signature}`;
+    }
+    try {
+      const controller = new AbortController();
+      const timeoutId = setTimeout(() => controller.abort(), this.config.timeout);
+      const response = await fetch(endpoint.url, {
+        method: 'POST',
+        headers,
+        body: bodyStr,
+        signal: controller.signal,
+      });
+      clearTimeout(timeoutId);
+      const responseText = await response.text().catch(() => '');
+      // Update delivery log
+      await this.updateDeliveryLog(deliverySlug, {
+        status: response.ok ? 'success' : 'failed',
+        statusCode: response.status,
+        response: responseText.slice(0, 1000),
+        attempts: attempt,
+        completedAt: Date.now(),
+      });
+      if (!response.ok && attempt < endpoint.retryCount) {
+        this.api.logger.warn(
+          `Webhook to ${endpoint.name} failed (${response.status}), retrying in ${endpoint.retryDelay}ms...`
+        );
+        setTimeout(() => {
+          this.sendWebhook(endpoint, payload, attempt + 1);
+        }, endpoint.retryDelay);
+      } else if (response.ok) {
+        this.api.logger.debug(`Webhook delivered to ${endpoint.name}: ${payload.event}`);
+      } else {
+        this.api.logger.error(
+          `Webhook to ${endpoint.name} failed after ${attempt} attempts: ${response.status}`
+        );
+      }
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+      await this.updateDeliveryLog(deliverySlug, {
+        status: 'failed',
+        error: errorMessage,
+        attempts: attempt,
+        completedAt: Date.now(),
+      });
+      if (attempt < endpoint.retryCount) {
+        this.api.logger.warn(
+          `Webhook to ${endpoint.name} failed (${errorMessage}), retrying in ${endpoint.retryDelay}ms...`
+        );
+        setTimeout(() => {
+          this.sendWebhook(endpoint, payload, attempt + 1);
+        }, endpoint.retryDelay);
+      } else {
+        this.api.logger.error(
+          `Webhook to ${endpoint.name} failed after ${attempt} attempts: ${errorMessage}`
+        );
+      }
+    }
+  }
+  private async updateDeliveryLog(
+    slug: string,
+    updates: Partial<{
+      status: string;
+      statusCode: number;
+      response: string;
+      error: string;
+      attempts: number;
+      completedAt: number;
+    }>
+  ): Promise<void> {
+    try {
+      const entry = await this.api.services.entries.findBySlug(CT_DELIVERY, slug) as { id: string; content: Record<string, unknown> } | null;
+      if (entry) {
+        await this.api.services.entries.update(entry.id, {
+          content: { ...entry.content, ...updates },
+        });
+      }
+    } catch (error) {
+      this.api.logger.debug('Failed to update delivery log:', error);
+    }
+  }
+  async testEndpoint(id: string): Promise<{ success: boolean; statusCode?: number; error?: string }> {
+    const endpoint = await this.getEndpoint(id);
+    if (!endpoint) {
+      return { success: false, error: 'Endpoint not found' };
+    }
+    const testPayload: WebhookPayload = {
+      id: crypto.randomUUID(),
+      event: 'entry:afterCreate',
+      timestamp: Date.now(),
+      data: {
+        test: true,
+        message: 'This is a test webhook from LokiCMS',
+      },
+    };
+    const bodyStr = JSON.stringify(testPayload);
+    const headers: Record<string, string> = {
+      'Content-Type': 'application/json',
+      'User-Agent': 'LokiCMS-Webhooks/1.0',
+      'X-Webhook-ID': testPayload.id,
+      'X-Webhook-Event': 'test',
+      'X-Webhook-Timestamp': testPayload.timestamp.toString(),
+      ...endpoint.headers,
+    };
+    if (endpoint.secret) {
+      const signature = crypto
+        .createHmac('sha256', endpoint.secret)
+        .update(bodyStr)
+        .digest('hex');
+      headers['X-Webhook-Signature'] = `sha256=${signature}`;
+    }
+    try {
+      const controller = new AbortController();
+      const timeoutId = setTimeout(() => controller.abort(), this.config.timeout);
+      const response = await fetch(endpoint.url, {
+        method: 'POST',
+        headers,
+        body: bodyStr,
+        signal: controller.signal,
+      });
+      clearTimeout(timeoutId);
+      return {
+        success: response.ok,
+        statusCode: response.status,
+        error: response.ok ? undefined : `HTTP ${response.status}`,
+      };
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : 'Unknown error',
+      };
+    }
+  }
+  async getDeliveries(params: {
+    endpointId?: string;
+    status?: string;
+    limit?: number;
+  }): Promise<WebhookDelivery[]> {
+    try {
+      const filters: Record<string, unknown> = {
+        contentTypeSlug: CT_DELIVERY,
+        limit: params.limit || 20,
+        orderBy: 'createdAt',
+        order: 'desc',
+      };
+      const result = await this.api.services.entries.findAll(filters) as {
+        entries: Array<{ id: string; content: Record<string, unknown>; createdAt: number }>;
+      };
+      let deliveries = (result.entries || []).map(entry => ({
+        id: entry.id,
+        endpointId: entry.content.endpointId as string,
+        event: entry.content.event as string,
+        payload: entry.content.payload,
+        status: (entry.content.status as 'pending' | 'success' | 'failed') || 'pending',
+        statusCode: entry.content.statusCode as number | undefined,
+        response: entry.content.response as string | undefined,
+        error: entry.content.error as string | undefined,
+        attempts: (entry.content.attempts as number) || 0,
+        createdAt: entry.createdAt,
+        completedAt: entry.content.completedAt as number | undefined,
+      }));
+      if (params.endpointId) {
+        deliveries = deliveries.filter(d => d.endpointId === params.endpointId);
+      }
+      if (params.status) {
+        deliveries = deliveries.filter(d => d.status === params.status);
+      }
+      return deliveries;
+    } catch (error) {
+      this.api.logger.error('Failed to get deliveries:', error);
+      return [];
+    }
+  }
+}
+// ============================================================================
+// Plugin Definition
+// ============================================================================
+let webhookService: WebhookService | null = null;
+const webhooksPlugin: PluginDefinition = {
+  name: 'webhooks',
+  displayName: 'Webhooks',
+  version: '1.0.0',
+  description: 'Send HTTP webhooks when events occur in LokiCMS',
+  lifecycle: {
+    onLoad: () => {
+      console.log('[Webhooks] Plugin loaded');
+    },
+    onEnable: () => {
+      console.log('[Webhooks] Plugin enabled');
+    },
+    onDisable: () => {
+      console.log('[Webhooks] Plugin disabled');
+      webhookService = null;
+    },
+  },
+  setup: async (api: PluginAPI) => {
+    const config = api.config.getAll() as Partial<WebhookConfig>;
+    const mergedConfig: WebhookConfig = { ...DEFAULT_CONFIG, ...config };
+    // Initialize service
+    webhookService = new WebhookService(api, mergedConfig);
+    // Register content types
+    for (const contentType of CONTENT_TYPES) {
+      try {
+        await api.contentTypes.register(contentType);
+        api.logger.debug(`Registered content type: ${contentType.slug}`);
+      } catch (error) {
+        api.logger.debug(`Content type ${contentType.slug} may already exist`);
+      }
+    }
+    // Load existing endpoints
+    await webhookService.loadEndpoints();
+    // Register hooks
+    for (const event of SUPPORTED_EVENTS) {
+      api.hooks.on(event, async (payload) => {
+        if (!webhookService) return;
+        const data = payload as { contentType?: string; contentTypeSlug?: string };
+        const contentType = data.contentType || data.contentTypeSlug;
+        await webhookService.dispatchWebhook(event, payload, contentType);
+      });
+      api.logger.debug(`Registered hook: ${event}`);
+    }
+    // Register routes
+    const routes = createRoutes(api);
+    api.routes.register(routes);
+    api.logger.info(`Routes registered at ${api.routes.getBasePath()}`);
+    // Register MCP tools
+    registerMCPTools(api);
+    api.logger.info('MCP tools registered');
+    api.logger.info('Webhooks plugin setup complete');
+  },
+};
+// ============================================================================
+// Routes
+// ============================================================================
+function createRoutes(api: PluginAPI): Hono {
+  const app = new Hono();
+  // Health check
+  app.get('/health', (c) => {
+    return c.json({
+      status: 'ok',
+      service: 'webhooks',
+      endpoints: webhookService?.getActiveEndpoints().length || 0,
+    });
+  });
+  // List supported events
+  app.get('/events', (c) => {
+    return c.json({ events: SUPPORTED_EVENTS });
+  });
+  // List endpoints
+  app.get('/endpoints', async (c) => {
+    if (!webhookService) {
+      return c.json({ error: 'Service not initialized' }, 500);
+    }
+    const endpoints = webhookService.getActiveEndpoints();
+    return c.json({ endpoints });
+  });
+  // Get endpoint
+  app.get('/endpoints/:id', async (c) => {
+    if (!webhookService) {
+      return c.json({ error: 'Service not initialized' }, 500);
+    }
+    const endpoint = await webhookService.getEndpoint(c.req.param('id'));
+    if (!endpoint) {
+      return c.json({ error: 'Endpoint not found' }, 404);
+    }
+    return c.json(endpoint);
+  });
+  // Create endpoint
+  app.post('/endpoints', async (c) => {
+    if (!webhookService) {
+      return c.json({ error: 'Service not initialized' }, 500);
+    }
+    try {
+      const body = await c.req.json();
+      const parsed = CreateEndpointSchema.parse(body);
+      const endpoint = await webhookService.createEndpoint(parsed);
+      return c.json(endpoint, 201);
+    } catch (error) {
+      api.logger.error('Create endpoint error:', error);
+      return c.json({ error: 'Invalid request' }, 400);
+    }
+  });
+  // Update endpoint
+  app.put('/endpoints/:id', async (c) => {
+    if (!webhookService) {
+      return c.json({ error: 'Service not initialized' }, 500);
+    }
+    try {
+      const body = await c.req.json();
+      const parsed = UpdateEndpointSchema.parse({ ...body, id: c.req.param('id') });
+      const endpoint = await webhookService.updateEndpoint(parsed);
+      if (!endpoint) {
+        return c.json({ error: 'Endpoint not found' }, 404);
+      }
+      return c.json(endpoint);
+    } catch (error) {
+      api.logger.error('Update endpoint error:', error);
+      return c.json({ error: 'Invalid request' }, 400);
+    }
+  });
+  // Delete endpoint
+  app.delete('/endpoints/:id', async (c) => {
+    if (!webhookService) {
+      return c.json({ error: 'Service not initialized' }, 500);
+    }
+    const success = await webhookService.deleteEndpoint(c.req.param('id'));
+    if (!success) {
+      return c.json({ error: 'Endpoint not found' }, 404);
+    }
+    return c.json({ success: true });
+  });
+  // Test endpoint
+  app.post('/endpoints/:id/test', async (c) => {
+    if (!webhookService) {
+      return c.json({ error: 'Service not initialized' }, 500);
+    }
+    const result = await webhookService.testEndpoint(c.req.param('id'));
+    return c.json(result);
+  });
+  // List deliveries
+  app.get('/deliveries', async (c) => {
+    if (!webhookService) {
+      return c.json({ error: 'Service not initialized' }, 500);
+    }
+    const endpointId = c.req.query('endpointId');
+    const status = c.req.query('status') as 'pending' | 'success' | 'failed' | undefined;
+    const limit = parseInt(c.req.query('limit') || '20');
+    const deliveries = await webhookService.getDeliveries({
+      endpointId,
+      status,
+      limit,
+    });
+    return c.json({ deliveries });
+  });
+  // Reload endpoints (after manual changes)
+  app.post('/reload', async (c) => {
+    if (!webhookService) {
+      return c.json({ error: 'Service not initialized' }, 500);
+    }
+    await webhookService.loadEndpoints();
+    return c.json({
+      success: true,
+      endpoints: webhookService.getActiveEndpoints().length,
+    });
+  });
+  return app;
+}
+// ============================================================================
+// MCP Tools
+// ============================================================================
+function registerMCPTools(api: PluginAPI): void {
+  // Create webhook endpoint
+  api.mcp.registerTool('create_webhook', {
+    description: 'Create a new webhook endpoint to receive events',
+    inputSchema: CreateEndpointSchema,
+    handler: async (args) => {
+      if (!webhookService) throw new Error('Service not initialized');
+      const params = args as z.infer<typeof CreateEndpointSchema>;
+      return await webhookService.createEndpoint(params);
+    },
+  });
+  // Update webhook endpoint
+  api.mcp.registerTool('update_webhook', {
+    description: 'Update an existing webhook endpoint',
+    inputSchema: UpdateEndpointSchema,
+    handler: async (args) => {
+      if (!webhookService) throw new Error('Service not initialized');
+      const params = args as z.infer<typeof UpdateEndpointSchema>;
+      const result = await webhookService.updateEndpoint(params);
+      if (!result) throw new Error('Endpoint not found');
+      return result;
+    },
+  });
+  // Delete webhook endpoint
+  api.mcp.registerTool('delete_webhook', {
+    description: 'Delete a webhook endpoint',
+    inputSchema: DeleteEndpointSchema,
+    handler: async (args) => {
+      if (!webhookService) throw new Error('Service not initialized');
+      const params = args as z.infer<typeof DeleteEndpointSchema>;
+      const success = await webhookService.deleteEndpoint(params.id);
+      return { success };
+    },
+  });
+  // Test webhook endpoint
+  api.mcp.registerTool('test_webhook', {
+    description: 'Send a test payload to a webhook endpoint',
+    inputSchema: TestEndpointSchema,
+    handler: async (args) => {
+      if (!webhookService) throw new Error('Service not initialized');
+      const params = args as z.infer<typeof TestEndpointSchema>;
+      return await webhookService.testEndpoint(params.id);
+    },
+  });
+  // List webhook endpoints
+  api.mcp.registerTool('list_webhooks', {
+    description: 'List all active webhook endpoints',
+    inputSchema: z.object({}),
+    handler: async () => {
+      if (!webhookService) throw new Error('Service not initialized');
+      return webhookService.getActiveEndpoints();
+    },
+  });
+  // List deliveries
+  api.mcp.registerTool('list_deliveries', {
+    description: 'List recent webhook deliveries',
+    inputSchema: ListDeliveriesSchema,
+    handler: async (args) => {
+      if (!webhookService) throw new Error('Service not initialized');
+      const params = args as z.infer<typeof ListDeliveriesSchema>;
+      return await webhookService.getDeliveries(params);
+    },
+  });
+  // List supported events
+  api.mcp.registerTool('list_webhook_events', {
+    description: 'List all supported webhook events',
+    inputSchema: z.object({}),
+    handler: async () => {
+      return SUPPORTED_EVENTS;
+    },
+  });
+}
+export default webhooksPlugin;

package/src/types.ts ADDED Viewed

@@ -0,0 +1,183 @@
+/**
+ * Webhooks Plugin Types
+ */
+import type { Hono } from 'hono';
+import type { z } from 'zod';
+// ============================================================================
+// Plugin API Types (from LokiCMS)
+// ============================================================================
+export interface PluginLifecycle {
+  onLoad?: () => Promise<void> | void;
+  onEnable?: () => Promise<void> | void;
+  onDisable?: () => Promise<void> | void;
+}
+export interface MCPToolDefinition {
+  name?: string;
+  description: string;
+  inputSchema: z.ZodType;
+  handler: (args: unknown) => Promise<unknown>;
+}
+export interface HookRegistrar {
+  on(hookName: string, handler: (payload: unknown) => Promise<unknown> | void, priority?: number): void;
+  off(hookName: string, handler: (payload: unknown) => Promise<unknown> | void): void;
+}
+export interface RouteRegistrar {
+  register(routes: Hono): void;
+  getBasePath(): string;
+}
+export interface MCPRegistrar {
+  registerTool(name: string, tool: MCPToolDefinition): void;
+  unregisterTool(name: string): void;
+}
+export interface ContentTypeFieldDefinition {
+  name: string;
+  label: string;
+  type: string;
+  required?: boolean;
+  description?: string;
+  defaultValue?: unknown;
+  validation?: Record<string, unknown>;
+}
+export interface ContentTypeRegistration {
+  name: string;
+  slug: string;
+  description?: string;
+  fields: ContentTypeFieldDefinition[];
+  titleField?: string;
+}
+export interface ContentTypeRegistrar {
+  register(contentType: ContentTypeRegistration): Promise<void>;
+  unregister(slug: string): Promise<void>;
+}
+export interface ConfigAccessor {
+  get<T = unknown>(key: string, defaultValue?: T): T;
+  getAll(): Record<string, unknown>;
+}
+export interface PluginLogger {
+  debug(message: string, ...args: unknown[]): void;
+  info(message: string, ...args: unknown[]): void;
+  warn(message: string, ...args: unknown[]): void;
+  error(message: string, ...args: unknown[]): void;
+}
+export interface PluginServices {
+  entries: {
+    create: (input: unknown, authorId: string, authorName?: string) => Promise<unknown>;
+    findById: (id: string) => Promise<unknown>;
+    findBySlug: (contentType: string, slug: string) => Promise<unknown>;
+    findAll: (filters?: unknown) => Promise<unknown>;
+    update: (id: string, input: unknown) => Promise<unknown>;
+    delete: (id: string) => Promise<void>;
+  };
+  users: {
+    findById: (id: string) => Promise<unknown>;
+    findByEmail: (email: string) => Promise<unknown>;
+  };
+}
+export interface PluginAPI {
+  readonly pluginName: string;
+  readonly services: PluginServices;
+  hooks: HookRegistrar;
+  routes: RouteRegistrar;
+  mcp: MCPRegistrar;
+  database: unknown;
+  contentTypes: ContentTypeRegistrar;
+  config: ConfigAccessor;
+  logger: PluginLogger;
+}
+export interface PluginDefinition {
+  name: string;
+  displayName?: string;
+  version: string;
+  description?: string;
+  lifecycle?: PluginLifecycle;
+  setup: (api: PluginAPI) => Promise<void> | void;
+}
+// ============================================================================
+// Webhooks Plugin Specific Types
+// ============================================================================
+export type WebhookEvent =
+  | 'entry:afterCreate'
+  | 'entry:afterUpdate'
+  | 'entry:afterDelete'
+  | 'entry:afterPublish'
+  | 'entry:afterUnpublish'
+  | 'user:afterCreate'
+  | 'user:afterUpdate'
+  | 'user:afterDelete'
+  | 'media:afterUpload'
+  | 'media:afterDelete';
+export const WEBHOOK_EVENTS: WebhookEvent[] = [
+  'entry:afterCreate',
+  'entry:afterUpdate',
+  'entry:afterDelete',
+  'entry:afterPublish',
+  'entry:afterUnpublish',
+  'user:afterCreate',
+  'user:afterUpdate',
+  'user:afterDelete',
+  'media:afterUpload',
+  'media:afterDelete',
+];
+export interface WebhookEndpoint {
+  id: string;
+  name: string;
+  url: string;
+  events: WebhookEvent[];
+  secret?: string;
+  headers?: Record<string, string>;
+  enabled: boolean;
+  contentTypeFilter?: string[];
+  retryCount: number;
+  retryDelay: number;
+  createdAt: number;
+  updatedAt: number;
+}
+export interface WebhookDelivery {
+  id: string;
+  endpointId: string;
+  event: string;
+  payload: unknown;
+  status: 'pending' | 'success' | 'failed';
+  statusCode?: number;
+  response?: string;
+  error?: string;
+  attempts: number;
+  createdAt: number;
+  completedAt?: number;
+}
+export interface WebhookPayload {
+  id: string;
+  event: WebhookEvent;
+  timestamp: number;
+  data: unknown;
+  contentType?: string;
+}
+export interface WebhookConfig {
+  signingSecret?: string;
+  maxRetries: number;
+  retryDelay: number;
+  timeout: number;
+  maxPayloadSize: number;
+}