pi-forge 1.2.5 → 1.3.0

package/dist/server/webhooks/store.js

@@ -0,0 +1,394 @@
+/**
+ * Disk-backed store for webhook configs + delivery history.
+ *
+ * Two files in `${FORGE_DATA_DIR}/`:
+ *   - `webhooks.json`            — config (one entry per webhook)
+ *   - `webhook-deliveries.json`  — rolling history (FIFO capped per webhook)
+ *
+ * Separated so config writes (rare, single-tenant operator) don't
+ * fight delivery writes (frequent, fired by the agent loop). Same
+ * atomic-write + per-file lock pattern as `project-manager.ts`.
+ *
+ * Single-process / single-tenant: locks are in-process promises,
+ * not file locks. Cross-process safety would need a real flock.
+ */
+import { randomUUID } from "node:crypto";
+import { chmod, mkdir, readFile, rename, unlink, writeFile } from "node:fs/promises";
+import { join } from "node:path";
+import { config } from "../config.js";
+import { isWebhookEvent, MAX_DELIVERIES_PER_WEBHOOK, } from "./types.js";
+const WEBHOOKS_FILE = () => join(config.forgeDataDir, "webhooks.json");
+const DELIVERIES_FILE = () => join(config.forgeDataDir, "webhook-deliveries.json");
+async function ensureDir() {
+    await mkdir(config.forgeDataDir, { recursive: true });
+}
+/**
+ * Atomic JSON write: tmp file → fsync → rename. The temp filename
+ * embeds a uuid so concurrent calls (which shouldn't happen under
+ * the lock, but defense in depth) don't collide. The `chmod 0600`
+ * after creation matters for `webhooks.json` specifically because
+ * it can contain HMAC secrets — same posture as `jwt-secret` /
+ * `password-hash`.
+ */
+async function atomicWriteJson(target, data, mode) {
+    await ensureDir();
+    const tmp = `${target}.${randomUUID()}.tmp`;
+    await writeFile(tmp, JSON.stringify(data, null, 2), "utf8");
+    try {
+        await chmod(tmp, mode);
+        await rename(tmp, target);
+    }
+    catch (err) {
+        await unlink(tmp).catch(() => undefined);
+        throw err;
+    }
+}
+// ---- webhooks.json (config) ----
+let configLock = Promise.resolve();
+function withConfigLock(fn) {
+    const next = configLock.then(fn, fn);
+    configLock = next.catch(() => undefined);
+    return next;
+}
+function isScope(v) {
+    if (typeof v !== "object" || v === null)
+        return false;
+    const r = v;
+    if (r.kind === "global")
+        return true;
+    if (r.kind === "project" && typeof r.projectId === "string")
+        return true;
+    return false;
+}
+function isWebhookConfig(v) {
+    if (typeof v !== "object" || v === null)
+        return false;
+    const r = v;
+    return (typeof r.id === "string" &&
+        typeof r.name === "string" &&
+        typeof r.url === "string" &&
+        Array.isArray(r.events) &&
+        r.events.every((e) => isWebhookEvent(e)) &&
+        isScope(r.scope) &&
+        typeof r.enabled === "boolean" &&
+        typeof r.createdAt === "string");
+}
+export async function readWebhooks() {
+    await ensureDir();
+    try {
+        const raw = await readFile(WEBHOOKS_FILE(), "utf8");
+        const parsed = JSON.parse(raw);
+        if (!Array.isArray(parsed))
+            return [];
+        return parsed.filter(isWebhookConfig);
+    }
+    catch (err) {
+        if (err.code === "ENOENT")
+            return [];
+        throw err;
+    }
+}
+async function writeWebhooks(webhooks) {
+    // mode 0o600 — webhooks.json holds HMAC secrets. Same posture as
+    // ~/.pi-forge/jwt-secret and ~/.pi-forge/password-hash.
+    await atomicWriteJson(WEBHOOKS_FILE(), webhooks, 0o600);
+}
+export class WebhookNotFoundError extends Error {
+    code = "webhook_not_found";
+    constructor(id) {
+        super(`Webhook not found: ${id}`);
+        this.name = "WebhookNotFoundError";
+    }
+}
+export class InvalidWebhookError extends Error {
+    code;
+    constructor(code, message) {
+        super(message);
+        this.code = code;
+        this.name = "InvalidWebhookError";
+    }
+}
+/**
+ * Same `***REDACTED***` sentinel `config-manager.ts` uses for inline
+ * `apiKey` in models.json. The webhook headers map can hold things
+ * like `Authorization: Bearer …` — we round-trip header VALUES
+ * through this sentinel so the wire never carries the real value
+ * and editing in the UI doesn't overwrite the stored secret with
+ * the sentinel string. Header NAMES stay visible (knowing a webhook
+ * has an `Authorization` header isn't sensitive; the value is).
+ */
+export const SECRET_PLACEHOLDER = "***REDACTED***";
+/**
+ * Build the wire-safe headers object: same keys, every value
+ * replaced with the sentinel. The persisted file stays unchanged;
+ * this redaction is purely on the read path. The companion
+ * `mergeHeadersOnWrite` below restores the real values when the
+ * client PATCHes back unchanged headers.
+ */
+export function redactHeaders(headers) {
+    if (headers === undefined)
+        return undefined;
+    const out = {};
+    for (const name of Object.keys(headers)) {
+        out[name] = SECRET_PLACEHOLDER;
+    }
+    return out;
+}
+/**
+ * On PATCH, treat any header VALUE that's literally the sentinel
+ * as "keep the existing value." Same semantics as the apiKey
+ * round-trip in writeModelsJson. New headers (typed-in values, not
+ * sentinel) replace; header NAMES that were dropped from the
+ * incoming map are dropped from storage.
+ *
+ * Returns `undefined` for the empty case so the caller can drop
+ * the field entirely from the stored config (rather than persist
+ * an empty object).
+ */
+export function mergeHeadersOnWrite(incoming, existing) {
+    const out = {};
+    for (const [name, value] of Object.entries(incoming)) {
+        if (value === SECRET_PLACEHOLDER) {
+            const prior = existing?.[name];
+            if (prior !== undefined)
+                out[name] = prior;
+            // No prior value → silently drop. The sentinel was sent
+            // because the UI showed it, but if there's nothing to keep
+            // (e.g. the existing config was just deleted), skip.
+        }
+        else {
+            out[name] = value;
+        }
+    }
+    return Object.keys(out).length === 0 ? undefined : out;
+}
+/**
+ * Validate a webhook URL: HTTPS only (same rationale as the clone
+ * route — embedding secrets / tokens over cleartext is asking for
+ * trouble). HTTP is rejected even on the explicit insecureTls
+ * path; `insecureTls` only relaxes cert validation, not the
+ * scheme.
+ */
+export function validateWebhookUrl(raw) {
+    let parsed;
+    try {
+        parsed = new URL(raw);
+    }
+    catch {
+        throw new InvalidWebhookError("invalid_url", `Not a valid URL: ${raw}`);
+    }
+    if (parsed.protocol !== "https:") {
+        throw new InvalidWebhookError("unsupported_protocol", `Only HTTPS webhook URLs are supported (got ${parsed.protocol}).`);
+    }
+    if (parsed.hostname.length === 0) {
+        throw new InvalidWebhookError("invalid_url", "URL is missing a host.");
+    }
+    return parsed;
+}
+export async function createWebhook(input) {
+    const name = input.name.trim();
+    if (name.length === 0) {
+        throw new InvalidWebhookError("invalid_name", "Webhook name cannot be empty.");
+    }
+    validateWebhookUrl(input.url);
+    if (input.events.length === 0) {
+        throw new InvalidWebhookError("no_events", "Webhook must subscribe to at least one event.");
+    }
+    if (input.secret === SECRET_PLACEHOLDER) {
+        throw new InvalidWebhookError("invalid_secret", "Secret cannot be the redaction sentinel.");
+    }
+    if (input.headers !== undefined) {
+        for (const value of Object.values(input.headers)) {
+            if (value === SECRET_PLACEHOLDER) {
+                // No prior config exists on create — a sentinel value here
+                // would persist as a literal "***REDACTED***" header value
+                // and confuse subsequent edits. Reject explicitly.
+                throw new InvalidWebhookError("invalid_header", "Header values cannot be the redaction sentinel on create.");
+            }
+        }
+    }
+    return withConfigLock(async () => {
+        const list = await readWebhooks();
+        const webhook = {
+            id: randomUUID(),
+            name,
+            url: input.url,
+            events: [...input.events],
+            scope: input.scope,
+            enabled: input.enabled ?? true,
+            createdAt: new Date().toISOString(),
+        };
+        if (input.secret !== undefined && input.secret.length > 0)
+            webhook.secret = input.secret;
+        if (input.headers !== undefined && Object.keys(input.headers).length > 0)
+            webhook.headers = { ...input.headers };
+        if (input.insecureTls === true)
+            webhook.insecureTls = true;
+        list.push(webhook);
+        await writeWebhooks(list);
+        return webhook;
+    });
+}
+export async function updateWebhook(id, patch) {
+    if (patch.url !== undefined)
+        validateWebhookUrl(patch.url);
+    if (patch.events !== undefined && patch.events.length === 0) {
+        throw new InvalidWebhookError("no_events", "Webhook must subscribe to at least one event.");
+    }
+    if (patch.name !== undefined && patch.name.trim().length === 0) {
+        throw new InvalidWebhookError("invalid_name", "Webhook name cannot be empty.");
+    }
+    return withConfigLock(async () => {
+        const list = await readWebhooks();
+        const idx = list.findIndex((w) => w.id === id);
+        if (idx === -1)
+            throw new WebhookNotFoundError(id);
+        const existing = list[idx];
+        const updated = {
+            ...existing,
+            ...(patch.name !== undefined ? { name: patch.name.trim() } : {}),
+            ...(patch.url !== undefined ? { url: patch.url } : {}),
+            ...(patch.events !== undefined ? { events: [...patch.events] } : {}),
+            ...(patch.scope !== undefined ? { scope: patch.scope } : {}),
+            ...(patch.enabled !== undefined ? { enabled: patch.enabled } : {}),
+        };
+        // Optional fields: explicit-undefined-in-patch means "clear it".
+        // We can't tell `undefined` from "not provided" in a JSON body,
+        // so opt for "absent in body = leave alone, empty-string = clear"
+        // for secret/headers; insecureTls is a boolean toggle so any
+        // explicit value wins.
+        //
+        // Secret: empty-string clears; the SECRET_PLACEHOLDER sentinel
+        // means "keep the existing secret" (the wire never exposes the
+        // real value, so a UI round-trip would otherwise overwrite the
+        // stored secret with the literal "***REDACTED***" string).
+        if (patch.secret !== undefined) {
+            if (patch.secret.length === 0)
+                delete updated.secret;
+            else if (patch.secret === SECRET_PLACEHOLDER) {
+                // Leave `updated.secret` whatever the spread of `existing`
+                // carried — i.e., no change.
+            }
+            else
+                updated.secret = patch.secret;
+        }
+        if (patch.headers !== undefined) {
+            // Round-trip protection for header VALUES (Bearer tokens
+            // etc.). Per-name: sentinel → keep prior; new value → use;
+            // missing-from-incoming → drop. `mergeHeadersOnWrite`
+            // returns undefined when the merged map is empty, which
+            // collapses to "no headers configured."
+            const merged = mergeHeadersOnWrite(patch.headers, existing.headers);
+            if (merged === undefined)
+                delete updated.headers;
+            else
+                updated.headers = merged;
+        }
+        if (patch.insecureTls !== undefined) {
+            if (patch.insecureTls)
+                updated.insecureTls = true;
+            else
+                delete updated.insecureTls;
+        }
+        list[idx] = updated;
+        await writeWebhooks(list);
+        return updated;
+    });
+}
+export async function deleteWebhook(id) {
+    await withConfigLock(async () => {
+        const list = await readWebhooks();
+        const next = list.filter((w) => w.id !== id);
+        if (next.length === list.length)
+            throw new WebhookNotFoundError(id);
+        await writeWebhooks(next);
+    });
+    // Best-effort: prune this webhook's delivery records too. A
+    // failure here just leaves orphan records that nothing reads;
+    // the deletion of the config itself is already done.
+    await withDeliveriesLock(async () => {
+        const records = await readDeliveriesRaw();
+        const pruned = records.filter((r) => r.webhookId !== id);
+        if (pruned.length !== records.length) {
+            await writeDeliveries(pruned);
+        }
+    }).catch(() => undefined);
+}
+export async function getWebhook(id) {
+    const list = await readWebhooks();
+    return list.find((w) => w.id === id);
+}
+// ---- webhook-deliveries.json (history) ----
+let deliveriesLock = Promise.resolve();
+function withDeliveriesLock(fn) {
+    const next = deliveriesLock.then(fn, fn);
+    deliveriesLock = next.catch(() => undefined);
+    return next;
+}
+function isDeliveryRecord(v) {
+    if (typeof v !== "object" || v === null)
+        return false;
+    const r = v;
+    return (typeof r.id === "string" &&
+        typeof r.webhookId === "string" &&
+        typeof r.deliveryId === "string" &&
+        typeof r.event === "string" &&
+        typeof r.attempt === "number" &&
+        (r.status === "delivered" || r.status === "failed" || r.status === "error") &&
+        typeof r.durationMs === "number" &&
+        typeof r.requestedAt === "string");
+}
+async function readDeliveriesRaw() {
+    await ensureDir();
+    try {
+        const raw = await readFile(DELIVERIES_FILE(), "utf8");
+        const parsed = JSON.parse(raw);
+        if (!Array.isArray(parsed))
+            return [];
+        return parsed.filter(isDeliveryRecord);
+    }
+    catch (err) {
+        if (err.code === "ENOENT")
+            return [];
+        throw err;
+    }
+}
+async function writeDeliveries(records) {
+    // Deliveries don't contain secrets but mode 0600 anyway: the
+    // file lives alongside webhooks.json and there's no reason for
+    // anything outside the pi-forge process to read it.
+    await atomicWriteJson(DELIVERIES_FILE(), records, 0o600);
+}
+/**
+ * Append a delivery record and trim the per-webhook history to the
+ * latest `MAX_DELIVERIES_PER_WEBHOOK` entries. FIFO eviction so
+ * the most recent N stays visible in the UI.
+ */
+export async function recordDelivery(record) {
+    await withDeliveriesLock(async () => {
+        const list = await readDeliveriesRaw();
+        list.push(record);
+        // Trim per-webhook. Walk newest-to-oldest, keep first N per id.
+        // Cheaper than groupBy on small N (cap=100, total ~few-hundred).
+        const kept = [];
+        const counts = new Map();
+        for (let i = list.length - 1; i >= 0; i--) {
+            const r = list[i];
+            const n = (counts.get(r.webhookId) ?? 0) + 1;
+            counts.set(r.webhookId, n);
+            if (n <= MAX_DELIVERIES_PER_WEBHOOK)
+                kept.push(r);
+        }
+        kept.reverse();
+        await writeDeliveries(kept);
+    });
+}
+/**
+ * Return delivery records for one webhook, newest first. Bounded
+ * by the per-webhook cap so this is cheap to call from the UI.
+ */
+export async function readDeliveriesForWebhook(webhookId) {
+    const all = await readDeliveriesRaw();
+    return all.filter((r) => r.webhookId === webhookId).reverse();
+}
+//# sourceMappingURL=store.js.map

package/dist/server/webhooks/store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/webhooks/store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACrF,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,EACL,cAAc,EACd,0BAA0B,GAI3B,MAAM,YAAY,CAAC;AAEpB,MAAM,aAAa,GAAG,GAAW,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;AAC/E,MAAM,eAAe,GAAG,GAAW,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,yBAAyB,CAAC,CAAC;AAE3F,KAAK,UAAU,SAAS;IACtB,MAAM,KAAK,CAAC,MAAM,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;AACxD,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,eAAe,CAAC,MAAc,EAAE,IAAa,EAAE,IAAY;IACxE,MAAM,SAAS,EAAE,CAAC;IAClB,MAAM,GAAG,GAAG,GAAG,MAAM,IAAI,UAAU,EAAE,MAAM,CAAC;IAC5C,MAAM,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAC5D,IAAI,CAAC;QACH,MAAM,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACvB,MAAM,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QACzC,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED,mCAAmC;AAEnC,IAAI,UAAU,GAAqB,OAAO,CAAC,OAAO,EAAE,CAAC;AACrD,SAAS,cAAc,CAAI,EAAoB;IAC7C,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACrC,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;IACzC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,OAAO,CAAC,CAAU;IACzB,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IACtD,MAAM,CAAC,GAAG,CAA4B,CAAC;IACvC,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACrC,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACzE,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,eAAe,CAAC,CAAU;IACjC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IACtD,MAAM,CAAC,GAAG,CAA4B,CAAC;IACvC,OAAO,CACL,OAAO,CAAC,CAAC,EAAE,KAAK,QAAQ;QACxB,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ;QAC1B,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;QACvB,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;QACxC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;QAChB,OAAO,CAAC,CAAC,OAAO,KAAK,SAAS;QAC9B,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,CAChC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,MAAM,SAAS,EAAE,CAAC;IAClB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,aAAa,EAAE,EAAE,MAAM,CAAC,CAAC;QACpD,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;YAAE,OAAO,EAAE,CAAC;QACtC,OAAO,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IACxC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ;YAAE,OAAO,EAAE,CAAC;QAChE,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,QAAyB;IACpD,iEAAiE;IACjE,wDAAwD;IACxD,MAAM,eAAe,CAAC,aAAa,EAAE,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;AAC1D,CAAC;AAED,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IACpC,IAAI,GAAG,mBAAmB,CAAC;IACpC,YAAY,EAAU;QACpB,KAAK,CAAC,sBAAsB,EAAE,EAAE,CAAC,CAAC;QAClC,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;IACrC,CAAC;CACF;AAED,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IACnC,IAAI,CAAS;IACtB,YAAY,IAAY,EAAE,OAAe;QACvC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,gBAAgB,CAAC;AAEnD;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAC3B,OAA2C;IAE3C,IAAI,OAAO,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAC5C,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACxC,GAAG,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC;IACjC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,mBAAmB,CACjC,QAAgC,EAChC,QAA4C;IAE5C,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrD,IAAI,KAAK,KAAK,kBAAkB,EAAE,CAAC;YACjC,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC,IAAI,CAAC,CAAC;YAC/B,IAAI,KAAK,KAAK,SAAS;gBAAE,GAAG,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;YAC3C,wDAAwD;YACxD,2DAA2D;YAC3D,qDAAqD;QACvD,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;QACpB,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC;AACzD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,mBAAmB,CAAC,aAAa,EAAE,oBAAoB,GAAG,EAAE,CAAC,CAAC;IAC1E,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,MAAM,IAAI,mBAAmB,CAC3B,sBAAsB,EACtB,8CAA8C,MAAM,CAAC,QAAQ,IAAI,CAClE,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,mBAAmB,CAAC,aAAa,EAAE,wBAAwB,CAAC,CAAC;IACzE,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAaD,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,KAAyB;IAC3D,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IAC/B,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,mBAAmB,CAAC,cAAc,EAAE,+BAA+B,CAAC,CAAC;IACjF,CAAC;IACD,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,mBAAmB,CAAC,WAAW,EAAE,+CAA+C,CAAC,CAAC;IAC9F,CAAC;IACD,IAAI,KAAK,CAAC,MAAM,KAAK,kBAAkB,EAAE,CAAC;QACxC,MAAM,IAAI,mBAAmB,CAAC,gBAAgB,EAAE,0CAA0C,CAAC,CAAC;IAC9F,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QAChC,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;YACjD,IAAI,KAAK,KAAK,kBAAkB,EAAE,CAAC;gBACjC,2DAA2D;gBAC3D,2DAA2D;gBAC3D,mDAAmD;gBACnD,MAAM,IAAI,mBAAmB,CAC3B,gBAAgB,EAChB,2DAA2D,CAC5D,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,cAAc,CAAC,KAAK,IAAI,EAAE;QAC/B,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAC;QAClC,MAAM,OAAO,GAAkB;YAC7B,EAAE,EAAE,UAAU,EAAE;YAChB,IAAI;YACJ,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,MAAM,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC;YACzB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,IAAI;YAC9B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QACF,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;QACzF,IAAI,KAAK,CAAC,OAAO,KAAK,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC;YACtE,OAAO,CAAC,OAAO,GAAG,EAAE,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;QACzC,IAAI,KAAK,CAAC,WAAW,KAAK,IAAI;YAAE,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;QAC3D,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACnB,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC;QAC1B,OAAO,OAAO,CAAC;IACjB,CAAC,CAAC,CAAC;AACL,CAAC;AAID,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,EAAU,EAAE,KAAyB;IACvE,IAAI,KAAK,CAAC,GAAG,KAAK,SAAS;QAAE,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3D,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5D,MAAM,IAAI,mBAAmB,CAAC,WAAW,EAAE,+CAA+C,CAAC,CAAC;IAC9F,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/D,MAAM,IAAI,mBAAmB,CAAC,cAAc,EAAE,+BAA+B,CAAC,CAAC;IACjF,CAAC;IACD,OAAO,cAAc,CAAC,KAAK,IAAI,EAAE;QAC/B,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAC;QAClC,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QAC/C,IAAI,GAAG,KAAK,CAAC,CAAC;YAAE,MAAM,IAAI,oBAAoB,CAAC,EAAE,CAAC,CAAC;QACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAE,CAAC;QAC5B,MAAM,OAAO,GAAkB;YAC7B,GAAG,QAAQ;YACX,GAAG,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChE,GAAG,CAAC,KAAK,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACtD,GAAG,CAAC,KAAK,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACpE,GAAG,CAAC,KAAK,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5D,GAAG,CAAC,KAAK,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACnE,CAAC;QACF,iEAAiE;QACjE,gEAAgE;QAChE,kEAAkE;QAClE,6DAA6D;QAC7D,uBAAuB;QACvB,EAAE;QACF,+DAA+D;QAC/D,+DAA+D;QAC/D,+DAA+D;QAC/D,2DAA2D;QAC3D,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC/B,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,OAAO,CAAC,MAAM,CAAC;iBAChD,IAAI,KAAK,CAAC,MAAM,KAAK,kBAAkB,EAAE,CAAC;gBAC7C,2DAA2D;gBAC3D,6BAA6B;YAC/B,CAAC;;gBAAM,OAAO,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;QACvC,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAChC,yDAAyD;YACzD,2DAA2D;YAC3D,sDAAsD;YACtD,wDAAwD;YACxD,wCAAwC;YACxC,MAAM,MAAM,GAAG,mBAAmB,CAAC,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC;YACpE,IAAI,MAAM,KAAK,SAAS;gBAAE,OAAO,OAAO,CAAC,OAAO,CAAC;;gBAC5C,OAAO,CAAC,OAAO,GAAG,MAAM,CAAC;QAChC,CAAC;QACD,IAAI,KAAK,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YACpC,IAAI,KAAK,CAAC,WAAW;gBAAE,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;;gBAC7C,OAAO,OAAO,CAAC,WAAW,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC;QACpB,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC;QAC1B,OAAO,OAAO,CAAC;IACjB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,EAAU;IAC5C,MAAM,cAAc,CAAC,KAAK,IAAI,EAAE;QAC9B,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QAC7C,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,oBAAoB,CAAC,EAAE,CAAC,CAAC;QACpE,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IACH,4DAA4D;IAC5D,8DAA8D;IAC9D,qDAAqD;IACrD,MAAM,kBAAkB,CAAC,KAAK,IAAI,EAAE;QAClC,MAAM,OAAO,GAAG,MAAM,iBAAiB,EAAE,CAAC;QAC1C,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,EAAE,CAAC,CAAC;QACzD,IAAI,MAAM,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC;YACrC,MAAM,eAAe,CAAC,MAAM,CAAC,CAAC;QAChC,CAAC;IACH,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;AAC5B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,EAAU;IACzC,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAC;IAClC,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AACvC,CAAC;AAED,8CAA8C;AAE9C,IAAI,cAAc,GAAqB,OAAO,CAAC,OAAO,EAAE,CAAC;AACzD,SAAS,kBAAkB,CAAI,EAAoB;IACjD,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACzC,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;IAC7C,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,gBAAgB,CAAC,CAAU;IAClC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IACtD,MAAM,CAAC,GAAG,CAA4B,CAAC;IACvC,OAAO,CACL,OAAO,CAAC,CAAC,EAAE,KAAK,QAAQ;QACxB,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ;QAC/B,OAAO,CAAC,CAAC,UAAU,KAAK,QAAQ;QAChC,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ;QAC3B,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ;QAC7B,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,IAAI,CAAC,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC;QAC3E,OAAO,CAAC,CAAC,UAAU,KAAK,QAAQ;QAChC,OAAO,CAAC,CAAC,WAAW,KAAK,QAAQ,CAClC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,iBAAiB;IAC9B,MAAM,SAAS,EAAE,CAAC;IAClB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,eAAe,EAAE,EAAE,MAAM,CAAC,CAAC;QACtD,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;YAAE,OAAO,EAAE,CAAC;QACtC,OAAO,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ;YAAE,OAAO,EAAE,CAAC;QAChE,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,OAAyB;IACtD,6DAA6D;IAC7D,+DAA+D;IAC/D,oDAAoD;IACpD,MAAM,eAAe,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;AAC3D,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,MAAsB;IACzD,MAAM,kBAAkB,CAAC,KAAK,IAAI,EAAE;QAClC,MAAM,IAAI,GAAG,MAAM,iBAAiB,EAAE,CAAC;QACvC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAClB,gEAAgE;QAChE,iEAAiE;QACjE,MAAM,IAAI,GAAqB,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;QACzC,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1C,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAE,CAAC;YACnB,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YAC7C,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;YAC3B,IAAI,CAAC,IAAI,0BAA0B;gBAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,CAAC,OAAO,EAAE,CAAC;QACf,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAAC,SAAiB;IAC9D,MAAM,GAAG,GAAG,MAAM,iBAAiB,EAAE,CAAC;IACtC,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;AAChE,CAAC"}

package/dist/server/webhooks/types.js

@@ -0,0 +1,32 @@
+/**
+ * Wire-shape definitions for the webhook feature. The config file
+ * (`${FORGE_DATA_DIR}/webhooks.json`) and the rolling delivery log
+ * (`${FORGE_DATA_DIR}/webhook-deliveries.json`) both serialize using
+ * these types directly. Adding fields is safe (older
+ * configs/deliveries deserialize with the new fields undefined);
+ * renaming or removing requires a migration step.
+ */
+/**
+ * Canonical event list. Iteration order matches the UI's checklist
+ * order; the order is part of the user-visible surface (the
+ * Settings tab renders checkboxes in this order).
+ */
+export const WEBHOOK_EVENTS = [
+    "agent_end",
+    "ask_user_question",
+    "process_alert",
+    "auto_retry_end",
+    "compaction_end",
+    "session_created",
+    "session_deleted",
+];
+export function isWebhookEvent(v) {
+    return typeof v === "string" && WEBHOOK_EVENTS.includes(v);
+}
+/**
+ * Cap on persisted delivery records per webhook. Older deliveries
+ * roll off FIFO. 100 is enough for "did my last few fires work?"
+ * debugging without letting the file grow unbounded.
+ */
+export const MAX_DELIVERIES_PER_WEBHOOK = 100;
+//# sourceMappingURL=types.js.map

package/dist/server/webhooks/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/webhooks/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAgBH;;;;GAIG;AACH,MAAM,CAAC,MAAM,cAAc,GAA4B;IACrD,WAAW;IACX,mBAAmB;IACnB,eAAe;IACf,gBAAgB;IAChB,gBAAgB;IAChB,iBAAiB;IACjB,iBAAiB;CACT,CAAC;AAEX,MAAM,UAAU,cAAc,CAAC,CAAU;IACvC,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAK,cAAoC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;AACpF,CAAC;AAmFD;;;;GAIG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG,GAAG,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pi-forge",
-  "version": "1.2.5",
+  "version": "1.3.0",
   "description": "Browser UI for the pi coding agent — embedded HTTP server with a React workbench (chat, file browser, terminal, git, MCP).",
   "keywords": [
     "pi",
@@ -45,9 +45,9 @@
     "@fastify/swagger": "^9.5.0",
     "@fastify/swagger-ui": "^5.2.3",
     "@fastify/websocket": "^11.0.2",
-    "@earendil-works/pi-agent-core": "0.74.0",
-    "@earendil-works/pi-ai": "0.74.0",
-    "@earendil-works/pi-coding-agent": "0.74.0",
+    "@earendil-works/pi-agent-core": "0.75.5",
+    "@earendil-works/pi-ai": "0.75.5",
+    "@earendil-works/pi-coding-agent": "0.75.5",
     "@modelcontextprotocol/sdk": "^1.29.0",
     "exceljs": "^4.4.0",
     "fastify": "^5.3.2",