Add ability for hook mapping transform modules to export a verifyAuth function for custom authentication (e.g., GitHub HMAC signatures). When a transform module exports verifyAuth, it runs BEFORE standard token auth. This enables: - GitHub webhook signature verification - Stripe webhook signature verification - Any external service with custom auth schemes Changes: - hooks.ts: Split readJsonBody into readRawBody + parseJsonBody - hooks-mapping.ts: Add HookVerifyAuthContext type, findMappingVerifyAuth() - server-http.ts: Check for custom auth before token auth - webhook.md: Document verifyAuth with GitHub example Closes: discussion about GitHub webhooks
8.3 KiB
| summary | read_when | ||
|---|---|---|---|
| Webhook ingress for wake and isolated agent runs |
|
Webhooks
Gateway can expose a small HTTP webhook endpoint for external triggers.
Enable
{
hooks: {
enabled: true,
token: "shared-secret",
path: "/hooks"
}
}
Notes:
hooks.tokenis required whenhooks.enabled=true.hooks.pathdefaults to/hooks.
Auth
Every request must include the hook token. Prefer headers:
Authorization: Bearer <token>(recommended)x-moltbot-token: <token>?token=<token>(deprecated; logs a warning and will be removed in a future major release)
Endpoints
POST /hooks/wake
Payload:
{ "text": "System line", "mode": "now" }
textrequired (string): The description of the event (e.g., "New email received").modeoptional (now|next-heartbeat): Whether to trigger an immediate heartbeat (defaultnow) or wait for the next periodic check.
Effect:
- Enqueues a system event for the main session
- If
mode=now, triggers an immediate heartbeat
POST /hooks/agent
Payload:
{
"message": "Run this",
"name": "Email",
"sessionKey": "hook:email:msg-123",
"wakeMode": "now",
"deliver": true,
"channel": "last",
"to": "+15551234567",
"model": "openai/gpt-5.2-mini",
"thinking": "low",
"timeoutSeconds": 120
}
messagerequired (string): The prompt or message for the agent to process.nameoptional (string): Human-readable name for the hook (e.g., "GitHub"), used as a prefix in session summaries.sessionKeyoptional (string): The key used to identify the agent's session. Defaults to a randomhook:<uuid>. Using a consistent key allows for a multi-turn conversation within the hook context.wakeModeoptional (now|next-heartbeat): Whether to trigger an immediate heartbeat (defaultnow) or wait for the next periodic check.deliveroptional (boolean): Iftrue, the agent's response will be sent to the messaging channel. Defaults totrue. Responses that are only heartbeat acknowledgments are automatically skipped.channeloptional (string): The messaging channel for delivery. One of:last,whatsapp,telegram,discord,slack,mattermost(plugin),signal,imessage,msteams. Defaults tolast.tooptional (string): The recipient identifier for the channel (e.g., phone number for WhatsApp/Signal, chat ID for Telegram, channel ID for Discord/Slack/Mattermost (plugin), conversation ID for MS Teams). Defaults to the last recipient in the main session.modeloptional (string): Model override (e.g.,anthropic/claude-3-5-sonnetor an alias). Must be in the allowed model list if restricted.thinkingoptional (string): Thinking level override (e.g.,low,medium,high).timeoutSecondsoptional (number): Maximum duration for the agent run in seconds.
Effect:
- Runs an isolated agent turn (own session key)
- Always posts a summary into the main session
- If
wakeMode=now, triggers an immediate heartbeat
POST /hooks/<name> (mapped)
Custom hook names are resolved via hooks.mappings (see configuration). A mapping can
turn arbitrary payloads into wake or agent actions, with optional templates or
code transforms.
Mapping options (summary):
hooks.presets: ["gmail"]enables the built-in Gmail mapping.hooks.mappingslets you definematch,action, and templates in config.hooks.transformsDir+transform.moduleloads a JS/TS module for custom logic.- Use
match.sourceto keep a generic ingest endpoint (payload-driven routing). - TS transforms require a TS loader (e.g.
bunortsx) or precompiled.jsat runtime. - Set
deliver: true+channel/toon mappings to route replies to a chat surface (channeldefaults tolastand falls back to WhatsApp). allowUnsafeExternalContent: truedisables the external content safety wrapper for that hook (dangerous; only for trusted internal sources).moltbot webhooks gmail setupwriteshooks.gmailconfig formoltbot webhooks gmail run. See Gmail Pub/Sub for the full Gmail watch flow.
Responses
200for/hooks/wake202for/hooks/agent(async run started)401on auth failure400on invalid payload413on oversized payloads
Examples
curl -X POST http://127.0.0.1:18789/hooks/wake \
-H 'Authorization: Bearer SECRET' \
-H 'Content-Type: application/json' \
-d '{"text":"New email received","mode":"now"}'
curl -X POST http://127.0.0.1:18789/hooks/agent \
-H 'x-moltbot-token: SECRET' \
-H 'Content-Type: application/json' \
-d '{"message":"Summarize inbox","name":"Email","wakeMode":"next-heartbeat"}'
Use a different model
Add model to the agent payload (or mapping) to override the model for that run:
curl -X POST http://127.0.0.1:18789/hooks/agent \
-H 'x-moltbot-token: SECRET' \
-H 'Content-Type: application/json' \
-d '{"message":"Summarize inbox","name":"Email","model":"openai/gpt-5.2-mini"}'
If you enforce agents.defaults.models, make sure the override model is included there.
curl -X POST http://127.0.0.1:18789/hooks/gmail \
-H 'Authorization: Bearer SECRET' \
-H 'Content-Type: application/json' \
-d '{"source":"gmail","messages":[{"from":"Ada","subject":"Hello","snippet":"Hi"}]}'
Custom Authentication (verifyAuth)
External webhooks (GitHub, Stripe, Linear, etc.) often use their own authentication
schemes (e.g., HMAC signatures). Instead of using the standard bearer token, you can
export a verifyAuth function from your transform module to handle custom auth.
When a mapping's transform module exports verifyAuth, it runs before the standard
token check. If it returns true, the request is authorized; if false, a 401 is returned.
Example: GitHub Webhook Signature Verification
// hooks/github-transform.ts
import { createHmac, timingSafeEqual } from "crypto";
import type { HookVerifyAuthContext, HookMappingContext } from "moltbot";
// Runs BEFORE token auth - return true to allow, false to reject
export function verifyAuth(ctx: HookVerifyAuthContext): boolean {
const signature = ctx.headers["x-hub-signature-256"];
if (!signature) return false;
const secret = process.env.GITHUB_WEBHOOK_SECRET!;
const expected = "sha256=" + createHmac("sha256", secret)
.update(ctx.rawBody)
.digest("hex");
try {
return timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
} catch {
return false;
}
}
// Transform the payload (runs after auth passes)
export default function transform(ctx: HookMappingContext) {
const event = ctx.headers["x-github-event"];
const payload = ctx.payload as Record<string, unknown>;
// Format based on event type
if (event === "push") {
return { message: `Push to ${payload.repository?.full_name}: ${payload.head_commit?.message}` };
}
if (event === "pull_request") {
return { message: `PR ${payload.action}: ${payload.pull_request?.title}` };
}
return { message: `GitHub ${event}: ${JSON.stringify(payload).slice(0, 200)}` };
}
Config:
hooks:
enabled: true
token: "regular-token" # Still needed for non-custom-auth hooks
mappings:
- id: github
match:
path: github
action: agent
name: GitHub
transform:
module: github-transform.ts
HookVerifyAuthContext
The verifyAuth function receives:
headers: Record of lowercase header names to valuesurl: The parsed URL objectpath: The subpath (e.g., "github" for/hooks/github)rawBody: The raw request body as a Buffer (for signature computation)
Async verifyAuth
verifyAuth can be async if needed:
export async function verifyAuth(ctx: HookVerifyAuthContext): Promise<boolean> {
// async validation (e.g., checking against external service)
return await validateSignature(ctx.headers, ctx.rawBody);
}
Security
- Keep hook endpoints behind loopback, tailnet, or trusted reverse proxy.
- Use a dedicated hook token; do not reuse gateway auth tokens.
- Avoid including sensitive raw payloads in webhook logs.
- Hook payloads are treated as untrusted and wrapped with safety boundaries by default.
If you must disable this for a specific hook, set
allowUnsafeExternalContent: truein that hook's mapping (dangerous).