Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 256 Pull Requests 56 Actions 2 Packages Projects Releases Wiki Activity

feat(gateway): add webhook platform adapter for external event triggers

Browse Source 
Add a generic webhook platform adapter that receives HTTP POSTs from
external services (GitHub, GitLab, JIRA, Stripe, etc.), validates HMAC
signatures, transforms payloads into agent prompts, and routes responses
back to the source or to another platform.

Features:
- Configurable routes with per-route HMAC secrets, event filters,
  prompt templates with dot-notation payload access, skill loading,
  and pluggable delivery (github_comment, telegram, discord, log)
- HMAC signature validation (GitHub SHA-256, GitLab token, generic)
- Rate limiting (30 req/min per route, configurable)
- Idempotency cache (1hr TTL, prevents duplicate runs on retries)
- Body size limits (1MB default, checked before reading payload)
- Setup wizard integration with security warnings and docs links
- 33 tests (29 unit + 4 integration), all passing

Security:
- HMAC secret required per route (startup validation)
- Setup wizard warns about internet exposure for webhook/SMS platforms
- Sandboxing (Docker/VM) recommended in docs for public-facing deployments

Files changed:
- gateway/config.py — Platform.WEBHOOK enum + env var overrides
- gateway/platforms/webhook.py — WebhookAdapter (~420 lines)
- gateway/run.py — factory wiring + auth bypass for webhook events
- hermes_cli/config.py — WEBHOOK_* env var definitions
- hermes_cli/setup.py — webhook section in setup_gateway()
- tests/gateway/test_webhook_adapter.py — 29 unit tests
- tests/gateway/test_webhook_integration.py — 4 integration tests
- website/docs/user-guide/messaging/webhooks.md — full user docs
- website/docs/reference/environment-variables.md — WEBHOOK_* vars
- website/sidebars.ts — nav entry
This commit is contained in:
Test
2026-03-20 06:33:36 -07:00
parent 88643a1ba9
commit e140c02d51
10 changed files with 1936 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
gateway/run.py
View File

@@ -1191,6 +1191,15 @@ class GatewayRunner:
return None
return APIServerAdapter(config)
elif platform == Platform.WEBHOOK:
from gateway.platforms.webhook import WebhookAdapter, check_webhook_requirements
if not check_webhook_requirements():
logger.warning("Webhook: aiohttp not installed")
return None
adapter = WebhookAdapter(config)
adapter.gateway_runner = self # For cross-platform delivery
return adapter
return None
def _is_user_authorized(self, source: SessionSource) -> bool:
@@ -1207,7 +1216,9 @@ class GatewayRunner:
# Home Assistant events are system-generated (state changes), not
# user-initiated messages. The HASS_TOKEN already authenticates the
# connection, so HA events are always authorized.
if source.platform == Platform.HOMEASSISTANT:
# Webhook events are authenticated via HMAC signature validation in
# the adapter itself — no user allowlist applies.
if source.platform in (Platform.HOMEASSISTANT, Platform.WEBHOOK):
return True
user_id = source.user_id