mark/vibn-agent-runner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Gitea webhook with HMAC-SHA256 auth, agent label routing, auto-close issues

Browse Source 
Made-with: Cursor
This commit is contained in:
mawkone
2026-02-26 15:24:21 -08:00
parent 1eadbb6631
commit d3b04fcd22
4 changed files with 48 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dist/agents.js vendored
View File

@@ -70,8 +70,12 @@ Your job is to complete the coding task given to you. Follow these rules:
- Never modify .env files or credentials.
- Never commit secrets or API keys.
**If you were triggered by a Gitea issue:**
- After committing, close the issue using gitea_close_issue.
- The repo name is in the format "owner/name".
Be methodical. Read before you write. Test before you commit.`,
tools: pick([...FILE_TOOLS, ...SHELL_TOOLS, ...GIT_TOOLS])
tools: pick([...FILE_TOOLS, ...SHELL_TOOLS, ...GIT_TOOLS, ...GITEA_TOOLS])
},
PM: {
name: 'PM',

27
dist/server.js vendored
View File

@@ -40,6 +40,7 @@ const express_1 = __importDefault(require("express"));
const cors_1 = __importDefault(require("cors"));
const fs = __importStar(require("fs"));
const path = __importStar(require("path"));
const crypto = __importStar(require("crypto"));
const child_process_1 = require("child_process");
const job_store_1 = require("./job-store");
const agent_runner_1 = require("./agent-runner");
@@ -157,19 +158,25 @@ app.get('/api/jobs', (req, res) => {
const limit = parseInt(req.query.limit || '20', 10);
res.json((0, job_store_1.listJobs)(limit));
});
// Gitea webhook endpoint — triggers agent from a push/issue event
app.post('/webhook/gitea', (req, res) => {
// Gitea webhook endpoint — triggers agent from an issue event
// Must use raw body for HMAC verification — register before express.json()
app.post('/webhook/gitea', express_1.default.raw({ type: 'application/json' }), (req, res) => {
const event = req.headers['x-gitea-event'];
const body = req.body;
// Verify secret if configured
const rawBody = req.body;
// Verify HMAC-SHA256 signature
const webhookSecret = process.env.WEBHOOK_SECRET;
if (webhookSecret) {
const sig = req.headers['x-gitea-signature'];
if (!sig || sig !== webhookSecret) {
const expected = crypto
.createHmac('sha256', webhookSecret)
.update(rawBody)
.digest('hex');
if (!sig || !crypto.timingSafeEqual(Buffer.from(sig), Buffer.from(expected))) {
res.status(401).json({ error: 'Invalid webhook signature' });
return;
}
}
const body = JSON.parse(rawBody.toString('utf8'));
let task = null;
let agentName = 'Coder';
let repo;
@@ -183,13 +190,17 @@ app.post('/webhook/gitea', (req, res) => {
else if (labels.includes('agent:marketing')) {
agentName = 'Marketing';
}
else {
else if (labels.includes('agent:coder')) {
agentName = 'Coder';
}
task = `Resolve this GitHub issue:\n\nTitle: ${issue.title}\n\nDescription:\n${issue.body || '(no description)'}`;
else {
// No agent label — ignore
res.json({ ignored: true, reason: 'no agent label on issue' });
return;
}
task = `You have been assigned to resolve a Gitea issue in the repo ${repo}.\n\nIssue #${issue.number}: ${issue.title}\n\nDescription:\n${issue.body || '(no description)'}\n\nWhen done, close the issue by calling gitea_close_issue.`;
}
else if (event === 'push') {
// Optionally trigger on push — useful for CI-style automation
res.json({ ignored: true, reason: 'push events not auto-processed' });
return;
}