Add pluggable inbound-webhook framework + Granola meeting summarizer#4
Add pluggable inbound-webhook framework + Granola meeting summarizer#4Miyamura80 wants to merge 5 commits into
Conversation
Introduces webhooks/ as a place to mount custom webhook listeners on the same Bun.serve instance. First source is Granola: when a meeting wraps, the emitter POSTs to /api/webhooks/granola and a Codex-generated summary is streamed into the configured Slack channel. - Shared X-Webhook-Secret auth and Redis NX/EX dedup per source - Handler returns 200 immediately and processes in the background - Failures post a⚠️ notice to the same channel so issues are visible - Extracted streamCodex into lib/codex.ts so mentions and webhooks share it
Qodo reviews are paused for this user.Troubleshooting steps vary by plan Learn more → On a Teams plan? Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center? |
There was a problem hiding this comment.
3 issues found across 6 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="webhooks/granola.ts">
<violation number="1" location="webhooks/granola.ts:42">
P2: Validate payload types before property access; non-object JSON can currently throw and return 500.</violation>
<violation number="2" location="webhooks/granola.ts:65">
P2: Normalize `attendees` to an array before joining; current code can throw before the catch block.</violation>
</file>
<file name="lib/codex.ts">
<violation number="1" location="lib/codex.ts:35">
P2: Validate the Codex subprocess exit code before returning; non-zero exits are currently treated as success.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Fix all with cubic | Re-trigger cubic
Addresses three review issues from cubic on PR #4: - webhooks/granola.ts: reject non-object JSON bodies (null, arrays, primitives) before field access, instead of letting a TypeError bubble up as a 500. - webhooks/granola.ts: normalize `attendees` with Array.isArray before calling .join, so a malformed (non-array, non-empty) value can no longer throw outside the surrounding try/catch in the background task. - lib/codex.ts: await the subprocess and throw on non-zero exit so silent codex failures surface as errors instead of empty summaries. Callers (webhook handler, onNewMention) now see the failure and can react.
Capture the macOS deploy setup that was previously only tribal knowledge: - deploy/com.edison.assistant-bot.plist: LaunchAgent template (RunAtLoad + KeepAlive, direct bun exec, no secrets — env comes from .env). - docs/DEPLOY.md: install/manage commands plus two gotchas hit in practice: (1) a checkout on an external/removable volume needs Full Disk Access on the bun binary or launchd gets EPERM reading files (TCC); (2) the codex CLI hangs in dyld if its signing cert is revoked — upgrade to a clean build. - CLAUDE.md: link to the new deploy doc. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Deployment captured in-repo (
|
There was a problem hiding this comment.
All reported issues were addressed across 3 files (changes from recent commits).
Tip: Review your code locally with the cubic CLI to iterate faster.
Re-trigger cubic
Addresses two cubic review comments on 0bb7814: - deploy/com.edison.assistant-bot.plist: parameterize user-specific fields with __USER__ and __WORKDIR__ placeholders instead of hardcoding one operator's username in StandardOut/ErrPath, PATH, HOME, and WorkingDirectory. Label stays as com.edison.assistant-bot (reverse-DNS prefix refers to the org, not the local user). - docs/DEPLOY.md: install step now renders the template via sed so all placeholders get substituted in one command. Documents which fields are parameterized and why. - docs/DEPLOY.md: rewrite the revoked-cert diagnostic. The old command relied on `readlink -f` (GNU-only; BSD readlink on macOS errors with "illegal option -- f") and manually joined path segments in a way that double-nested inside the codex npm package. New command uses `find` under `npm root -g` to locate the arch-specific binary — BSD-safe, arch-agnostic (arm64 and x86_64), and resilient to whether npm dedups the platform packages flat or under codex/node_modules.
There was a problem hiding this comment.
All reported issues were addressed across 2 files (changes from recent commits).
Tip: Review your code locally with the cubic CLI to iterate faster.
Re-trigger cubic
Addresses two cubic review comments on 36b5fae: - docs/DEPLOY.md: the previous "if deploying for a different user, replace $USER with the target username" note was misleading — the surrounding commands still targeted the current user's ~, $(id -u), and log paths. Replace it with a directive to run the whole install sequence as the target user so every reference resolves consistently. - docs/DEPLOY.md: the codex signing-cert diagnostic used the interactive shell's `npm root -g`, which nvm/nodenv/asdf can shadow. The bot spawns bare `codex` under the LaunchAgent's fixed PATH, so the diagnostic must resolve npm through that same PATH — otherwise it may inspect a different codex install than the one the bot actually runs, giving a false negative on a revoked cert. Rewrite to reproduce the bot's PATH and resolve npm via `command -v` under it (BSD-safe, arch-agnostic).
Summary
Introduces a small framework in
webhooks/for mounting custom inbound webhooks on the existingBun.serve()instance, and ships the first source: a Granola "meeting finished" handler that streams a Codex summary into Slack.(ctx: { bot }) => { path, handler }exported fromwebhooks/<name>.ts.index.tsmounts every factory underBun.serve({ routes }). Adding a new source = drop a file + one line inindex.ts.CLAUDE.md):X-Webhook-Secret: $WEBHOOK_SECRET.SET key NX EX 604800(7-day TTL) — retried deliveries return 200 without re-processing.:warning:notice to the same Slack channel so issues are visible instead of silently swallowed.webhooks/granola.ts):POST /api/webhooks/granolaaccepts{ meeting_id, title, transcript, notes?, attendees? }, asks Codex for a Slack-formatted wrap-up (header + 3-5 bullets + optional action items), and streams it intoGRANOLA_SLACK_CHANNEL_ID(intended:#edison-os-updates) viabot.channel("slack:Cxxx").post(streamCodex(...)).streamCodexout ofindex.tsintolib/codex.tssoonNewMentionand webhook handlers share one implementation.Files
webhooks/types.ts—WebhookContext,WebhookRoute,WebhookFactorywebhooks/granola.ts— Granola handlerlib/codex.ts— sharedstreamCodexindex.ts— wires the webhooks array intoBun.serve({ routes }).env.example— addsWEBHOOK_SECRETandGRANOLA_SLACK_CHANNEL_IDCLAUDE.md— documents the inbound-webhook conventionsBefore testing
.env:brew services start redis).bun run index.ts. Startup logs should showPOST /api/webhooks/granolamounted.Test plan
POST /api/webhooks/slackandPOST /api/webhooks/granola.X-Webhook-Secretreturns401:200immediately and a streamed wrap-up lands in#edison-os-updatesa few seconds later:meeting_idreturns200 Duplicate (already processed)and does not post a second message.400.GRANOLA_SLACK_CHANNEL_IDto an ID the bot can't post to) and confirm a:warning:failure notice attempt is logged.bunx tsc --noEmitis clean (already verified locally).@mentionflow still streams a Codex reply (regression check on thestreamCodexextraction).Generated by Claude Code
Summary by cubic
Adds a pluggable inbound-webhook framework and the first source: a Granola “meeting finished” webhook that streams a Codex summary to Slack. Also adds macOS launchd deployment with a parameterized LaunchAgent and clearer, user-safe setup steps.
New Features
webhooks/via a factory andBun.serveroutes; startup logs list mounted paths.X-Webhook-Secretauth, RedisSET NX EX 7ddedup, 200 immediate with background processing, and:warning:failure notices.POST /api/webhooks/granolaaccepts{meeting_id, title, transcript, notes?, attendees?}and posts a streamed wrap-up toGRANOLA_SLACK_CHANNEL_ID.docs/DEPLOY.md+ LaunchAgent template with__USER__/__WORKDIR__placeholders; run install as the target user; env from.env; external-volume Full Disk Access note; codex revoked-cert diagnostic now resolvesnpmusing the agent’s PATH to avoid false negatives.Bug Fixes
attendeeswithArray.isArraybefore.join.streamCodextolib/codex.ts; now awaits the subprocess and throws on non-zero exit so errors surface instead of empty summaries.Written for commit 3ac8890. Summary will update on new commits.