-
-
Notifications
You must be signed in to change notification settings - Fork 28
Triggers
Event-driven automation system for CortexPrism, enabling automatic agent turns and system events in response to webhooks, filesystem changes, and git hooks.
Five files in src/triggers/:
| File | Purpose |
|---|---|
types.ts |
Core types: TriggerConfig, TriggerEvent, providers, rate limits |
manager.ts |
Trigger registry, rate limiting, template rendering, signature verification |
webhook.ts |
HTTP webhook handler for GitHub, GitLab, and Generic providers |
watcher.ts |
Filesystem watcher via Deno.watchFs with debouncing |
git-hooks.ts |
Git hook installation and uninstallation |
HTTP endpoint at /api/webhooks/<triggerName>. Supports three providers:
| Provider | Event Header | Signature Header | Events |
|---|---|---|---|
| GitHub | X-GitHub-Event |
X-Hub-Signature-256 (sha256=...) |
push, pull_request, issues, release, check_run
|
| GitLab | X-Gitlab-Event |
X-Gitlab-Token |
Push Hook, Merge Request Hook, Issue Hook
|
| Generic | X-Event-Type |
X-Signature |
* (all) |
HMAC-SHA256 verification using crypto.subtle.verify(). The secret is loaded from webhook.secret or resolved via webhook.secretEnv (environment variable). If no secret is configured, verification is skipped.
Optional CIDR-based IP filtering via webhook.allowedIps. Supports both exact IP matching and CIDR notation (e.g., 192.168.1.0/24).
- Match URL path:
/api/webhooks/<triggerName> - Look up trigger by name
- Check IP allow-list
- Read body, extract signature header
- Verify HMAC signature
- Parse JSON payload
- Extract event type from provider-specific header
- Filter by configured events
- Create TriggerEvent and dispatch to handler
Uses Deno.watchFs() to monitor filesystem changes.
| Option | Description |
|---|---|
paths |
Directories or files to watch |
patterns |
Glob patterns to filter files (supports * and ? wildcards) |
events |
Event kinds: create, modify, delete
|
debounceMs |
Debounce window before firing trigger |
recursive |
Watch subdirectories |
Debouncing: Multiple filesystem events within debounceMs are batched. A timer fires once to process all accumulated change paths as a single trigger event.
Installs shell scripts into .git/hooks/ that POST webhook payloads to the local Cortex server.
The generated hook scripts send a JSON payload with:
-
event: hook name -
repo: repository path -
timestamp: generation timestamp -
branch: current branch name -
commit: HEAD commit SHA -
message: last commit message
Installation: installGitHooks(repoPath) writes executable hook scripts. Uninstallation: uninstallGitHooks(repoPath) removes only Cortex-generated hooks (detected by marker comment).
Two action types:
| Type | Description |
|---|---|
agent_turn |
Creates a new agent turn with the rendered prompt |
system_event |
Fires a system-level event |
Prompt templates use {{ variable.path | filter }} syntax:
| Filter | Description | Example |
|---|---|---|
| (none) | Stringify value | {{ repo.name }} |
length |
Array length | {{ commits | length }} |
join |
Array join with ,
|
{{ files | join }} |
Variables use dot-notation to traverse the event data object. Undefined values render as empty strings.
Per-trigger rate limiting with count-based windows:
interface RateLimit {
count: number; // Max events per window
perSeconds: number; // Window duration in seconds
cooldownSeconds: number; // Minimum interval between events
}checkRateLimit() maintains per-trigger buckets with reset timestamps and cooldown enforcement.
| Feature | Description |
|---|---|
| HMAC-SHA256 | Signature verification for webhooks |
| IP allow-listing | CIDR-based source filtering |
| Rate limiting | Per-trigger event throttling |
| Secret management | Secrets via environment variables or direct config |
{
"name": "on-pr-merged",
"enabled": true,
"source": "webhook",
"webhook": {
"path": "/api/webhooks/on-pr-merged",
"secretEnv": "WEBHOOK_SECRET",
"providers": ["github"],
"events": ["pull_request"]
},
"action": {
"type": "agent_turn",
"agent": "code-reviewer",
"promptTemplate": "A PR was merged: {{ pull_request.title }} by {{ sender.login }}. Please review the changes.",
"timeoutSeconds": 300
},
"rateLimit": {
"count": 10,
"perSeconds": 60,
"cooldownSeconds": 5
}
}cortex trigger list # List all triggers
cortex trigger create <config.json> # Create trigger from config file
cortex trigger delete <name> # Delete trigger
cortex trigger test <name> [data.json] # Test trigger with sample data
cortex trigger hooks install <repo-path> # Install git hooks
cortex trigger hooks uninstall <repo-path> # Uninstall git hooks- MCP Gateway — Rate limiting and audit logging patterns
- Distributed Nodes — WebSocket-based event communication
- Workflow Engine — DAG workflow engine for complex event chains
CortexPrism — Open-source agentic AI harness · MIT License · Built with Deno 2.x + TypeScript
- Agent Loop
- Metacognition
- Memory System
- Skills System
- Sub-Agents
- Built-in Tools
- Code Intelligence
- Code Sandbox
- Cross-Agent Context Protocol
- Prompt Lab
- PKM Assistant
- Voice Pipeline
- Computer Use
- Browser Tool
- Git & GitHub
- Scheduler & Jobs
- Dashboard
- Observability
- A2A Protocol
- MCP Gateway
- Distributed Nodes
- Memori Checkpoints
- Eval System
- Workflow Engine
- Triggers
- Projects
- TUI
- Glossary
- Update System