Skip to main content
The gateway now ships in the praisonai-bot package. praisonai serve gateway still works exactly as documented here; for a standalone install see praisonai-bot Migration.
Inbound hooks expose a POST /hooks/<path> endpoint on the gateway — point any external service (GitHub Actions, Linear, Gmail push, Sentry alerts) at it and the gateway runs an agent and delivers the reply to a configured channel.
The user POSTs JSON to /hooks/<path>; the gateway authenticates the payload, runs the mapped agent, and delivers the reply to the configured channel.

Quick Start

1

Define a hook and start the gateway

2

Point your external service at the hook URL

3

The agent replies to Telegram automatically

No polling, no webhook handler code — the gateway does it all.

How It Works


Three Ways to Register a Hook


HookConfig Options


Templating

Both {{ payload.x }} (Jinja-style) and {x} (format-string style) are accepted:
Rules:
  • The leading payload. is optional — {{ payload.from }} and {from} resolve identically.
  • Missing keys render as empty strings — the template never raises on partial payloads.
  • Single-pass substitution — a payload value containing {...} is never re-expanded (injection-safe).

Actions

"agent" (default) — runs a full agent turn with the rendered message as the user input:
"wake" — nudges an existing session (triggers proactive delivery or a scheduled check-in) without injecting a new user message:

Idempotency & Retries

The gateway deduplicates concurrent and retried deliveries:
  1. When idempotency_key is set, the key is rendered from the payload and hashed as SHA-256(path + "\x00" + rendered_key).
  2. When unset, the entire payload is JSON-canonicalized and hashed.
  3. The key is reserved in-flight atomically — concurrent identical POSTs dedup across the await boundary.
  4. The key is committed only after a successful agent run — transient failures remain retryable.
External services that retry on timeout (e.g. GitHub webhooks, Linear) are safe to point directly at inbound hooks without additional dedup logic on your side.

Security

Authorization: Bearer <token> is the only accepted form. The ?token= query-parameter path was removed because it leaks the shared secret into access logs.

End-to-End Example: Gmail → Triage Agent → Telegram

  1. Gmail push subscription fires POST /hooks/gmail with the email payload.
  2. Gateway verifies the bearer token from $GMAIL_HOOK_SECRET.
  3. Session key gmail:<message_id> scopes the conversation to this email thread.
  4. The rendered message is sent to the email-triager agent.
  5. The agent’s reply is delivered to Telegram chat 123456789.

Best Practices

External webhooks retry on timeout. Without an idempotency_key, a slow agent run followed by a timeout retry will run the agent twice. Use a message or event id from the payload.
Set a distinct auth secret per hook so you can rotate individual secrets without restarting the gateway or changing the global token.
Without session_key, all deliveries to a hook share the same session (hook:<path>). Use a payload field like {user_id} or {message_id} to isolate conversations by sender or thread.

Webhook Verification

HMAC signature verification for outbound bot webhooks (different surface)

Proactive Delivery

Delivery routing — the channel:target format used in deliver_to

Gateway Overview

Gateway configuration, channels, and multi-bot mode

Gateway CLI

All gateway CLI commands including hooks add / list / remove