--- name: create-lure description: Generate a new .lure file for handling a webhook endpoint. Use when the user wants to add a new webhook handler or lure. --- Generate a new `.lure` file for handling an incoming webhook. ## Steps 1. **Gather requirements.** If not already provided, ask the user: - What webhook source and event is this for? - What path should it be mounted at? (e.g. `github/push` → `lures/github/push.lure`) - Does the provider sign requests? If so: - HMAC or literal token comparison? - Which header or query parameter carries the signature or token? - What environment variable holds the secret? - For HMAC: does the provider prefix the digest (e.g. `sha256=`)? - What should the LLM do when it receives this webhook? - Is there any application-specific config to include? 2. **Write the `.lure` file** to the appropriate path under the `lures/` directory. ## `.lure` file format A `.lure` file is a Markdown file with YAML frontmatter. The filename without the `.lure` extension determines the webhook path relative to the configured base path: `push.lure` handles `/push`, and `github/push.lure` handles `/github/push`. ### `verify` (optional) Specifies how to authenticate incoming webhook requests. Omit if the provider does not sign requests. Only one strategy may be specified. HMAC (e.g. GitHub, GitLab — computes SHA-256 over the request body): ```yaml verify: hmac: header: X-Hub-Signature-256 # or query: param-name prefix: "sha256=" # optional: stripped before comparing the digest secret: $ENV_VAR_NAME # must be an environment variable reference ``` Literal (e.g. Forgejo, Omi — compares value directly against the secret): ```yaml verify: literal: header: Authorization # or query: uid secret: $ENV_VAR_NAME # must be an environment variable reference ``` ### `payload` (optional) ```yaml payload: contentType: json # currently the only supported value ``` ### `config` (optional) An arbitrary object passed as-is to the application callback. Use this for any application-specific values you want to associate with this lure. ```yaml config: key: value ``` ### Template body Below the frontmatter is a [Liquid](https://liquidjs.com) template. Write it as a natural language prompt for the LLM that will process the webhook. The following variables are available: - `payload` — the request body (parsed JSON for `contentType: json`) - `headers` — request headers as a plain object with lowercase keys (e.g. `{{ headers["x-my-header"] }}`) - `query` — query string as a plain object (e.g. `{{ query.foo }}`) Use `{{ expression }}` to interpolate values and `{% if %}...{% endif %}` for conditionals. ## Notes - Secret values must always be environment variable references (`$VAR_NAME`), never hardcoded. - The template body should read naturally as a prompt — write it in the second person, as if instructing the LLM receiving it. - After writing the file, show it to the user for review.