graham.systems / lure
Enable LLMs to handle webhooks with plaintext files
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

lure / SKILL.md
at 6390e1968d93903b3265158d7ec27a16e968abd1 3.0 kB view raw view code
graham.systems run formatter
246bb0cd

name: create-lure description: Generate a new .lure file for handling a webhook endpoint. Use when the user wants to add a new webhook handler or lure.#

Generate a new .lure file for handling an incoming webhook.

Steps#

  1. Gather requirements. If not already provided, ask the user:

    • What webhook source and event is this for?
    • What path should it be mounted at? (e.g. github/pushlures/github/push.lure)
    • Does the provider sign requests? If so:
      • HMAC or literal token comparison?
      • Which header or query parameter carries the signature or token?
      • What environment variable holds the secret?
      • For HMAC: does the provider prefix the digest (e.g. sha256=)?
    • What should the LLM do when it receives this webhook?
    • Is there any application-specific config to include?

  2. Write the .lure file to the appropriate path under the lures/ directory.

.lure file format#

A .lure file is a Markdown file with YAML frontmatter. The filename without the .lure extension determines the webhook path relative to the configured base path: push.lure handles <basePath>/push, and github/push.lure handles <basePath>/github/push.

verify (optional)#

Specifies how to authenticate incoming webhook requests. Omit if the provider does not sign requests. Only one strategy may be specified.

HMAC (e.g. GitHub, GitLab — computes SHA-256 over the request body):

verify:
  hmac:
    header: X-Hub-Signature-256 # or query: param-name
    prefix: "sha256=" # optional: stripped before comparing the digest
    secret: $ENV_VAR_NAME # must be an environment variable reference

Literal (e.g. Forgejo, Omi — compares value directly against the secret):

verify:
  literal:
    header: Authorization # or query: uid
    secret: $ENV_VAR_NAME # must be an environment variable reference

payload (optional)#

payload:
  contentType: json # currently the only supported value

config (optional)#

An arbitrary object passed as-is to the application callback. Use this for any application-specific values you want to associate with this lure.

config:
  key: value

Template body#

Below the frontmatter is a Liquid template. Write it as a natural language prompt for the LLM that will process the webhook. The following variables are available:

  • payload — the request body (parsed JSON for contentType: json)
  • headers — request headers as a plain object with lowercase keys (e.g. {{ headers["x-my-header"] }})
  • query — query string as a plain object (e.g. {{ query.foo }})

Use {{ expression }} to interpolate values and {% if %}...{% endif %} for conditionals.

Notes#

  • Secret values must always be environment variable references ($VAR_NAME), never hardcoded.
  • The template body should read naturally as a prompt — write it in the second person, as if instructing the LLM receiving it.
  • After writing the file, show it to the user for review.