No description
  • Rust 94%
  • Nix 4.9%
  • JavaScript 1.1%
Find a file
2026-05-25 20:02:28 -07:00
docs Harden app-server supervisor 2026-05-25 20:02:28 -07:00
examples Initial dispatch service 2026-05-25 18:24:44 -07:00
nix/modules Initial dispatch service 2026-05-25 18:24:44 -07:00
programs Initial dispatch service 2026-05-25 18:24:44 -07:00
src Harden app-server supervisor 2026-05-25 20:02:28 -07:00
.gitignore Initial dispatch service 2026-05-25 18:24:44 -07:00
AGENTS.md Initial dispatch service 2026-05-25 18:24:44 -07:00
Cargo.lock Initial dispatch service 2026-05-25 18:24:44 -07:00
Cargo.toml Initial dispatch service 2026-05-25 18:24:44 -07:00
flake.lock Initial dispatch service 2026-05-25 18:24:44 -07:00
flake.nix Package shared docs and examples 2026-05-25 18:35:24 -07:00
README.md Harden app-server supervisor 2026-05-25 20:02:28 -07:00

Dispatch

Dispatch is a generic webhook-to-steer service for Codex app-server based systems. It is the product-neutral port of the dispatch.key.store resident identity pattern:

  1. Providers or MCP tools send notifications.
  2. Dispatch authenticates and normalizes the event.
  3. Dispatch writes an idempotent steer to SQLite.
  4. A supervisor can deliver the steer into a resident Codex app-server thread for the configured identity.

The service is intentionally configured from TOML. New identities, webhook sources, routes, and small program hooks do not require a Rust edit.

Quick Start

cargo run -- serve --config examples/dispatch.toml
curl -s http://127.0.0.1:9120/healthz
curl -s -X POST http://127.0.0.1:9120/webhook/generic \
  -H 'content-type: application/json' \
  -d '{"event":"book.search.changed","identity":"assistant","query":"octavia butler"}'
curl -s http://127.0.0.1:9120/v1/steers?status=pending

Use --with-supervisor or [dispatch.appserver] enabled = true when the host has an authenticated Codex home and a resident identity policy. The supervisor uses the app-server protocol directly and rejects interactive approval or elicitation requests fail-closed.

Capabilities

  • Dynamic webhook sources under /webhook/{source} or source-owned paths.
  • Auth modes: none, bearer token, query token, HMAC-SHA256.
  • Secret-free topology view at GET /topology.
  • Idempotent event and steer persistence.
  • Basic MCP endpoint at POST /mcp with tools for recording notifications, listing steers, and reading topology.
  • Command programs for JavaScript or other scripting runtimes.
  • Optional wasm_c_abi program type when built with --features wasm.
  • Codex app-server supervisor that maintains resident identity threads.

Documentation