← Back to Skills Marketplace
7schmiede

Hookaido Webhook Integration

by Sebastian Gieseler · GitHub ↗ · v2.6.0 · MIT-0
cross-platform ✓ Security Clean
1009
Downloads
1
Stars
1
Active Installs
12
Versions
Install in OpenClaw
/install hookaido
Description
Webhook infrastructure for receiving, queuing, and delivering webhooks. Operate Hookaido webhook ingress, durable webhook queue (SQLite/Postgres), webhook de...
README (SKILL.md)

Hookaido

Overview

Implement and troubleshoot Hookaido with a config-first workflow: edit Hookaidofile, validate, run, exercise ingress/pull/exec flows, then diagnose queue health and DLQ behavior. Treat Hookaido v2.6.0's modular architecture as additive in this skill: keep the existing workflow intact by default, and opt into modules such as postgres, gRPC workers, subprocess delivery (deliver exec), or release verification only when they materially help the task. Use conservative, reversible changes and validate before runtime operations.

Workflow

  1. Confirm target topology: inbound+pull (HTTP or gRPC), push outbound, subprocess exec, or internal queue, plus the queue backend (sqlite, memory, or postgres).
  2. Choose runtime mode and ensure hookaido exists where tools execute.
    • Host-binary mode: use the install action from metadata.openclaw.install.
    • Host fallback: run bash {baseDir}/scripts/install_hookaido.sh (pinned v2.6.0, SHA256-verified).
    • Public repo/source mode: use the public upstream repo github.com/nuetzliches/hookaido via go install github.com/nuetzliches/hookaido/cmd/[email protected] when a source-based install is preferred.
    • Docker-sandbox mode: use a sandbox image that already includes hookaido (preferred), or install inside sandbox via agents.defaults.sandbox.docker.setupCommand.
    • Keep host install actions available as fallback and to satisfy metadata.openclaw.requires.bins.
  3. Inspect and update Hookaidofile minimally.
  4. Run format and validation before starting or reloading:
    • hookaido config fmt --config ./Hookaidofile
    • hookaido config validate --config ./Hookaidofile
    • hookaido config validate --config ./Hookaidofile --strict-secrets when secret refs or Vault-backed config are involved.
  5. Start runtime and verify health:
    • hookaido run --config ./Hookaidofile --db ./.data/hookaido.db
    • hookaido run --config ./Hookaidofile --postgres-dsn "$HOOKAIDO_POSTGRES_DSN" when queue postgres is selected.
    • curl http://127.0.0.1:2019/healthz?details=1
  6. Validate end-to-end behavior:
    • ingress request accepted and queued
    • consumer dequeue/ack/nack/extend path works (HTTP pull, batch ack/nack, plus gRPC pull when enabled)
  7. For incidents, inspect backlog and DLQ first, then mutate.

Task Playbooks

Configure Ingress and Pull Consumption

  1. Define a route with explicit auth and pull path (HTTP pull, optional gRPC pull worker listener).
  2. Keep secrets in env/file refs, never inline.
  3. Verify route and global pull auth are consistent.
  4. Test with a real webhook payload and a dequeue/ack cycle, using batch ack/nack when worker throughput matters.

Prefer this baseline:

ingress {
  listen :8080
}

pull_api {
  listen :9443
  grpc_listen :9943 # optional gRPC pull-worker listener
  auth token env:HOOKAIDO_PULL_TOKEN
}

/webhooks/github {
  auth hmac env:HOOKAIDO_INGRESS_SECRET
  pull { path /pull/github }
}

Configure Push Delivery

  1. Use push delivery only when inbound connectivity to the service is acceptable.
  2. Set timeout and retry policy explicitly.
  3. Validate downstream idempotency since delivery is at-least-once.
/webhooks/stripe {
  auth hmac env:STRIPE_SIGNING_SECRET
  deliver "https://billing.internal/stripe" {
    retry exponential max 8 base 2s cap 2m jitter 0.2
    timeout 10s
  }
}

Configure Subprocess Delivery (deliver exec)

  1. Use exec delivery when the target is a local script or binary, not an HTTP service.
  2. Payload is piped to stdin; metadata arrives as env vars (HOOKAIDO_ROUTE, HOOKAIDO_EVENT_ID, HOOKAIDO_ATTEMPT, etc.).
  3. Exit code determines retry behavior: 0 = ack, 1-125 = retry, 126/127 = immediate DLQ.
  4. sign directives are not supported with exec (compile error).
/webhooks/github {
  auth hmac {
    provider github
    secret env:GITHUB_WEBHOOK_SECRET
  }
  deliver exec "/opt/hooks/deploy.sh" {
    timeout 30s
    retry exponential max 3 base 1s cap 30s jitter 0.2
    env DEPLOY_ENV production
    env NOTIFY_URL {env.SLACK_WEBHOOK_URL}
  }
}

Configure Provider-Compatible HMAC

  1. Use provider github, provider gitea, provider stripe, or provider cituro for webhook providers with their own signature format.
  2. Provider mode disables timestamp/nonce replay protection (providers do not send those headers).
  3. signature_header, timestamp_header, nonce_header, and tolerance are forbidden in provider mode (compile error).
/webhooks/github {
  auth hmac {
    provider github
    secret env:GITHUB_WEBHOOK_SECRET
  }
  pull { path /pull/github }
}

/webhooks/gitea {
  auth hmac {
    provider gitea
    secret env:GITEA_WEBHOOK_SECRET
  }
  pull { path /pull/gitea }
}

/webhooks/stripe {
  auth hmac {
    provider stripe
    secret env:STRIPE_SIGNING_SECRET
  }
  pull { path /pull/stripe }
}

/webhooks/cituro {
  auth hmac {
    provider cituro
    secret env:CITURO_WEBHOOK_SECRET
  }
  pull { path /pull/cituro }
}

Use SSE Streaming (v2.5.3+)

  1. SSE replaces polling for real-time webhook delivery — use GET {pull.path}/stream instead of repeated POST .../dequeue.
  2. ACK/NACK operations use the same existing POST endpoints; no protocol change.
  3. Multiple concurrent SSE connections act as competing consumers.
  4. Configure keepalive interval (keepalive) and max connection duration (max_duration) in the route's pull block.
# Connect SSE stream (persistent, server pushes events)
curl -sS -N "http://localhost:9443/pull/github/stream" \
  -H "Authorization: Bearer $HOOKAIDO_PULL_TOKEN"

# ACK received event
curl -sS -X POST "http://localhost:9443/pull/github/ack" \
  -H "Authorization: Bearer $HOOKAIDO_PULL_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"lease_id":"lease_xyz"}'

Configure Queue Backends

  1. Default to sqlite unless the task explicitly needs ephemeral dev mode or shared Postgres storage.
  2. Treat memory and postgres as additive v2 modules, not replacements for existing sqlite workflows.
  3. When using postgres, document the DSN source and validate health plus backlog endpoints after startup.

Prefer these patterns:

queue sqlite

queue memory

queue postgres

Operate Queue and DLQ

  1. Start with health details and backlog endpoints.
  2. Inspect DLQ before requeue or delete.
  3. If requeueing many items, explain expected impact and rollback path.
  4. Require clear operator reason strings for mutating admin calls.

Use:

  • GET /healthz?details=1
  • GET /backlog/trends
  • GET /dlq
  • POST /dlq/requeue
  • POST /dlq/delete

Use MCP Mode for AI Operations

  1. Default to --role read for diagnostics.
  2. Enable mutations only with explicit operator intent:
    • --enable-mutations --role operate --principal \x3Cidentity>
  3. Enable runtime control only for admin workflows:
    • --enable-runtime-control --role admin --pid-file \x3Cpath>
  4. Include reason for mutation calls and keep it specific.

Register as Claude Code MCP Plugin

Add to .claude/settings.json (or ~/.claude/settings.json for global use):

{
  "mcpServers": {
    "hookaido": {
      "command": "hookaido",
      "args": [
        "mcp", "serve",
        "--config", "./Hookaidofile",
        "--db", "./.data/hookaido.db",
        "--role", "read"
      ]
    }
  }
}

For operate role (queue mutations):

{
  "mcpServers": {
    "hookaido": {
      "command": "hookaido",
      "args": [
        "mcp", "serve",
        "--config", "./Hookaidofile",
        "--db", "./.data/hookaido.db",
        "--enable-mutations",
        "--role", "operate",
        "--principal", "claude"
      ]
    }
  }
}

The MCP server exposes structured tools directly — no shell output parsing. Claude Code discovers available tools at startup and uses them with typed parameters.

Verify Public Releases

  1. Prefer official release assets from the public Hookaido repo.
  2. When supply-chain assurance matters, validate checksums, signature material, and provenance before rollout.
  3. Keep verification optional by default so existing skill flows do not become heavier unless the task requires it.

Use:

  • hookaido verify-release --checksums ./hookaido_v2.6.0_checksums.txt --require-provenance

Validation Checklist

  • hookaido config validate returns success before runtime start/reload.
  • hookaido config validate --strict-secrets is used when secret refs, Vault, or public-release rollout validation matters.
  • Health endpoint is reachable and reports expected queue/backend state.
  • Pull consumer can dequeue, ack, nack, and extend with valid token (HTTP, SSE, and optional gRPC transport), including batch ack/nack when enabled.
  • For push mode, retry/timeout behavior is explicitly configured.
  • For exec mode, handler script is executable, reads stdin, and uses exit codes correctly (0=ack, non-zero=retry, 126/127=DLQ).
  • For queue postgres, runtime is started with --postgres-dsn or HOOKAIDO_POSTGRES_DSN.
  • Any DLQ mutation is scoped, justified, and logged.

Safety Rules

  • Do not disable auth to "make tests pass."
  • Do not suggest direct mutations before read-only diagnostics.
  • Treat queue operations as at-least-once; require idempotent handlers.
  • Keep secrets in env: or file: refs.

References

  • Read references/operations.md for command snippets and API payload templates.
Usage Guidance
This skill appears to do what it says: install and operate the open-source hookaido CLI. Before installing, review the Hookaidofile and any 'deliver exec' entries (they can run local scripts with webhook payloads). Prefer the Docker sandbox if you’re unsure about installing a host binary. The included installer downloads from GitHub releases and verifies pinned SHA256 checksums — verify those checksums yourself if you need extra assurance. Only provide HOOKAIDO_PULL_TOKEN and ingress secrets to trusted deployments, and avoid enabling exec delivery or broad mutation/operate roles unless you trust the configured scripts and operators.
Capability Analysis
Type: OpenClaw Skill Name: hookaido Version: 2.6.0 The Hookaido skill bundle is a well-documented integration for a webhook infrastructure tool. It includes a hardened installation script (scripts/install_hookaido.sh) that performs SHA256 checksum verification for all platform-specific binaries. The SKILL.md file provides clear operational guidance, including safety rules that instruct the AI agent to prioritize read-only diagnostics, maintain authentication, and use conservative changes. While the tool supports high-privilege features like subprocess execution (deliver exec) and MCP-based administrative control, these are documented as core functionalities for webhook handling and are accompanied by appropriate security warnings and configuration examples.
Capability Tags
requires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
Name/description, required binary (hookaido), required env vars (HOOKAIDO_PULL_TOKEN, HOOKAIDO_INGRESS_SECRET), CLI commands, and install options all align with operating a Hookaido webhook ingress/queue/delivery tool.
Instruction Scope
SKILL.md instructs the agent to edit/validate/run Hookaidofile, run the hookaido CLI, and inspect local state (DB, backlog, DLQ). It also documents 'deliver exec' (subprocess delivery) and examples that reference optional secrets (GITHUB_WEBHOOK_SECRET, STRIPE_SIGNING_SECRET, HOOKAIDO_POSTGRES_DSN). These are expected for webhook delivery tooling but warrant caution: enabling exec delivery or applying unreviewed Hookaidofile contents can run local scripts or mutate queued items.
Install Mechanism
Installer options include go install (pulls Go module) and direct downloads from GitHub releases. Downloads are pinned to v2.6.0 and the included install script verifies SHA256 checksums — this is acceptable and lower-risk than arbitrary URLs, but installing binaries or running go install will write executables to disk and fetch upstream code.
Credentials
The two required env vars (HOOKAIDO_PULL_TOKEN primary, HOOKAIDO_INGRESS_SECRET) are proportional to the skill’s purposes (pull auth and HMAC ingress). The docs reference additional optional secrets (provider webhook secrets, POSTGRES DSN) for optional features; these are not declared as required and are reasonable to be optional.
Persistence & Privilege
always:false and no indication the skill force-enables itself or alters other skills. The installer writes a binary to typical per-user locations (~/.local/bin or ~/.openclaw/tools) which is normal for a CLI tool. The docs include examples for adding an MCP plugin to a user-specific .claude/settings.json but do not perform that change automatically.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install hookaido
  3. After installation, invoke the skill by name or use /hookaido
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.6.0
- Version bump to 2.6.0 with updated binaries and install sources. - Added a LICENSE file. - Support for new webhook providers and delivery types reflected in documentation. - Expanded install matrix for more platforms with version 2.6.0 artifacts. - Documentation updates to reference v2.6.0 features and instructions.
v2.2.4
- Added .clawhubignore and LICENSE files to the repository. - Introduced scripts/publish.sh for automation or publishing tasks. - Updated install instructions and binaries to target Hookaido v2.2.2. - Minor version bump to 2.2.4 for the skill descriptor.
v2.2.3
- Updated default Hookaido version references from v2.2.0 to v2.2.1 in install workflows and documentation. - Adjusted pinned install script, binary download URLs, and Go module install steps for v2.2.1. - SKILL.md and related docs now reflect usage and recommendations for Hookaido v2.2.1. - No functional logic changes; update is focused on maintaining compatibility with upstream v2.2.1 release.
v2.2.2
- Updated the skill version to 2.2.2. - Clarified and shortened the description for better readability and focus on core Hookaido webhook functionality. - Improved documentation by emphasizing webhook infrastructure, queue backends, delivery modes, and CLI usage. - No functional or interface changes—documentation only.
v2.2.1
Version 2.2.1 - Updated install methods and binary URLs to use Hookaido v2.2.0. - Added and documented subprocess delivery support (deliver exec). - Specified required environment variables (e.g., HOOKAIDO_PULL_TOKEN, HOOKAIDO_INGRESS_SECRET). - Improved docs/playbooks for provider-compatible HMAC authentication (GitHub/Gitea). - Minor workflow and metadata clarifications to reflect new features and requirements.
v2.0.1
Update Name and Description
v2.0.0
Hookaido v2.0.0 is a major release with new modular backend and verification features. - Added support for modular queue backends (`sqlite`, `memory`, `postgres`) - Introduced release signature and checksum verification via `verify-release` - Playbooks and validation flows updated to cover new backend options and stricter secret checking - New install sources and instructions, including source-based install and updated artifact URLs for v2.0.0 - Documentation and workflow steps expanded for batch pull/ack and Postgres queue scenarios
v1.5.0
- Updated hookaido version to 1.5.0 for all platform installers. - Workflow and install instructions updated to reference v1.5.0. - Description clarified to include "webhook/webhooks ingress and delivery." - No functional or procedural changes beyond version updates.
v1.4.0
Summary: Adds gRPC-pull support, updates install/download targets, and revises operation/validation flows. - Added support for gRPC pull-worker listeners and gRPC pull operations. - Updated install/download URLs to reference hookaido v1.4.0 binaries. - Revised workflow and playbooks to include gRPC in topologies and validation steps. - Clarified pull API models and sample configurations with optional gRPC listener. - Improved validation checklist to cover gRPC-pull and related consumer actions.
v1.3.0
hookaido v1.3.0 introduces improved runtime install guidance, especially supporting Docker environments. - Updated install links to reference v1.3 binaries for all platforms. - Expanded workflow section to clearly document host and Docker-based install options, including SHA256 verification. - Added instructions for sandbox/Docker image and `setupCommand` usage to support new execution environments. - Maintained host install as fallback and for requirements check. - No breaking changes to configuration or runtime operation.
v1.2.0
- Added install instructions and automated installation support for the hookaido CLI via scripts/install_hookaido.sh. - Updated SKILL.md to include OpenClaw install metadata and provide step-by-step installation guidance. - Users can now ensure hookaido is on PATH either through OpenClaw install actions or the provided shell script.
v1.0.0
Initial release of the Hookaido skill. - Provides guidance for creating, reviewing, and operating Hookaido webhook queue setups. - Includes workflows for config validation, running, health checks, and queue/DLQ triage. - Offers step-by-step playbooks for configuring ingress, pull, and push delivery modes. - Documents safe operation, mutation, and production hardening practices. - Emphasizes conservative changes, validation, and secure secret handling.
Metadata
Slug hookaido
Version 2.6.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 12
Frequently Asked Questions

What is Hookaido Webhook Integration?

Webhook infrastructure for receiving, queuing, and delivering webhooks. Operate Hookaido webhook ingress, durable webhook queue (SQLite/Postgres), webhook de... It is an AI Agent Skill for Claude Code / OpenClaw, with 1009 downloads so far.

How do I install Hookaido Webhook Integration?

Run "/install hookaido" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Hookaido Webhook Integration free?

Yes, Hookaido Webhook Integration is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Hookaido Webhook Integration support?

Hookaido Webhook Integration is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Hookaido Webhook Integration?

It is built and maintained by Sebastian Gieseler (@7schmiede); the current version is v2.6.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments