[feat] Add Composio trigger ingress, async dispatch, and worker

[jp-agenta]

Context

Trigger subscriptions can be created and stored (the lane below this one), but nothing yet turns an inbound provider event into a workflow run. This is the inbound dual of webhooks: when Composio reports that a watched event fired, we need to receive it, decide which subscription it belongs to, and invoke the bound workflow.

What this adds

A single global ingress endpoint and an async dispatch pipeline that mirrors how outbound webhooks already work.

POST /triggers/composio/events receives every Composio event. It verifies the signature, demuxes by the subscription id carried in the payload, fast-ACKs with 202 Accepted, and enqueues onto a new queues:triggers Redis Stream. It does not invoke the workflow inline. A dedicated worker_triggers process consumes the stream and the TriggersDispatcher does the actual invocation, so a slow or failing workflow never blocks Composio's delivery.

The async shape matches webhooks exactly:

inbound:   Composio POST -> ingress (202 + enqueue) -> queues:triggers -> TriggersWorker -> TriggersDispatcher -> invoke_workflow
outbound:  EventsWorker -> WebhooksDispatcher -> taskiq deliver (retry_on_error, max_retries=5)

The taskiq task retries with TRIGGER_MAX_RETRIES=5 (matching WEBHOOK_MAX_RETRIES), and dedup_seen(event_id) makes redelivery idempotent.

Signature verification is HMAC-SHA256 over {id}.{ts}.{body} against COMPOSIO_WEBHOOK_SECRET, compared with hmac.compare_digest. If the secret is unset it is a no-op (local dev), and a bad signature is rejected before any processing. The endpoint is whitelisted as public in the auth middleware, mirroring the existing tools/connections/callback OAuth route.

The dispatcher attributes the triggered run to subscription.created_by_id (the person who set up the subscription) or null if absent, and binds the workflow key-agnostically by iterating the subscription's references dict in the /retrieve selector shape.

Tests / notes

• Acceptance test test_triggers_ingress.py covers the ingress endpoint.
• ruff format and ruff check pass clean on api/.
• The worker process is mounted in the compose stacks by the lane stacked directly on top of this one; without it, events enqueue but nothing drains queues:triggers.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
agenta-documentation	Ready	Preview, Comment	Jun 18, 2026 5:30pm

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: b53ffd0d-77b3-4977-971b-05baf416ab0d

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch wp4-ingress-dispatch

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}