Initial release: AI Maestro Gateway Services

Multi-gateway monorepo for AI Maestro mesh network:
- Email Gateway (Mandrill webhooks, IMAP/SMTP)
- Slack Gateway (Socket Mode, Events API)
- Discord Gateway (discord.js, Gateway Intents)
- WhatsApp Gateway (Baileys, WhatsApp Web)

Features:
- Unified content security (34 injection patterns, trust-based wrapping)
- Timing-safe authentication across all gateways
- Management APIs (activity logs, config, stats)
- Docker + docker-compose deployment
- CI/CD with GitHub Actions
- ESLint + TypeScript strict mode

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: jpelaez-23blocks

.github/workflows/ci.yml

@@ -0,0 +1,53 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+
+      - name: Install root dependencies
+        run: npm install
+
+      - name: Lint
+        run: npm run lint
+
+  build:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        gateway: [discord-gateway, slack-gateway, email-gateway, whatsapp-gateway]
+
+    defaults:
+      run:
+        working-directory: ${{ matrix.gateway }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: npm
+          cache-dependency-path: ${{ matrix.gateway }}/package-lock.json
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Type check
+        run: npm run typecheck --if-present
+
+      - name: Test
+        run: npm test --if-present

.gitignore

@@ -0,0 +1,8 @@
+node_modules/
+dist/
+.env
+.env.*
+!.env.example
+credentials/
+credentials.yaml
+*.bak

CONTRIBUTING.md

@@ -0,0 +1,97 @@
+# Contributing to AI Maestro Gateways
+
+Thank you for your interest in contributing! This guide will help you get started.
+
+## How to Contribute
+
+1. **Fork** the repository
+2. **Create a branch** for your feature or fix (`git checkout -b feature/my-change`)
+3. **Make your changes** and write tests if applicable
+4. **Run type checks** to ensure nothing is broken
+5. **Commit** with a clear message describing the change
+6. **Open a Pull Request** against `main`
+
+## Development Setup
+
+### Prerequisites
+
+- Node.js 22+
+- npm 10+
+
+### Getting Started
+
+Each gateway is an independent Node.js project. To work on a specific gateway:
+
+```bash
+cd discord-gateway   # or slack-gateway, email-gateway, whatsapp-gateway
+cp .env.example .env # configure your local environment
+npm install
+npm run dev          # start with file watching
+```
+
+### Running Type Checks
+
+```bash
+cd <gateway-dir>
+npm run typecheck    # runs tsc --noEmit
+```
+
+### Running Tests
+
+```bash
+cd <gateway-dir>
+npm test             # if tests exist for that gateway
+```
+
+## Code Style
+
+- **Language:** TypeScript (strict mode)
+- **Module system:** ESM (`"type": "module"` in package.json)
+- **Runtime:** tsx (TypeScript execution without build step)
+- **Formatting:** Use consistent indentation (2 spaces)
+- **Naming:** camelCase for variables/functions, PascalCase for types/interfaces
+- **Imports:** Use `.js` extensions in import paths (required for ESM)
+- **Error handling:** Always handle errors gracefully; log with `[CONTEXT]` prefixes
+
+## Pull Requests
+
+- Keep PRs focused on a single change
+- Include a clear description of what the PR does and why
+- Reference any related issues
+- Make sure type checks pass before requesting review
+- Update `.env.example` if you add new environment variables
+- Update the gateway's README if you change behavior
+
+## Adding a New Gateway
+
+To add a new gateway to the monorepo:
+
+1. **Create the directory** at the repo root (e.g., `telegram-gateway/`)
+2. **Initialize the project:**
+   ```bash
+   mkdir telegram-gateway && cd telegram-gateway
+   npm init -y
+   ```
+3. **Follow the existing structure:**
+   ```
+   telegram-gateway/
+   ├── .env.example          # All env vars with placeholder values
+   ├── .gitignore            # node_modules, dist, .env
+   ├── Dockerfile            # Multi-stage build (see other gateways)
+   ├── ecosystem.config.cjs  # pm2 configuration
+   ├── package.json          # Scripts: start, dev, typecheck
+   ├── tsconfig.json
+   └── src/
+       ├── config.ts         # Load env vars with dotenv
+       ├── content-security.ts # Trust model + injection scanning
+       ├── inbound.ts        # Platform -> AI Maestro
+       ├── outbound.ts       # AI Maestro -> Platform
+       ├── server.ts         # Express health/management + main()
+       └── types.ts          # TypeScript interfaces
+   ```
+4. **Implement the content security module** with the standard trust model (operator/external) and injection pattern scanner
+5. **Add a health endpoint** at `GET /health`
+6. **Add the gateway** to the CI matrix in `.github/workflows/ci.yml`
+7. **Add a service** to `docker-compose.yml`
+8. **Create a Dockerfile** following the multi-stage pattern
+9. **Update the root README** with the new gateway info

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 23blocks-OS
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,54 @@
+# AI Maestro Gateways
+
+Gateway services that bridge external messaging platforms with the [AI Maestro](https://github.com/23blocks-OS/ai-maestro) agent mesh network.
+
+## Gateways
+
+| Gateway | Port | Platform | Status |
+|---------|------|----------|--------|
+| [Email](./email-gateway/) | 3020 | IMAP/SMTP | Production |
+| [WhatsApp](./whatsapp-gateway/) | 3021 | WhatsApp Web | WIP |
+| [Slack](./slack-gateway/) | 3022 | Slack Bolt (Socket Mode) | Production |
+| [Discord](./discord-gateway/) | 3023 | discord.js v14 | Ready |
+
+## Architecture
+
+All gateways follow the same pattern:
+
+- **Runtime:** Node.js + TypeScript + Express
+- **Process manager:** pm2
+- **Inbound:** Platform events → content security scan → AI Maestro message
+- **Outbound:** Poll AI Maestro inbox → format response → send to platform
+- **Security:** Trust-based content wrapping (operator vs external), 34 injection pattern detection
+- **Management APIs:** `/health`, `/api/config`, `/api/stats`, `/api/activity`
+
+## Message Flow
+
+```
+Platform (Slack/Discord/Email/WhatsApp)
+       ↓ inbound
+Content Security (trust check + injection scan)
+       ↓
+Agent Resolver (multi-host lookup with caching)
+       ↓ POST /api/messages
+AI Maestro Agent Network
+       ↓ response
+Outbound Poller (poll inbox every 2s)
+       ↓
+Platform (formatted reply)
+```
+
+## Agent Routing
+
+All gateways support the `@AIM:agent-name` syntax to route messages to specific agents across the mesh network. Without a routing prefix, messages go to the configured default agent.
+
+## Setup
+
+Each gateway has its own `.env` (git-ignored) for configuration. See the `.env.example` in each gateway directory.
+
+```bash
+cd <gateway>/
+npm install
+cp .env.example .env   # Edit with your credentials
+npm start              # Or: pm2 start ecosystem.config.cjs
+```

discord-gateway/.dockerignore

@@ -0,0 +1,11 @@
+node_modules
+dist
+.env
+.env.*
+!.env.example
+.git
+.gitignore
+*.md
+credentials/
+credentials.yaml
+.github

discord-gateway/.env.example

@@ -0,0 +1,27 @@
+# Discord Bot Configuration (required)
+DISCORD_BOT_TOKEN=your-discord-bot-token
+
+# Gateway Configuration
+PORT=3023
+
+# AI Maestro Configuration
+# AIMAESTRO_API=http://127.0.0.1:23000
+# DEFAULT_AGENT=my-agent
+# HOST_ID=my-host
+
+# Security: Operator Discord user IDs (comma-separated, full trust - no content wrapping)
+# OPERATOR_DISCORD_IDS=000000000000000000
+
+# Admin API token (required for config mutation endpoints)
+# ADMIN_TOKEN=your-admin-token
+
+# Cache TTLs (milliseconds)
+# CACHE_AGENT_TTL_MS=300000
+# CACHE_HOSTS_TTL_MS=60000
+
+# Polling
+# POLL_INTERVAL_MS=2000
+# POLL_TIMEOUT_MS=5000
+
+# Development
+# DEBUG=true

discord-gateway/.gitignore

@@ -0,0 +1,6 @@
+node_modules/
+dist/
+.env
+.env.*
+!.env.example
+start-*.sh

discord-gateway/Dockerfile

@@ -0,0 +1,28 @@
+FROM node:22-alpine AS deps
+
+WORKDIR /app
+COPY package.json package-lock.json ./
+RUN npm ci
+
+FROM deps AS build
+
+COPY tsconfig.json ./
+COPY src ./src
+RUN npm run build
+
+FROM node:22-alpine
+
+RUN addgroup -S gateway && adduser -S gateway -G gateway
+
+WORKDIR /app
+
+COPY package.json package-lock.json ./
+RUN npm ci --production
+
+COPY --from=build /app/dist ./dist
+
+RUN chown -R gateway:gateway /app
+USER gateway
+
+EXPOSE 3023
+CMD ["node", "dist/server.js"]

discord-gateway/README.md

@@ -0,0 +1,66 @@
+# Discord Gateway
+
+Discord connector for AI Maestro. Routes Discord messages (DMs and @mentions) to AI Maestro agents, and delivers agent responses back to Discord channels.
+
+## Features
+
+- DM handling (routes to default agent)
+- @mention detection in guild channels
+- `@AIM:agent-name` routing syntax for multi-agent support
+- Thread support
+- 2000-character message splitting for long responses
+- Typing indicators while waiting for agent responses
+- Content security (trust model + injection pattern scanning)
+- Management APIs (health, config, stats, activity log)
+- Admin token authentication
+
+## Quick Start
+
+```bash
+cp .env.example .env
+# Edit .env with your Discord bot token
+npm install
+npm run dev
+```
+
+## Prerequisites
+
+1. Create a Discord Application at https://discord.com/developers/applications
+2. Create a Bot and copy the token
+3. Enable **Message Content Intent** in Bot settings
+4. Invite the bot to your server with permissions: Send Messages, Read Messages, Add Reactions
+
+## Configuration
+
+See `.env.example` for all available environment variables.
+
+## Message Flow
+
+### Inbound (Discord → Agent)
+1. User sends DM or @mentions the bot
+2. Gateway applies content security (trust assessment + injection scanning)
+3. Message forwarded to AI Maestro with Discord context (channelId, messageId)
+4. Target agent receives the message
+
+### Outbound (Agent → Discord)
+1. Agent sends response via AI Maestro
+2. Gateway polls inbox, picks up responses
+3. Replies sent to the originating Discord channel/thread
+4. Long responses split at 2000-character boundaries
+
+## API Endpoints
+
+| Endpoint | Method | Auth | Description |
+|----------|--------|------|-------------|
+| `/health` | GET | No | Health check with Discord connection status |
+| `/api/config` | GET | Yes | Current gateway configuration |
+| `/api/config/security` | PATCH | Yes | Update operator Discord IDs |
+| `/api/stats` | GET | Yes | Gateway metrics and uptime |
+| `/api/activity` | GET | Yes | Recent activity log |
+
+## Running with pm2
+
+```bash
+pm2 start ecosystem.config.cjs
+pm2 logs discord-gateway
+```