TikTok: getUserProfile, getUserVideos, createVideo (PULL_FROM_URL),
getVideoStatus via Content Posting API v2. Full multi-tenant credential
isolation and audit logging on write operations.
Snapchat: getMe (Login Kit), getAdAccounts (Marketing API). createSnap
throws with a clear explanation that Creative Kit is mobile-only — no
server-side posting API exists.
Platform type, validPlatforms list, and /api/connections endpoint all
updated to include tiktok and snapchat. Architecture diagram updated.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add src/multitenancy/ with AES-256-GCM credential store, WhatsApp
webhook router (phone_number_id -> customerId), and per-customer
audit log (90-day Redis TTL)
- Add src/billing/ with plan definitions and meterMiddleware that
resolves API key -> Customer object with getCredential() closure
- Refactor all src/clients/* to accept optional customer param,
falling back to env vars for backward compat with single-user mode
- Thread customer through handleToolCall(name, args, customer?)
- Add customers table to MySQL schema initDatabase()
- Add /webhook/whatsapp (immediate 200 + async routing) and
/api/connect/* onboarding endpoints to index.ts
- Add Redis 7 to docker-compose.yml; add REDIS_URL and
CREDENTIAL_ENCRYPTION_KEY to hermes-k8s.yaml
- Add product/incubation/ with architecture write-up and PlantUML
diagrams (system architecture + 5 user flows)
- Extend OpenAPI spec in manifest.ts with all platform endpoints
Verification: 3 isolation tests (credential, webhook routing, audit
log) passed against live Redis. Deployed to hermes.squaremcp.com.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
