Facebook (facebook)

Category: io | Form: | Symbol: Fb

One Facebook Page — publish posts, manage comments, read engagement insights

Represents a single Facebook Page account with a typed op surface (fetch-profile, list-feed, list-comments, draft/publish-post, draft/publish-comment, hide/unhide-comment, delete-post, draft/send-dm, list-insights, fetch-post-insights, health). Identity is fixed per element (account_handle = page_id, owner_user_id); the executor is swappable via spec.executor_policy — default mcp. For mcp, configure spec.mcp.command to run a facebook-mcp-server (upstream: https://github.com/meta-mcp/facebook-mcp-server) and supply FACEBOOK_ACCESS_TOKEN + FACEBOOK_PAGE_ID via env_refs. Facebook requires Graph API v22+ with the right permissions (pages_manage_posts, pages_read_engagement, pages_messaging).

Guide

One Facebook Page — publish posts, manage comments, read engagement insights

What It Does

Facebook is an io connector that represents a single Facebook Page account with a typed operation surface for outreach, moderation, and insights. It can read the Page’s profile, feed, and comments; draft and publish posts and reply-comments behind an approval gate; hide/unhide comments; send Messenger DMs; and read Page- and post-level engagement metrics.

Identity is fixed per element: account_handle is the Page ID and owner_user_id is the Triform user who owns the Page and approves writes. The executor is swappable via spec.executor_policy — mcp (default), browser, or api. For the default mcp executor, configure spec.mcp to run a facebook-mcp-server (upstream: meta-mcp/facebook-mcp-server) and supply FACEBOOK_ACCESS_TOKEN + FACEBOOK_PAGE_ID via spec.mcp.env_refs. The Graph API requires v22+ with the pages_manage_posts, pages_read_engagement, and pages_messaging permissions.

Writes (posts, comments, DMs) follow a draft → approve → send lifecycle: a draft-* op stores the content, approve-draft flips it to approved, and the matching publish-* / send-* op consumes the approved draft. Drafts are backed by the per-circle platform_drafts table, shared across all io/* social elements. Delivery is async with exponential retry (max 2); streaming is not supported.

Element Definition

Property	Value
Type	facebook
Category	io
Form	atom
Handler	FacebookHandler
Activity type	connector
Auth methods	bearer, none
Delivery mode	async (exponential retry, max 2)
Streaming	not supported

Properties

Field	Type	Default	Description
account_handle	string	—	Facebook Page ID (e.g. 123456789012345)
display_name	string	—	Human-readable Page name (shown in UI)
owner_user_id	string (uuid)	—	Triform user who owns this Page and approves writes
executor_policy	object	default: mcp	Transport policy: default (mcp/browser/api), per-op overrides, mcp_server_ref, browser_ref
mcp	object	transport: stdio	MCP transport config (transport, command, args, url, env_refs, tools_allowlist). Expected env_refs keys: FACEBOOK_ACCESS_TOKEN, FACEBOOK_PAGE_ID
browser	object	mode: user_browser	Browser executor config (browser_ref, mode: user_browser/headless)
graph_api_version	string	v22.0	Graph API version to target
request_jitter_ms	array[int]	[500, 2000]	Min/max request jitter
rate_limits	object	see below	Per-account outbound caps per rolling period

rate_limits defaults: calls_per_hour: 100, calls_per_day: 500, profile_visits_per_day: 100, follows_per_day: 20, messages_per_day: 20.

Ports

Port schemas defined in the contract: FacebookPost, FacebookComment, FacebookPostInsights.

Capabilities

Capability	Description
facebook-read	Read page posts, comments, insights
facebook-publish	Publish posts (gated by approval)
facebook-comment-moderation	Hide/unhide/reply to comments
facebook-dm	Send DMs via Messenger
facebook-insights	Per-post and per-page engagement metrics
executor-pluggable	Operations transported via mcp, browser, or api

Attaches modifiers: rate-limit, auth-policy, evaluator. Uses: variable, user-browser, chromeless.

Error Codes

Code	Class	Retryable
FACEBOOK_AUTH_FAILED	auth	no
FACEBOOK_TOKEN_EXPIRED	auth	no
FACEBOOK_INSUFFICIENT_SCOPES	auth	no
FACEBOOK_RATE_LIMITED	internal	yes
FACEBOOK_OP_NOT_ON_EXECUTOR	validation	no
FACEBOOK_DRAFT_NOT_APPROVED	validation	no
FACEBOOK_MCP_UNREACHABLE	internal	yes
FACEBOOK_OBJECT_NOT_FOUND	validation	no

Operations

Operations are executor-agnostic verbs dispatched by SocialMcpExecutor. Paths are relative to the element (POST /api/{circle}/{slug}/ops/{path}). auth is the per-op access level (read / write).

Read

• fetch-profile — POST fetch-profile (read). Fetch the Page’s basic info (name, about, fan count).
• list-feed — POST list-feed (read). List recent posts published on this Page. Input: limit (default 20, max 100), cursor.
• list-comments — POST list-comments (read). List comments on a specific post. Input: post_id (required), limit (default 50, max 500).
• list-insights — POST list-insights (read). Read Page-level engagement metrics (fan count, reach, impressions).
• fetch-post-insights — POST fetch-post-insights (read). Read per-post engagement metrics (impressions, clicks, reaction breakdown). Input: post_id (required).
• health — GET health (read). Probe executor reachability, token validity, and scope coverage.

Posts

• draft-post — POST draft-post (write). Draft a Page post (requires approval to publish). Input: body (required, maxLength 63206), link, attachment_refs. Stores body + link in platform_drafts; at publish time post_to_facebook(message, link) is called. Note: attachment_refs (image/video) are stored but not forwarded to MCP at publish — media is silently dropped (Graph API media upload is planned). Scheduled posting is not supported by the MCP tool.
• publish-post — POST publish-post (write). Publish an approved post. Input: draft_id (required, uuid).
• delete-post — POST delete-post (write). Delete a published post. Input: post_id (required).

Comments

• draft-comment — POST draft-comment (write). Draft a reply-comment (requires approval). Input: target_comment_id (required), body (required, maxLength 8000).
• publish-comment — POST publish-comment (write). Publish an approved reply-comment. Input: draft_id (required, uuid).
• hide-comment — POST hide-comment (write). Hide a comment from a Page post (reversible). Input: comment_id (required).
• unhide-comment — POST unhide-comment (write). Unhide a previously-hidden comment. Input: comment_id (required).

Messenger DMs

• draft-dm — POST draft-dm (write). Draft a Messenger DM to a user who messaged the page (requires approval). Input: recipient_id (required), body (required, maxLength 10000), messaging_tag. Messenger requires the recipient to have messaged the Page within 24h unless a messaging tag is used.
• send-dm — POST send-dm (write). Send an approved DM via Messenger. Input: draft_id (required, uuid).

Draft admin

Platform-agnostic, shared across all io/* social elements (backed by platform_drafts).

• approve-draft — POST approve-draft (write). Flip a draft from status=draft to status=approved (authorizes send). Input: draft_id (required, uuid). Output: draft_id, status.
• list-drafts — POST list-drafts (read). List drafts for this element. Input: status (draft/approved/sent/failed), limit (default 50, max 500). Output: drafts array.

Account utilities

• capture-cookies — POST capture-cookies (write). Persist a captured cookie jar as a modifiers/variable for this account. Default flow needs no input — reads the live cookie jar the Triform Connect extension syncs into physics, filters to this platform’s domain, and upserts a variable named {element_slug}-cookies. Optional overrides: cookie_jar, variable_slug. Output: variable_slug, env_var_name, value_bytes, next_step.
• get-activity-stats — POST get-activity-stats (read). Usage + rate-limit counters for this account — powers the activity dashboard. Pure read over the per-circle social_call_log table (consumes no rate budget). Output: limits, usage_now (calls_last_hour, calls_today, profile_visits_today, follows_today, messages_today, posts_today), and history (by_hour over 24h, by_day over 30 days).

Quick Start

1. Obtain a Page Access Token from Meta’s Graph API Explorer with pages_manage_posts, pages_read_engagement, and pages_messaging.
2. Store the token (and Page ID) as modifiers/variable rows, and map them into spec.mcp.env_refs as FACEBOOK_ACCESS_TOKEN + FACEBOOK_PAGE_ID.
3. Set account_handle to the Page ID and owner_user_id to the approving Triform user.
4. Configure spec.mcp.command to launch a facebook-mcp-server.

Read the most recent posts:

triform_ops(action: "call", slug: "{slug}", operation: "list-feed", input: { limit: 10 })

Draft, approve, then publish a post:

# 1. draft (returns a draft_id)
triform_ops(action: "call", slug: "{slug}", operation: "draft-post",
            input: { body: "Hello from Triform", link: "https://example.com" })

# 2. approve the draft
triform_ops(action: "call", slug: "{slug}", operation: "approve-draft",
            input: { draft_id: "<draft_id>" })

# 3. publish the approved draft
triform_ops(action: "call", slug: "{slug}", operation: "publish-post",
            input: { draft_id: "<draft_id>" })

Fetch insights for a post:

triform_ops(action: "call", slug: "{slug}", operation: "fetch-post-insights", input: { post_id: "..." })

Common Mistakes

• Missing identity. account_handle (the Page ID) and owner_user_id are both required — writes are attributed to the owner. Validation fails as an error if either is empty.
• mcp default without transport. If executor_policy.default is mcp, mcp.transport must be set, or validation fails.
• Choosing the api executor. The API executor is not implemented in the MVP — ops return FACEBOOK_OP_NOT_ON_EXECUTOR. Use mcp (or browser).
• Publishing without approval. publish-* / send-* ops only consume an approved draft; an unapproved draft yields FACEBOOK_DRAFT_NOT_APPROVED. Call approve-draft first.
• Expecting media to post. attachment_refs on draft-post are stored but silently dropped at publish time — image/video upload is not yet wired through MCP.
• Outbound caps. Per-account rate_limits (default 100 calls/hr, 500/day, 20 messages/day) self-throttle outbound activity; exceeding them surfaces FACEBOOK_RATE_LIMITED (retryable).

Relationships

• Attaches to: rate-limit, auth-policy, evaluator
• Uses: variable, user-browser, chromeless

Capabilities

• facebook-read: Read page posts, comments, insights
• facebook-publish: Publish posts (gated by approval)
• facebook-comment-moderation: Hide/unhide/reply to comments
• facebook-dm: Send DMs via Messenger
• facebook-insights: Per-post and per-page engagement metrics
• executor-pluggable: Operations transported via mcp, browser, or api

Properties

Property	Type	Default	Description
account_handle	string	—	Facebook Page ID (e.g. ‘123456789012345’)
display_name	string	—	Human-readable Page name (shown in UI)
owner_user_id	string	—	Triform user who owns this Page and approves writes
executor_policy	object	—
mcp	object	—	MCP server transport config. Upstream: meta-mcp/facebook-mcp-server.
browser	object	—
graph_api_version	string	"v22.0"	Graph API version to target (default v22.0)
request_jitter_ms	array	[500,2000]
rate_limits	object	—	Caps on outbound Facebook activity per account, per rolling period

Operations

activity

Get /ops/activity | Auth: Read

Get activity events for this element

Scope depends on element capabilities: individual elements query by element_id, project-form elements with activity-scope-members include member activities, circle-level elements with activity-scope-all query the entire circle. Gracefully returns empty list if activities table is missing (old circles).

approve-draft

Post /ops/approve-draft | Auth: Write

Flip a draft from status=draft to status=approved (authorizes send)

attachments

Get /ops/attachments | Auth: Read

List all modifiers and resources attached to this element

Returns both modifiers (policy enforcement) and resources (data injection) with is_modifier flag to distinguish. Items in the generated MODIFIER_TYPES list are modifiers; everything else is a resource. Includes cascade_policy and version pin info.

batch_stats

Get /ops/batch_stats | Auth: Read

Get per-element statistics for all children of this element

Returns per-child stats plus an aggregate. Most meaningful on compound or manifest form elements (repositories, circles, projects); atoms have no children so the result is an empty children array with a zeroed aggregate. Uses efficient GROUP BY SQL. Weighted averages for eval scores.

capture-cookies

Post /ops/capture-cookies | Auth: Write

Persist a captured cookie jar as a modifiers/variable for this account

Default flow (no input needed): reads the live cookie jar the Triform Connect extension already syncs into physics, filters to this platform’s domain, serializes as a JSON array, upserts a modifiers/variable named {element_slug}-cookies, and returns the variable_slug + env_var_name pair for wiring into spec.mcp.env_refs. ONE CLICK — no client-side extraction required. Optional overrides: cookie_jar (caller-supplied pre-extracted jar — JSON dict / array / Netscape / ‘k=v; k=v’ string) and variable_slug (override the default name). Returns value_bytes, cookie_count, and source (bridge_registry | caller_supplied).

compose

Post /ops/compose | Auth: Execute

Batch add and remove modifiers on this element in a single call

Declarative composition: add modifiers by ref path (slug or path@version) and remove by attachment ID, all in one atomic call on the target element. Each ‘add’ entry resolves the source element, validates topology, attaches with optional priority and cascade policy. Each ‘remove’ entry deletes the attachment row. Returns a summary of what was added and removed. Example: compose({ add: [{ref: “my-prompt”}, {ref: “rate-limit/api@v2”, priority: 50}], remove: [{attachment_id: “uuid”}] })

context

Get /ops/context | Auth: Read

Get connected elements (graph traversal)

Graph traversal showing all connected elements with their relationship type (contains, contained_by, references, referenced_by, attaches, etc.). Use ?depth=N to control traversal depth (default 1) and ?types=actor,data to filter by element types.

create

Post /ops/create | Auth: Write

Create child element

POST to the parent path — element_type goes in the request body, NOT the URL. Both element_type and slug are required and must be non-empty. Name is derived from slug if omitted. Writes to both Git and PostgreSQL. All elements are stored flat under the circle — no intermediate library wrapper rows.

delete

Delete /ops/delete | Auth: Admin

Delete element (soft delete)

Soft delete — sets state to ‘deleted’ but retains the record. Cannot delete elements that have children (has_no_bond precondition) or active runs. Requires admin auth and confirmation.

delete-post

Post /ops/delete-post | Auth: Write

Delete a published post

disable

Post /ops/disable | Auth: Admin

Disable element (hides and prevents use)

Idempotent — safe to call on already-disabled elements. Optionally pass a reason string. Disabled elements cannot be invoked or executed. Inverse of enable.

draft-comment

Post /ops/draft-comment | Auth: Write

Draft a reply-comment (requires approval to publish)

draft-dm

Post /ops/draft-dm | Auth: Write

Draft a Messenger DM to a user who messaged the page (requires approval)

Messenger platform requires the recipient to have messaged the Page within 24h unless using a messaging tag.

draft-post

Post /ops/draft-post | Auth: Write

Draft a Page post (requires approval to publish)

Stores body and link in the platform_drafts table. At publish time, post_to_facebook(message, link) is called — link is forwarded to MCP. Note: attachment_refs (image/video) are stored in the draft but the MCP post_to_facebook tool does not currently accept them; media attachments are silently dropped at publish time (Graph API media upload is a planned enhancement). Scheduled posting is not supported by the MCP tool; use the Facebook Graph API directly for scheduling.

enable

Post /ops/enable | Auth: Admin

Enable element (makes usable and visible)

Idempotent — safe to call on already-enabled elements. Transitions element to ready/enabled state. Cannot enable deleted elements. Inverse of disable.

export_bundle

Get /ops/export/bundle | Auth: Read

Export element as downloadable git bundle

On non-root-namespace elements, returns a binary git bundle. On root-namespace (circle) elements, dispatch hands off to the circle’s own export_bundle op, which returns a multi-element JSON envelope with one base64 bundle per child element — this is intentional, not an error.

fetch-post-insights

Post /ops/fetch-post-insights | Auth: Read

Read per-post engagement metrics (impressions, clicks, reaction breakdown)

fetch-profile

Post /ops/fetch-profile | Auth: Read

Fetch the Page’s basic info (name, about, fan count)

get

Get /ops/get | Auth: Read

Get element details

Element is already resolved by the routing layer — this returns the cached element, not a fresh DB query. Use the path /api/{circle}/{slug} to address elements.

get-activity-stats

Post /ops/get-activity-stats | Auth: Read

Usage + rate-limit counters for this Facebook account — powers the activity dashboard

Pure read op over the per-circle social_call_log table — does NOT consume any rate budget. Returns the current-period counters (calls_last_hour, calls_today, profile_visits_today, follows_today, messages_today, posts_today), the configured spec.rate_limits caps, and two history series: hourly over the last 24 hours and daily over the last 30 days. The portal charts these as stacked-area activity graphs per element.

health

Get /ops/health | Auth: Read

Probe executor reachability, token validity, and scope coverage

hide-comment

Post /ops/hide-comment | Auth: Write

Hide a comment from a Page post (reversible)

import_bundle

Post /ops/import/bundle | Auth: Write

Import git bundle into element

Accepts a base64-encoded git bundle in the JSON bundle_base64 field. Use overwrite=true to replace existing elements with same slug (default skips duplicates). Imported elements get new UUIDs. Returns counts of imported/skipped elements and any errors.

intention

Get /ops/intention | Auth: Read

Get element intention with full inheritance chain

Returns three levels: direct (this element’s intention), inherited (from category and root), and resolved (final merged intention). Useful for understanding an element’s purpose in context of its hierarchy.

list-comments

Post /ops/list-comments | Auth: Read

List comments on a specific post

list-drafts

Post /ops/list-drafts | Auth: Read

List drafts for this element (optionally filter by status)

list-feed

Post /ops/list-feed | Auth: Read

List recent posts published on this Page

list-insights

Post /ops/list-insights | Auth: Read

Read Page-level engagement metrics (fan count, reach, impressions)

promote

Post /ops/promote | Auth: Admin

Promote element configuration to a target environment

Only for manifest-form elements (projects). Environments advance: dev → demo → live. dev→demo requires member+ role, demo→live requires admin. Freezes member versions at promotion time (creates snapshot). Persists environment config to spec.environments.

publish-comment

Post /ops/publish-comment | Auth: Write

Publish an approved reply-comment

publish-post

Post /ops/publish-post | Auth: Write

Publish an approved post

readme

Get /ops/readme | Auth: Read

Get element README.md content

Reads README.md from the element’s git repository. Returns empty content (not an error) if no README exists. Always returns markdown format.

readme_update

Post /ops/readme_update | Auth: Write

Update element README.md content

Creates or overwrites README.md in the element’s git repo. Commits to the draft branch. Content must be provided as a markdown string.

receive

Post /ops/receive | Auth: None

Receive incoming external traffic

Entry point for external traffic reaching this IO element. Declared auth: none to bypass platform auth — element-level auth is enforced by IoReceiveExecutor before dispatching into the flow graph. The flow/app that wires this element as an entry point determines what happens next.

remove-modifier

Post /ops/remove-modifier | Auth: Execute

Remove an attached modifier from this element by attachment ID

Removes a modifier/resource attachment by its row ID. The ID comes from the attachments or context API. This is the reverse of attach — called on the target element, not the source.

restore

Post /ops/restore | Auth: Admin

Restore element to a specific version

Automatically snapshots the current state before restoring (creates a ‘Before restore to vN’ version entry). Writes restored spec to git as .triform/spec.yaml. Git failures warn but don’t fail the operation — DB state is authoritative. Cannot restore deleted elements.

schema

Get /ops/schema | Auth: Read

Get element input/output schema (MCP tools/list compatible)

Returns type-level port schemas from the TypeRegistry — not instance-specific overrides. Includes direction (input/output), required flag, and JSON schema per port. Useful for understanding what data an element accepts and produces.

send

Post /ops/send | Auth: Execute

Send a message/request to external system

Explicitly sends payload to the configured external target. For HTTP elements, POSTs to the target URL. For chat platforms, sends via the platform API. Put data in the payload field. Returns send status and response details.

send-dm

Post /ops/send-dm | Auth: Write

Send an approved DM via Messenger

source

Get /ops/source | Auth: Read

Get any file’s content from the element’s git repository

Reads an arbitrary file from the element’s CAS-backed git tree by its relative path. Same store as readme, just generalized. Path safety: rejects .. traversal, leading /, and null bytes. Use this to view main.py for action elements, asset files for SPAs, etc. Returns empty content (not an error) if the file doesn’t exist.

source_branches

Get /ops/source/branches | Auth: Read

List Source branches for this element

Returns the standard draft/demo/live Source branches, their current commits, and promotion relationships. Use GET /api/{element_path}/ops/source/branches.

source_promote

Post /ops/source/promote | Auth: Write

Promote Source branch forward

Promotes draft to demo or demo to live through the generated element op path. Direct Git pushes to demo/live are blocked by Source policy.

source_repair

Post /ops/source/repair | Auth: Write

Inspect or repair the element Source index

Runs Source repair through the element operation path. Defaults to dry_run=true; set dry_run=false only after reviewing a dry-run report.

source_status

Get /ops/source/status | Auth: Read

Get Source control status for this element

Returns the branch-aware clone URL, checkout commands, current draft commit, child source-link count, portable export summary, Source health, warnings, and auth hints for the addressed element. Use the element-first path: GET /api/{element_path}/ops/source/status.

source_validate

Post /ops/source/validate | Auth: Read

Validate Source branch contents

Validates a Source branch before accepting local Git workflow changes or promotion. Defaults to branch=draft and rejects runtime data, generated output, secret material, and unreadable CAS refs.

stats

Get /ops/stats | Auth: Read

Get aggregate statistics for this element

Health status is computed: error if errors_per_day > 5 or success_rate < 0.8, warning if errors_per_day > 0 or success_rate < 0.95. Firing alerts escalate health to error/warning. Default period is ‘day’. Returns runs_per_day, success_rate, avg_duration_ms, and more.

test_connection

Post /ops/test-connection | Auth: Execute

Test connection configuration

Validates the element’s configuration locally without making an actual external connection. Checks that required credentials are set, URLs are valid, etc. Returns success boolean and error details. Safe to call repeatedly.

tree

Get /ops/tree | Auth: Read

Get the element’s position in the graph — ancestors, children, references, and subtree statistics

Uses per-circle ElementGraph cache for O(1) lookups. Returns ancestors (containment chain), children (direct), members (references), referenced_by (reverse refs), attachments, and subtree stats. Default depth is 3, max is 10. Pass ?include_metadata=true for name/state on each node.

unhide-comment

Post /ops/unhide-comment | Auth: Write

Unhide a previously-hidden comment

update

Patch /ops/update | Auth: Write

Update element

Partial update — send only the fields you want to change. spec, name, and intention are all independently optional. spec MUST be a JSON object when present; deep-merged into the existing spec by default. Empty {"spec":{}} preserves existing spec content but still records a new version (no-op for content, not for version state). To clear/replace the entire spec wholesale send {"spec":{...},"deep":false}. List-typed spec fields use replace semantics (the patch list replaces the existing list, no array merging). Coordinates Git + DB writes. Slug cannot be changed after creation.

update_meta

Patch /ops/update_meta | Auth: Write

Update element metadata (lightweight merge — does NOT bump version or snapshot spec)

Shallow JSONB merge into element.meta. Top-level keys in the provided value replace existing meta values; other keys are preserved. Used for UI metadata like canvas positions, panel state, viewer preferences. Wire-shape op_name is update_meta (distinct from update) so SSE subscribers + the cache auto-invalidator can distinguish lightweight metadata changes from spec edits without inspecting the payload. The MutatingElementStore wrapper stamps this op_name on the lifecycle event emitted by update_element_meta storage calls.

version

Get /ops/version | Auth: Read

Get current version or full history

Returns current version by default. Pass ?history=true for full version history (up to ?limit=N, default 50). Versions are backed by the element_versions table. Every spec update creates a new version entry.

Error Codes

Code	Class	Retryable	Description
FACEBOOK_AUTH_FAILED	auth	no
FACEBOOK_TOKEN_EXPIRED	auth	no
FACEBOOK_INSUFFICIENT_SCOPES	auth	no
FACEBOOK_RATE_LIMITED	internal	yes
FACEBOOK_OP_NOT_ON_EXECUTOR	validation	no
FACEBOOK_DRAFT_NOT_APPROVED	validation	no
FACEBOOK_MCP_UNREACHABLE	internal	yes
FACEBOOK_OBJECT_NOT_FOUND	validation	no