alldigital/PSA
2
0
Fork 0
Code Issues Pull Requests Actions 15 Packages Projects Releases Wiki Activity
PSA/ee/docs/plans/2026-05-11-inbound-webhooks/COMMIT_GROUPS.md
Hermes 284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Details
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Details
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
Details
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
Details
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Details
Integration Tests / Check for relevant changes (push) Waiting to run
Details
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Details
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Details
Mobile checks / Mobile unit tests (push) Waiting to run
Details
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Details
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Details
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Details
Temporal Readiness / fast-readiness (push) Waiting to run
Details
Temporal Readiness / docker-parity (push) Waiting to run
Details
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Details
Unit Tests / Skipped-test budget (push) Waiting to run
Details
Unit Tests / Nx affected unit tests (push) Waiting to run
Details
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Details
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Details
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
Details
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Details
Initial import of AlgaPSA codebase from PSA server 
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz

Source: /opt/alga-psa on psa.joliet.tech
2026-06-22 16:12:17 -05:00

99 lines
5.9 KiB
Markdown
Raw Permalink Blame History

# Commit Groups — Inbound Webhooks
This plan has 111 features. To keep history navigable, implement them in the groups below — **one commit per group**, not one commit per feature. Target: ~42 logical commits plus inline fixes during implementation.
When the loop picks "the next unimplemented feature," it should pull in all sibling features in the same group, complete them together, run the tests for the group, then commit once. If a sibling cannot be completed cleanly, split the group only when there's a real blocker — not as the default.
## Foundation (4 commits)
1. **schema: inbound webhook tables** — F001, F002
2. **infra: external-ID helpers + reserved integration_type check** — F003, F004, F005
3. **permissions: inbound_webhook resource + admin seed** — F006
4. **feature flag: inbound_webhooks_enabled** — F007
## Types and validation (2 commits)
5. **types: inbound webhook TypeScript surfaces** — F010
6. **validation: zod schemas for upsert input** — F011
## Server actions (3 commits)
7. **server actions: inbound webhook CRUD + secret rotation + active state** — F012, F013, F014, F015, F016, F017
8. **server actions: delivery log + replay** — F018, F019, F020
9. **server actions: sample capture + synthetic test** — F021, F022, F023
## Inbound HTTP route and auth (5 commits)
10. **route: /api/inbound/[tenantSlug]/[webhookSlug] handler + tenant + slug resolution** — F030, F031, F032
11. **auth: HMAC-SHA256 verifier (timing-safe)** — F033
12. **auth: Bearer + IP allowlist + path-token verifiers** — F034, F035, F036
13. **route: unified 401 + idempotency (header and JSONata sources) + dedup window** — F037, F038, F039, F040
14. **route: delivery persistence + header filtering + per-webhook rate limit + sample capture** — F041, F042, F043, F044
## Action registry (2 commits)
15. **registry: core (registerAction/listActions) + types + bootstrap loader** — F050, F051, F052, F053
16. **registry: field mapping evaluator + validation errors + lookup-miss handling** — F054, F055, F056
## Direct actions, grouped by package (5 commits)
17. **actions: ticket — create / updateByExternalId / addCommentByExternalId / changeStatusByExternalId** — F1010, F1011, F1012, F1013
18. **actions: client + contact — upsertClient / setClientActive / upsertContact** — F1020, F1021, F1030
19. **actions: asset — upsertByExternalId via ingestNormalizedRmmDeviceSnapshot + non-RMM path** — F1040, F1041
20. **actions: invoice + time entry — markPaid / updateStatus / createTimeEntry (with idempotent markPaid)** — F1050, F1051, F1052, F1060
21. **actions: project task + tag — createTask / updateTaskStatus / addTagToEntity** — F1070, F1071, F1080
## Workflow handler (2 commits)
22. **workflow: dispatcher + normalized envelope builder** — F060, F061
23. **workflow: run linkage on delivery + trigger-failure semantics** — F062, F063
## Expression editor reuse (1 commit)
24. **mapping: webhook payload context adapter + reuse ExpressionTextArea** — F070, F071, F072
## Settings UI (7 commits)
25. **ui: refactor Settings → Webhooks into tabbed shell, outbound moves into Outbound tab (no behavior change)** — F080
26. **ui: inbound webhooks list view** — F081
27. **ui: create/edit dialog — identity + auth sections + one-time secret display** — F082, F083, F084
28. **ui: idempotency section** — F085
29. **ui: handler section — direct-action dropdown + target field rows + workflow selector + envelope info card** — F086, F087, F088, F091
30. **ui: sample capture button + payload tree panel** — F089, F090
31. **ui: active toggle + auto-disable banner + i18n keys + interactive element ids** — F092, F097, F098
## Delivery log UI (2 commits)
32. **ui: delivery log list + detail drawer** — F093, F094
33. **ui: replay button + synthetic test dialog** — F095, F096
## Feature flag and permission gating (1 commit)
34. **gating: feature flag wraps Settings tab + /api/inbound/* + permission checks on every server action** — F100, F101, F102
## Public REST API (3 commits)
35. **api: REST routes — list / create / get / put / delete / rotate-secret** — F200, F201, F202, F203
36. **api: REST routes — test / capture-sample / deliveries / delivery detail / replay** — F204, F205, F206, F207, F208
37. **api: action discovery endpoint + shared auth path** — F209, F223
## OpenAPI registration (3 commits)
38. **openapi: route registration file + templated receiver endpoint** — F210, F211
39. **openapi: component schemas — config / create-input / update-input / auth-config / handler-config** — F212, F213, F214, F215
40. **openapi: component schemas — delivery / action-definition / target-field / workflow-envelope** — F216, F217, F218
## Spec regeneration and contract tests (2 commits)
41. **openapi: regenerate alga-openapi.{ce,ee}.{yaml,json}** — F220
42. **tests: contract tests for management routes + action discovery** — F221, F222
## Rules for the loop
- **One group = one commit.** Do not split groups into multiple commits unless a sibling feature genuinely blocks the others.
- **Tests for a group ship with the group.** Run the tests mapped to that group's feature IDs before committing. Failing tests do NOT block commit if they're skipped/pending and clearly noted in the commit body, but green is preferred.
- **Mark features `implemented: true` in features.json as part of the same commit.** No separate "mark done" commits.
- **If a group requires schema or type changes from a later group, defer to that group rather than reordering.** Groups are sequential by intent: foundation → types → actions → routes → registry → handlers → UI → API → OpenAPI → tests.
- **Inline fixes** (typo, type mismatch surfaced by next group) commit separately with a `fix:` prefix. Budget ~8 of these in the 50-commit envelope.
- **Commit message format** matches the group title verbatim, lowercase prefix (e.g. `actions: ticket — create / updateByExternalId / ...`).
Reference in New Issue View Git Blame Copy Permalink