alldigital/PSA
2
0
Fork 0
Code Issues Pull Requests Actions 15 Packages Projects Releases Wiki Activity
PSA/ee/docs/plans/2026-05-11-inbound-webhooks/SCRATCHPAD.md
Hermes 284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Details
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Details
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
Details
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
Details
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Details
Integration Tests / Check for relevant changes (push) Waiting to run
Details
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Details
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Details
Mobile checks / Mobile unit tests (push) Waiting to run
Details
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Details
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Details
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Details
Temporal Readiness / fast-readiness (push) Waiting to run
Details
Temporal Readiness / docker-parity (push) Waiting to run
Details
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Details
Unit Tests / Skipped-test budget (push) Waiting to run
Details
Unit Tests / Nx affected unit tests (push) Waiting to run
Details
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Details
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Details
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
Details
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Details
Initial import of AlgaPSA codebase from PSA server 
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz

Source: /opt/alga-psa on psa.joliet.tech
2026-06-22 16:12:17 -05:00

952 lines
129 KiB
Markdown
Raw Permalink Blame History

# Scratchpad — Inbound Webhooks
- Plan slug: `2026-05-11-inbound-webhooks`
- Created: `2026-05-11`
## What This Is
Working memory for inbound webhook implementation. Capture discoveries, decisions, and gotchas as we go.
## Decisions
- (2026-05-11) **No source presets in v1.** Ship generic configurable webhooks only. Per-source presets deferred to v2 once we see actual payload shapes in production.
- (2026-05-11) **Action registry pattern, not hardcoded action list.** Core registry in `server/src/lib/inboundWebhooks/actions/registry.ts`; each `@alga-psa/*` package contributes via its own `inboundActions.ts`. v1 ships 13 actions across 8 entity types: tickets (4), clients (2), contacts (1), assets (1 with RMM/non-RMM branches), invoices (2), time entries (1), project tasks (2), cross-cutting tag (1).
- (2026-05-11) **External-ID lookup uses existing `tenant_external_entity_mappings`.** No new `external_ref` columns are added to entity tables. `integration_type` is set to the webhook slug to namespace mappings per user-defined webhook.
- (2026-05-11) **Asset upsert reuses `ingestNormalizedRmmDeviceSnapshot`** when payload is RMM-shaped — same pipeline used by Tanium, NinjaOne, Tactical RMM. Generic asset upsert path for non-device payloads.
- (2026-05-11) **Reuse workflow editor's JSONata expression authoring** (`ExpressionTextArea`, `useExpressionAutocomplete`, expression-authoring path discovery). New context adapter introspects the captured sample payload. This avoids building a separate mapping UI.
- (2026-05-11) **Workflow handler receives a normalized envelope + raw body.** Envelope: `{source, body, headers, verified, delivery_id, idempotency_key, received_at}`. Since v1 has no per-source normalizers, the envelope is "identity normalization" — body is the parsed JSON as received.
- (2026-05-11) **Settings page becomes tabbed** (Inbound | Outbound). Existing `AdminWebhooksSetup.tsx` (outbound) gets factored into the Outbound tab; no behavior changes to outbound.
- (2026-05-11) **Feature flag** `inbound_webhooks_enabled` (PostHog) gates both the Settings tab and the `/api/inbound/*` route. Default off; enable per-tenant for early adopters.
- (2026-05-11) **Replay re-evaluates with CURRENT config.** Simpler than snapshotting mapping per delivery. Document this in the UI so users know what to expect.
- (2026-05-11) **Bundled integrations stay as-is in v1.** NinjaOne / Tactical RMM / Tanium / Xero / QBO / Entra continue to use their existing code paths. Consolidation under the generic system is a v2+ candidate.
## Discoveries / Constraints
- (2026-05-11) **F001 implemented** in `server/migrations/20260511100000_create_inbound_webhooks_table.cjs`. The table uses composite PK `(tenant, inbound_webhook_id)`, unique `(tenant, slug)`, Citus distribution by `tenant`, and keeps auth secrets indirect through `auth_config` (vault path/config metadata). Added `sample_capture_expires_at` and `rate_limit_per_minute` now because later capture/rate-limit features need persistent state.
- (2026-05-11) **F002 implemented** in `server/migrations/20260511101000_create_inbound_webhook_deliveries_table.cjs`. The table uses composite PK `(tenant, delivery_id)`, indexes webhook/date, status/date, idempotency-window lookup, and replay links. `inbound_webhook_id` is nullable so rejected requests for unknown/disabled slugs can still be logged with limited detail without revealing config existence.
- (2026-05-11) **F003 implemented** in `server/src/lib/inboundWebhooks/reservedIntegrationTypes.ts`. Decision: reject reserved slugs rather than prefixing user slugs. The reserved set includes observed mapping values (`ninjaone`, `tacticalrmm`, `tanium`, `xero`, `xero_csv`, `quickbooks_online`, `quickbooks_csv`) plus PRD aliases (`tactical_rmm`, `qbo`, `entra`, Microsoft/Google aliases) to prevent future bundled integration collisions.
- (2026-05-11) **F004 implemented** in `server/src/lib/inboundWebhooks/externalEntityMappings.ts`. `lookupAlgaEntityByExternalId` queries `tenant_external_entity_mappings` with `tenant_id`, `integration_type = webhookSlug`, `alga_entity_type`, and `external_entity_id`; no entity tables get external-ref columns. The helper accepts an optional Knex instance for future transactional action handlers.
- (2026-05-11) **F005 implemented** in `server/src/lib/inboundWebhooks/externalEntityMappings.ts`. `writeEntityMapping` upserts by `(tenant_id, integration_type, alga_entity_type, alga_entity_id)`, checks first for external ID collisions in the same realm, sets `sync_status='synced'`, and accepts an optional Knex instance for transactional create actions.
- (2026-05-11) **F006 implemented** in `server/migrations/20260511102000_add_inbound_webhook_permissions.cjs` and `server/seeds/dev/47_permissions.cjs`. Added `inbound_webhook` actions `create/read/update/delete/replay` as MSP-only permissions and backfilled them onto existing MSP Admin roles. The migration intentionally does not grant Manager/Technician roles by default, matching T007.
- (2026-05-11) **F007 implemented** in `packages/core/src/lib/featureFlagRuntime.ts` and `server/src/lib/inboundWebhooks/featureFlag.ts`. `inbound_webhooks_enabled` defaults to `false` when PostHog is unavailable; later UI and receiver-route gates should call `isInboundWebhooksEnabled({ tenantId, userId })`.
- (2026-05-11) **F010 implemented** in `server/src/lib/inboundWebhooks/types.ts`. Added discriminated auth config unions, handler config unions, idempotency source types, runtime config/delivery shapes, and `WorkflowWebhookEnvelope`. Runtime-facing types use camelCase; DB mapping functions will translate from snake_case rows.
- (2026-05-11) **F011 implemented** in `server/src/lib/inboundWebhooks/schemas.ts`. Input schemas are snake_case to match server/API payloads, use discriminated unions for `auth_config` and `handler_config`, enforce matching top-level `auth_type`/`handler_type`, validate URL-safe lowercase slugs, and reject reserved integration slugs through F003 helper.
- (2026-05-11) **F012 implemented** in `server/src/lib/actions/inboundWebhookActions.ts`. `listInboundWebhooks` is wrapped in `withAuth`, checks `inbound_webhook:read`, queries `inbound_webhooks` with `where({ tenant })`, orders by update time/name, maps snake_case DB rows to camelCase runtime types, and redacts any raw auth secret/token fields by returning only vault paths/config metadata.
- (2026-05-11) **F013 implemented** in `server/src/lib/actions/inboundWebhookActions.ts`. `getInboundWebhook(id)` uses the same auth/permission/mapping path as list and scopes lookup by both `tenant` and `inbound_webhook_id`, so missing or cross-tenant IDs return `null`.
- (2026-05-11) **F014 implemented** in `server/src/lib/actions/inboundWebhookActions.ts`. `upsertInboundWebhook` validates input with F011 schemas, checks `inbound_webhook:create/update`, enforces `(tenant, slug)` uniqueness before DB write, writes HMAC/Bearer/path-token secrets to tenant secret storage, returns the generated/provided secret once, and stores only vault path metadata in `auth_config`.
- (2026-05-11) **F015 implemented** in `server/src/lib/actions/inboundWebhookActions.ts`. `deleteInboundWebhook` checks `inbound_webhook:delete`, fetches by `(tenant, inbound_webhook_id)`, deletes the config row, and deletes the associated HMAC/Bearer/path-token tenant secret. Delivery rows are retained with nullable `inbound_webhook_id` per the F002 migration rather than cascaded.
- (2026-05-11) **F016 implemented** in `server/src/lib/actions/inboundWebhookActions.ts`. `rotateInboundWebhookSecret` checks `inbound_webhook:update`, rejects IP allowlist configs, writes a new generated secret/token to the existing or generated tenant-secret vault path, updates `auth_config` metadata if needed, and returns the new value once.
- (2026-05-11) **F017 implemented** in `server/src/lib/actions/inboundWebhookActions.ts`. `setInboundWebhookActiveState` checks `inbound_webhook:update`, updates `is_active` by `(tenant, inbound_webhook_id)`, clears `auto_disabled_at` when re-enabling, and returns the redacted config view.
- (2026-05-11) **F018 implemented** in `server/src/lib/actions/inboundWebhookActions.ts`. `listInboundDeliveries(filter, page, limit)` checks `inbound_webhook:read`, filters by tenant plus optional webhook/status/date range, paginates with a 100-row cap, and maps rows to camelCase delivery views.
- (2026-05-11) **F019 implemented** in `server/src/lib/actions/inboundWebhookActions.ts`. `getInboundDelivery(id)` checks `inbound_webhook:read`, scopes by `(tenant, delivery_id)`, and returns `null` for missing/cross-tenant deliveries.
- (2026-05-11) **F020 implemented** in `server/src/lib/actions/inboundWebhookActions.ts`. `replayInboundDelivery` requires `inbound_webhook:replay`, loads the original delivery and current webhook config by tenant, creates a new linked delivery row (`is_replay=true`, `replayed_from=<original_id>`), and dispatches through the shared current-config dispatcher in `server/src/lib/inboundWebhooks/dispatcher.ts`.
- (2026-05-11) **F021 implemented** in `server/src/lib/actions/inboundWebhookActions.ts`. `captureSamplePayload(id)` checks `inbound_webhook:update`, scopes by `(tenant, inbound_webhook_id)`, and sets `sample_capture_expires_at` to now + 5 minutes.
- (2026-05-11) **F022 implemented** in `server/src/lib/actions/inboundWebhookActions.ts`. `clearSamplePayload(id)` checks `inbound_webhook:update`, scopes by `(tenant, inbound_webhook_id)`, clears both `sample_payload` and `sample_capture_expires_at`, and returns the redacted config.
- (2026-05-11) **F023 implemented** in `server/src/lib/actions/inboundWebhookActions.ts`. `sendInboundWebhookTest` requires update permission, creates an auth-verified synthetic delivery with caller-provided body/headers, and dispatches in-process through the same `dispatchInboundWebhookHandler` path as receiver/replay.
- (2026-05-11) **F050 implemented** in `server/src/lib/inboundWebhooks/actions/registry.ts`. Added `registerAction`, `getAction`, `listActions`, duplicate-name rejection, deterministic list ordering by entity/name, and a test-only clear helper.
- (2026-05-11) **F051 implemented** in `server/src/lib/inboundWebhooks/actions/registry.ts`. `InboundActionDefinition` includes `{ name, entityType, displayName, description, targetFields, handle(ctx, mappedValues) }` and returns a structured `InboundActionResult`.
- (2026-05-11) **F052 implemented** in `server/src/lib/inboundWebhooks/actions/registry.ts`. `InboundActionTargetField` includes `{ name, type, required, description, enumValues?, refEntityType? }`; `refEntityType` is an additive helper for PRD `ref-to-entity` fields.
- (2026-05-11) **F053 implemented** in `server/src/lib/inboundWebhooks/actions/bootstrap.ts` and `initializeApp`. Bootstrap currently imports `@alga-psa/tickets/actions/inboundActions`; add future package action modules here as they land. `registerAction` was made generic so package actions can keep typed mapped-value payloads.
- (2026-05-11) **F054 implemented** in `server/src/lib/inboundWebhooks/actions/mappingEvaluator.ts`. `evaluateFieldMapping` evaluates each mapped target field using the existing workflow JSONata runtime (`@alga-psa/workflows/runtime/expressionEngine`) with both `body` and `payload` bound to the inbound request body.
- (2026-05-11) **F055 implemented** in `server/src/lib/inboundWebhooks/dispatcher.ts` and the receiver/replay/test outcome paths. The dispatcher validates required fields and primitive target field types after JSONata evaluation; errors are caught by callers and persisted to `handler_outcome.error` with `dispatch_status='failed'`.
- (2026-05-11) **F056 verified/implemented** through the existing direct-action dispatcher plus action return contracts. Ticket/client/invoice `*ByExternalId` lookup misses return `success:false` with `lookup_miss` messages, and `dispatchInboundWebhookHandler` converts any unsuccessful action result into an exception so the receiver/replay/test callers persist `dispatch_status='failed'` rather than silently no-oping.
- (2026-05-11) **F060 implemented** in `server/src/lib/inboundWebhooks/dispatcher.ts`. Workflow handlers now call the existing `launchPublishedWorkflowRun` entrypoint with the normalized webhook envelope as the workflow payload, `triggerType='event'`, event type `INBOUND_WEBHOOK_RECEIVED`, and a delivery-scoped trigger/execution key. Envelope headers are filtered through the inbound header filter before being passed to workflow context.
- (2026-05-11) **F062 implemented** via the existing `inbound_webhook_deliveries.handler_outcome` JSONB field rather than a dedicated column, matching the PRD data model. Successful workflow dispatch returns `{ workflow_id, workflow_run_id, workflow_version, envelope }`, and receiver/replay/test callers persist it on the delivery row when setting `dispatch_status='dispatched'`.
- (2026-05-11) **F063 implemented** by the dispatcher/request-processor boundary. `launchPublishedWorkflowRun` errors propagate to the inbound request/replay/test callers and are persisted as failed deliveries with `handler_outcome.error`; once launch returns a `workflow_run_id`, later workflow execution failures are contained in `workflow_runs` and do not mutate the already-dispatched inbound delivery.
- (2026-05-11) **F1010 implemented** in `packages/tickets/src/actions/inboundActions.ts`. `createTicket` registers itself with the inbound action registry, uses shared `TicketModel.createTicketWithRetry`, supports optional asset association, and writes `tenant_external_entity_mappings` when `external_id` is mapped.
- (2026-05-11) **F1011 implemented** in `packages/tickets/src/actions/inboundActions.ts`. `updateTicketByExternalId` resolves tickets through `tenant_external_entity_mappings` using `integration_type=<webhookSlug>`, updates status/priority/assignment/board and related ticket fields through shared `TicketModel.updateTicket`, and returns `success:false` with `lookup_miss` wording when no mapping exists.
- (2026-05-11) **F1012 implemented** in `packages/tickets/src/actions/inboundActions.ts`. `addTicketCommentByExternalId` resolves mapped tickets through `tenant_external_entity_mappings`, appends comments through shared `TicketModel.createComment`, supports internal/resolution/contact-author fields, and records inbound webhook metadata on the comment.
- (2026-05-11) **F1013 implemented** in `packages/tickets/src/actions/inboundActions.ts`. `changeTicketStatusByExternalId` resolves mapped tickets by external ID and calls shared `TicketModel.updateTicket`, so status/board compatibility validation is reused.
- (2026-05-11) **F1020 implemented** in `packages/clients/src/actions/inboundActions.ts` and bootstrapped from inbound action startup. `upsertClientByExternalId` resolves existing clients via `tenant_external_entity_mappings`, updates tenant-scoped client rows when mapped, creates clients when absent, and writes a mapping row for newly created clients.
- (2026-05-11) **F1021 implemented** in `packages/clients/src/actions/inboundActions.ts`. `setClientActiveByExternalId` resolves a mapped client and updates `is_inactive` from the mapped `active` boolean; lookup misses return `success:false` with `lookup_miss` wording for delivery failure recording.
- (2026-05-11) **F1030 implemented** in `packages/clients/src/actions/inboundActions.ts`. `upsertContactByExternalId` uses shared `ContactModel.createContact/updateContact`, writes contact mappings on create, and requires either direct `client_id` or resolvable `client_external_id` when creating a new contact.
- (2026-05-11) **F1040 implemented** in `packages/assets/src/actions/inboundActions.ts` and bootstrapped from inbound action startup. `upsertAssetByExternalId` detects mapped `rmm_snapshot` objects, forces `provider/integrationId/externalDeviceId` to the user webhook namespace, resolves optional client linkage, and delegates to `ingestNormalizedRmmDeviceSnapshot`.
- (2026-05-11) **F1041 implemented** in `packages/assets/src/actions/inboundActions.ts`. When no `rmm_snapshot` is mapped, `upsertAssetByExternalId` performs a plain tenant-scoped upsert against `assets`, resolves existing rows through `tenant_external_entity_mappings`, and writes a mapping row on create.
- (2026-05-11) **F1050 implemented** in `packages/billing/src/actions/inboundActions.ts` and bootstrapped from inbound action startup. `markInvoicePaidByExternalId` resolves invoices through `tenant_external_entity_mappings`, sets `status='paid'`, and records payment metadata in `custom_fields`.
- (2026-05-11) **F1051 implemented** in `packages/billing/src/actions/inboundActions.ts`. `updateInvoiceStatusByExternalId` validates status through the action enum field and updates mapped invoices through the same tenant-scoped invoice helper.
- (2026-05-11) **F1052 implemented** in `packages/billing/src/actions/inboundActions.ts`. The shared invoice update helper returns the existing invoice without writing when the current status already equals the target status, making mark-paid idempotent.
- (2026-05-11) **F1060 implemented** in `packages/scheduling/src/actions/inboundActions.ts` and bootstrapped from inbound action startup. `createTimeEntry` accepts mapped user/work item/service/start/duration/billable fields, validates tenant-scoped references, computes `work_date` from the mapped user's timezone, creates or reuses the matching draft time sheet, inserts a `time_entries` row, publishes the standard `TIME_ENTRY_CREATED` event, and writes a `tenant_external_entity_mappings` row when `external_id` is mapped.
- (2026-05-11) **F1070 implemented** in `packages/projects/src/actions/inboundActions.ts` and bootstrapped from inbound action startup. `createProjectTask` resolves its parent project from either direct `project_id` or a webhook-scoped `project_external_id` mapping, defaults to the first project phase and first effective task status mapping when omitted, creates through `ProjectTaskModel.addTask` to preserve WBS/order behavior, and writes a `project_task` mapping when `external_id` is mapped.
- (2026-05-11) **F1071 implemented** in `packages/projects/src/actions/inboundActions.ts`. `updateProjectTaskStatusByExternalId` resolves the project task via `tenant_external_entity_mappings`, validates the target `project_status_mapping_id` against the task's project, updates through `ProjectTaskModel.updateTaskStatus`, and returns `success:false` with `lookup_miss` wording when the external task ID is unmapped or stale.
- (2026-05-11) **F1080 implemented** in `packages/tags/src/actions/inboundActions.ts` and bootstrapped from inbound action startup. `addTagToEntityByExternalId` resolves the target through `tenant_external_entity_mappings`, gets/creates a `tag_definitions` row, idempotently inserts `tag_mappings`, and returns `lookup_miss` when the external entity is unmapped. V1 is limited to the entity types currently supported by the tag model (`client`, `contact`, `ticket`, `project`, `project_task`); unsupported entity types fail with a clear validation error.
- (2026-05-11) **F061 implemented** in `server/src/lib/inboundWebhooks/workflowEnvelope.ts`. `buildWorkflowWebhookEnvelope` returns the documented shape `{source, body, headers, verified, delivery_id, idempotency_key, received_at}` and normalizes `received_at` to ISO string.
- (2026-05-11) **F070 implemented** in `shared/workflow/expression-authoring/adapters/webhookPayloadContextAdapter.ts` and exported from `adapters/index.ts`. The adapter exposes context roots/path options for captured webhook payloads. Also corrected `evaluateFieldMapping` to evaluate JSONata directly against the request body, matching PRD examples like `alert.message`.
- (2026-05-11) **F071 implemented** in `shared/workflow/expression-authoring/adapters/webhookPayloadContextAdapter.ts`. The adapter infers schema nodes recursively from captured samples, supports nested objects/arrays/primitives/nulls, and builds path options via existing `buildPathOptionsFromContextRoots`.
- (2026-05-11) **F072 implemented** in `server/src/components/settings/security/inbound/InboundWebhookMappingField.tsx`. The new client component wraps the existing EE workflow-designer `ExpressionTextArea`, feeds it autocomplete options from the webhook payload context adapter, and exposes a compact prop API for the upcoming inbound direct-action field rows.
- (2026-05-11) **F080 implemented** in `server/src/components/settings/security/AdminWebhooksSetup.tsx`. The Settings webhook panel is now a tabbed shell with `Inbound` and `Outbound` tabs; the existing outbound implementation was moved intact into `OutboundWebhooksSetup`, and the inbound tab has a translated placeholder until the list view lands in F081. Also widened the shared `TabsTrigger` prop type so interactive tab IDs compile.
- (2026-05-11) **F081 implemented** in `server/src/components/settings/security/AdminWebhooksSetup.tsx`. `InboundWebhooksListView` loads tenant-scoped inbound configs via `listInboundWebhooks`, fetches the latest delivery per webhook for the last-delivery column, derives receiver URLs from the existing tenant portal slug helper, and renders a DataTable with name/URL, handler, last delivery, active state, and row action menu.
- (2026-05-11) **F082 implemented** in `server/src/components/settings/security/AdminWebhooksSetup.tsx`. Added an inbound create/edit dialog shell with an Identity section for name, URL-safe slug, and description; the New button and row Edit action open the dialog, with all new labels localized and interactive controls carrying stable IDs. Save remains disabled until the auth/handler sections land.
- (2026-05-11) **F083 implemented** in `server/src/components/settings/security/AdminWebhooksSetup.tsx`. The inbound dialog now includes an Auth section with a method dropdown and conditional fields for HMAC signature header, bearer token, IP/CIDR allowlist, and path-token query parameter/token. Existing configs hydrate non-secret auth metadata, while secret fields stay blank for later one-time-display/rotate flows.
- (2026-05-11) **F084 implemented** in `server/src/components/settings/security/AdminWebhooksSetup.tsx`. Added the inbound one-time secret modal with copy/download/close controls and localized warning copy. The modal is state-driven and ready for the eventual create/rotate save paths to reveal generated HMAC/Bearer/path-token secrets exactly once.
- (2026-05-11) **F085 implemented** in `server/src/components/settings/security/AdminWebhooksSetup.tsx`. The inbound dialog now has an Idempotency section with a source dropdown (`header` or `jsonata`), conditional label/placeholder for the key source value, and a duplicate-window seconds input defaulting to 24 hours.
- (2026-05-11) **F086 implemented** in `server/src/components/settings/security/AdminWebhooksSetup.tsx`. The inbound dialog now has a Handler section with a direct-action/workflow selector and conditional panels. Direct-action registry selection, mapping rows, and workflow picker remain separate follow-on UI items.
- (2026-05-11) **F087 implemented** with `listInboundWebhookActions` in `server/src/lib/actions/inboundWebhookActions.ts` and the inbound dialog action selector. The server action bootstraps the registry, checks `inbound_webhook:read`, returns serializable action metadata/target fields without `handle()`, and the UI populates the direct-action dropdown from that live registry response.
- (2026-05-11) **F088 implemented** in `server/src/components/settings/security/AdminWebhooksSetup.tsx`. Selecting a direct action now renders every declared target field as a row with required/type metadata and an `InboundWebhookMappingField`, which wraps the reused workflow-designer `ExpressionTextArea` and sample-payload autocomplete.
- (2026-05-11) **F089 implemented** in `server/src/components/settings/security/AdminWebhooksSetup.tsx`. Added a sample payload capture panel with saved-webhook gating, capture-window/sample status text, and a button that calls `captureSamplePayload` then refreshes local config state. New webhooks show create-first guidance because the receiver URL does not exist until save.
- (2026-05-11) **F090 implemented** in `server/src/components/settings/security/AdminWebhooksSetup.tsx` plus a small focus callback extension to the reused `ExpressionTextArea`. Direct-action mappings now show a side panel of captured sample paths generated by `buildWebhookPayloadExpressionPathOptions`; clicking a path inserts it into the focused target-field mapping.
- (2026-05-11) **F091 implemented** with `listInboundWorkflowOptions` in `server/src/lib/actions/inboundWebhookActions.ts` and the workflow handler branch in `AdminWebhooksSetup.tsx`. The UI now lists visible tenant workflow definitions in a dropdown and shows the documented normalized envelope shape the workflow receives.
- (2026-05-11) **F092 implemented** in `server/src/components/settings/security/AdminWebhooksSetup.tsx`. The inbound dialog now includes an active-state switch; saved webhooks persist through `setInboundWebhookActiveState`, unsaved forms keep local state, and an auto-disable banner renders when `autoDisabledAt` is set.
- (2026-05-11) **F093 implemented** in `server/src/components/settings/security/AdminWebhooksSetup.tsx`. Saved inbound webhook dialogs now load `listInboundDeliveries({ inboundWebhookId })` and render a paginated delivery table with received time, dispatch status, response status, and duration.
- (2026-05-11) **F094 implemented** in `server/src/components/settings/security/AdminWebhooksSetup.tsx`. Delivery rows now expose a View action that opens a right-side drawer with request headers/body, response body/status, duration, dispatch status, and handler outcome/error details.
- (2026-05-11) **F095 implemented** in `server/src/components/settings/security/AdminWebhooksSetup.tsx`. The delivery detail drawer now includes a Replay action that calls `replayInboundDelivery`, updates the drawer to the replayed delivery, and refreshes the paginated delivery log for the current webhook.
- (2026-05-11) **F096 implemented** in `server/src/components/settings/security/AdminWebhooksSetup.tsx`. Saved webhook dialogs now include a Send Test flow with JSON body and header-line editors; it parses the inputs, calls `sendInboundWebhookTest`, refreshes deliveries, and opens the resulting delivery detail.
- (2026-05-11) **F097 implemented/verified** by scanning the inbound UI additions in `AdminWebhooksSetup.tsx` and `server/src/components/settings/security/inbound/`. User-facing labels, button text, helper copy, status text, and placeholders are routed through `t('security.webhooks.inbound...')` locale keys. Server-provided action/workflow names and JSON contract property names remain data/technical identifiers rather than hardcoded UI copy.
- (2026-05-11) **F098 implemented/verified** by scanning the inbound tab/dialog/drawer UI controls. New interactive controls (tabs, buttons, selects, inputs, switches, text areas, tables, row menu items, path buttons, dialogs, and drawer) all have stable kebab-case `id` attributes.
- (2026-05-11) **F100 implemented** in `server/src/components/settings/security/AdminWebhooksSetup.tsx`. The Settings Webhooks shell now uses `useFeatureFlag('inbound_webhooks_enabled', { defaultValue:false })`, defaults to the existing Outbound tab, and only renders the Inbound tab/content when the flag is enabled.
- (2026-05-11) **F101 implemented** in `server/src/lib/inboundWebhooks/requestProcessor.ts`. The receiver route resolves the tenant slug first, evaluates `inbound_webhooks_enabled` with the actual tenant ID, and returns a bare `404` before config lookup/dispatch when disabled.
- (2026-05-11) **F102 implemented/verified** in `server/src/lib/actions/inboundWebhookActions.ts`. Every exported inbound webhook server action is wrapped in `withAuth` and calls `assertInboundWebhookPermission` with the appropriate `read/create/update/delete/replay` action before querying or mutating tenant data.
- (2026-05-11) **F200 implemented** in `server/src/app/api/v1/inbound-webhooks/route.ts`. `GET /api/v1/inbound-webhooks` calls the tenant-scoped `listInboundWebhooks` server action and returns `{ data }`, with errors flowing through the existing API error middleware.
- (2026-05-11) **F201 implemented** in `server/src/app/api/v1/inbound-webhooks/route.ts`. `POST /api/v1/inbound-webhooks` parses JSON input, delegates creation to `upsertInboundWebhook`, returns `201` with the redacted config plus one-time secret, and reuses the server action's `withAuth`/permission/secret-vault behavior.
- (2026-05-11) **F202 implemented** in `server/src/app/api/v1/inbound-webhooks/[id]/route.ts`. `GET`, `PUT`, and `DELETE` delegate to the existing server actions, return 404 on missing configs for GET, force the path id into update payloads, and return `204` on delete while preserving centralized auth and tenant scoping.
- (2026-05-11) **F203 implemented** in `server/src/app/api/v1/inbound-webhooks/[id]/rotate-secret/route.ts`. The endpoint calls `rotateInboundWebhookSecret` and returns the redacted config plus one-time replacement secret, preserving the server action's IP-allowlist rejection and vault update behavior.
- (2026-05-11) **F204 implemented** in `server/src/app/api/v1/inbound-webhooks/[id]/test/route.ts`. `POST /test` accepts the synthetic body/headers payload, delegates to `sendInboundWebhookTest`, and returns the created delivery with `202` after in-process dispatch records its outcome.
- (2026-05-11) **F205 implemented** in `server/src/app/api/v1/inbound-webhooks/[id]/capture-sample/route.ts`. `POST` enables a five-minute capture window via `captureSamplePayload`; `DELETE` clears both saved sample and capture state via `clearSamplePayload`.
- (2026-05-11) **F206 implemented** in `server/src/app/api/v1/inbound-webhooks/[id]/deliveries/route.ts`. The route lists deliveries through `listInboundDeliveries`, forces the path webhook id into the filter, supports `page`, `limit`, `status`, `date_from/dateFrom`, and `date_to/dateTo`, and returns pagination metadata.
- (2026-05-11) **F207 implemented** in `server/src/app/api/v1/inbound-webhooks/[id]/deliveries/[deliveryId]/route.ts`. The detail endpoint delegates to `getInboundDelivery` and returns 404 unless the tenant-scoped delivery belongs to the webhook id in the URL.
- (2026-05-11) **F208 implemented** in `server/src/app/api/v1/inbound-webhooks/[id]/deliveries/[deliveryId]/replay/route.ts`. Replay first verifies the tenant-scoped delivery belongs to the URL webhook, then calls `replayInboundDelivery` and returns the new linked delivery with `202`.
- (2026-05-11) **F209 implemented** in `server/src/app/api/v1/inbound-webhooks/actions/route.ts`. `GET /actions` returns `listInboundWebhookActions()` so SDK clients get the same registered action definitions and target field schemas as the Settings UI.
- (2026-05-11) **F210 implemented** in `server/src/lib/api/openapi/routes/inboundWebhooks.ts` and registered from `server/src/lib/api/openapi/index.ts`. The file registers all `/api/v1/inbound-webhooks/*` management and action-discovery paths with auth/RBAC metadata; named component schemas remain split into the later F212-F218 items.
- (2026-05-11) **F211 implemented** in `server/src/lib/api/openapi/routes/inboundWebhooks.ts`. The templated receiver endpoint `/api/inbound/{tenantSlug}/{webhookSlug}` is documented with tenant/webhook params, configurable signature/idempotency headers, generic JSON body, feature-flag metadata, and 200/401/404/429/5xx response surface.
- (2026-05-11) **F212 implemented** in `server/src/lib/api/openapi/routes/inboundWebhooks.ts`. Registered named component `InboundWebhookConfig` using the camelCase runtime/server-action response shape with redacted auth metadata, handler/idempotency fields, sample capture state, rate limit, active state, and timestamps.
- (2026-05-11) **F213 implemented** in `server/src/lib/api/openapi/routes/inboundWebhooks.ts`. Registered named `InboundWebhookCreateInput` and `InboundWebhookUpdateInput` components using the snake_case API/server-action payload shape; POST uses create and PUT uses update.
- (2026-05-11) **F214 implemented** in `server/src/lib/api/openapi/routes/inboundWebhooks.ts`. Registered named `InboundWebhookAuthConfig` as an `auth_type` discriminated union covering HMAC, Bearer, IP allowlist, and path-token configs, including one-time create fields and stored vault-path metadata.
- (2026-05-11) **F215 implemented** in `server/src/lib/api/openapi/routes/inboundWebhooks.ts`. Registered named `InboundWebhookHandlerConfig` as a `handler_type` discriminated union for direct actions (`action` plus JSONata `field_mapping`) and workflow triggers (`workflow_id`).
- (2026-05-11) **F216 implemented** in `server/src/lib/api/openapi/routes/inboundWebhooks.ts`. Registered named `InboundWebhookDelivery` with persisted request/response fields, auth/dispatch statuses, handler outcome, replay linkage, duration, and timestamps.
- (2026-05-11) **F217 implemented** in `server/src/lib/api/openapi/routes/inboundWebhooks.ts`. Registered named `InboundActionTargetField` and `InboundActionDefinition` components and wired the action discovery response to `InboundActionDefinition[]`.
- (2026-05-11) **F218 implemented** in `server/src/lib/api/openapi/routes/inboundWebhooks.ts`. Registered named `WorkflowWebhookEnvelope` documenting the workflow `context.input` payload: source slug, parsed body, filtered headers, verified flag, delivery id, idempotency key, and received timestamp.
- (2026-05-11) **F220 implemented** by running the OpenAPI generator from the `sdk` workspace for both CE and EE editions. This regenerated `alga-openapi.{ce,ee}.{json,yaml}` plus the CE alias `alga-openapi.{json,yaml}`; the CE YAML now contains the `/api/v1/inbound-webhooks/*` management paths, `/api/inbound/{tenantSlug}/{webhookSlug}`, and inbound webhook components.
- (2026-05-11) **F221 implemented** in `server/src/test/unit/api/inboundWebhooksOpenApi.contract.test.ts`. The contract test builds the CE OpenAPI document and asserts every management route has the expected method, API-key security, tenant-scoped inbound RBAC metadata, path params, request schema refs, and response schema refs.
- (2026-05-11) **F222 implemented** in `server/src/test/unit/api/inboundWebhooksOpenApi.contract.test.ts`. Added action discovery assertions for `/api/v1/inbound-webhooks/actions`, including response data as `InboundActionDefinition[]` and component shape coverage for `InboundActionDefinition` plus `InboundActionTargetField`.
- (2026-05-11) **F223 implemented/verified** across `server/src/app/api/v1/inbound-webhooks/**/route.ts`. Every REST handler imports and delegates to `server/src/lib/actions/inboundWebhookActions.ts`; none imports `withAuth`, `hasPermission`, or tenant DB helpers directly, so the API surface shares the existing server-action auth/permission path.
- (2026-05-11) **T001 implemented** in `server/src/test/unit/migrations/inboundWebhookMigrations.test.ts`. Static migration contract verifies `inbound_webhooks` has `tenant`, `inbound_webhook_id`, composite PK `(tenant, inbound_webhook_id)`, tenant-scoped uniqueness/indexes, and Citus distribution on `tenant`.
- (2026-05-11) **T002 implemented** in `server/src/test/unit/migrations/inboundWebhookMigrations.test.ts`. Static migration contract verifies `inbound_webhook_deliveries` has composite PK `(tenant, delivery_id)`, tenant-scoped webhook and replay foreign keys, idempotency index, and Citus distribution on `tenant`.
- (2026-05-11) **T003 implemented** in `server/src/test/unit/migrations/inboundWebhookMigrations.test.ts`. Static migration contract verifies slug uniqueness is `(tenant, slug)` via `inbound_webhooks_tenant_slug_unique` and rejects global slug-only unique constraints.
- (2026-05-11) **T004 implemented** in `server/src/test/unit/inboundWebhooks/externalEntityMappings.test.ts`. Unit test calls `lookupAlgaEntityByExternalId` with a fake Knex builder and verifies it queries `tenant_external_entity_mappings` with `tenant_id`, `integration_type=<webhookSlug>`, `alga_entity_type`, and `external_entity_id` filters.
- (2026-05-11) **T004a implemented** in `server/src/test/unit/inboundWebhooks/externalEntityMappings.test.ts`. Unit test verifies `writeEntityMapping` treats an existing mapping to the same Alga entity as idempotent, checks the same external-id collision lookup, and upserts on `(tenant_id, integration_type, alga_entity_type, alga_entity_id)`.
- (2026-05-11) **T004b implemented** in `server/src/test/unit/inboundWebhooks/schemas.test.ts`. Schema test verifies `inboundWebhookUpsertInputSchema` rejects reserved bundled integration slugs such as `ninjaone`, preventing user webhooks from polluting bundled integration mapping namespaces.
- (2026-05-11) **T005 implemented** in `server/src/test/unit/migrations/inboundWebhookMigrations.test.ts`. Static migration guard verifies inbound webhook migrations use table-existence checks, Citus distribution guards, `CREATE INDEX IF NOT EXISTS` for delivery indexes, and safe `dropTableIfExists` down migrations so re-running is safe.
- (2026-05-11) **T006 implemented** in `server/src/test/unit/migrations/inboundWebhookPermissions.test.ts`. Source-level permission contract verifies the inbound webhook action set (`create/read/update/delete/replay`) is present in the migration and dev seed as MSP-only permissions, and that the migration grants them to the MSP Admin role through `role_permissions`.
- (2026-05-11) **T007 implemented** in `server/src/test/unit/migrations/inboundWebhookPermissions.test.ts`. Source-level permission contract verifies the inbound webhook migration grants only through the MSP Admin role lookup and does not add default role-permission inserts for Manager, Technician, Client, or client-portal roles.
- (2026-05-11) **T010 implemented** in `server/src/test/unit/inboundWebhooks/schemas.test.ts`. Zod schema test verifies `inboundWebhookUpsertInputSchema` rejects unsupported `auth_type` values before configs can be persisted.
- (2026-05-11) **T011 implemented** in `server/src/test/unit/inboundWebhooks/schemas.test.ts`. Zod schema test verifies HMAC auth configs must include a non-empty `signature_header`, preventing un-verifiable HMAC webhook configs.
- (2026-05-11) **T012 implemented** in `server/src/test/unit/inboundWebhooks/schemas.test.ts`. Zod schema test verifies direct-action handler configs must include a non-empty `action` name before field mappings are accepted.
- (2026-05-11) **T013 implemented** in `server/src/test/unit/inboundWebhooks/schemas.test.ts`. Zod schema test verifies workflow handler configs must include a `workflow_id` when `handler_type='workflow'`.
- (2026-05-11) **T014 implemented** in `server/src/test/unit/inboundWebhooks/schemas.test.ts`. Zod schema test verifies webhook slugs reject uppercase, spaces, punctuation, and other URL-unsafe characters via the URL-safe lowercase slug rule.
- (2026-05-11) **T020 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts`. Mocked `withAuth`, RBAC, and Knex verify `listInboundWebhooks` creates a tenant-scoped Knex instance, checks `inbound_webhook:read`, applies `where({ tenant })`, and maps only rows for the current tenant.
- (2026-05-11) **T021 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts`. Mocked upsert path verifies `upsertInboundWebhook` checks `(tenant, slug)` for collisions, rejects duplicate slugs in the same tenant, and stops before writing secrets or inserting rows.
- (2026-05-11) **T022 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts`. Mocked create path verifies `upsertInboundWebhook` scopes slug collision checks by current tenant, allowing a webhook slug already used by another tenant to be inserted for `tenant-a`.
- (2026-05-11) **T023 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts`. Mocked create path verifies HMAC secrets are written via tenant secret storage, inserted DB `auth_config` stores only `secret_vault_path` metadata, and the returned secret is one-time.
- (2026-05-11) **T024 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts`. Mocked `getInboundWebhook` lookup verifies raw secret fields present in DB `auth_config` are redacted from the returned config view.
- (2026-05-11) **T025 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts`. Mocked rotation verifies `rotateInboundWebhookSecret` checks `inbound_webhook:update`, overwrites the existing tenant-secret vault path with the newly returned one-time secret, updates only vault metadata in `auth_config`, and does not leak the new secret through the webhook config response.
- (2026-05-11) **T026 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts`. Decision confirmed: delivery rows are retained after webhook deletion. The migration FK uses `ON DELETE SET NULL`, and the server-action test verifies `deleteInboundWebhook` deletes only the tenant-scoped config row, deletes the stored auth secret, and never deletes `inbound_webhook_deliveries`.
- (2026-05-11) **T027 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts`. Permission-denial test sets `hasPermission=false` and verifies `listInboundWebhooks` throws `Forbidden: inbound_webhook:read permission required` before querying webhook tables.
- (2026-05-11) **T028 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts`. Runtime test verifies `getInboundWebhook`, `upsertInboundWebhook`, and `deleteInboundWebhook` all consume the tenant supplied by `withAuth`, call `createTenantKnex('tenant-a')`, and scope their lookup/insert/delete payloads by that tenant.
- (2026-05-11) **T030 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Receiver test keeps the real HMAC verifier, mocks tenant/db/rate-limit/delivery/dispatch seams, sends a correctly signed `POST /api/inbound/<tenant>/<slug>` request, and verifies `200` with `{delivery_id}`, verified delivery creation, dispatch, and delivery outcome persistence.
- (2026-05-11) **T031 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Invalid HMAC receiver test verifies a bodyless `401`, a single rejected-auth delivery with `auth_status='rejected_signature'` and no request body, and no dispatch/outcome update.
- (2026-05-11) **T032 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Mismatched HMAC header-name test signs the body correctly but sends it in `X-Wrong-Signature`; because the config expects `X-Signature`, the receiver returns a bodyless `401`, logs `rejected_signature`, and skips dispatch.
- (2026-05-11) **T033 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Bearer-auth receiver test swaps in a bearer webhook config, reads the mocked tenant-secret token through the real verifier, and verifies a valid `Authorization: Bearer ...` request creates a verified delivery, dispatches, and returns `200 {delivery_id}`.
- (2026-05-11) **T034 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Bad Bearer token test verifies a bodyless `401`, rejected-auth delivery metadata with `auth_status='rejected_bearer'`, no persisted request body, and no dispatch.
- (2026-05-11) **T035 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. IP allowlist success test uses the real CIDR matcher with `X-Forwarded-For`, verifies the first forwarded IP is accepted, no tenant secret is read, and a verified delivery dispatches.
- (2026-05-11) **T036 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. IP allowlist rejection test verifies a request from outside the configured CIDR returns a bodyless `401`, logs `auth_status='rejected_ip'` with no request body, and skips dispatch.
- (2026-05-11) **T037 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Path-token success test uses the real verifier with the configured `token` query parameter, verifies tenant-secret lookup by vault path, and confirms a valid token creates a verified delivery and dispatches.
- (2026-05-11) **T038 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Invalid path-token test verifies a mismatched `?token=` returns a bodyless `401`, logs `auth_status='rejected_no_auth'` with no request body, and skips dispatch.
- (2026-05-11) **T039 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Unknown tenant-slug test verifies the receiver returns the same bodyless `401` shape used for auth failures and stops before feature-flag lookup, tenant context, config lookup, delivery persistence, or dispatch.
- (2026-05-11) **T040 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Unknown webhook-slug test under a valid tenant verifies the receiver returns the same bodyless `401`, persists a limited rejected-auth delivery with `inbound_webhook_id=null`, omits request body, and skips dispatch.
- (2026-05-11) **T041 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Disabled webhook test verifies `is_active=false` short-circuits before secret lookup/auth verification, returns the same bodyless `401`, logs limited rejected-auth metadata against the webhook id, and skips dispatch.
- (2026-05-11) **T042 implemented** in `server/src/test/unit/inboundWebhooks/authVerifier.test.ts`. HMAC verifier test mutates one byte of an otherwise valid same-length signature and spies on `crypto.timingSafeEqual`, proving the HMAC path still performs timing-safe comparison with equal-length buffers instead of early-returning on byte mismatch.
- (2026-05-11) **T043 implemented** in `server/src/test/unit/inboundWebhooks/authVerifier.test.ts`. Bearer verifier test supplies a same-length wrong token, spies on `crypto.timingSafeEqual`, and verifies the bearer path rejects with `rejected_bearer` only after timing-safe comparison with equal-length buffers.
- (2026-05-11) **T044 implemented** in `server/src/test/unit/inboundWebhooks/headerFilter.test.ts`. Header-filter test verifies persisted inbound headers strip `Authorization`, `Cookie`, `Set-Cookie`, `Proxy-Authorization`, and `X-Api-Key` while preserving safe lowercase headers like `content-type` and `x-request-id`.
- (2026-05-11) **T050 implemented** in `server/src/test/unit/inboundWebhooks/idempotency.test.ts`. Header-source idempotency test verifies configured header names are extracted case-insensitively from both `Headers` and plain record inputs, trim whitespace, and use the first value when a header array is supplied.
- (2026-05-11) **T051 implemented** in `server/src/test/unit/inboundWebhooks/idempotency.test.ts`. JSONata-source idempotency test evaluates `alert.id` against the parsed request body using the real workflow expression runtime and trims the resulting key.
- (2026-05-11) **T052 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Duplicate idempotency receiver test verifies a duplicate key within the configured 24h window returns `200` with the original `delivery_id`, creates a new delivery row marked `dispatch_status='duplicate'`, records `handler_outcome.duplicate_of`, and does not dispatch.
- (2026-05-11) **T053 implemented** in `server/src/test/unit/inboundWebhooks/idempotency.test.ts`. Duplicate lookup test freezes time, verifies the query applies `received_at >= now - windowSeconds` plus tenant/webhook/key/status filters, and returns `null` when no in-window row exists so the receiver can fresh-dispatch the same key after expiry.
- (2026-05-11) **T054 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Decision locked: if an idempotency source is configured but yields no key, the receiver accepts and dispatches once with `idempotency_key=null` rather than rejecting the request; dedupe lookup receives `null` and returns no duplicate.
- (2026-05-11) **T055 implemented** in `server/src/test/unit/inboundWebhooks/idempotency.test.ts`. Duplicate lookup is explicitly scoped by `inbound_webhook_id` along with tenant and idempotency key, so two webhook configs can receive the same external idempotency key without deduping each other.
- (2026-05-11) **T060 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Verified requests now have a test asserting `createInboundDelivery` receives `authStatus='verified'` plus the parsed body and is invoked before `dispatchInboundWebhookHandler`, preserving visible failed-dispatch rows.
- (2026-05-11) **T061 implemented** in `server/src/test/unit/inboundWebhooks/deliveryPersistence.test.ts`. Rejected-auth persistence now asserts a row is still inserted with tenant/webhook metadata and response status, while `request_body` is forced to `null` and sensitive headers are filtered.
- (2026-05-11) **T062 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Dispatch exceptions now have regression coverage: the receiver returns `500 {delivery_id, error:'dispatch_failed'}` and updates the existing verified delivery to `dispatch_status='failed'` with the exception message in `handler_outcome.error`.
- (2026-05-11) **T070 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Over-limit requests now assert `checkInboundWebhookRateLimit(tenant, webhookId)` is enforced after auth/JSON parse, return `429` with `retry-after`, persist a failed verified delivery, and skip dispatch.
- (2026-05-11) **T071 implemented** in `server/src/test/unit/inboundWebhooks/rateLimitConfig.test.ts`. Rate-limit isolation by webhook is covered by asserting the shared token bucket is called with namespace `webhook-in`, the tenant ID, and each webhook ID as a distinct bucket dimension.
- (2026-05-11) **T072 implemented** in `server/src/test/unit/inboundWebhooks/rateLimitConfig.test.ts`. Rate-limit isolation by tenant is covered by asserting the same webhook ID under two tenants calls the shared token bucket with different tenant dimensions.
- (2026-05-11) **T080 implemented** in `server/src/test/unit/inboundWebhooks/sampleCapture.test.ts`. Sample capture now has direct coverage for the atomic conditional update that stores the verified body only when capture is active and `sample_payload` is still null, then clears `sample_capture_expires_at`.
- (2026-05-11) **T081 implemented** in `server/src/test/unit/inboundWebhooks/sampleCapture.test.ts`. Expired/otherwise non-matching capture windows now return `false` when the conditional update affects zero rows, which prevents late requests from overwriting an existing captured sample.
- (2026-05-11) **T082 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts`. `clearSamplePayload` now has server-action coverage for `inbound_webhook:update` permission, tenant-scoped update by webhook id, and clearing both `sample_payload` and `sample_capture_expires_at`.
- (2026-05-11) **T090 implemented** in `server/src/test/unit/inboundWebhooks/actionRegistry.test.ts`. Registry ordering is now locked: `registerAction` stores definitions and `listActions()` returns a deterministic flat list grouped by `entityType` ordering and then action name.
- (2026-05-11) **T091 implemented** in `server/src/test/unit/inboundWebhooks/actionRegistry.test.ts`. Duplicate action registration now has explicit coverage and must throw `Inbound action "<name>" is already registered`, matching the registry's fail-fast behavior.
- (2026-05-11) **T092 implemented** in `server/src/test/unit/inboundWebhooks/actionRegistry.test.ts`. Added a source-level bootstrap contract that requires all seven v1 package contribution imports (tickets, clients/contacts, assets, billing, scheduling, projects, tags), plus bootstrap calls from app initialization and action discovery before `listActions()`.
- (2026-05-11) **T093 implemented** in `server/src/test/unit/inboundWebhooks/mappingEvaluator.test.ts`. JSONata field mapping now has direct coverage against the raw request body, preserving PRD-style expressions like `alert.message` instead of requiring a wrapper object.
- (2026-05-11) **T094 implemented** in `server/src/lib/inboundWebhooks/dispatcher.ts`, `requestProcessor.ts`, and `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Mapping/evaluation failures are now classified as `InboundWebhookMappingError` and recorded as failed deliveries with `response_status=400` / `error='mapping_failed'` instead of surfacing as internal 500 dispatch failures.
- (2026-05-11) **T095 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Missing required mapped fields now have explicit delivery coverage: the request processor records a failed delivery with the dispatcher-provided field/action error and returns `400` with `error='mapping_failed'`.
- (2026-05-11) **T096 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. External-ID lookup misses now have receiver-level delivery coverage: action lookup-miss errors are persisted to `handler_outcome.error` with `dispatch_status='failed'`, preserving the `lookup_miss` reason for debugging.
- (2026-05-11) **T1010 implemented** in `server/src/test/unit/inboundWebhooks/ticketInboundActions.test.ts`. The test imports the ticket package's inbound action contribution, retrieves `createTicket` from the registry, and verifies mapped fields plus webhook metadata are passed to `TicketModel.createTicketWithRetry` with the current tenant and transaction.
- (2026-05-11) **T1011 implemented** in `server/src/test/unit/inboundWebhooks/ticketInboundActions.test.ts`. The `createTicket` action now has coverage for optional mapped `external_id`, asserting it writes a `ticket` mapping through `writeEntityMapping` with `integration_type=<webhookSlug>` and delivery metadata inside the transaction.
- (2026-05-11) **T1012 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Successful direct-action delivery updates now assert the `createTicket` dispatch outcome is persisted to `handler_outcome` with `entity_type='ticket'`, `entity_id=<ticket_id>`, and ticket number metadata.
- (2026-05-11) **T1013 implemented** in `server/src/test/unit/inboundWebhooks/ticketInboundActions.test.ts`. `updateTicketByExternalId` now has coverage for resolving the ticket through `tenant_external_entity_mappings` via `lookupAlgaEntityByExternalId` and applying mapped status, priority, and assignee fields through `TicketModel.updateTicket` with the current tenant.
- (2026-05-11) **T1014 implemented** in `server/src/test/unit/inboundWebhooks/ticketInboundActions.test.ts`. `updateTicketByExternalId` now returns a structured `success:false` `lookup_miss` result and skips `TicketModel.updateTicket` when the webhook-scoped external ID mapping is absent; T096 covers conversion of this failure class into a failed delivery row.
- (2026-05-11) **T1015 implemented** in `server/src/test/unit/inboundWebhooks/ticketInboundActions.test.ts`. `addTicketCommentByExternalId` now has coverage for resolving the mapped ticket, building the comment payload with internal/webhook metadata, and calling `TicketModel.createComment` with tenant and transaction scope.
- (2026-05-11) **T1016 implemented** in `server/src/test/unit/inboundWebhooks/ticketInboundActions.test.ts`. `changeTicketStatusByExternalId` now has coverage for calling `TicketModel.updateTicket` with mapped status/board fields and propagating model validation errors for invalid statuses; request-processor failure persistence is covered by T062/T096.
- (2026-05-11) **T1020 implemented** in `server/src/test/unit/inboundWebhooks/clientInboundActions.test.ts`. `upsertClientByExternalId` now has coverage for the no-existing-mapping create path: tenant-scoped `clients` insert, default active/company payload normalization, and `writeEntityMapping` with webhook slug plus delivery metadata.
- (2026-05-11) **T1021 implemented** in `server/src/test/unit/inboundWebhooks/clientInboundActions.test.ts`. `upsertClientByExternalId` now has coverage for the mapped update path: lookup by webhook-scoped external ID, tenant-scoped `clients` update, property merging, and no duplicate mapping write.
- (2026-05-11) **T1022 implemented** in `server/src/test/unit/inboundWebhooks/clientInboundActions.test.ts`. `setClientActiveByExternalId` now has coverage for resolving the mapped client, updating `clients.is_inactive` from the mapped `active` flag, and returning active-state metadata.
- (2026-05-11) **T1030 implemented** in `server/src/test/unit/inboundWebhooks/clientInboundActions.test.ts`. `upsertContactByExternalId` now has coverage for creating a contact with direct client linkage, writing the webhook-scoped contact mapping, and updating an existing mapped contact through `ContactModel.updateContact`.
- (2026-05-11) **T1031 implemented** in `server/src/test/unit/inboundWebhooks/clientInboundActions.test.ts`. `upsertContactByExternalId` now rejects contact creation when neither `client_id` nor a resolvable webhook-scoped `client_external_id` is available, and the test verifies no contact or mapping write occurs.
- (2026-05-11) **T1040 implemented** in `server/src/test/unit/inboundWebhooks/assetInboundActions.test.ts`. `upsertAssetByExternalId` now has coverage for RMM-shaped payloads delegating to `ingestNormalizedRmmDeviceSnapshot`, resolving client linkage via webhook-scoped external ID, and stamping provider/integration/device identifiers to the user webhook namespace.
- (2026-05-11) **T1041 implemented** in `server/src/test/unit/inboundWebhooks/assetInboundActions.test.ts`. The RMM asset path now has regression coverage that a normalized device snapshot shaped like bundled RMM ingestion input preserves lifecycle, asset, extension, and metadata fields while only provider/integration/device namespace values are rewritten for the user webhook.
- (2026-05-11) **T1042 implemented** in `server/src/test/unit/inboundWebhooks/assetInboundActions.test.ts`. The non-RMM asset path now has coverage for tenant-scoped plain `assets` insert payloads, skipping shared RMM ingestion, and writing a webhook-scoped asset mapping row for later external-ID updates.
- (2026-05-11) **T1050 implemented** in `server/src/test/unit/inboundWebhooks/invoiceInboundActions.test.ts`. `markInvoicePaidByExternalId` now has coverage for resolving the invoice via webhook-scoped external mapping, updating status to `paid`, merging payment metadata into `custom_fields`, and returning paid status metadata.
- (2026-05-11) **T1051 implemented** in `server/src/test/unit/inboundWebhooks/invoiceInboundActions.test.ts`. `markInvoicePaidByExternalId` now has lookup-miss coverage: absent webhook-scoped invoice mapping returns `success:false` with a `lookup_miss` message and skips invoice reads/updates.
- (2026-05-11) **T1052 implemented** in `server/src/test/unit/inboundWebhooks/invoiceInboundActions.test.ts`. `markInvoicePaidByExternalId` now has idempotency coverage for invoices already in `paid` status: the action returns success from the current row and skips duplicate status/custom-field updates.
- (2026-05-11) **T1053 implemented** in `server/src/test/unit/inboundWebhooks/invoiceInboundActions.test.ts`. `updateInvoiceStatusByExternalId` now has coverage for resolving a mapped invoice, applying a mapped non-paid status, and recording inbound delivery metadata in `custom_fields`.
- (2026-05-11) **T1060 implemented** in `server/src/test/unit/inboundWebhooks/timeEntryInboundActions.test.ts`. `createTimeEntry` now has coverage for tenant-scoped reference checks, work-date/time-sheet resolution, creating a billable `time_entries` row, writing optional external mappings, and publishing `TIME_ENTRY_CREATED`.
- (2026-05-11) **T1070 implemented** in `server/src/test/unit/inboundWebhooks/projectTaskInboundActions.test.ts`. `createProjectTask` now has coverage for resolving a parent project through `tenant_external_entity_mappings`, validating project/phase/status mapping scope, creating through `ProjectTaskModel.addTask`, and writing a `project_task` external mapping.
- (2026-05-11) **T1071 implemented** in `server/src/test/unit/inboundWebhooks/projectTaskInboundActions.test.ts`. `updateProjectTaskStatusByExternalId` now covers webhook-scoped task lookup through `tenant_external_entity_mappings`, tenant-aware task/project resolution, target status validation, and the shared `ProjectTaskModel.updateTaskStatus` call.
- (2026-05-11) **T1080 implemented** in `server/src/test/unit/inboundWebhooks/tagInboundActions.test.ts`. `addTagToEntityByExternalId` now covers resolving a mapped ticket, verifying the ticket still exists, getting/creating the tag definition, and inserting a tenant-scoped `tag_mappings` row.
- (2026-05-11) **T1081 implemented** in `server/src/test/unit/inboundWebhooks/tagInboundActions.test.ts`. The tag action now also covers `entity_type='client'`, verifying the client table/id-column mapping and default tag color handling before inserting `tag_mappings`.
- (2026-05-11) **T1082 implemented** in `server/src/test/unit/inboundWebhooks/tagInboundActions.test.ts`. Unsupported tag entity types now have explicit validation coverage, including an assertion that the action rejects before creating a tenant Knex instance or attempting external-ID lookup.
- (2026-05-11) **T110 implemented** in `server/src/test/unit/inboundWebhooks/workflowDispatcher.test.ts`. Workflow handler dispatch now has coverage for launching `launchPublishedWorkflowRun` with the normalized inbound envelope, event trigger metadata, delivery-scoped execution keys, and the workflow run outcome returned to delivery persistence.
- (2026-05-11) **T111 implemented** in `server/src/test/unit/inboundWebhooks/workflowEnvelope.test.ts`. The workflow envelope builder now has deterministic coverage for the exact documented fields: source, body, headers, verified, delivery_id, idempotency_key, and ISO received_at.
- (2026-05-11) **T112 implemented** in `server/src/test/unit/inboundWebhooks/workflowDispatcher.test.ts`. Workflow dispatch now verifies sensitive inbound headers (`Authorization`, `Cookie`, `Set-Cookie`, `X-Api-Key`) are filtered before the envelope is passed to `launchPublishedWorkflowRun`.
- (2026-05-11) **T113 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. The receiver path now verifies a successful workflow dispatch outcome, including `workflow_run_id`, is persisted into `handlerOutcome` when the delivery is marked `dispatched`.
- (2026-05-11) **T114 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Workflow trigger errors now have receiver-path coverage showing the delivery is updated to `dispatchStatus='failed'` with the engine error message in `handlerOutcome`.
- (2026-05-11) **T115 implemented** in `server/src/test/unit/inboundWebhooks/workflowDispatcher.test.ts`. Workflow dispatch now has launch-boundary coverage showing once `launchPublishedWorkflowRun` returns a run id/version, dispatch resolves with the workflow outcome and does not wait for or observe later workflow completion/failure.
- (2026-05-11) **T120 implemented** in `shared/workflow/expression-authoring/__tests__/coreContracts.test.ts`. The webhook payload context adapter now has contract coverage for turning a captured sample body into deterministic top-level expression roots and nested path options such as `alert.id` / `device.hostname`.
- (2026-05-11) **T121 implemented** in `shared/workflow/expression-authoring/__tests__/coreContracts.test.ts`. Captured webhook sample inference now covers nested objects, arrays, array-item path segments, and primitive type classification for integer/number/boolean/string fields.
- (2026-05-11) **T122 implemented** in `shared/workflow/expression-authoring/__tests__/coreContracts.test.ts`. Adapter edge-case coverage now verifies null bodies produce a minimal `value` root, array bodies expose `value[]` paths, and empty object samples return empty roots/options without throwing.
- (2026-05-11) **T123 implemented** in `server/src/test/unit/inboundWebhooks/InboundWebhookMappingField.test.ts`. The inbound mapping field now exposes and tests the helper that converts captured-sample adapter paths into `ExpressionTextArea` `fieldOptions`, ensuring autocomplete receives paths and type hints from the webhook payload context adapter.
- (2026-05-11) **T130 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. The Settings webhooks shell now has source-level UI contract coverage for the tab container, inbound/outbound tab trigger IDs, tab values, and the inbound/outbound tab panel components.
- (2026-05-11) **T131 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. Outbound regression coverage now verifies the outbound tab still mounts `OutboundWebhooksSetup` and that the existing outbound list/save/delete/test/rotate/retry/delivery/stat action paths remain wired in the refactored component.
- (2026-05-11) **T132 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. The inbound list view now has contract coverage for the required table shape: name/receiver URL, handler, last delivery, active state, and DataTable binding to inbound webhook rows.
- (2026-05-11) **T133 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. The inbound create/edit dialog now has contract coverage for the Identity section title/help and stable inputs for name, URL-safe slug normalization, and description.
- (2026-05-11) **T134 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. Auth-section UI coverage now verifies the HMAC auth option and conditional signature-header input are present with stable IDs and state wiring.
- (2026-05-11) **T135 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. Auth-section UI coverage now verifies the Bearer option renders a password token field, uses the saved-secret placeholder for existing configs, and writes back to `identityForm.bearerToken`.
- (2026-05-11) **T136 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. Auth-section UI coverage now verifies the IP allowlist option renders the CIDR textarea with stable ID, translated labels/placeholders, and `identityForm.ipCidrs` state wiring.
- (2026-05-11) **T137 implemented** in `server/src/components/settings/security/AdminWebhooksSetup.tsx` and `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. While adding coverage, a real UI gap was found: inbound create/update save was still disabled. The dialog now builds the snake_case upsert payload, calls `upsertInboundWebhook`, updates local list state, and displays the returned one-time secret only in `revealedInboundSecret`, which is cleared on modal close.
- (2026-05-11) **T138 implemented** in `server/src/components/settings/security/AdminWebhooksSetup.tsx` and `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. Saved non-IP inbound webhook configs now show a rotate-secret button that calls `rotateInboundWebhookSecret` and reuses the one-time secret modal for the replacement secret.
- (2026-05-11) **T139 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. Idempotency-section UI coverage now verifies the header/jsonata source dropdown, value input label/placeholder switch, and duplicate-window seconds input are present and state-backed.
- (2026-05-11) **T140 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. Handler-section UI coverage now verifies the handler type selector exposes direct-action/workflow options, updates `identityForm.handlerType`, and conditionally renders the direct-action or workflow panel.
- (2026-05-11) **T141 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. Direct-action dropdown coverage now verifies actions are loaded from `listInboundWebhookActions`, mapped into selector options by registry name/display metadata, and rendered through the `inbound-webhook-direct-action` select.
- (2026-05-11) **T142 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. Direct-action mapping coverage now verifies selected action definitions drive target-field rows, each row uses a stable `inbound-webhook-mapping-*` ID, and mappings are edited through the reused `InboundWebhookMappingField` with captured sample context.
- (2026-05-11) **T143 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. Workflow selector coverage now verifies tenant workflows are loaded through `listInboundWorkflowOptions`, mapped into select options with workflow IDs/names, and rendered by the `inbound-webhook-workflow` select.
- (2026-05-11) **T144 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. Workflow handler UI coverage now verifies the envelope info card includes the documented `source`, `body`, `headers`, `verified`, `delivery_id`, `idempotency_key`, and `received_at` fields.
- (2026-05-11) **T145 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. Sample-capture UI coverage now verifies the capture button is saved-webhook gated, calls `captureSamplePayload`, writes returned capture/sample state into the dialog form, and shows the active capture window status.
- (2026-05-11) **T146 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. Sample-tree UI coverage now verifies captured payloads are converted through `buildWebhookPayloadExpressionPathOptions`, empty state is handled, and path buttons render stable IDs plus the path text.
- (2026-05-11) **T147 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. Sample-tree insertion coverage now verifies mapping fields set the focused target, path buttons are disabled until a field is focused, and clicking a path writes it into `identityForm.fieldMapping[focusedMappingField]`.
- (2026-05-11) **T148 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. Active-toggle UI coverage now verifies saved configs call `setInboundWebhookActiveState`, update `isActive` plus `autoDisabledAt` from the persisted result, and wire the `inbound-webhook-active` switch to that handler.
- (2026-05-11) **T149 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. Auto-disable banner coverage now verifies the dialog renders translated warning copy when `identityForm.autoDisabledAt` is set and formats the disabled timestamp for display.
- (2026-05-11) **T160 implemented** in `server/src/components/settings/security/AdminWebhooksSetup.tsx` and `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. While adding coverage, a real UI gap was found: the delivery dialog paginated by webhook but lacked a dispatch-status filter. Added `inbound-webhook-delivery-status-filter`, status state, and query wiring so `listInboundDeliveries` receives both `inboundWebhookId` and optional `status`.
- (2026-05-11) **T161 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. Delivery-detail drawer coverage now verifies selected delivery data drives response status, duration, handler error, filtered headers, request body, response body, and formatted JSON sections.
- (2026-05-11) **T162 implemented** in `server/src/test/unit/inboundWebhooks/deliveryPersistence.test.ts`. Replay persistence coverage now verifies `createInboundDelivery` writes `is_replay=true` and `replayed_from=<original delivery>` when replay callers create the linked delivery row.
- (2026-05-11) **T163 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookReplay.source.contract.test.ts`. Replay source coverage now verifies `replayInboundDelivery` fetches the current active webhook config by tenant/webhook ID and passes that current row into `dispatchAndRecordOutcome`, so mapping/config changes are reflected on replay.
- (2026-05-11) **T164 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookReplay.source.contract.test.ts`. Replay linkage source coverage now verifies `replayInboundDelivery` creates the replay row with `isReplay: true`, `replayedFrom: original.delivery_id`, and returns the newly fetched replay delivery.
- (2026-05-11) **T165 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. Synthetic-test UI coverage now verifies the dialog exposes custom JSON body and header editors, parses both, calls `sendInboundWebhookTest` for in-process dispatch, and opens the resulting delivery detail.
- (2026-05-11) **T170 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. Inbound UI i18n coverage now scans the inbound component region for direct JSX English text nodes and verifies the component uses the `msp/profile` translation namespace plus inbound translation keys.
- (2026-05-11) **T171 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. UI reflection coverage now scans inbound static IDs for kebab-case form and verifies dynamic mapping, sample-path, and delivery-view IDs are generated from kebab-case prefixes.
- (2026-05-11) **T180 implemented** in `server/src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts`. Settings feature-flag coverage now verifies `inbound_webhooks_enabled` defaults off, the active tab falls back to outbound if disabled, and inbound tab/content are only rendered behind the flag.
- (2026-05-11) **T181 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Receiver feature-flag coverage now verifies a disabled `inbound_webhooks_enabled` flag returns a bodyless 404 after tenant resolution and before tenant context, webhook lookup, delivery persistence, or dispatch.
- (2026-05-11) **T182 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. The receiver now has tenant-specific flag coverage: tenant A can proceed through `runWithTenant` and dispatch while tenant B, in the same mocked scenario, receives a bodyless 404 and never reaches lookup, delivery creation, or dispatch.
- (2026-05-11) **T190 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookTenantScoping.source.contract.test.ts`. Added a source contract that enumerates every `inbound_webhooks` table access in server actions plus receiver config lookup, requires tenant-scoped `where` clauses on read/update/delete paths, and verifies create paths insert the tenant key.
- (2026-05-11) **T191 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookTenantScoping.source.contract.test.ts`. Extended the source contract to enumerate delivery table access in server actions, delivery persistence, and idempotency helpers; inserts must include `tenant`, direct lookups/updates must filter by tenant, and paginated list queries must flow through the shared `applyFilters` tenant guard.
- (2026-05-11) **T192 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts`. Added a mocked `getInboundDelivery` cross-tenant test: a tenant-B delivery row is not returned to the tenant-A auth context because the action queries by `{ tenant: 'tenant-a', delivery_id }`.
- (2026-05-11) **T193 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts`. Tightened the mocked config lookup harness to honor `where` criteria and added a cross-tenant `getInboundWebhook` test proving tenant-A cannot read a tenant-B webhook config with the same requested id.
- (2026-05-11) **T200 implemented** in `server/src/test/unit/inboundWebhooks/requestProcessor.test.ts`. Added an executable acceptance-path contract for HMAC create-ticket webhooks: a signed JSON request reaches the direct-action dispatcher, returns `{delivery_id}`, and persists a `createTicket` handler outcome with the created ticket id/number for the Settings delivery UI to display.
- (2026-05-11) **T201 implemented** in `server/src/test/unit/inboundWebhooks/workflowDispatcher.test.ts`. Added a workflow-handler acceptance contract verifying the dispatcher launches the published workflow with `execute=true`, delivery-scoped trigger/execution keys, and returns `workflow_run_id`/version so delivery logs can link users to the visible workflow run.
- (2026-05-11) **T202 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts`. Added a replay acceptance-path test: a failed original delivery is loaded from the log, replay creates a linked delivery with current webhook mapping, dispatch succeeds, and the returned delivery is marked `isReplay=true` with `replayedFrom` pointing to the failed original.
- (2026-05-11) **T300 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookRestApiRoutes.test.ts`. The `GET /api/v1/inbound-webhooks` route test verifies a 200 response with `{ data }` and confirms the route delegates to `listInboundWebhooks()`, preserving the tenant-scoped server-action path covered by T020/T190.
- (2026-05-11) **T301 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookRestApiRoutes.test.ts`. The `POST /api/v1/inbound-webhooks` route test verifies create requests delegate the parsed JSON body to `upsertInboundWebhook`, return `201`, and expose the returned secret only as the one-time `secret` response field.
- (2026-05-11) **T302 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookRestApiRoutes.test.ts`. The `GET /api/v1/inbound-webhooks/{id}` route test verifies lookup by path id, 200 `{ data }` response shape, and that raw secret material is absent from the returned config.
- (2026-05-11) **T303 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookRestApiRoutes.test.ts`. The `PUT /api/v1/inbound-webhooks/{id}` route test verifies the parsed body is persisted through `upsertInboundWebhook` with the URL path id overriding any body id and that updates return `{ data, secret:null }`.
- (2026-05-11) **T304 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookRestApiRoutes.test.ts`. The `DELETE /api/v1/inbound-webhooks/{id}` route test verifies deletion delegates to `deleteInboundWebhook(id)` and returns an empty `204` response.
- (2026-05-11) **T305 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookRestApiRoutes.test.ts`. The rotate-secret route test verifies `POST /api/v1/inbound-webhooks/{id}/rotate-secret` delegates to `rotateInboundWebhookSecret(id)` and returns the replacement as the one-time `secret` response field.
- (2026-05-11) **T306 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookRestApiRoutes.test.ts`. The synthetic test route verifies `POST /api/v1/inbound-webhooks/{id}/test` parses `{body, headers}`, calls `sendInboundWebhookTest(id, input)`, and returns the created delivery with `202`.
- (2026-05-11) **T307-T313 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookRestApiRoutes.test.ts`. Added REST route coverage for capture enable/clear, delivery pagination/filtering, delivery detail ownership check, replay creation/linkage, and action discovery output. These tests verify the route layer delegates to the existing server actions without introducing a parallel auth or data access path.
- (2026-05-11) **T320-T328 implemented** in `server/src/test/unit/api/inboundWebhooksOpenApi.contract.test.ts`. Added generated CE/EE YAML checks for inbound webhook paths, receiver endpoint header/response documentation, config/auth/handler/envelope component assertions, and explicit management/action-discovery schema reference checks.
- (2026-05-11) **T329 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookRestApiRoutes.test.ts`. Added an authorization-failure route test that lets the mocked server action throw a `403` and verifies the REST layer returns that error instead of bypassing or replacing the server-action permission path.
- (2026-05-11) **T330 implemented** in `server/src/test/unit/inboundWebhooks/inboundWebhookRestApiRoutes.source.contract.test.ts`. Added a source contract asserting every inbound webhook REST route imports `@/lib/actions/inboundWebhookActions` and avoids direct DB/auth/RBAC imports, preserving tenant scoping parity with the server actions.
- (2026-05-11) **F043 implemented** in `server/src/lib/inboundWebhooks/headerFilter.ts`. `filterInboundWebhookHeaders` accepts `Headers` or plain records, lowercases persisted names, and strips `Authorization`, `Cookie`, `Set-Cookie`, `Proxy-Authorization`, and `X-Api-Key`.
- (2026-05-11) **F038 implemented** in `server/src/lib/inboundWebhooks/idempotency.ts`. `extractInboundWebhookIdempotencyKey` supports case-insensitive header lookup from `Headers` or plain header records and returns `null` for missing/blank keys.
- (2026-05-11) **F039 implemented** in `server/src/lib/inboundWebhooks/idempotency.ts`. JSONata idempotency sources evaluate directly against the request body via the workflow expression runtime and normalize non-null results to trimmed strings.
- (2026-05-11) **F040 implemented** in `server/src/lib/inboundWebhooks/idempotency.ts`. `findDuplicateInboundDelivery` checks `(tenant, inbound_webhook_id, idempotency_key)` within the configured window and only treats `pending`, `dispatched`, or prior `duplicate` rows as dedup hits.
- (2026-05-11) **F041 implemented** in `server/src/lib/inboundWebhooks/deliveryPersistence.ts`. `createInboundDelivery` inserts tenant-scoped rows before dispatch, filters persisted headers through F043, stores request bodies only for `auth_status='verified'`, and supports replay linkage fields.
- (2026-05-11) **F033 implemented** in `server/src/lib/inboundWebhooks/authVerifier.ts`. HMAC-SHA256 verification uses configurable signature header names, supports `sha256=<hex>` or raw hex signatures, reads secrets from tenant secret storage, and compares with padded `crypto.timingSafeEqual`.
- (2026-05-11) **F034 implemented** in `server/src/lib/inboundWebhooks/authVerifier.ts`. Bearer auth reads `Authorization: Bearer <token>`, loads the tenant secret by vault path metadata, and uses the same timing-safe comparison helper.
- (2026-05-11) **F035 implemented** in `server/src/lib/inboundWebhooks/authVerifier.ts`. IP allowlist auth supports exact IP strings and IPv4 CIDR ranges without adding a new dependency. IPv6 is currently exact-match only; add a CIDR library if IPv6 CIDR support becomes required.
- (2026-05-11) **F036 implemented** in `server/src/lib/inboundWebhooks/authVerifier.ts`. Path-token auth reads the configured query parameter (default `token`), loads the tenant token secret, and compares with the timing-safe helper.
- (2026-05-11) **F037 implemented** in `server/src/lib/inboundWebhooks/responses.ts`. `unauthorizedInboundWebhookResponse()` returns a bodyless `401` `NextResponse` to reuse for unknown tenant, unknown webhook, disabled webhook, and bad auth cases.
- (2026-05-11) **F031 implemented** in `server/src/lib/inboundWebhooks/tenantResolver.ts`. Uses existing `@alga-psa/db.getTenantIdBySlug` and caches positive/negative lookups for 60 seconds; tenant slugs are the existing 12-hex portal slug format derived from tenant UUIDs.
- (2026-05-11) **F032 implemented** in `server/src/lib/inboundWebhooks/configLookup.ts`. `lookupInboundWebhookBySlug(knex, tenant, webhookSlug)` queries `inbound_webhooks` with both `tenant` and `slug`, returning only receiver-needed fields; backed by F001 unique `(tenant, slug)` index.
- (2026-05-11) **F044 implemented** in `server/src/lib/inboundWebhooks/sampleCapture.ts`. `captureInboundWebhookSampleIfRequested` stores the first verified body only while `sample_capture_expires_at > now`, clears the capture window after storing, and leaves existing samples untouched until the admin explicitly re-captures/clears.
- (2026-05-11) **F042 implemented** in `server/src/lib/inboundWebhooks/rateLimitConfig.ts`. Inbound webhooks use the shared Redis token bucket with a distinct `webhook-in` namespace, default to 600/min, and load per-webhook overrides from `inbound_webhooks.rate_limit_per_minute` scoped by tenant and webhook id.
- (2026-05-11) **F030 implemented** with `server/src/app/api/inbound/[tenantSlug]/[webhookSlug]/route.ts` plus shared `server/src/lib/inboundWebhooks/requestProcessor.ts`. The route supports POST/PUT/PATCH, gates on the inbound feature flag, resolves tenant slug, verifies auth, applies rate limit/idempotency, persists deliveries before dispatch, captures samples, and dispatches direct actions through the registry. Workflow dispatch still remains a later feature (F060).
- (2026-05-11) **Bundled integrations already in the codebase** — the user-configurable system complements these, not replaces them:
- **Tanium** (EE) — `ee/server/src/lib/integrations/tanium/` + `taniumGatewayClient.ts`. Outbound sync (devices → assets) + webhook. Uses `ingestNormalizedRmmDeviceSnapshot`.
- **NinjaOne** (EE) — `ee/server/src/lib/integrations/ninjaone/` — has a full inbound webhook implementation (`webhooks/webhookHandler.ts`, `webhooks/webhookRegistration.ts`, `alerts/alertProcessor.ts`, `alerts/ticketCreator.ts`). The user-configurable inbound webhook system is the generic equivalent.
- **Tactical RMM** (CE+EE) — `packages/integrations/src/lib/rmm/tacticalrmm/`. Has webhook secret support (`tacticalrmm_webhook_secret`).
- **Xero, QBO** (EE accounting) — outbound only currently.
- **Entra ID** (EE) — bidirectional user/group sync; Direct mode + CIPP mode.
- **Microsoft Graph / Teams, Google** — OAuth integrations for calendar/messaging.
- (2026-05-11) **`tenant_external_entity_mappings`** is the canonical external-ID-to-Alga-entity lookup table. Created in `server/migrations/20250502173321_create_tenant_external_entity_mappings.cjs`. Schema: `(tenant_id, integration_type, alga_entity_type, alga_entity_id, external_entity_id, external_realm_id, sync_status, last_synced_at, metadata)`. Two unique constraints enforce one-to-one mapping. **The plan uses this instead of adding `external_ref` columns to individual entity tables.**
- (2026-05-11) **`@alga-psa/integrations/lib/rmm/sharedAssetIngestionService`** exports `ingestNormalizedRmmDeviceSnapshot` — the shared device normalization path used by all RMM integrations. The inbound webhook asset action delegates here for RMM-shaped payloads.
- (2026-05-11) **Domain entity surface is large** — 60+ mutable entities across `packages/*/src/actions/`. v1 covers the high-leverage subset (tickets, clients, contacts, assets, invoices, time entries, project tasks, tags). Registry pattern means more can be added per package without touching inbound webhook core.
- (2026-05-11) Outbound webhook system at `server/src/lib/webhooks/` is mature: signing (`X-Alga-Signature` v1), Redis queue, retries, auto-disable, SSRF guards, per-webhook rate limits. Most of this is dispatch-side and not directly reusable for inbound, but the **delivery log + replay** pattern is the right shape to copy.
- (2026-05-11) **OpenAPI infrastructure is in place:**
- Central registry: `server/src/lib/api/openapi/registry.ts`
- Per-area route files: `server/src/lib/api/openapi/routes/*.ts` — outbound webhooks already registered at `routes/webhooks.ts` (model for inbound).
- Generator: `sdk/scripts/generate-openapi.ts` → outputs `sdk/docs/openapi/alga-openapi.{ce,ee}.{yaml,json}`.
- Contract test pattern: `server/src/test/unit/api/projectTasksOpenApi.contract.test.ts`.
- Outbound webhook v1 API: `/api/v1/webhooks`, `/[id]`, `/test`, `/verify`, `/templates`, `/events`, `/analytics`, `/[id]/health`. Mirror this surface for inbound.
- (2026-05-11) Existing Settings UI for outbound: `server/src/components/settings/security/AdminWebhooksSetup.tsx`. Uses DataTable, Dialog, DropdownMenu primitives from `@alga-psa/ui`. Already i18n-ready.
- (2026-05-11) Workflow editor's expression infra is rich:
- `ee/server/src/components/workflow-designer/expression-editor/ExpressionEditor.tsx` — Monaco-based JSONata editor with completion, hover, diagnostics, signature help.
- `ee/server/src/components/workflow-designer/mapping/ExpressionTextArea.tsx` — single-line mapping editor (probably the right entry point for per-field rows).
- `shared/workflow/expression-authoring/``pathDiscovery.ts`, `pathValidation.ts`, `validation.ts`, `context.ts`, adapters for workflow/invoice contexts.
- `shared/workflow/runtime/expressionEngine.ts` — JSONata runtime evaluator. Use at request time to evaluate field mappings.
- (2026-05-11) Context adapter pattern: see `shared/workflow/expression-authoring/adapters/invoiceContextAdapter.ts` for a model of what `webhookPayloadContextAdapter.ts` should look like.
- (2026-05-11) CitusDB multi-tenant rules from CLAUDE.md:
- All queries WHERE on `tenant`
- JOIN conditions include `tenant`
- Composite PKs include `tenant`
- `app.current_tenant` doesn't propagate to all shards — use `withAuth` / `runWithTenant`
- (2026-05-11) Migrations split: CE migrations in `server/migrations/`, EE in `ee/server/migrations/`. Inbound webhooks are CE (community-edition feature).
- (2026-05-11) Authentication wrapper: `withAuth` from `@alga-psa/auth` is the canonical pattern. Sets tenant context via AsyncLocalStorage.
- (2026-05-11) UI reflection: every interactive element needs a kebab-case `id` attribute (e.g. `id="inbound-webhook-create-button"`). Mandatory per CLAUDE.md.
## Commands / Runbooks
- (2026-05-11) Find workflow trigger entrypoint:
- `grep -rn "startWorkflow\|triggerWorkflow\|emit.*workflow" shared/workflow/runtime/ shared/workflow/services/`
- Check `services/workflow-worker/` for the bus consumer.
- (2026-05-11) Test inbound endpoint locally:
- `curl -X POST http://localhost:3000/api/inbound/<tenant>/<slug> -H "X-Signature: ..." -d '{...}'`
- (2026-05-11) Run migrations after changes:
- `npm run migrate`
- (2026-05-11) Reset feature flag in PostHog UI or via API for testing.
- (2026-05-11) Type check after F014:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F015:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F016:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F017:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F018:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F019:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F021:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F022:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F050:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F054:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F061:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F070:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F043:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F038:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F040:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F041:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F033:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F037:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F031:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F032:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F044:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F042:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F030:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F020/F023 dispatcher work:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F1010:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F053:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F1011:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F1012:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F1013:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F1020/F1021 client actions:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F1030:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F1040/F1041 asset actions:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F1050/F1051/F1052 invoice actions:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F1060:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F1070:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F1071:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F1080:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F060:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F072:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F080:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F081:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F082:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F083:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F084:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F085:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F086:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F087:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F088:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F089:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F090:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F091:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F092:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F093:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F094:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F095:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F096:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F100:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F101:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F200:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F201:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F202:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F203:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F204:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F205:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F206:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F207:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F208:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F209:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F210:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F211:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F212:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F213:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F214:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F215:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F216:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F217:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Type check after F218:
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) OpenAPI generation after F220:
- `node sdk/scripts/generate-openapi.ts` (failed: TypeScript ESM directory import without the repo loader)
- `npm run openapi:generate --workspace=sdk -- --edition ce && npm run openapi:generate --workspace=sdk -- --edition ee` (failed: npm matched nested SDK workspaces without that script)
- `(cd sdk && npm run openapi:generate -- --edition ce && npm run openapi:generate -- --edition ee)`
- (2026-05-11) Test/typecheck after F221:
- `(cd server && npm run test -- src/test/unit/api/inboundWebhooksOpenApi.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after F222:
- `(cd server && npm run test -- src/test/unit/api/inboundWebhooksOpenApi.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Audit after F223:
- `rg -n "from '@/lib/actions/inboundWebhookActions'|withAuth|hasPermission|createTenantKnex" server/src/app/api/v1/inbound-webhooks -g'route.ts'`
- `find server/src/app/api/v1/inbound-webhooks -name route.ts -print | sort`
- (2026-05-11) Test/typecheck after T001:
- `(cd server && npm run test -- src/test/unit/migrations/inboundWebhookMigrations.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T002:
- `(cd server && npm run test -- src/test/unit/migrations/inboundWebhookMigrations.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T003:
- `(cd server && npm run test -- src/test/unit/migrations/inboundWebhookMigrations.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T004:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/externalEntityMappings.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T004a:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/externalEntityMappings.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T004b:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/schemas.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T005:
- `(cd server && npm run test -- src/test/unit/migrations/inboundWebhookMigrations.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T006:
- `(cd server && npm run test -- src/test/unit/migrations/inboundWebhookPermissions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T007:
- `(cd server && npm run test -- src/test/unit/migrations/inboundWebhookPermissions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T010:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/schemas.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T011:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/schemas.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T012:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/schemas.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T013:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/schemas.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T014:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/schemas.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T020:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T021:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T022:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T023:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T024:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T025:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T026:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T027:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T028:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T030:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T031:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T032:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T033:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T034:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T035:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T036:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T037:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T038:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T039:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T040:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T041:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T042:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/authVerifier.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T043:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/authVerifier.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T044:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/headerFilter.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T050:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/idempotency.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T051:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/idempotency.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T052:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T053:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/idempotency.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T054:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T055:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/idempotency.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T060:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T061:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/deliveryPersistence.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T062:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T070:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T071:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/rateLimitConfig.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T072:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/rateLimitConfig.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T080:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/sampleCapture.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T081:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/sampleCapture.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T082:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T090:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/actionRegistry.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T091:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/actionRegistry.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T092:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/actionRegistry.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T093:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/mappingEvaluator.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T094:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T095:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T096:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1010:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/ticketInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1011:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/ticketInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1012:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1013:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/ticketInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1014:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/ticketInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1015:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/ticketInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1016:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/ticketInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1020:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/clientInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1021:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/clientInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1022:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/clientInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1030:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/clientInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1031:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/clientInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1040:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/assetInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1041:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/assetInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1042:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/assetInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1050:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/invoiceInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1051:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/invoiceInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1052:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/invoiceInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1053:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/invoiceInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1060:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/timeEntryInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1070:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/projectTaskInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1071:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/projectTaskInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1080:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/tagInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1081:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/tagInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T1082:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/tagInboundActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T110:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/workflowDispatcher.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T111:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/workflowEnvelope.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T112:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/workflowDispatcher.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T113:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T114:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T115:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/workflowDispatcher.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T120:
- `npx vitest run --config shared/vitest.config.ts shared/workflow/expression-authoring/__tests__/coreContracts.test.ts`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T121:
- `npx vitest run --config shared/vitest.config.ts shared/workflow/expression-authoring/__tests__/coreContracts.test.ts`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T122:
- `npx vitest run --config shared/vitest.config.ts shared/workflow/expression-authoring/__tests__/coreContracts.test.ts`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T123:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/InboundWebhookMappingField.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T130:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T131:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T132:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T133:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T134:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T135:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T136:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T137:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T138:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T139:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T140:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T141:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T142:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T143:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T144:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T145:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T146:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T147:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T148:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T149:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T160:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T161:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T162:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/deliveryPersistence.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T163:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookReplay.source.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T164:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookReplay.source.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T165:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T170:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T171:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T180:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/AdminWebhooksSetup.ui.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T181:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T182:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T190:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookTenantScoping.source.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T191:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookTenantScoping.source.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T192:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T193:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T200:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/requestProcessor.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T201:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/workflowDispatcher.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T202:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookActions.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T300:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookRestApiRoutes.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T301:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookRestApiRoutes.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T302:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookRestApiRoutes.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T303:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookRestApiRoutes.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T304:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookRestApiRoutes.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T305:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookRestApiRoutes.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T306:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookRestApiRoutes.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T307-T313:
- `(cd server && npm run test -- src/test/unit/inboundWebhooks/inboundWebhookRestApiRoutes.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
- (2026-05-11) Test/typecheck after T320-T330:
- `(cd server && npm run test -- src/test/unit/api/inboundWebhooksOpenApi.contract.test.ts src/test/unit/inboundWebhooks/inboundWebhookRestApiRoutes.test.ts src/test/unit/inboundWebhooks/inboundWebhookRestApiRoutes.source.contract.test.ts)`
- `npx tsc -p server/tsconfig.json --noEmit --pretty false`
## Links / References
- PRD: `./PRD.md`
- Features: `./features.json`
- Tests: `./tests.json`
- Commit groups (for /loop): `./COMMIT_GROUPS.md`
- Outbound webhook system: `server/src/lib/webhooks/`
- Outbound subscriber: `server/src/lib/eventBus/subscribers/webhookSubscriber.ts`
- Outbound UI: `server/src/components/settings/security/AdminWebhooksSetup.tsx`
- Outbound migrations: `server/migrations/20260505140000_create_webhook_tables.cjs`
- OpenAPI registry: `server/src/lib/api/openapi/registry.ts`
- OpenAPI route file (outbound, model for inbound): `server/src/lib/api/openapi/routes/webhooks.ts`
- OpenAPI generator: `sdk/scripts/generate-openapi.ts`
- OpenAPI output: `sdk/docs/openapi/alga-openapi.{ce,ee}.{yaml,json}`
- Contract test pattern: `server/src/test/unit/api/projectTasksOpenApi.contract.test.ts`
- Workflow expression editor: `ee/server/src/components/workflow-designer/expression-editor/`
- Workflow mapping components: `ee/server/src/components/workflow-designer/mapping/`
- Expression-authoring core: `shared/workflow/expression-authoring/`
- JSONata runtime: `shared/workflow/runtime/expressionEngine.ts`
- Server action auth pattern: CLAUDE.md → "Server Action Authentication Pattern"
- Citus multi-tenant rules: CLAUDE.md → "Critical Multi-Tenant Rules (CitusDB)"
## Open Questions
- **Workflow trigger entrypoint:** Does the engine expose a synchronous `startWorkflow(workflowId, input)` API, or must inbound dispatch via event bus? Reference NinjaOne `alertProcessor.ts` — it may already invoke workflows and would show the pattern. Spike during F060.
- **Tenant slug source:** Tenants need a URL-safe identifier for `/api/inbound/[tenantSlug]/...`. Does an appropriate column exist (e.g. `tenants.url_slug`)? If not, add one in a prerequisite migration.
- **Reserved integration_type collision:** Bundled integrations write to `tenant_external_entity_mappings` with `integration_type` like `'ninjaone'`, `'tactical_rmm'`, `'tanium'`, `'xero'`, `'qbo'`, `'entra'`. User webhook slugs must not collide. Solutions: (a) maintain a reserved-name list and reject; (b) prefix user slugs with `user:` namespace; (c) use a separate column `integration_source` (system vs user). Decide before F003. Lean toward (a) — explicit reject with clear error.
- **Bootstrap action loading:** Server start must load all package action contributions before first inbound request. Static imports from `server/src/lib/inboundWebhooks/actions/bootstrap.ts` is simplest; dynamic discovery supports plugins later but adds complexity.
- **Missing idempotency key behavior:** When idempotency_source is configured but the request doesn't include the key — accept (single dispatch, no dedup) or reject (400)? Lean toward accept-with-warning logged.
- **Sample payload PII:** Captured samples may contain sensitive data. Plan: mark as sensitive, restrict access to webhook owner, no auto-redaction in v1. Revisit if security raises concerns.
- **Replay against changed config:** Documented behavior is "uses current config." Should the delivery detail show a banner if the mapping changed since the original delivery? Nice-to-have, not v1.
- **Delivery retention:** PRD says 30 days for raw body. Confirm with ops/legal that this is acceptable for financial/device data.
- **Rate limit defaults:** 600/min per webhook is a guess. Review against expected RMM alert volumes.
- **`upsertContactByExternalId` client linkage:** Should the action require a `client_external_id` mapped (with lookup) or accept `client_id` directly, or both? Confirm at design time.
- **Consolidation with bundled integrations (v2 candidate):** Should NinjaOne / Tactical RMM eventually consume the same user-configurable webhook plumbing with their secrets/normalizers preset? Out of scope for v1.
Reference in New Issue View Git Blame Copy Permalink