feat: add secure webhook delivery transport#92
Merged
jmcte merged 1 commit intoJul 16, 2026
Merged
Conversation
Require an executor-owned exact-host allowlist, reject non-public literal and DNS-resolved destinations, and pin validated addresses during HTTPS delivery. Bound resolution and address failover under one deadline and fail closed on transport errors. Signed-off-by: Your Name <you@example.com>
9 tasks
jmcte
pushed a commit
that referenced
this pull request
Jul 16, 2026
This reverts commit 77a486e. Signed-off-by: Your Name <you@example.com>
jmcte
added a commit
that referenced
this pull request
Jul 16, 2026
* test: restore conformance warning fixture Keep the canonical conformance fixture aligned with ownership-sidecar enforcement while preserving distinct warning exit semantics. Refs #58. Signed-off-by: Your Name <you@example.com> * feat: resolve publisher and class deviations (#90) Add publisher-neutral spending thresholds and require valid scoped exceptions when a repository cannot yet declare a canonical class. Closes #56. Signed-off-by: Your Name <you@example.com> Co-authored-by: Your Name <you@example.com> * feat: deliver governed material notifications (#91) Add plan-first GitHub and webhook delivery, verified maintainer approvals for hard stops, and expiring-exception notification execution. Closes #55. Signed-off-by: Your Name <you@example.com> Co-authored-by: Your Name <you@example.com> * fix: restrict notification webhook destinations Require an executor-owned exact-host allowlist, reject non-public literal and DNS-resolved addresses, and pin validated addresses with bounded failover under one delivery deadline. Addresses the security review on #89. Signed-off-by: Your Name <you@example.com> * refactor: split secure webhook transport Keep notification planning, governing-record delivery, and hard-stop verification in this review lane while failing the configured webhook destination closed. The secure network transport moves to a smaller stacked follow-up so both pull requests satisfy the review-size policy. Signed-off-by: Your Name <you@example.com> * feat: add secure webhook delivery transport (#92) Require an executor-owned exact-host allowlist, reject non-public literal and DNS-resolved destinations, and pin validated addresses during HTTPS delivery. Bound resolution and address failover under one deadline and fail closed on transport errors. Signed-off-by: Your Name <you@example.com> Co-authored-by: Your Name <you@example.com> * Revert "feat: add secure webhook delivery transport (#92)" This reverts commit 77a486e. Signed-off-by: Your Name <you@example.com> * fix: clarify disabled webhook delivery in CLI help Signed-off-by: daedalus-omt <268206840+daedalus-omt@users.noreply.github.com> --------- Signed-off-by: Your Name <you@example.com> Signed-off-by: daedalus-omt <268206840+daedalus-omt@users.noreply.github.com> Co-authored-by: Your Name <you@example.com> Co-authored-by: daedalus-omt <268206840+daedalus-omt@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
BOOTSTRAP_NOTIFICATION_WEBHOOK_ALLOWED_HOSTSexact-host allowlist before webhook delivery.Governing Issue
Closes #55
Validation
autoreviewagainst the intended PR diff with no accepted/actionable findings/Users/johnteneyckjr./.codex/skills/autoreview/scripts/autoreview --mode branch --base origin/codex/issue-58-conformance-fixture— final rerun clean, no accepted/actionable findings; patch correct (0.88)CI GateLocal checks on commit
b2fb7ef:npm run check— 20 test files, 118 tests passednpm run build— passednpm test -- --run tests/notifications.test.ts— 19 tests passed after the shared-agent fixgit diff --check origin/codex/issue-58-conformance-fixture...HEAD— passedBootstrap Governance
CONTRIBUTING.md,.github/PULL_REQUEST_TEMPLATE.md, anddocs/bootstrap/onboarding.mdwhen applicableMaterial change: no
ADR: not required
Merge Automation
gh pr merge --auto --squash, or the reason it is unavailable/unsafe is noted belowSquash auto-merge will be enabled after PR creation; merge remains ordered behind #89.
Notes
agent: falseon each pinned webhook request.