feat: add secure webhook delivery transport#93
Merged
Conversation
Require an executor-owned exact-host allowlist, reject non-public literal and DNS-resolved destinations, and pin validated addresses during HTTPS delivery. Bound resolution and address failover under one deadline and fail closed on transport errors. Signed-off-by: Your Name <you@example.com>
jmcte
enabled auto-merge (squash)
July 17, 2026 23:19
athena-omt
approved these changes
Jul 17, 2026
athena-omt
left a comment
Contributor
There was a problem hiding this comment.
Approved for the current head. The transport enforces the executor-owned exact-host allowlist, HTTPS/443, credential rejection, public-address DNS validation, and pinned-address HTTPS connections with a bounded deadline. Reviewed the CLI call path and notification tests; no unresolved threads or prior reviews. Validation passed: targeted notifications/CLI tests (20), full check suite (119), build, and both published workflows (PR Fast CI and AI Attestation).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
mainafter the prior secure transport merged only into an intermediate branch and was reverted before test: restore conformance warning fixture #89 landed.BOOTSTRAP_NOTIFICATION_WEBHOOK_ALLOWED_HOSTSexact-host allowlist before delivery.Governing Issue
Closes #55
Validation
autoreviewagainst the intended PR diff with no accepted/actionable findings/Users/johnteneyckjr./.codex/skills/autoreview/scripts/autoreview --mode branch --base origin/main— clean, no accepted/actionable findings; patch correct (0.90)CI GateLocal checks on commit
129188f:npm test -- --run tests/notifications.test.ts tests/cli.test.ts— 20 tests passednpm run check— 21 test files, 119 tests passednpm run build— passedgit diff --check origin/main...HEAD— passedThe first autoreview invocation also ran the test command in its isolated temporary home. Source review was clean, but
tsxcould not create its IPC socket because the isolated path exceeded the platform socket limit. The identical test command passed in the real checkout, and the final source-only autoreview rerun exited cleanly.Bootstrap Governance
CONTRIBUTING.md,.github/PULL_REQUEST_TEMPLATE.md, anddocs/bootstrap/onboarding.mdwhen applicableMaterial change: no
ADR: not required
Merge Automation
gh pr merge --auto --squash, or the reason it is unavailable/unsafe is noted belowSquash auto-merge will be armed after PR creation; protected
mainstill requires independent approval.Notes
main; this replacement applies the focused transport directly to currentmain.agent: false, preventing a pooled socket from bypassing the validated pinned address.