fix(webhooks): build events indexes concurrently and allow profile update

[apoorvdixit88]

Type of Change

• Bugfix
• New feature
• Enhancement
• Refactoring
• Dependency updates
• Documentation
• CI/CD

Description

Two follow-up fixes for #11643 (platform-aware outgoing webhook delivery):

1. Build the events.initiator_merchant_id indexes with CREATE INDEX CONCURRENTLY. The original migration 2026-04-09-103802_add_initiator_merchant_id_to_events created the unique and secondary indexes without CONCURRENTLY, which takes an ACCESS EXCLUSIVE lock on events and blocks reads/writes for the duration of the build on a large table. The CREATE INDEX statements have been removed from that migration and moved to two new migrations (one statement per file, since Diesel batches multiple statements in a single up.sql into one query which Postgres implicitly wraps in a transaction — CONCURRENTLY cannot run inside a transaction):

   • 2026-05-26-004557_recreate_events_initiator_merchant_id_event_id_index_concurrently
   • 2026-05-26-004558_recreate_events_initiator_merchant_id_initial_attempt_id_index_concurrently

   Both migrations use IF NOT EXISTS and set run_in_transaction = false, so environments that already ran the original migration get a no-op.

2. Allow platform JWT on the v1 profile_update route. JWTAuthMerchantAndProfileFromRoute on PATCH /account/:merchant_id/business_profile/:profile_id was set to allow_platform: false, blocking a platform-account dashboard user from updating the webhook endpoint configuration on the platform profile. Flipped to allow_platform: true.

Additional Changes

• This PR modifies the API contract
• This PR modifies the database schema
• This PR modifies application configuration/environment variables

Database schema changes:

• migrations/2026-04-09-103802_add_initiator_merchant_id_to_events/up.sql, down.sql (remove non-concurrent index statements)
• migrations/2026-05-26-004557_recreate_events_initiator_merchant_id_event_id_index_concurrently/ (new)
• migrations/2026-05-26-004558_recreate_events_initiator_merchant_id_initial_attempt_id_index_concurrently/ (new)

Motivation and Context

Fixes bugs introduced in #11643. Tracking sub-issue: juspay/hyperswitch-cloud#16331 (sub-issue of #14710 — Platform Milestone 3).

The non-concurrent index build blocks the events table on production-scale data; the JWT allow_platform: false setting blocks the platform onboarding flow that needs to write webhook_details on the platform profile.

How did you test it?

• Ran diesel migration run locally against a fresh DB and confirmed both indexes are created concurrently with no errors. (Initial single-file version surfaced CREATE INDEX CONCURRENTLY cannot run inside a transaction block; resolved by splitting into one statement per migration.)
• Manually verified the JWT auth change by calling PATCH /account/:merchant_id/business_profile/:profile_id with a platform-account JWT and a webhook_details payload; the request now succeeds where it previously failed authorization.

Checklist

• I formatted the code cargo +nightly fmt --all
• I addressed lints thrown by cargo clippy
• I reviewed the submitted code
• I added unit tests for my changes where possible

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
crates/router/src/routes/profiles.rs	0% smaller
migrations/2026-04-09-103802_add_initiator_merchant_id_to_events/down.sql	Unsupported file format
migrations/2026-04-09-103802_add_initiator_merchant_id_to_events/up.sql	Unsupported file format
migrations/2026-05-26-004557_recreate_events_initiator_merchant_id_event_id_index_concurrently/down.sql	Unsupported file format
migrations/2026-05-26-004557_recreate_events_initiator_merchant_id_event_id_index_concurrently/metadata.toml	Unsupported file format
migrations/2026-05-26-004557_recreate_events_initiator_merchant_id_event_id_index_concurrently/up.sql	Unsupported file format
migrations/2026-05-26-004558_recreate_events_initiator_merchant_id_initial_attempt_id_index_concurrently/down.sql	Unsupported file format
migrations/2026-05-26-004558_recreate_events_initiator_merchant_id_initial_attempt_id_index_concurrently/metadata.toml	Unsupported file format
migrations/2026-05-26-004558_recreate_events_initiator_merchant_id_initial_attempt_id_index_concurrently/up.sql	Unsupported file format

[XyneSpaces]

Verdict: ✅ Approve

No blocking issues found.

Classification: Core (database migrations + auth routes)
Risk: Low — split migrations safely address production locking issue; auth change aligns platform permissions.

Both fixes are well-structured:

• Concurrent index builds prevent events table lock during deployment
• One-statement-per-migration pattern with run_in_transaction = false correctly handles Diesel's implicit transaction wrapping
• allow_platform: true fix unblocks legitimate platform profile updates