PR Summary

High Risk
Centralizes webhook auth, event filtering, subscription lifecycle, polling setup, and response formatting behind a new provider handler registry, touching the core webhook ingestion/execution path. While mostly a refactor, regressions could impact signature verification, idempotency, and external subscription cleanup across many providers.

Overview
Refactors the webhook system to route all provider-specific behavior (auth/signature checks, challenge handling, reachability tests, event matching/skip logic, idempotency ID extraction, input formatting, file processing, and custom success/error responses) through a getProviderHandler() registry rather than large provider if/else chains.

Moves external subscription lifecycle management into handler methods (createSubscription/deleteSubscription) and updates webhook creation/deploy flows to call optional handler hooks like configurePolling, removing provider-specific orchestration code from route.ts, deploy.ts, and massively simplifying provider-subscriptions.ts.

Updates docs (.claude/commands/add-trigger.md) to instruct adding provider handlers instead of editing orchestration files, tightens types (unknown/Record<string, unknown>), and removes legacy helpers like provider-utils.ts in favor of handler-based idempotency extraction.

^{Reviewed by Cursor Bugbot for commit 220aa91. Configure here.}

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
While these secrets were previously flagged, we no longer have a reference to the
specific commits where they were detected. Once a secret has been leaked into a git
repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.

^{_{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}}

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		Apr 6, 2026 6:39am

@greptile

@cursor review

Greptile Summary

This PR refactors the webhook processing pipeline by extracting 14+ provider-specific if-chains into a clean handler registry pattern. Each of the 30 providers now lives in its own file under lib/webhooks/providers/, implementing only the WebhookProviderHandler interface methods it needs. Shared utilities (createHmacVerifier, verifyTokenAuth, skipByEventTypes) reduce duplication across providers, and processor.ts is cut from ~1468 to ~685 lines.

• Three timing-safe token comparisons added (generic, google-forms, default handler)
• Jira issueEventTypeName bug fix: now correctly passed as string | undefined to isJiraEventMatch
• processTriggerFileOutputs array-aware initializer restored in webhook-execution.ts
• Duplicate generic file-processing block removed
• verifyProviderWebhook merged into per-provider auth handlers
• Minor (P2): unused errorBody in Teams deleteSubscription silently discards Graph API error details
• Minor (P2): non-TSDoc inline comments in airtable.ts violate the project style guide

Confidence Score: 5/5

This PR is safe to merge; all prior P0/P1 issues have been resolved and the remaining findings are P2 style items

All previous review concerns (any types in three helpers, processTriggerFileOutputs array initializer, duplicate generic file processing, and generic requireAuth behavior) have been addressed. Remaining findings are an unused variable in logging and inline comment style violations — neither affects runtime correctness or security.

apps/sim/lib/webhooks/providers/microsoft-teams.ts (unused errorBody in deleteSubscription) and apps/sim/lib/webhooks/providers/airtable.ts (non-TSDoc comments)

Important Files Changed

Sequence Diagram

sequenceDiagram
    participant Client as External Client
    participant Route as route.ts
    participant Processor as processor.ts
    participant Registry as registry.ts
    participant Handler as Provider Handler
    participant Execution as webhook-execution.ts

    Client->>Route: POST /api/webhooks/trigger/{path}
    Route->>Processor: handleProviderChallenges(body, request)
    Processor->>Registry: getProviderHandler(provider)
    Registry-->>Processor: handler
    Processor->>Handler: handler.handleChallenge(body, request)
    Handler-->>Processor: NextResponse | null

    Route->>Processor: findAllWebhooksForPath({path})
    Processor-->>Route: webhooksForPath[]

    loop For each webhook
        Route->>Processor: verifyProviderAuth(webhook, workflow, request)
        Processor->>Registry: getProviderHandler(provider)
        Registry-->>Processor: handler
        Processor->>Handler: handler.verifyAuth(ctx)
        Handler-->>Processor: NextResponse(401) | null
        Route->>Processor: shouldSkipWebhookEvent(webhook, body)
        Processor->>Handler: handler.shouldSkipEvent(ctx)
        Handler-->>Processor: boolean
        Route->>Processor: queueWebhookExecution(webhook, workflow, body)
        Processor->>Handler: handler.matchEvent(ctx)
        Handler-->>Processor: true | false | NextResponse
        Processor->>Handler: handler.enrichHeaders(ctx, headers)
        Processor->>Handler: handler.formatSuccessResponse(providerConfig)
        Processor-->>Route: NextResponse(200)
    end

    Route-->>Client: 200 Webhook processed

    Note over Execution: Async job execution
    Execution->>Registry: getProviderHandler(provider)
    Registry-->>Execution: handler
    Execution->>Handler: handler.formatInput(ctx)
    Handler-->>Execution: FormatInputResult
    Execution->>Handler: handler.processInputFiles(ctx)
    Handler-->>Execution: void
    Execution->>Execution: executeWorkflowCore(snapshot)

_{Reviews (7): Last reviewed commit: "refactor(webhooks): standardize logger n..." | Re-trigger Greptile}

@cursor review

@greptile

@greptile

@cursor review

@cursor review

@greptile

@greptile

@cursor review

@greptile

@cursor review

@greptile

@cursor review