fix(service): use mountWebhookRoutes to avoid double-slash in OpenAPI spec

app.route('', subApp) in OpenAPIHono prefixes all sub-app paths with an empty
string, producing "//webhooks/{credential_id}" in the generated spec. Switch to
mountWebhookRoutes(app, push_event) which registers the route directly on the
parent app. Regenerate docs/openapi/service.json accordingly.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Committed-By-Agent: claude

Author: tonyxiao

apps/service/src/api/app.ts

@@ -23,7 +23,7 @@ import {
   fileStateStore,
   fileLogSink,
 } from '../lib/stores-fs.js'
-import { createWebhookApp } from './webhook-app.js'
+import { mountWebhookRoutes } from './webhook-app.js'
 
 // MARK: - Helpers
 
@@ -796,7 +796,7 @@ export function createApp(options?: AppOptions) {
 
   // MARK: - Webhook ingress (mounted from webhook-app.ts)
 
-  app.route('', createWebhookApp({ push_event: (id, e) => service.push_event(id, e) }))
+  mountWebhookRoutes(app, (id, e) => service.push_event(id, e))
 
   // MARK: - OpenAPI spec + Swagger UI
 

apps/service/src/api/webhook-app.ts

@@ -5,6 +5,47 @@ export interface WebhookAppOptions {
   push_event: (credentialId: string, event: unknown) => void
 }
 
+const WebhookParam = z.object({
+  credential_id: z.string().openapi({
+    param: { name: 'credential_id', in: 'path' },
+    example: 'cred_abc123',
+  }),
+})
+
+const webhookRoute = createRoute({
+  operationId: 'pushWebhook',
+  method: 'post',
+  path: '/webhooks/{credential_id}',
+  tags: ['Webhooks'],
+  summary: 'Ingest a Stripe webhook event',
+  description:
+    "Receives a raw Stripe webhook event, verifies its signature using the credential's webhook secret, and enqueues it for processing by the active sync.",
+  request: { params: WebhookParam },
+  responses: {
+    200: {
+      content: { 'text/plain': { schema: z.literal('ok') } },
+      description: 'Event accepted',
+    },
+  },
+})
+
+/**
+ * Register POST /webhooks/{credential_id} directly on any OpenAPIHono app.
+ * Used by both `createApp` (single-process) and `createWebhookApp` (standalone).
+ */
+export function mountWebhookRoutes(
+  app: OpenAPIHono,
+  push_event: (credentialId: string, event: unknown) => void
+) {
+  app.openapi(webhookRoute, async (c) => {
+    const { credential_id } = c.req.valid('param')
+    const body = await c.req.text()
+    const headers = Object.fromEntries(c.req.raw.headers.entries())
+    push_event(credential_id, { body, headers })
+    return c.text('ok', 200)
+  })
+}
+
 /**
  * Standalone webhook ingress app — POST /webhooks/{credential_id}.
  *
@@ -13,7 +54,7 @@ export interface WebhookAppOptions {
  * signals the matching workflow(s) via TemporalBridge.
  *
  * Used in two ways:
- *   1. Mounted inside the main service app for single-process dev.
+ *   1. Mounted inside the main service app via `mountWebhookRoutes` for single-process dev.
  *   2. As a standalone server via `sync-service webhook` for production
  *      deployments where webhook ingress runs on its own port/host.
  */
@@ -25,39 +66,6 @@ export function createWebhookApp({ push_event }: WebhookAppOptions) {
       }
     },
   })
-
-  const WebhookParam = z.object({
-    credential_id: z.string().openapi({
-      param: { name: 'credential_id', in: 'path' },
-      example: 'cred_abc123',
-    }),
-  })
-
-  app.openapi(
-    createRoute({
-      operationId: 'pushWebhook',
-      method: 'post',
-      path: '/webhooks/{credential_id}',
-      tags: ['Webhooks'],
-      summary: 'Ingest a Stripe webhook event',
-      description:
-        "Receives a raw Stripe webhook event, verifies its signature using the credential's webhook secret, and enqueues it for processing by the active sync.",
-      request: { params: WebhookParam },
-      responses: {
-        200: {
-          content: { 'text/plain': { schema: z.literal('ok') } },
-          description: 'Event accepted',
-        },
-      },
-    }),
-    async (c) => {
-      const { credential_id } = c.req.valid('param')
-      const body = await c.req.text()
-      const headers = Object.fromEntries(c.req.raw.headers.entries())
-      push_event(credential_id, { body, headers })
-      return c.text('ok', 200)
-    }
-  )
-
+  mountWebhookRoutes(app, push_event)
   return app
 }

docs/openapi/service.json

@@ -3,7 +3,7 @@
   "info": {
     "title": "Stripe Sync Service",
     "version": "1.0.0",
-    "description": "Stripe Sync Service — manage credentials, syncs, and webhook ingress.\n\n## Endpoints\n\n| Method | Path | Summary |\n|--------|------|---------|\n| GET | /health | Health check |\n| GET | /credentials | List credentials |\n| POST | /credentials | Create credential |\n| GET | /credentials/{id} | Retrieve credential |\n| PATCH | /credentials/{id} | Update credential |\n| DELETE | /credentials/{id} | Delete credential |\n| GET | /syncs | List syncs |\n| POST | /syncs | Create sync |\n| GET | /syncs/{id} | Retrieve sync |\n| PATCH | /syncs/{id} | Update sync |\n| DELETE | /syncs/{id} | Delete sync |\n| POST | /syncs/{id}/setup | Set up destination schema for a sync |\n| POST | /syncs/{id}/teardown | Tear down destination schema for a sync |\n| GET | /syncs/{id}/check | Check connector connection for a sync |\n| POST | /syncs/{id}/read | Read records from the sync source |\n| POST | /syncs/{id}/write | Write records to the sync destination |\n| POST | /syncs/{id}/sync | Run sync pipeline (read → write) |\n| POST | /syncs/{id}/pause | Pause a running sync (Temporal mode only) |\n| POST | /syncs/{id}/resume | Resume a paused sync (Temporal mode only) |\n| POST | //webhooks/{credential_id} | Ingest a Stripe webhook event |"
+    "description": "Stripe Sync Service — manage credentials, syncs, and webhook ingress.\n\n## Endpoints\n\n| Method | Path | Summary |\n|--------|------|---------|\n| GET | /health | Health check |\n| GET | /credentials | List credentials |\n| POST | /credentials | Create credential |\n| GET | /credentials/{id} | Retrieve credential |\n| PATCH | /credentials/{id} | Update credential |\n| DELETE | /credentials/{id} | Delete credential |\n| GET | /syncs | List syncs |\n| POST | /syncs | Create sync |\n| GET | /syncs/{id} | Retrieve sync |\n| PATCH | /syncs/{id} | Update sync |\n| DELETE | /syncs/{id} | Delete sync |\n| POST | /syncs/{id}/setup | Set up destination schema for a sync |\n| POST | /syncs/{id}/teardown | Tear down destination schema for a sync |\n| GET | /syncs/{id}/check | Check connector connection for a sync |\n| POST | /syncs/{id}/read | Read records from the sync source |\n| POST | /syncs/{id}/write | Write records to the sync destination |\n| POST | /syncs/{id}/sync | Run sync pipeline (read → write) |\n| POST | /syncs/{id}/pause | Pause a running sync (Temporal mode only) |\n| POST | /syncs/{id}/resume | Resume a paused sync (Temporal mode only) |\n| POST | /webhooks/{credential_id} | Ingest a Stripe webhook event |"
   },
   "components": {
     "schemas": {},
@@ -1331,7 +1331,7 @@
         }
       }
     },
-    "//webhooks/{credential_id}": {
+    "/webhooks/{credential_id}": {
       "post": {
         "operationId": "pushWebhook",
         "tags": ["Webhooks"],