Skip to content

chore(ui): move Outbound Webhooks back to Settings#199

Merged
TerrifiedBug merged 1 commit intomainfrom
chore/move-outbound-webhooks-to-settings
Apr 28, 2026
Merged

chore(ui): move Outbound Webhooks back to Settings#199
TerrifiedBug merged 1 commit intomainfrom
chore/move-outbound-webhooks-to-settings

Conversation

@TerrifiedBug
Copy link
Copy Markdown
Owner

@TerrifiedBug TerrifiedBug commented Apr 28, 2026

Summary

  • Move OutboundWebhooksSection from `alerts/_components` → `settings/webhooks/_components`
  • `/settings/webhooks` now renders the section directly (was a redirect to `/alerts?tab=channels` since fix: minor bug fixes sweep (15 bugs) #176)
  • Drop the section from Alerts > Channels
  • Add an "Outbound Webhooks" card to the Settings overview for discoverability

Why

NotificationChannels (alerts tab) and OutboundWebhooks (event firehose) are different concepts despite both being "webhooks":

  • NotificationChannel — per-environment alert routing. Fires only when an AlertRule evaluates and triggers.
  • OutboundWebhook — team-scoped event firehose. Fires on every occurrence of a subscribed event (deploys, version changes, fleet activity, etc.). No alert rule needed.

Hosting them on the same page conflated the two. Settings is the natural home alongside other integration-style configs (auth, SCIM, audit shipping, telemetry, backup).

Test plan

  • Typecheck + lint clean
  • Full vitest suite passes (2509 tests)
  • Manual: `/alerts?tab=channels` shows only Notification Channels
  • Manual: `/settings/webhooks` renders OutboundWebhooksSection
  • Manual: Settings overview shows the new "Outbound Webhooks" card
  • Manual: command palette `Cmd+K` "Outbound Webhooks" entry routes correctly

@TerrifiedBug
chore(ui): move Outbound Webhooks back to Settings
b2b08bd 
Outbound Webhooks fire on lifecycle events (deploys, version changes,
fleet activity, backup failures) — not alert rule evaluations. Hosting
them under Alerts > Channels conflated two different concepts:

- NotificationChannel: per-environment alert routing (alert rule fires →
  channel delivers)
- OutboundWebhook: team-scoped event firehose (no rule needed)

Move OutboundWebhooksSection to /settings/webhooks (its original home,
which has been a redirect since the consolidation in #176). Settings
already hosts comparable integration-style configs (auth, SCIM, audit
shipping, telemetry, backup), making it the natural place for outbound
event subscriptions.

Also surfaces the section as a card on the Settings overview so it's
discoverable; the command palette entry already pointed at the new URL.

Alerts > Channels now contains only Notification Channels.
@TerrifiedBug TerrifiedBug merged commit bff8ebd into main Apr 28, 2026
12 checks passed
@TerrifiedBug TerrifiedBug deleted the chore/move-outbound-webhooks-to-settings branch April 28, 2026 12:07
TerrifiedBug added a commit that referenced this pull request Apr 28, 2026
@TerrifiedBug
fix(settings): add Outbound Webhooks entry to settings sidebar nav
71b025a 
PR #199 wired the page route and the settings-overview card but left
settings-sidebar-nav.tsx untouched, so the page was unreachable from
the sidebar. Add it to the Organization group alongside Service
Accounts and AI (other team-level integrations) with the Webhook icon.
Non-super-admin so team editors can manage event subscriptions, demo-
hidden to match other integration entries.
@TerrifiedBug TerrifiedBug mentioned this pull request Apr 28, 2026
Merged
5 tasks
TerrifiedBug added a commit that referenced this pull request Apr 28, 2026
@TerrifiedBug
fix(audit): redact NotificationChannel secret config fields in audit …
2b9533f 
…log (#200)

* fix(audit): redact NotificationChannel secret config fields in audit log

The audit middleware sanitizer (src/server/middleware/audit.ts) only
redacted exact-key matches for password/token/secret/etc. Channel-config
secret fields slipped through unredacted, causing AuditLog.metadata to
store plaintext webhook signing secrets, SMTP passwords, PagerDuty
routing keys, and webhook URLs (which often embed auth tokens) on every
notificationChannel.created / .updated / .deleted action.

This undermined the encrypt-at-rest fix landed in PR #198, which closed
plaintext storage in the channel.config column itself but left the
audit-log side channel open.

Changes:
- Add hmacSecret, smtpPass, integrationKey, webhookUrl to SENSITIVE_KEYS.
- Extract SENSITIVE_KEYS / sanitizeInput / computeDiff into a separate
  audit-sanitize module so they can be unit-tested without pulling in
  the full Prisma + NextAuth runtime via the middleware barrel.
- Add unit tests covering top-level redaction, nested config redaction,
  arrays of channels, primitive passthrough, null/undefined, and
  presence of the new keys in the set.

* fix(settings): add Outbound Webhooks entry to settings sidebar nav

PR #199 wired the page route and the settings-overview card but left
settings-sidebar-nav.tsx untouched, so the page was unreachable from
the sidebar. Add it to the Organization group alongside Service
Accounts and AI (other team-level integrations) with the Webhook icon.
Non-super-admin so team editors can manage event subscriptions, demo-
hidden to match other integration entries.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ignore-for-release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TerrifiedBug