feat(trogon-gateway): unify Notion ingress

[yordis]

• Bring Notion into the shared gateway so workspace activity can flow through the same ingress path and downstream routing model as the other sources.
• Preserve Notion's verification handshake so the integration can be onboarded without a separate bootstrap service or manual code changes between setup and steady state.
• Surface the required operator configuration in compose and gateway docs so the integration can be enabled consistently and with less setup friction.

[cursor]

PR Summary

Medium Risk
Adds a new externally-facing /notion/webhook ingress with HMAC signature verification and new JetStream publishing/stream provisioning paths, which could impact gateway routing and event delivery if misconfigured.

Overview
Adds Notion as a first-class source in trogon-gateway, including config parsing/validation, stream provisioning, and HTTP routing at /notion/webhook.

Introduces a new trogon-source-notion crate that verifies X-Notion-Signature (HMAC-SHA256) and publishes verified events to JetStream on {subject_prefix}.{type}; malformed/unroutable payloads are forwarded to {subject_prefix}.unroutable, and subscription verification payloads are forwarded to {subject_prefix}.subscription.verification.

Updates local Docker Compose and gateway docs to expose the required TROGON_SOURCE_NOTION_* environment variables and document the Notion webhook setup.

^{Reviewed by Cursor Bugbot for commit 8eb07fa. Bugbot is set up for automated code reviews on this repo. Configure here.}

[coderabbitai]

Warning

Rate limit exceeded

@yordis has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 8 minutes and 6 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 8 minutes and 6 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fad9eccb-da9b-44b4-8015-8c838e36b622

📥 Commits

Reviewing files that changed from the base of the PR and between dc1c52a and 8eb07fa.

⛔ Files ignored due to path filters (1)

• rsworkspace/Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (16)

• devops/docker/compose/.env.example
• devops/docker/compose/compose.yml
• devops/docker/compose/services/trogon-gateway/README.md
• rsworkspace/Cargo.toml
• rsworkspace/crates/trogon-gateway/Cargo.toml
• rsworkspace/crates/trogon-gateway/src/config.rs
• rsworkspace/crates/trogon-gateway/src/http.rs
• rsworkspace/crates/trogon-gateway/src/streams.rs
• rsworkspace/crates/trogon-source-notion/Cargo.toml
• rsworkspace/crates/trogon-source-notion/src/config.rs
• rsworkspace/crates/trogon-source-notion/src/constants.rs
• rsworkspace/crates/trogon-source-notion/src/lib.rs
• rsworkspace/crates/trogon-source-notion/src/notion_event_type.rs
• rsworkspace/crates/trogon-source-notion/src/notion_verification_token.rs
• rsworkspace/crates/trogon-source-notion/src/server.rs
• rsworkspace/crates/trogon-source-notion/src/signature.rs

Walkthrough

Adds a new Notion webhook source: new Docker Compose/env variables and docs, a new Rust crate trogon-source-notion (config, verification token, event types, signature verification, router, provisioning, publishing), and gateway wiring to mount the route and provision the stream.

Changes

Cohort / File(s)	Summary
Docker Compose devops/docker/compose/.env.example, devops/docker/compose/compose.yml	Added commented .env placeholders and Compose env entries for Notion: verification token, subject prefix, stream name, stream max age, and NATS ack timeout.
Gateway Docs devops/docker/compose/services/trogon-gateway/README.md	Documented /notion/webhook, required TROGON_SOURCE_NOTION_VERIFICATION_TOKEN, and subject naming for forwarded events.
Workspace Manifests rsworkspace/Cargo.toml, rsworkspace/crates/trogon-gateway/Cargo.toml	Added workspace dependency and gateway crate dependency on trogon-source-notion.
Gateway Integration rsworkspace/crates/trogon-gateway/src/config.rs, .../http.rs, .../streams.rs	Added sources.notion config resolution and validation, conditional mounting of /notion router, and conditional provisioning call; updated tests/fixtures to include notion.
New Crate Manifest rsworkspace/crates/trogon-source-notion/Cargo.toml	New crate manifest declaring runtime and dev dependencies (async-nats, axum, crypto crates, trogon-* workspace crates).
Notion Config & Constants rsworkspace/crates/trogon-source-notion/src/config.rs, .../constants.rs	Added public NotionConfig and constants (header name, HTTP body size max, NATS header keys).
Core Types rsworkspace/crates/trogon-source-notion/src/notion_verification_token.rs, .../notion_event_type.rs	Added NotionVerificationToken (secret wrapper with redacted Debug) and NotionEventType validated wrapper plus error types and tests.
Signature Verification rsworkspace/crates/trogon-source-notion/src/signature.rs	HMAC-SHA256 verification with SignatureError variants and unit tests covering prefix, hex, mismatch cases.
Server / Router rsworkspace/crates/trogon-source-notion/src/server.rs, .../lib.rs	Axum router and POST /webhook handler, stream provisioning, claim-check publisher wiring, verification and event flows (publish to JetStream or unroutable subjects), with unit tests.

Sequence Diagram

sequenceDiagram
    participant Notion as Notion Service
    participant Gateway as trogon-gateway (/notion/webhook)
    participant Sig as Signature Verifier
    participant NATS as NATS JetStream

    Note over Notion,Gateway: POST /notion/webhook (body, X-Notion-Signature)
    Notion->>Gateway: POST /notion/webhook (body, X-Notion-Signature)
    Gateway->>Sig: verify(secret, body, X-Notion-Signature)
    alt Subscription verification (no "type")
        Gateway->>NATS: publish {prefix}.subscription.verification (raw body)
        NATS-->>Gateway: ack
        Gateway-->>Notion: 200 OK
    else Signature missing/invalid
        Sig-->>Gateway: Error
        Gateway->>NATS: publish {prefix}.unroutable (reject reason)
        Gateway-->>Notion: 401/200 (per flow)
    else Normal event (signature valid)
        Gateway->>Gateway: parse JSON, extract type -> NotionEventType
        alt Invalid JSON or missing/invalid type
            Gateway->>NATS: publish {prefix}.unroutable (reject reason)
            NATS-->>Gateway: ack
            Gateway-->>Notion: 200 OK
        else Valid event
            Gateway->>NATS: publish {prefix}.{event_type} (with headers)
            NATS-->>Gateway: ack / error
            Gateway-->>Notion: 200 OK / 500
        end
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• feat(trogon-source-linear): add Linear webhook receiver #92 — Adds a parallel trogon-source-* webhook receiver and makes similar gateway/compose/workspace changes.
• feat(trogon-nats, acp-nats): add JetStream integration foundation #65 — Provides JetStream provisioning/publishing traits and utilities used by the new Notion source.
• feat: add incident.io gateway source #114 — Performs similar integration work adding a new gateway source crate and updates to workspace/Cargo and gateway wiring.

Poem

🐇 I found a signed Notion note beneath a log so fine,
HMAC checked the rabbit trail and kept my token mine,
Events hop onto NATS with headers neat and bright,
Streams are provisioned, routed — I cheer them through the night!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 48.84% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat(trogon-gateway): unify Notion ingress' clearly and concisely describes the main change: integrating Notion into the shared gateway architecture.
Description check	✅ Passed	The description is directly related to the changeset, outlining the three key objectives: unifying Notion ingress, preserving verification handshake, and documenting configuration.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch yordis/feat-notion-webhooks

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Code Coverage Summary

Details

Filename                                                                      Stmts    Miss  Cover    Missing
--------------------------------------------------------------------------  -------  ------  -------  ---------------------------------------------------------------------------------------------
crates/trogon-std/src/dirs/system.rs                                             76       0  100.00%
crates/trogon-std/src/dirs/fixed.rs                                              84       0  100.00%
crates/acp-nats/src/client/session_update.rs                                     55       0  100.00%
crates/acp-nats/src/client/ext_session_prompt_response.rs                       157       0  100.00%
crates/acp-nats/src/client/fs_read_text_file.rs                                 384       0  100.00%
crates/acp-nats/src/client/terminal_output.rs                                   223       0  100.00%
crates/acp-nats/src/client/terminal_wait_for_exit.rs                            396       0  100.00%
crates/acp-nats/src/client/ext.rs                                               365       8  97.81%   193-204, 229-240
crates/acp-nats/src/client/mod.rs                                              2987       0  100.00%
crates/acp-nats/src/client/terminal_release.rs                                  357       0  100.00%
crates/acp-nats/src/client/rpc_reply.rs                                          71       0  100.00%
crates/acp-nats/src/client/fs_write_text_file.rs                                451       0  100.00%
crates/acp-nats/src/client/request_permission.rs                                338       0  100.00%
crates/acp-nats/src/client/terminal_create.rs                                   294       0  100.00%
crates/acp-nats/src/client/terminal_kill.rs                                     309       0  100.00%
crates/trogon-source-slack/src/server.rs                                        954       0  100.00%
crates/trogon-source-slack/src/config.rs                                         17       0  100.00%
crates/trogon-source-slack/src/signature.rs                                      80       0  100.00%
crates/acp-nats/src/agent/ext_notification.rs                                    88       0  100.00%
crates/acp-nats/src/agent/load_session.rs                                       101       0  100.00%
crates/acp-nats/src/agent/set_session_config_option.rs                           71       0  100.00%
crates/acp-nats/src/agent/close_session.rs                                       67       0  100.00%
crates/acp-nats/src/agent/cancel.rs                                             105       0  100.00%
crates/acp-nats/src/agent/logout.rs                                              49       0  100.00%
crates/acp-nats/src/agent/initialize.rs                                          83       0  100.00%
crates/acp-nats/src/agent/set_session_model.rs                                   71       0  100.00%
crates/acp-nats/src/agent/set_session_mode.rs                                    71       0  100.00%
crates/acp-nats/src/agent/js_request.rs                                         304       0  100.00%
crates/acp-nats/src/agent/prompt.rs                                             633       0  100.00%
crates/acp-nats/src/agent/authenticate.rs                                        52       0  100.00%
crates/acp-nats/src/agent/fork_session.rs                                       106       0  100.00%
crates/acp-nats/src/agent/ext_method.rs                                          92       0  100.00%
crates/acp-nats/src/agent/bridge.rs                                             123       4  96.75%   109-112
crates/acp-nats/src/agent/test_support.rs                                       299       0  100.00%
crates/acp-nats/src/agent/mod.rs                                                 65       0  100.00%
crates/acp-nats/src/agent/new_session.rs                                         91       0  100.00%
crates/acp-nats/src/agent/list_sessions.rs                                       50       0  100.00%
crates/acp-nats/src/agent/resume_session.rs                                     102       0  100.00%
crates/trogon-std/src/fs/mem.rs                                                 220      10  95.45%   61-63, 77-79, 133-135, 158
crates/trogon-std/src/fs/system.rs                                              102       0  100.00%
crates/acp-nats/src/nats/subjects/subscriptions/all_agent.rs                     11       0  100.00%
crates/acp-nats/src/nats/subjects/subscriptions/one_session.rs                   18       0  100.00%
crates/acp-nats/src/nats/subjects/subscriptions/all_client.rs                    11       0  100.00%
crates/acp-nats/src/nats/subjects/subscriptions/global_all.rs                    11       0  100.00%
crates/acp-nats/src/nats/subjects/subscriptions/all_session.rs                   11       0  100.00%
crates/acp-nats/src/nats/subjects/subscriptions/one_agent.rs                     18       0  100.00%
crates/acp-nats/src/nats/subjects/subscriptions/one_client.rs                    18       0  100.00%
crates/acp-nats/src/nats/subjects/subscriptions/prompt_wildcard.rs               11       0  100.00%
crates/acp-nats/src/nats/subjects/subscriptions/all_agent_ext.rs                 11       0  100.00%
crates/acp-nats/src/nats/subjects/mod.rs                                        380       0  100.00%
crates/acp-nats/src/nats/subjects/stream.rs                                      58       0  100.00%
crates/trogon-source-notion/src/server.rs                                       351       8  97.72%   100-104, 137-138, 162-163
crates/trogon-source-notion/src/signature.rs                                     63       1  98.41%   32
crates/trogon-source-notion/src/notion_event_type.rs                             48       3  93.75%   49-51
crates/trogon-source-notion/src/notion_verification_token.rs                     17       0  100.00%
crates/trogon-nats/src/jetstream/mocks.rs                                       740      44  94.05%   368-382, 388-396, 411-422, 436-446, 514-516
crates/trogon-nats/src/jetstream/traits.rs                                       43      43  0.00%    140-208
crates/trogon-nats/src/jetstream/publish.rs                                      64       0  100.00%
crates/trogon-nats/src/jetstream/claim_check.rs                                 368       0  100.00%
crates/trogon-nats/src/jetstream/stream_max_age.rs                               18       0  100.00%
crates/acp-nats/src/telemetry/metrics.rs                                         65       0  100.00%
crates/trogon-source-linear/src/config.rs                                        17       0  100.00%
crates/trogon-source-linear/src/server.rs                                       392       0  100.00%
crates/trogon-source-linear/src/signature.rs                                     54       1  98.15%   16
crates/trogon-std/src/duration.rs                                                45       0  100.00%
crates/trogon-std/src/args.rs                                                    10       0  100.00%
crates/trogon-std/src/json.rs                                                    30       0  100.00%
crates/trogon-std/src/http.rs                                                    19       0  100.00%
crates/trogon-std/src/secret_string.rs                                           35       0  100.00%
crates/acp-nats/src/nats/extensions.rs                                            3       0  100.00%
crates/acp-nats/src/nats/mod.rs                                                  23       0  100.00%
crates/acp-nats/src/nats/parsing.rs                                             285       1  99.65%   153
crates/acp-nats-agent/src/connection.rs                                        1434       1  99.93%   686
crates/acp-nats/src/nats/subjects/global/session_new.rs                           8       0  100.00%
crates/acp-nats/src/nats/subjects/global/ext.rs                                  12       0  100.00%
crates/acp-nats/src/nats/subjects/global/initialize.rs                            8       0  100.00%
crates/acp-nats/src/nats/subjects/global/ext_notify.rs                           12       0  100.00%
crates/acp-nats/src/nats/subjects/global/logout.rs                                8       0  100.00%
crates/acp-nats/src/nats/subjects/global/session_list.rs                          8       0  100.00%
crates/acp-nats/src/nats/subjects/global/authenticate.rs                          8       0  100.00%
crates/acp-nats/src/nats/subjects/responses/update.rs                            27       0  100.00%
crates/acp-nats/src/nats/subjects/responses/ext_ready.rs                         15       0  100.00%
crates/acp-nats/src/nats/subjects/responses/prompt_response.rs                   27       0  100.00%
crates/acp-nats/src/nats/subjects/responses/cancelled.rs                         18       0  100.00%
crates/acp-nats/src/nats/subjects/responses/response.rs                          20       0  100.00%
crates/trogon-nats/src/client.rs                                                 25      25  0.00%    50-89
crates/trogon-nats/src/auth.rs                                                  119       0  100.00%
crates/trogon-nats/src/nats_token.rs                                            161       0  100.00%
crates/trogon-nats/src/token.rs                                                   8       0  100.00%
crates/trogon-nats/src/mocks.rs                                                 304       0  100.00%
crates/trogon-nats/src/messaging.rs                                             552       2  99.64%   132, 142
crates/trogon-nats/src/connect.rs                                               105      11  89.52%   22-24, 37, 49, 68-73
crates/trogon-service-config/src/lib.rs                                          98       0  100.00%
crates/acp-nats-stdio/src/config.rs                                              72       0  100.00%
crates/acp-nats-stdio/src/main.rs                                               141      27  80.85%   64, 116-123, 129-131, 148, 179-200
crates/trogon-source-telegram/src/server.rs                                     387       0  100.00%
crates/trogon-source-telegram/src/signature.rs                                   38       0  100.00%
crates/trogon-source-telegram/src/config.rs                                      17       0  100.00%
crates/trogon-std/src/env/in_memory.rs                                           81       0  100.00%
crates/trogon-std/src/env/system.rs                                              17       0  100.00%
crates/acp-nats/src/lib.rs                                                       73       0  100.00%
crates/acp-nats/src/in_flight_slot_guard.rs                                      32       0  100.00%
crates/acp-nats/src/client_proxy.rs                                             200       0  100.00%
crates/acp-nats/src/error.rs                                                     84       0  100.00%
crates/acp-nats/src/jsonrpc.rs                                                    6       0  100.00%
crates/acp-nats/src/config.rs                                                   204       0  100.00%
crates/acp-nats/src/ext_method_name.rs                                           70       0  100.00%
crates/acp-nats/src/acp_prefix.rs                                                51       0  100.00%
crates/acp-nats/src/req_id.rs                                                    39       0  100.00%
crates/acp-nats/src/session_id.rs                                                72       0  100.00%
crates/acp-nats/src/pending_prompt_waiters.rs                                   141       0  100.00%
crates/trogon-gateway/src/streams.rs                                             93       0  100.00%
crates/trogon-gateway/src/main.rs                                                 4       0  100.00%
crates/trogon-gateway/src/http.rs                                               114       0  100.00%
crates/trogon-gateway/src/config.rs                                            1223       0  100.00%
crates/acp-nats/src/jetstream/consumers.rs                                       99       0  100.00%
crates/acp-nats/src/jetstream/ext_policy.rs                                      26       0  100.00%
crates/acp-nats/src/jetstream/provision.rs                                       61       0  100.00%
crates/acp-nats/src/jetstream/streams.rs                                        194       4  97.94%   254-256, 266
crates/acp-nats/src/nats/subjects/commands/set_model.rs                          18       0  100.00%
crates/acp-nats/src/nats/subjects/commands/close.rs                              18       0  100.00%
crates/acp-nats/src/nats/subjects/commands/cancel.rs                             18       0  100.00%
crates/acp-nats/src/nats/subjects/commands/fork.rs                               18       0  100.00%
crates/acp-nats/src/nats/subjects/commands/prompt.rs                             18       0  100.00%
crates/acp-nats/src/nats/subjects/commands/set_mode.rs                           18       0  100.00%
crates/acp-nats/src/nats/subjects/commands/set_config_option.rs                  18       0  100.00%
crates/acp-nats/src/nats/subjects/commands/load.rs                               18       0  100.00%
crates/acp-nats/src/nats/subjects/commands/resume.rs                             18       0  100.00%
crates/acp-telemetry/src/log.rs                                                  71       1  98.59%   43
crates/acp-telemetry/src/service_name.rs                                         49       0  100.00%
crates/acp-telemetry/src/trace.rs                                                32       3  90.62%   23-24, 32
crates/acp-telemetry/src/signal.rs                                                7       1  85.71%   43
crates/acp-telemetry/src/lib.rs                                                 169      32  81.07%   28-34, 56-63, 98, 103, 108, 122-137, 174, 177, 180, 186
crates/acp-telemetry/src/metric.rs                                               35       3  91.43%   30-31, 39
crates/acp-nats/src/nats/subjects/client_ops/fs_write_text_file.rs               15       0  100.00%
crates/acp-nats/src/nats/subjects/client_ops/session_update.rs                   15       0  100.00%
crates/acp-nats/src/nats/subjects/client_ops/terminal_create.rs                  15       0  100.00%
crates/acp-nats/src/nats/subjects/client_ops/terminal_wait_for_exit.rs           15       0  100.00%
crates/acp-nats/src/nats/subjects/client_ops/terminal_kill.rs                    15       0  100.00%
crates/acp-nats/src/nats/subjects/client_ops/fs_read_text_file.rs                15       0  100.00%
crates/acp-nats/src/nats/subjects/client_ops/terminal_output.rs                  15       0  100.00%
crates/acp-nats/src/nats/subjects/client_ops/terminal_release.rs                 15       0  100.00%
crates/acp-nats/src/nats/subjects/client_ops/session_request_permission.rs       15       0  100.00%
crates/trogon-source-gitlab/src/config.rs                                        17       0  100.00%
crates/trogon-source-gitlab/src/server.rs                                       431       0  100.00%
crates/trogon-source-gitlab/src/signature.rs                                     30       0  100.00%
crates/trogon-source-github/src/config.rs                                        17       0  100.00%
crates/trogon-source-github/src/signature.rs                                     64       0  100.00%
crates/trogon-source-github/src/server.rs                                       351       0  100.00%
crates/trogon-source-discord/src/config.rs                                      109       0  100.00%
crates/trogon-source-discord/src/gateway.rs                                     491       1  99.80%   157
crates/trogon-source-incidentio/src/config.rs                                    16       0  100.00%
crates/trogon-source-incidentio/src/incidentio_event_type.rs                     67       0  100.00%
crates/trogon-source-incidentio/src/incidentio_signing_secret.rs                 67       0  100.00%
crates/trogon-source-incidentio/src/server.rs                                   365       0  100.00%
crates/trogon-source-incidentio/src/signature.rs                                455       0  100.00%
crates/trogon-std/src/time/mock.rs                                              129       0  100.00%
crates/trogon-std/src/time/system.rs                                             35       0  100.00%
crates/acp-nats-ws/src/config.rs                                                 83       0  100.00%
crates/acp-nats-ws/src/main.rs                                                  189      18  90.48%   89, 209-230, 308
crates/acp-nats-ws/src/upgrade.rs                                                57       2  96.49%   59, 90
crates/acp-nats-ws/src/connection.rs                                            166      35  78.92%   75-82, 87-98, 114, 116-117, 122, 133-135, 142, 146, 150, 153-161, 172, 176, 179, 182-186, 220
crates/trogon-nats/src/lease/renew.rs                                           263      19  92.78%   21-27, 46-57
crates/trogon-nats/src/lease/lease_timing.rs                                     21       0  100.00%
crates/trogon-nats/src/lease/provision.rs                                       210      10  95.24%   84-94
crates/trogon-nats/src/lease/renew_interval.rs                                   61       0  100.00%
crates/trogon-nats/src/lease/mod.rs                                             603      13  97.84%   182-195
crates/trogon-nats/src/lease/acquire.rs                                           8       8  0.00%    9-18
crates/trogon-nats/src/lease/lease_key.rs                                        19       0  100.00%
crates/trogon-nats/src/lease/release.rs                                           5       5  0.00%    8-12
crates/trogon-nats/src/lease/nats_kv_lease_config.rs                             30       0  100.00%
crates/trogon-nats/src/lease/lease_bucket.rs                                     19       0  100.00%
crates/trogon-nats/src/lease/ttl.rs                                              76       0  100.00%
crates/trogon-nats/src/lease/lease_config_error.rs                               13       0  100.00%
TOTAL                                                                         25434     344  98.65%

Diff against main

Filename                                                        Stmts    Miss  Cover
------------------------------------------------------------  -------  ------  --------
crates/trogon-source-notion/src/server.rs                        +351      +8  +97.72%
crates/trogon-source-notion/src/signature.rs                      +63      +1  +98.41%
crates/trogon-source-notion/src/notion_event_type.rs              +48      +3  +93.75%
crates/trogon-source-notion/src/notion_verification_token.rs      +17       0  +100.00%
crates/trogon-gateway/src/streams.rs                               +7       0  +100.00%
crates/trogon-gateway/src/http.rs                                  +9       0  +100.00%
crates/trogon-gateway/src/config.rs                              +114       0  +100.00%
TOTAL                                                            +609     +12  -0.02%

Results for commit: 8eb07fa

Minimum allowed coverage is 95%

♻️ This comment has been updated with latest results

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit b8c97af. Configure here.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@rsworkspace/crates/trogon-source-notion/src/server.rs`:
- Around line 217-237: The current branch treats
verification_request.verification_token from parse_verification_request as the
HMAC key (used by signature::verify) which lets an attacker craft valid
signatures; change this by gating the bootstrap verification flow so the server
only accepts a verification_token-derived signature during an explicit bootstrap
mode (add a boolean like NotionConfig.bootstrap or state.bootstrap_flag and
check it before using verification_request.verification_token and before calling
publish_verification). Update server.rs to: check state.bootstrap_flag (or a
NotionConfig field on state) at the start of the parse_verification_request /
signature::verify branch, reject or UNAUTHORIZED when not in bootstrap mode, and
keep publish_verification, state.publisher and state.nats_ack_timeout unchanged
for bootstrap-only paths; if you need rotation later, carry that
bootstrap/trusted-bootstrap mode in NotionConfig rather than inferring trust
from the incoming payload.

In `@rsworkspace/crates/trogon-source-notion/src/signature.rs`:
- Around line 35-47: The verify function currently accepts a raw &str allowing
unchecked tokens into the crypto boundary; change the signature of verify (the
verify function in signature.rs) to accept the NotionVerificationToken value
object instead of &str, use the token's inner bytes/string when constructing
HmacSha256, and update call sites (e.g., bootstrap payload parsing) to
parse/construct NotionVerificationToken before calling verify so malformed
tokens are rejected at construction time; ensure the NotionVerificationToken
type enforces validity in its constructor so verify can rely on a valid token
type.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b3ffa174-61b1-40f1-8184-8ccfbf404cc2

📥 Commits

Reviewing files that changed from the base of the PR and between 1afa189 and b8c97af.

⛔ Files ignored due to path filters (1)

• rsworkspace/Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (16)

• devops/docker/compose/.env.example
• devops/docker/compose/compose.yml
• devops/docker/compose/services/trogon-gateway/README.md
• rsworkspace/Cargo.toml
• rsworkspace/crates/trogon-gateway/Cargo.toml
• rsworkspace/crates/trogon-gateway/src/config.rs
• rsworkspace/crates/trogon-gateway/src/http.rs
• rsworkspace/crates/trogon-gateway/src/streams.rs
• rsworkspace/crates/trogon-source-notion/Cargo.toml
• rsworkspace/crates/trogon-source-notion/src/config.rs
• rsworkspace/crates/trogon-source-notion/src/constants.rs
• rsworkspace/crates/trogon-source-notion/src/lib.rs
• rsworkspace/crates/trogon-source-notion/src/notion_event_type.rs
• rsworkspace/crates/trogon-source-notion/src/notion_verification_token.rs
• rsworkspace/crates/trogon-source-notion/src/server.rs
• rsworkspace/crates/trogon-source-notion/src/signature.rs

[coderabbitai]

♻️ Duplicate comments (1)

rsworkspace/crates/trogon-source-notion/src/server.rs (1)

217-238: ⚠️ Potential issue | 🔴 Critical

Don't authenticate the bootstrap path with a key taken from the same request.

Line 220 uses verification_request.verification_token from the untrusted body as the HMAC key. Any caller can choose that token, compute a matching X-Notion-Signature, and reach the publish path, leaving *.subscription.verification publicly writable even after steady state. Gate this branch behind explicit bootstrap mode; carry that mode in NotionConfig rather than inferring trust from the payload.

,

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@rsworkspace/crates/trogon-source-notion/src/server.rs` around lines 217 -
238, The current code uses verification_request.verification_token (from
parse_verification_request) as the HMAC key, allowing any caller to craft a
matching X-Notion-Signature and reach publish_verification; change this by
adding an explicit bootstrap flag to your NotionConfig (e.g.,
NotionConfig.bootstrap_mode) and require that bootstrap_mode is true before
accepting verification requests that use the body-supplied token. Modify the
branch around parse_verification_request / signature::verify /
publish_verification to check state.config.bootstrap_mode (or an equivalent
field on state) and reject requests when that flag is false, and keep
verification_request.verification_token validation only for bootstrap_mode=true;
ensure steady-state verification uses a server-held secret instead of the token
from the payload.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@rsworkspace/crates/trogon-source-notion/src/server.rs`:
- Around line 217-238: The current code uses
verification_request.verification_token (from parse_verification_request) as the
HMAC key, allowing any caller to craft a matching X-Notion-Signature and reach
publish_verification; change this by adding an explicit bootstrap flag to your
NotionConfig (e.g., NotionConfig.bootstrap_mode) and require that bootstrap_mode
is true before accepting verification requests that use the body-supplied token.
Modify the branch around parse_verification_request / signature::verify /
publish_verification to check state.config.bootstrap_mode (or an equivalent
field on state) and reject requests when that flag is false, and keep
verification_request.verification_token validation only for bootstrap_mode=true;
ensure steady-state verification uses a server-held secret instead of the token
from the payload.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 186c74e6-acb8-453b-9eb9-ba9ddb17cb83

📥 Commits

Reviewing files that changed from the base of the PR and between b8c97af and f91239d.

⛔ Files ignored due to path filters (1)

• rsworkspace/Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (16)

• devops/docker/compose/.env.example
• devops/docker/compose/compose.yml
• devops/docker/compose/services/trogon-gateway/README.md
• rsworkspace/Cargo.toml
• rsworkspace/crates/trogon-gateway/Cargo.toml
• rsworkspace/crates/trogon-gateway/src/config.rs
• rsworkspace/crates/trogon-gateway/src/http.rs
• rsworkspace/crates/trogon-gateway/src/streams.rs
• rsworkspace/crates/trogon-source-notion/Cargo.toml
• rsworkspace/crates/trogon-source-notion/src/config.rs
• rsworkspace/crates/trogon-source-notion/src/constants.rs
• rsworkspace/crates/trogon-source-notion/src/lib.rs
• rsworkspace/crates/trogon-source-notion/src/notion_event_type.rs
• rsworkspace/crates/trogon-source-notion/src/notion_verification_token.rs
• rsworkspace/crates/trogon-source-notion/src/server.rs
• rsworkspace/crates/trogon-source-notion/src/signature.rs

✅ Files skipped from review due to trivial changes (7)

• rsworkspace/crates/trogon-gateway/Cargo.toml
• devops/docker/compose/.env.example
• rsworkspace/Cargo.toml
• devops/docker/compose/compose.yml
• rsworkspace/crates/trogon-source-notion/Cargo.toml
• rsworkspace/crates/trogon-source-notion/src/constants.rs
• rsworkspace/crates/trogon-source-notion/src/lib.rs

🚧 Files skipped from review as they are similar to previous changes (7)

• rsworkspace/crates/trogon-gateway/src/http.rs
• devops/docker/compose/services/trogon-gateway/README.md
• rsworkspace/crates/trogon-source-notion/src/config.rs
• rsworkspace/crates/trogon-gateway/src/config.rs
• rsworkspace/crates/trogon-source-notion/src/signature.rs
• rsworkspace/crates/trogon-source-notion/src/notion_verification_token.rs
• rsworkspace/crates/trogon-source-notion/src/notion_event_type.rs

[coderabbitai]

🧹 Nitpick comments (1)

rsworkspace/crates/trogon-gateway/src/streams.rs (1)

114-114: Strengthen the test to assert Notion stream identity, not just count.

Line 114 can still pass if the wrong stream set is created. Consider asserting the Notion stream (or Notion subject prefix) exists in created_streams() in addition to len() == 8.

Possible test refinement

-        assert_eq!(js.created_streams().len(), 8);
+        let streams = js.created_streams();
+        assert_eq!(streams.len(), 8);
+        assert!(
+            streams.iter().any(|s| s.name.contains("notion")),
+            "expected Notion stream to be provisioned",
+        );

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@rsworkspace/crates/trogon-gateway/src/streams.rs` at line 114, The test
currently only checks js.created_streams().len() == 8; update it to also verify
the Notion stream identity is present by asserting that at least one element in
js.created_streams() matches the Notion subject/prefix (e.g., contains or
starts_with "notion:" or the exact Notion stream name used elsewhere in the
test); use created_streams().iter().any(...) (or the equivalent helper) to
perform the check so the test fails if the wrong streams set is produced.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@rsworkspace/crates/trogon-gateway/src/streams.rs`:
- Line 114: The test currently only checks js.created_streams().len() == 8;
update it to also verify the Notion stream identity is present by asserting that
at least one element in js.created_streams() matches the Notion subject/prefix
(e.g., contains or starts_with "notion:" or the exact Notion stream name used
elsewhere in the test); use created_streams().iter().any(...) (or the equivalent
helper) to perform the check so the test fails if the wrong streams set is
produced.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 65f8420d-1584-4574-8bad-27564d4560c0

📥 Commits

Reviewing files that changed from the base of the PR and between f91239d and dc1c52a.

⛔ Files ignored due to path filters (1)

• rsworkspace/Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (16)

• devops/docker/compose/.env.example
• devops/docker/compose/compose.yml
• devops/docker/compose/services/trogon-gateway/README.md
• rsworkspace/Cargo.toml
• rsworkspace/crates/trogon-gateway/Cargo.toml
• rsworkspace/crates/trogon-gateway/src/config.rs
• rsworkspace/crates/trogon-gateway/src/http.rs
• rsworkspace/crates/trogon-gateway/src/streams.rs
• rsworkspace/crates/trogon-source-notion/Cargo.toml
• rsworkspace/crates/trogon-source-notion/src/config.rs
• rsworkspace/crates/trogon-source-notion/src/constants.rs
• rsworkspace/crates/trogon-source-notion/src/lib.rs
• rsworkspace/crates/trogon-source-notion/src/notion_event_type.rs
• rsworkspace/crates/trogon-source-notion/src/notion_verification_token.rs
• rsworkspace/crates/trogon-source-notion/src/server.rs
• rsworkspace/crates/trogon-source-notion/src/signature.rs

✅ Files skipped from review due to trivial changes (10)

• rsworkspace/Cargo.toml
• devops/docker/compose/.env.example
• rsworkspace/crates/trogon-gateway/Cargo.toml
• devops/docker/compose/services/trogon-gateway/README.md
• rsworkspace/crates/trogon-source-notion/src/config.rs
• rsworkspace/crates/trogon-source-notion/src/notion_verification_token.rs
• rsworkspace/crates/trogon-source-notion/src/lib.rs
• rsworkspace/crates/trogon-source-notion/Cargo.toml
• rsworkspace/crates/trogon-source-notion/src/constants.rs
• rsworkspace/crates/trogon-source-notion/src/server.rs

🚧 Files skipped from review as they are similar to previous changes (3)

• rsworkspace/crates/trogon-gateway/src/http.rs
• devops/docker/compose/compose.yml
• rsworkspace/crates/trogon-gateway/src/config.rs