feat: Consolidate Webhook Event System - PRs #48,49,58,68,79,89

[codegen-sh]

🔄 Webhook Event System Consolidation

This PR consolidates all webhook handling and event processing PRs into a single comprehensive webhook system, addressing ZAM-784.

📋 PRs Consolidated

• PR feat: Unified Workflow Orchestration Engine - Consolidates PRs #50,63 #48: GitHub webhook integration
• PR 🗄️ Database Architecture Consolidation - PRs #41,42,53,59,62,64,65,69,70,74,79,81 #49: Event processing pipeline
• PR 🔒 Security Analysis: Vulnerability Detection Module #58: Webhook validation system
• PR feat: Phase 3.2 - Implement WSL2 Deployment Engine #68: Event routing and distribution
• PR feat: Implement Comprehensive GitHub Workflow Tests & PR Validation #79: Webhook system & event-driven automation
• PR Fix deployment script to use static webhook secret "123" and resolve all deployment issues #89: GitHub webhook integration & event processing

🎯 Consolidation Objectives ✅

• ✅ Merged event handling and processing logic into unified system
• ✅ Consolidated PR validation pipelines for consistency
• ✅ Unified automation engine components across all webhooks
• ✅ Eliminated duplicate webhook handlers
• ✅ Standardized event routing patterns

🏗️ System Architecture

Core Components

1. WebhookHandler (packages/core/src/webhooks/handler.ts)

   • Main webhook processing system
   • Payload validation and size limits
   • Statistics tracking and health monitoring
   • Handler registration and management

2. WebhookRouter (packages/core/src/webhooks/router.ts)

   • Rule-based event routing and distribution
   • Priority-based rule execution
   • Agent targeting and action execution
   • Conditional routing based on payload content

3. WebhookAutomationEngine (packages/core/src/webhooks/automation.ts)

   • Event-driven automation with complex conditions
   • Rate limiting and cooldown periods
   • Execution history and performance tracking
   • Multiple action types (agent triggers, tool calls, notifications)

4. WebhookValidator (packages/core/src/webhooks/validation.ts)

   • HMAC-SHA256 validation (GitHub style)
   • HMAC-SHA1 validation
   • Simple secret validation
   • Custom validation functions

🌐 API Endpoints

Webhook Processing

• POST /webhooks/github - Process GitHub webhooks with signature validation
• POST /webhooks/generic - Process generic webhooks

Management

• GET /webhooks/handlers - Get all webhook handlers
• POST /webhooks/handlers - Create new webhook handler
• GET /webhooks/routing-rules - Get routing rules
• POST /webhooks/routing-rules - Create routing rule
• GET /webhooks/automation-rules - Get automation rules
• POST /webhooks/automation-rules - Create automation rule

Monitoring

• GET /webhooks/stats - Get webhook statistics
• GET /webhooks/health - Get system health status

🔧 Technical Requirements Met

• ✅ Zero duplication in event handling logic
• ✅ Consistent webhook validation patterns
• ✅ Removal of redundant automation components
• ✅ Single cohesive event processing system
• ✅ Clear contracts for webhook integrations

🔒 Security Features

• HMAC Signature Validation: GitHub-style HMAC-SHA256 validation
• Rate Limiting: Configurable rate limits and cooldown periods
• Payload Size Limits: Configurable maximum payload sizes
• Comprehensive Error Handling: Detailed error codes and messages
• Timing-Safe Comparisons: Secure signature validation

📊 Monitoring & Analytics

• Real-time Statistics: Track received, processed, and failed webhooks
• Performance Metrics: Average processing times and success rates
• Health Monitoring: System health status with detailed diagnostics
• Execution History: Track automation rule executions
• WebSocket Integration: Real-time event streaming

🚀 Usage Examples

Quick Setup

import { initializeWebhookEventSystem } from "@voltagent/core";

const webhookSystem = initializeWebhookEventSystem({
  enabled: true,
  basePath: "/webhooks",
  maxPayloadSize: 10 * 1024 * 1024
});

GitHub Webhooks

import { setupGitHubWebhooks } from "@voltagent/core";

const githubSystem = setupGitHubWebhooks(
  "your-github-webhook-secret",
  "your-agent-id"
);

Custom Automation Rules

import { getWebhookAutomationEngine } from "@voltagent/core";

const engine = getWebhookAutomationEngine();
engine.addRule({
  id: "critical-pr-alert",
  name: "Critical Pull Request Alert",
  source: "github",
  eventType: "pull_request",
  conditions: [
    { field: "data.pull_request.changed_files", operator: "gt", value: 10 }
  ],
  actions: [
    { type: "agent_trigger", agentId: "code-review-agent" }
  ]
});

📚 Documentation & Examples

• Comprehensive README: examples/webhook-system/README.md
• Working Example: examples/webhook-system/index.ts
• API Documentation: Integrated with existing Swagger UI

🧪 Testing

The example demonstrates:

• GitHub webhook processing
• Pull request automation
• Deployment monitoring
• Statistics tracking
• Health monitoring

🔄 Integration

• Seamless Integration: Works with existing VoltAgent event system
• WebSocket Events: Real-time webhook event streaming
• Agent Registry: Automatic agent discovery and targeting
• Memory System: Event persistence and history tracking

📈 Performance

• Asynchronous Processing: Non-blocking webhook processing
• Efficient Routing: Priority-based rule evaluation
• Memory Management: Automatic cleanup of execution history
• Statistics Optimization: Efficient metrics calculation

This consolidation provides a unified, scalable, and secure webhook processing system that eliminates all duplication while maintaining flexibility for various webhook sources and automation requirements.

---

💻 View my work • About Codegen

Description by Korbit AI

What change is being made?

Consolidate the webhook event system by integrating multiple prior PR functionalities into a comprehensive solution, including GitHub integration, event processing pipeline, validation, routing and distribution, automation, and monitoring.

Why are these changes being made?

This change enhances the manageability, scalability, and consistency of our webhook handling by combining features from previous PRs (#48, #49, #58, #68, #79, #89) into a single, cohesive system, thereby optimizing processing, reducing redundancy, and allowing for more efficient handling of webhook events. This consolidation provides a clear, unified interface for webhook management, as well as improved error handling and performance monitoring.

Is this description stale? Ask me to generate a new description by commenting /korbit-generate-pr-description

Summary by Sourcery

Consolidate all previous webhook handling PRs into a single, cohesive webhook event system in @voltagent/core, providing unified processing, validation, routing, automation and monitoring for GitHub, generic and custom webhooks.

New Features:

• Introduce a central WebhookHandler that validates, processes, routes, and automates webhook events under a single configuration
• Add a WebhookRouter for rule-based event distribution with priority, agent/tool actions, and status tracking
• Implement a WebhookAutomationEngine with conditional rules, rate limiting, cooldowns, execution history, and multiple action types
• Support secure validation methods (HMAC-SHA256/SHA1, secret, and custom) and standardized payload size and timeout handling
• Expose REST API endpoints for webhook ingestion (POST /webhooks/github, /webhooks/generic), handler/rule management (GET/POST handlers, routing-rules, automation-rules) and system monitoring (GET /webhooks/stats, /webhooks/health)

Enhancements:

• Integrate webhook system into core server startup and VoltAgent event pipeline, emit WebSocket updates and history events tagged with NodeType.WEBHOOK
• Standardize NodeType and export webhook modules from core index for easy initialization and GitHub-specific setup

Documentation:

• Provide a complete usage example and detailed README in examples/webhook-system

[korbit-ai]

By default, I don't review pull requests opened by bots. If you would like me to review this pull request anyway, you can request a review via the /korbit-review command in a comment.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Join our Discord community for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sourcery-ai]

Reviewer's Guide

This PR consolidates the separate webhook-related features from multiple prior PRs into a single cohesive webhook event system by adding new core modules (handler, router, automation, validation, types, and routes), integrating them into the server and main exports, and providing usage examples.

Sequence Diagram: Incoming Webhook Processing Flow

sequenceDiagram
    actor ExternalSource
    participant APIEndpoint
    participant WebhookHandler
    participant ComprehensiveWebhookValidator
    participant WebhookRouter
    participant WebhookAutomationEngine

    ExternalSource->>APIEndpoint: POST /webhooks/{source} (payload, headers)
    APIEndpoint->>WebhookHandler: processWebhook(rawPayload, headers, source, eventType)
    WebhookHandler->>WebhookHandler: Check system enabled, payload size
    WebhookHandler->>WebhookHandler: Create WebhookPayload object
    WebhookHandler->>WebhookHandler: Update stats (received)
    WebhookHandler->>WebhookHandler: Find handlerConfig for source & eventType
    WebhookHandler->>ComprehensiveWebhookValidator: validateWithResult(rawPayload, headers, handlerConfig.validation)
    ComprehensiveWebhookValidator-->>WebhookHandler: validationResult
    alt Validation Fails
        WebhookHandler->>WebhookHandler: Update stats (failed)
        WebhookHandler-->>APIEndpoint: Error Response (e.g., 401)
        APIEndpoint-->>ExternalSource: Error Response
    else Validation Succeeds
        WebhookHandler->>WebhookRouter: route(webhookPayload)
        WebhookRouter-->>WebhookHandler: routingResult
        WebhookHandler->>WebhookAutomationEngine: processWebhook(webhookPayload)
        WebhookAutomationEngine-->>WebhookHandler: automationResult
        WebhookHandler->>WebhookHandler: Combine routing & automation results
        alt Combined Result is Success
             WebhookHandler->>WebhookHandler: Update stats (processed)
        else Combined Result is Failure
             WebhookHandler->>WebhookHandler: Update stats (failed)
        end
        WebhookHandler->>WebhookHandler: Update average processing time
        WebhookHandler-->>APIEndpoint: Success Response (WebhookProcessingResult)
        APIEndpoint-->>ExternalSource: Success Response
    end

Loading

Class Diagram: Core Webhook System Components

classDiagram
    class WebhookHandler {
        +processWebhook(rawPayload, headers, source, eventType) WebhookProcessingResult
        +addHandler(handlerConfig) void
        +getHandlers() WebhookHandlerConfig[]
        +getStats() WebhookSystemStats
        +healthCheck() HealthStatus
        #validateWebhook(payload, headers, validationConfig) ValidationResult
    }
    class WebhookRouter {
        +route(payload) WebhookProcessingResult
        +addRule(rule) void
        +getRules() WebhookRoutingRule[]
        #executeAction(action, payload) any
    }
    class WebhookAutomationEngine {
        +processWebhook(payload) WebhookProcessingResult
        +addRule(rule) void
        +getRules() AutomationRule[]
        #executeRule(rule, payload) AutomationExecutionResult
    }
    class WebhookValidator {
        <<static>> +validate(payload, headers, config) boolean
        <<static>> +validateHmacSha256(payload, headers, config) boolean
    }
    class GitHubWebhookValidator {
        <<static>> +validate(payload, headers, secret) boolean
        <<static>> +getEventType(headers) string
    }
    class ComprehensiveWebhookValidator {
        <<static>> +validateWithResult(payload, headers, config) ValidationResult
    }
    class AgentEventEmitter {
        +getInstance() AgentEventEmitter
        +addHistoryEvent() any
    }
    class AgentRegistry {
        +getInstance() AgentRegistry
        +getAgent(agentId) Agent
    }
    class Agent {
      +generateText() any
    }

    WebhookHandler --> ComprehensiveWebhookValidator : uses for validation
    WebhookHandler --> WebhookRouter : delegates routing
    WebhookHandler --> WebhookAutomationEngine : delegates automation
    WebhookHandler --> AgentEventEmitter : emits events
    WebhookRouter --> AgentRegistry : uses for agent actions
    WebhookRouter --> AgentEventEmitter : emits events
    WebhookRouter --> Agent : triggers
    WebhookAutomationEngine --> AgentRegistry : uses for agent actions
    WebhookAutomationEngine --> AgentEventEmitter : emits events
    WebhookAutomationEngine --> Agent : triggers
    ComprehensiveWebhookValidator ..> WebhookValidator : uses static methods from
    GitHubWebhookValidator ..> WebhookValidator : uses static methods from

Loading

Class Diagram: Webhook Data Structures and Configuration

classDiagram
    class WebhookPayload {
        +id string
        +source WebhookSource
        +eventType WebhookEventType
        +data any
        +headers Record~string, string~
        +timestamp string
        +validated boolean
        +status string
    }
    class WebhookHandlerConfig {
        +id string
        +name string
        +source WebhookSource
        +eventTypes WebhookEventType[]
        +validation WebhookValidationConfig
        +enabled boolean
    }
    class WebhookValidationConfig {
        +method string
        +secret string
        +signatureHeader string
        +customValidator function
    }
    class WebhookRoutingRule {
        +id string
        +name string
        +source WebhookSource
        +eventType WebhookEventType
        +action WebhookAutomationAction
        +priority number
        +condition function
    }
    class AutomationRule {
        +id string
        +name string
        +conditions AutomationCondition[]
        +actions WebhookAutomationAction[]
        +priority number
        +cooldown number
    }
    class WebhookAutomationAction {
        +type string
        +agentId string
        +toolName string
        +notification NotificationConfig
        +handler function
    }
    class AutomationCondition {
        +field string
        +operator string
        +value any
        +pattern string
    }
    class NotificationConfig {
        +message string
        +channels string[]
    }
    class WebhookProcessingResult {
        +success boolean
        +data any
        +error string
        +duration number
        +triggeredActions WebhookAutomationAction[]
        +createdEvents string[]
    }
    class ValidationResult {
        +valid boolean
        +error string
        +errorCode string
    }
    class WebhookSystemConfig {
        +enabled boolean
        +basePath string
        +maxPayloadSize number
    }
    class WebhookSystemStats {
        +totalReceived number
        +totalProcessed number
        +totalFailed number
    }
    class NodeType {
        <<enumeration>>
        AGENT
        TOOL
        MEMORY
        RETRIEVER
        WEBHOOK
    }

    WebhookHandlerConfig ..> WebhookValidationConfig : uses
    WebhookRoutingRule ..> WebhookAutomationAction : defines
    AutomationRule ..> AutomationCondition : contains
    AutomationRule ..> WebhookAutomationAction : defines
    WebhookAutomationAction ..> NotificationConfig : uses

Loading

File-Level Changes

Change	Details	Files
Added a comprehensive WebhookEventSystem under packages/core/src/webhooks	Created handler.ts for main processing pipeline (validation → routing → automation → stats → health) Built router.ts implementing rule-based event routing, event creation, and action execution Developed automation.ts with a full automation engine (rule management, condition evaluation, rate limiting, variable interpolation, action execution) Implemented validation.ts with HMAC-SHA256/SHA1, secret, and custom validator workflows Defined unified webhook types in types.ts Exposed Hono/OpenAPI routes and handlers in routes.ts Aggregated everything in index.ts and wired default rules, exports, and helper functions	packages/core/src/webhooks/automation.ts packages/core/src/webhooks/handler.ts packages/core/src/webhooks/router.ts packages/core/src/webhooks/validation.ts packages/core/src/webhooks/types.ts packages/core/src/webhooks/routes.ts packages/core/src/webhooks/index.ts
Integrated webhook system into core application and exports	Extended NodeType enum to include WEBHOOK Imported and registered addWebhookRoutes in server/api.ts Re-exported webhook modules from core/src/index.ts	packages/core/src/utils/node-utils.ts packages/core/src/server/api.ts packages/core/src/index.ts
Provided a full example of the consolidated webhook system	Added examples/webhook-system/index.ts demonstrating setup, route and automation configuration, and test simulations Included README.md documenting setup, configuration, API endpoints, and usage patterns Supplied package.json for the example project	examples/webhook-system/index.ts examples/webhook-system/README.md examples/webhook-system/package.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.