docs: IS_SANDBOX=1 generator note + normative Hookdeck CLI invocation#40
Merged
Conversation
Adds metadata for new provider skills covering AI platforms with recently launched webhook support and commonly-requested SaaS integrations: AI platforms: - Claude Managed Agents (Anthropic) — X-Webhook-Signature, HMAC-SHA256, unwrap() SDK helper - Google Gemini — Standard Webhooks spec, HMAC (static) + JWKS RS256 (dynamic) - Hugging Face — X-Webhook-Secret shared-token verification SaaS: - HubSpot, Slack, Linear, Intercom, Notion, Mailgun, Discord, PayPal, Twilio Each entry includes researched signature scheme, headers, SDK references, and representative testScenario events so ./scripts/generate-skills.sh can produce high-fidelity skills. README Provider Skills table updated with placeholder rows pointing to the skill directories the generator will create. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
Verified every primary docs URL against the live provider page and patched drift found in 8 of 12 new entries: - discord: discord.com -> docs.discord.com (301) - hubspot: /docs/api/webhooks now returns v4 beta; pinned to v3 page under /docs/apps/legacy-apps/authentication/validating-requests - intercom: /docs/references/webhooks (404) -> /docs/webhooks - linear: developers.linear.app (301) -> linear.app/developers/webhooks - mailgun: tracking-messages page lacked sig info; switched to the api-reference webhooks page + dedicated securing-webhooks URL - slack: api.slack.com (302) -> docs.slack.dev - gemini: replaced unverified event names (batch.completed, generate_videos.completed) with documented ones (batch.succeeded, batch.failed, video.generated, interaction.completed, interaction.requires_action) - notion: replaced placeholder page.created/updated/deleted events with documented ones (page.content_updated, comment.created, data_source.schema_updated, page.locked, page.moved) - huggingface: clarified scope/action payload structure and the ?secret= query-param alternative to X-Webhook-Secret header - claude-managed-agents: expanded event list with full session.* and vault.* / vault_credential.* enumeration from the live docs; noted ANTHROPIC_WEBHOOK_SIGNING_KEY env var convention All 12 primary URLs now return HTTP 200 with no redirects. Verified signature schemes match what the live docs describe so the generator won't hallucinate algorithms or header names. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
Mailgun has account-level and domain-level webhook configurations but both use the same signature scheme (HMAC-SHA256 over timestamp+token with the Webhook Signing Key) — one skill covers both, with a note about parent-signature for subaccounts. Replaces: - Single api-reference URL with the full user-manual webhook docs set (webhooks, configuring, securing, payloads, retries) plus the events docs and event-structure reference, all of which returned by the user. - Legacy event names permanent_fail/temporary_fail with the documented modern event types (accepted, rejected, delivered, failed [with severity], opened, clicked, unsubscribed, complained, stored, list_member_uploaded). All 7 new URLs verified HTTP 200. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
This was referenced May 11, 2026
…r as root The skill generator spawns claude with --dangerously-skip-permissions, which the CLI refuses under root for safety. Setting IS_SANDBOX=1 in the parent environment lets the spawned subprocesses bypass that check. Also reminds agents to pass --model explicitly since the adapter's pinned default is stale. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
Adds the Discord row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
…yaml Adds the Claude Managed Agents row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
Adds the Google Gemini row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
Adds the HubSpot row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
Adds the Hugging Face row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
Adds the Linear row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
Adds the Notion row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
Adds the PayPal row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
Adds the Twilio row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
Adds the Slack row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
…t PRs PRs #41–#52 each carry their own README row and providers.yaml entry now, so this prep branch only needs to ship the AGENTS.md note about running the generator under root with IS_SANDBOX=1. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
changed the title
Rewrites AGENTS.md "Local Development" to normatively require: npx hookdeck-cli listen <port> <source> --path /webhooks/<source> instead of `hookdeck listen <port> --path /webhooks/<source>` (with an implicit global install). Two reasons: 1. webhook-skills is provider-neutral; pushing every example reader to `npm i -g hookdeck-cli` reads as Hookdeck self-promotion. `npx` is one paste-and-run line. 2. The CLI's `[source]` positional is required syntactically — omitting it makes the command fall into an interactive prompt, so explicit commands match what the user actually pastes. Mirrors the requirement into scripts/skill-generator/prompts/generate-skill.md so the generator emits the correct form deterministically. Two of the last 12 generated skills (mailgun, paypal) drifted toward `npx` without the source arg; ten of them inherited the bare-`hookdeck` form from existing skills. Future generations will follow this spec. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
changed the title
4 tasks
leggetter
added a commit
that referenced
this pull request
May 11, 2026
* feat: add discord-webhooks skill for Discord webhook event handling Adds a complete provider skill for receiving Discord outgoing webhook events with Ed25519 signature verification. Covers the PING (type 0) endpoint validation flow plus event handlers (APPLICATION_AUTHORIZED, ENTITLEMENT_*, LOBBY_MESSAGE_*, GAME_DIRECT_MESSAGE_*, etc.) for Express, Next.js App Router, and FastAPI, with test suites that generate real Ed25519 keypairs. * feat: self-integrate discord into README and providers.yaml Adds the Discord row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB * chore(discord): normalize Hookdeck CLI to `npx hookdeck-cli` with source arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB --------- Co-authored-by: Claude <noreply@anthropic.com>
leggetter
added a commit
that referenced
this pull request
May 11, 2026
* feat: add claude-managed-agents-webhooks skill Adds initial skill for Anthropic Claude Managed Agents (CMA) webhooks with Express, Next.js, and FastAPI examples. Pending review-feedback fixes to the signature verification format. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB * feat: self-integrate claude-managed-agents into README and providers.yaml Adds the Claude Managed Agents row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB * chore(claude-managed-agents): normalize Hookdeck CLI to `npx hookdeck-cli` with source arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB --------- Co-authored-by: Claude <noreply@anthropic.com>
leggetter
added a commit
that referenced
this pull request
May 11, 2026
* feat: add gemini-webhooks skill for Google Gemini API webhook handling Adds a complete Standard Webhooks-based skill for receiving Gemini API batch, video generation, and Interactions API LRO events across Express, Next.js, and FastAPI, with HMAC-SHA256 verification and dynamic RS256/JWKS notes in the verification reference. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB * feat: self-integrate gemini into README and providers.yaml Adds the Google Gemini row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB * chore(gemini): normalize Hookdeck CLI to `npx hookdeck-cli` with source arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB * chore(gemini): normalize Hookdeck CLI to `npx hookdeck-cli` with source arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB * fix(gemini-webhooks): use output_file_uri + file_name for video.generated payloads Spec drift caught during pre-merge review against https://ai.google.dev/gemini-api/docs/webhooks: Gemini's `video.generated` events expose `data.output_file_uri` and `data.file_name`, not `data.video_uri`. The original "fix iteration" mid-generation went in the wrong direction. - `references/overview.md`: corrected the events table, the prose, and the payload-field reference list. - `examples/fastapi/main.py`: handler now logs `output_file_uri` and `file_name` instead of the non-existent `video_uri`. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB --------- Co-authored-by: Claude <noreply@anthropic.com>
leggetter
added a commit
that referenced
this pull request
May 11, 2026
Adds the Hugging Face row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
… source arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
* feat: add huggingface-webhooks skill for Hugging Face Hub webhook handling Adds SKILL.md, references (overview, setup, verification), and Express, Next.js, and FastAPI examples with passing tests. Verification uses timing-safe comparison of the verbatim X-Webhook-Secret header (with ?secret= query parameter as a fallback), covering all five documented scopes (repo, repo.content, repo.config, discussion, discussion.comment) plus forward-compatibility for unknown narrowed scopes. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB * feat: self-integrate huggingface into README and providers.yaml Adds the Hugging Face row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB * chore(huggingface): normalize Hookdeck CLI to `npx hookdeck-cli` with source arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB --------- Co-authored-by: Claude <noreply@anthropic.com>
leggetter
added a commit
that referenced
this pull request
May 11, 2026
Adds the HubSpot row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
…rce arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
* feat: add hubspot-webhooks skill Adds a complete skill for receiving HubSpot webhooks with v3 signature verification (HMAC-SHA256, base64) over method + URI + raw body + X-HubSpot-Request-Timestamp, plus a 5-minute replay window. Includes Express, Next.js App Router, and FastAPI examples with manual verification (HubSpot does not ship an SDK helper) and tests that generate real signatures. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB * feat: self-integrate hubspot into README and providers.yaml Adds the HubSpot row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB * chore(hubspot): normalize Hookdeck CLI to `npx hookdeck-cli` with source arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB --------- Co-authored-by: Claude <noreply@anthropic.com>
leggetter
added a commit
that referenced
this pull request
May 11, 2026
…urce arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
* feat: add intercom-webhooks skill Receive and verify Intercom webhooks using X-Hub-Signature (HMAC-SHA1 over the raw body with the app's client_secret). Includes runnable Express, Next.js, and FastAPI examples with passing tests, plus overview/setup/verification references and providers.yaml + README integration. * chore(intercom): normalize Hookdeck CLI to `npx hookdeck-cli` with source arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB --------- Co-authored-by: Claude <noreply@anthropic.com>
leggetter
added a commit
that referenced
this pull request
May 11, 2026
Adds the Linear row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
…ce arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
* feat: add linear-webhooks skill for Linear webhook handling Adds a provider skill covering Linear's `Linear-Signature` HMAC-SHA256 verification (hex, no prefix), `webhookTimestamp` replay protection, and Issue / Comment / Project / Cycle / IssueLabel / IssueSLA event routing with Express, Next.js App Router, and FastAPI examples. * feat: self-integrate linear into README and providers.yaml Adds the Linear row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB * chore(linear): normalize Hookdeck CLI to `npx hookdeck-cli` with source arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB --------- Co-authored-by: Claude <noreply@anthropic.com>
leggetter
added a commit
that referenced
this pull request
May 11, 2026
…rce arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
* feat: add mailgun-webhooks skill for Mailgun email webhook handling Adds a complete skill for receiving and verifying Mailgun webhooks across Express, Next.js, and FastAPI. Mailgun is unusual in delivering the signature inside the request body (not a header) as a top-level signature object; the handler computes HMAC-SHA256 over timestamp+token (no separator) using the HTTP Webhook Signing Key and compares hex digests with timing-safe equality. Includes optional parent-signature handling for subaccount events, full coverage of the common event types (accepted, rejected, delivered, failed with severity, opened, clicked, unsubscribed, complained, stored, list_member_uploaded), and 33 passing tests across the three frameworks. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB * chore(mailgun): normalize Hookdeck CLI to `npx hookdeck-cli` with source arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB --------- Co-authored-by: Claude <noreply@anthropic.com>
leggetter
added a commit
that referenced
this pull request
May 11, 2026
Adds the Notion row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
…ce arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
* feat: add notion-webhooks skill Notion webhooks use HMAC-SHA256 over the raw body, signed with the verification_token captured during a one-time handshake on the first delivery to a new subscription. Skill covers the handshake, signed event handling, and reference docs, with Express, Next.js, and FastAPI examples (47 tests passing across the three). * feat: self-integrate notion into README and providers.yaml Adds the Notion row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB * chore(notion): normalize Hookdeck CLI to `npx hookdeck-cli` with source arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB --------- Co-authored-by: Claude <noreply@anthropic.com>
leggetter
added a commit
that referenced
this pull request
May 11, 2026
Adds the PayPal row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
…ce arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
* feat: add paypal-webhooks skill PayPal uses certificate-based RSA-SHA256 webhook signing rather than HMAC. This skill implements the offline self-verify path (fetch + cache the cert from paypal-cert-url, verify transmissionId|transmissionTime|webhookId|crc32(body) against the cert's public key) and documents the postback verify-webhook-signature API as an alternative. Includes Express, Next.js App Router, and FastAPI examples with end-to-end tests that generate test RSA key pairs and preload the cert cache (47 tests total, all passing). https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB * feat: self-integrate paypal into README and providers.yaml Adds the PayPal row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB * chore(paypal): normalize Hookdeck CLI to `npx hookdeck-cli` with source arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB --------- Co-authored-by: Claude <noreply@anthropic.com>
leggetter
added a commit
that referenced
this pull request
May 11, 2026
Adds the Slack row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
…e arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
* feat: add slack-webhooks skill for Slack Events API
Adds a provider skill for receiving Slack Events API webhooks with manual
HMAC-SHA256 signature verification over the v0:{timestamp}:{body} basestring,
url_verification challenge handling, and event handlers for app_mention,
message, reaction_added, team_join, member_joined_channel, and app_home_opened.
Includes Express, Next.js, and FastAPI examples with 42 passing tests.
* feat: self-integrate slack into README and providers.yaml
Adds the Slack row to the Provider Skills table in README.md and a
providers.yaml entry (docs URLs, notes, testScenario) so the
"Validate New Provider" CI workflow finds the integration files. The
integrations were previously only on the prep branch (PR #40); moving them
onto each feat PR makes the 12 generated PRs independently mergeable in
any order.
https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
* chore(slack): normalize Hookdeck CLI to `npx hookdeck-cli` with source arg
Applies the new project convention from PR #40: use
`npx hookdeck-cli listen <port> <source> --path /webhooks/<source>`
everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`.
Skips the global-install prereq (webhook-skills is provider-neutral) and
passes the required `[source]` positional so the command is copy-paste-
runnable without falling into an interactive prompt.
https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
---------
Co-authored-by: Claude <noreply@anthropic.com>
leggetter
added a commit
that referenced
this pull request
May 11, 2026
Adds the Twilio row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
…ce arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
added a commit
that referenced
this pull request
May 11, 2026
* feat: add twilio-webhooks skill for Twilio webhook handling Adds a complete provider skill covering Twilio's X-Twilio-Signature verification (HMAC-SHA1 + base64) for both form-encoded and JSON webhooks, with working examples for Express (SDK), Next.js App Router (manual), and FastAPI (SDK). Handles incoming SMS, voice calls, and message/call/recording status callbacks. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB * feat: self-integrate twilio into README and providers.yaml Adds the Twilio row to the Provider Skills table in README.md and a providers.yaml entry (docs URLs, notes, testScenario) so the "Validate New Provider" CI workflow finds the integration files. The integrations were previously only on the prep branch (PR #40); moving them onto each feat PR makes the 12 generated PRs independently mergeable in any order. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB * chore(twilio): normalize Hookdeck CLI to `npx hookdeck-cli` with source arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB --------- Co-authored-by: Claude <noreply@anthropic.com>
Merged
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two related infrastructure tweaks for skill development:
1.
IS_SANDBOX=1for the generator under rootAdds a "Running the Generator in Sandboxed Environments" section to
AGENTS.mddocumenting theIS_SANDBOX=1env var needed when running./scripts/generate-skills.shfrom a sandboxed agent environment (Claude Code on the web, Docker containers, etc.). The CLI refuses--dangerously-skip-permissionsunder root unlessIS_SANDBOX=1is set in the parent env (it's inherited by the spawned subprocesses).Also reminds operators to pass
--model claude-opus-4-7explicitly because the adapter's pinned default is stale.2. Hookdeck CLI invocation:
npx hookdeck-cli listen <port> <source> --path /webhooks/<source>Rewrites the AGENTS.md "Local Development" section as normative guidance, and mirrors the rule into
scripts/skill-generator/prompts/generate-skill.mdso the generator emits the right form every time.Two reasons for the switch from
hookdeck listen ...(with implicit global install) tonpx hookdeck-cli listen ...:npm i -g hookdeck-clireads as Hookdeck self-promotion.npxis one paste-and-run line.[source]positional is required syntactically — omitting it makes the command fall into an interactive prompt, so explicit commands match what users actually paste.The 12 newly-generated skills (PRs #41–#52) and the existing 19 will be normalized to match in follow-up changes.
Previous scope (now removed)
This branch originally also bundled
README.mdandproviders.yamlentries for 12 new providers. Those have been split into the per-provider feat PRs so each can be reviewed and merged independently:Related: issue #53 (intermittent worktree file-placement bug in the generator).
Test plan
generate-skill.mdnpx hookdeck-cli listen <port> <source> --path /webhooks/<source>exactlyhttps://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB