feat(server): add outgoing webhook notifications for resource changes

[pilartomas]

Summary

• Add fire-and-forget outgoing webhooks for resource CUD notifications
• Webhook endpoints configured statically via Helm chart values (no CRUD API)
• Payloads contain only event type, resource type, resource ID, resource URL, and user ID (no resource data for security)
• Headers are fully configurable per endpoint (e.g. Authorization, custom headers) — no hardcoded header logic
• Event pattern matching supports *, provider.*, and exact provider.created
• Shared httpx.AsyncClient for connection pooling across webhook deliveries
• Concise log messages for common HTTP failures (timeout, connection refused, HTTP errors); full tracebacks only for unexpected exceptions

Webhook payload

{
  "event": "provider.created",
  "resource_type": "provider",
  "resource_id": "550e8400-e29b-41d4-a716-446655440000",
  "resource_url": "/api/v1/providers/550e8400-e29b-41d4-a716-446655440000",
  "user_id": "660e8400-e29b-41d4-a716-446655440000",
  "timestamp": "2026-03-26T12:00:00Z"
}

Helm configuration

webhook:
  endpoints:
    - url: "https://example.com/webhook"
      headers:
        Authorization: "Bearer my-secret-token"
      events: ["*"]

Test plan

• Configure webhook endpoint and verify POST delivery on resource create/update/delete
• Verify configured headers are sent in requests
• Verify event pattern filtering works (*, provider.*, exact match)
• Verify server is not blocked by slow/failing webhook endpoints (fire-and-forget)
• Verify connection pooling (shared client lifecycle tied to app lifespan)
• Helm lint and render pass

closes #2454

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a new feature to the server that enables event-driven notifications via outgoing webhooks. It allows external systems to subscribe to changes in various resources (like providers, contexts, files, and users) by receiving lightweight, secure payloads. The implementation focuses on a fire-and-forget mechanism to ensure the server's performance is not impacted by slow or failing webhook deliveries, and provides a robust configuration method through Helm.

Highlights

• Outgoing Webhooks: Implemented fire-and-forget outgoing webhooks to send notifications for resource Create, Update, and Delete (CUD) events.
• Static Configuration: Webhook endpoints are configured statically via Helm chart values, without a dedicated CRUD API for management.
• Secure Payloads: Webhook payloads are designed for security, containing only event type, resource type, resource ID, resource URL, and user ID, without sensitive resource data.
• Authentication: Each webhook endpoint is authenticated using a Bearer token secret.
• Event Pattern Matching: The system supports flexible event pattern matching, including wildcards like * for all events, provider.* for specific resource types, and exact event names like provider.created.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new webhook system, enabling the application to dispatch events for various resource lifecycle changes (create, update, delete) to configured external endpoints. This involves defining new configuration models for webhooks, implementing a dispatch_webhook_event utility, and integrating this dispatch mechanism across numerous service layer operations for resources such as configurations, connectors, contexts, files, model providers, provider builds, providers, user feedback, users, and vector stores. The deployment is also updated to support webhook configuration via Helm. Feedback includes ensuring the resource_id for configuration.updated events is semantically accurate by using configuration.id instead of user.id, and populating the user_id argument in the provider_build.updated webhook event from provider_build.created_by for consistency.