Skip to content

improvement(hitl): add webhook notification and resume, add webhook block #2673

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Sg312 merged 9 commits into from
Jan 6, 2026
Merged

improvement(hitl): add webhook notification and resume, add webhook block #2673

Sg312 merged 9 commits into from
Jan 6, 2026

Conversation

@Sg312
Copy link
Contributor

@Sg312 Sg312 commented Jan 3, 2026

Summary

Adds webhook block and webhook resume functionality to hitl block

Type of Change

  • New feature

Testing

Manual

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@vercel
Copy link

vercel bot commented Jan 3, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Review Updated (UTC)
docs Skipped Skipped Jan 3, 2026 10:25pm

@Sg312 Sg312 changed the base branch from main to staging January 3, 2026 22:21
@Sg312 Sg312 force-pushed the improvement/hitl-resume branch from 87d8a79 to 90e8db1 Compare January 3, 2026 22:25
@greptile-apps
Copy link
Contributor

greptile-apps bot commented Jan 3, 2026

Greptile Summary

  • Adds a new webhook request block and tool to send HTTP requests with HMAC-SHA256 signing and standard webhook headers
  • Enhances the human-in-the-loop block to expose resumeEndpoint API URLs alongside existing UI URLs for programmatic workflow resumption
  • Updates the resume page client with modernized styling using CSS variables and improved block identification using optional blockId fields

Important Files Changed

Filename Overview
tools/http/webhook_request.ts New webhook tool with HMAC signature generation and webhook-specific headers; requires review for security implementation
blocks/blocks/webhook_request.ts New webhook request block configuration with AI-powered payload generation and comprehensive webhook functionality
app/api/resume/[workflowId]/[executionId]/[contextId]/route.ts Modified resume API endpoint to allow dashboard access without deployment validation; check authentication logic
executor/handlers/human-in-the-loop/human-in-the-loop-handler.ts Exposes resume API endpoints in HITL block outputs for webhook-based resumption; verify proper endpoint exposure

Confidence score: 4/5

  • This PR introduces significant new webhook functionality with proper integration across the codebase but requires careful security review
  • Score reflects well-structured implementation following established patterns, but deducted one point due to authentication bypass logic in resume endpoints and HMAC security implementation that needs verification
  • Pay close attention to the webhook tool's HMAC signature generation and the resume API's authentication bypass logic for dashboard access

Sequence Diagram

sequenceDiagram
    participant User
    participant HumanInTheLoopBlock
    participant NotificationTools
    participant WebhookRequest
    participant Database
    participant ResumeAPI
    participant PauseResumeManager

    User->>HumanInTheLoopBlock: Execute workflow with HITL block
    HumanInTheLoopBlock->>Database: Generate pause context and persist execution
    HumanInTheLoopBlock->>HumanInTheLoopBlock: Generate resume URLs (UI and API)
    HumanInTheLoopBlock->>NotificationTools: Execute notification tools with resume links
    NotificationTools->>WebhookRequest: Send webhook with resume endpoint
    WebhookRequest->>External Service: POST webhook payload with signature
    External Service-->>WebhookRequest: Acknowledge webhook
    HumanInTheLoopBlock-->>User: Return pause response with resume URLs

    User->>ResumeAPI: POST resume with input data
    ResumeAPI->>Database: Validate workflow access and pause context
    ResumeAPI->>PauseResumeManager: Enqueue or start resume execution
    PauseResumeManager->>Database: Update pause status to resuming
    PauseResumeManager->>PauseResumeManager: Execute workflow from pause point
    PauseResumeManager->>Database: Update execution status to completed
    PauseResumeManager-->>ResumeAPI: Return execution result
    ResumeAPI-->>User: Return resume confirmation
Loading

greptile-apps[bot]
greptile-apps bot reviewed Jan 3, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

16 files reviewed, 5 comments

Edit Code Review Agent Settings | Greptile

apps/sim/tools/http/types.ts

export interface WebhookRequestParams {
url: string
body?: any
Copy link
Contributor

@greptile-apps greptile-apps bot Jan 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: Consider using unknown instead of any for better type safety

Suggested change
body?: any
body?: unknown

Context Used: Context from dashboard - TypeScript conventions and type safety (source)

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Prompt To Fix With AI 
This is a comment left during a code review.
Path: apps/sim/tools/http/types.ts
Line: 23:23

Comment:
**style:** Consider using `unknown` instead of `any` for better type safety

```suggestion
  body?: unknown
```

**Context Used:** Context from `dashboard` - TypeScript conventions and type safety ([source](https://app.greptile.com/review/custom-context?memory=b4f0be8d-a787-4d5a-9098-a66b1449df25))

<sub>Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!</sub>

How can I resolve this? If you propose a fix, please make it concise.

apps/sim/app/api/resume/[workflowId]/[executionId]/[contextId]/route.ts
const workflow = access.workflow!
const workflow = access.workflow

let payload: any = {}
Copy link
Contributor

@greptile-apps greptile-apps bot Jan 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: Consider using unknown instead of any for better type safety

Suggested change
let payload: any = {}
let payload: unknown = {}

Context Used: Context from dashboard - TypeScript conventions and type safety (source)

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Prompt To Fix With AI 
This is a comment left during a code review.
Path: apps/sim/app/api/resume/[workflowId]/[executionId]/[contextId]/route.ts
Line: 32:32

Comment:
**style:** Consider using `unknown` instead of `any` for better type safety

```suggestion
  let payload: unknown = {}
```

**Context Used:** Context from `dashboard` - TypeScript conventions and type safety ([source](https://app.greptile.com/review/custom-context?memory=b4f0be8d-a787-4d5a-9098-a66b1449df25))

<sub>Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!</sub>

How can I resolve this? If you propose a fix, please make it concise.

apps/sim/lib/workflows/blocks/block-outputs.ts
if (!fieldName) continue

hitlOutputs[fieldName] = {
type: (field?.type || 'any') as any,
Copy link
Contributor

@greptile-apps greptile-apps bot Jan 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: Type assertion as any bypasses TypeScript's type checking. Consider defining a proper union type for supported field types instead of using any.

Context Used: Context from dashboard - TypeScript conventions and type safety (source)

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Prompt To Fix With AI 
This is a comment left during a code review.
Path: apps/sim/lib/workflows/blocks/block-outputs.ts
Line: 244:244

Comment:
**style:** Type assertion `as any` bypasses TypeScript's type checking. Consider defining a proper union type for supported field types instead of using `any`.

**Context Used:** Context from `dashboard` - TypeScript conventions and type safety ([source](https://app.greptile.com/review/custom-context?memory=b4f0be8d-a787-4d5a-9098-a66b1449df25))

<sub>Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!</sub>

How can I resolve this? If you propose a fix, please make it concise.

...onents/panel/components/editor/components/sub-block/components/tag-dropdown/tag-dropdown.tsx
Comment on lines +765 to +767
blockTags = isSelfReference
? allTags.filter((tag) => tag.endsWith('.url') || tag.endsWith('.resumeEndpoint'))
: allTags
Copy link
Contributor

@greptile-apps greptile-apps bot Jan 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: Consider extracting the tag filtering logic into a helper function since this pattern is now used for both approval and human_in_the_loop blocks

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Prompt To Fix With AI 
This is a comment left during a code review.
Path: apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tag-dropdown/tag-dropdown.tsx
Line: 765:767

Comment:
**style:** Consider extracting the tag filtering logic into a helper function since this pattern is now used for both approval and human_in_the_loop blocks

<sub>Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!</sub>

How can I resolve this? If you propose a fix, please make it concise.

apps/sim/app/resume/[workflowId]/[executionId]/resume-page-client.tsx
<Label>Pause Data</Label>
</div>
<div style={{ padding: '16px' }}>
<Code.Viewer code={pauseResponsePreview} language='json' />
Copy link
Contributor

@greptile-apps greptile-apps bot Jan 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: using Code.Viewer with dot notation instead of importing from barrel

Context Used: Context from dashboard - Import patterns for the Sim application (source)

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Prompt To Fix With AI 
This is a comment left during a code review.
Path: apps/sim/app/resume/[workflowId]/[executionId]/resume-page-client.tsx
Line: 1161:1161

Comment:
**style:** using Code.Viewer with dot notation instead of importing from barrel

**Context Used:** Context from `dashboard` - Import patterns for the Sim application ([source](https://app.greptile.com/review/custom-context?memory=a1041767-1a8e-44e0-9ec7-7efb79eb749b))

<sub>Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!</sub>

How can I resolve this? If you propose a fix, please make it concise.

@Sg312 Sg312 merged commit 8215a81 into staging Jan 6, 2026
11 checks passed
@waleedlatif1 waleedlatif1 mentioned this pull request Jan 6, 2026
Merged
@waleedlatif1 waleedlatif1 deleted the improvement/hitl-resume branch January 6, 2026 22:39
waleedlatif1 pushed a commit that referenced this pull request Jan 8, 2026
@Sg312 @waleedlatif1
improvement(hitl): add webhook notification and resume, add webhook b…
b29c244 
…lock (#2673)

* Add api blcok as tool

* Add webhook block

* Hitl v1

* Cleanup

* Fix

* Update names for fields in hitl

* Fix hitl tag dropdown

* Update hitl dashboard

* Lint
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Sg312