@webhookengine/endpoint-manager v0.1.0

@webhookengine/endpoint-manager v0.1.0

Initial public release of the embeddable customer portal React component for WebhookEngine. Pairs with engine v0.2.0+ (which exposes the /api/v1/portal/* route group). ESM-only, peer deps react ^19 and react-dom ^19, zero runtime dependencies, ~14.2 KB gz JS + ~4.3 KB gz CSS.

Features / Fixes / Changes

Added

• <EndpointManager />: the headline embeddable React component. Wraps a self-contained portal that authenticates against a host SaaS-minted HS256 JWT and serves a customer-facing endpoint management UI. Props: baseUrl, token, appId, capabilities, theme, className, onError, onUnauthorized.
• <EndpointList />: paginated table of endpoints with status badges, capability-gated [+ New endpoint] plus per-row Edit / Enable / Disable / Delete / Test / Attempts actions.
• <EndpointEditor />: modal-style overlay for create + edit. URL (HTTPS), description, custom headers (key/value editor), event-type filter, secret override (whsec_ prefix + 32+ char client-side check). Server validation fieldErrors route to per-field inline messages. Field narrowing enforced at the DTO level — transformExpression / transformEnabled / allowedIpsJson are silently dropped on write.
• <EndpointTester />: modal opened from the Test row action. JSON payload validation on blur, color-coded response panel (status + latency + body, collapsed if >500 chars), collapsible signed-request preview showing the URL + headers (webhook-id / webhook-timestamp / webhook-signature) + body the receiver actually HMAC-verifies.
• <AttemptList />: modal opened from the Attempts row action. Paginated delivery history with relative + absolute timestamps, success / failure status badges, HTTP code, latency, expandable response excerpts.
• createPortalClient(): fetch wrapper, zero runtime dependencies. Bearer auth, ApiEnvelope unwrap, 4xx/5xx → PortalError with code + status + fieldErrors, 401 hooks onUnauthorized for token re-mint flows. Methods: listEndpoints, getEndpoint, createEndpoint, updateEndpoint, deleteEndpoint, enableEndpoint, disableEndpoint, testEndpoint, listAttempts, listEventTypes.
• PortalCapability union and full TypeScript types for PortalAppState, PortalEndpointSummary, PortalEndpointDetail, PortalAttempt, PortalTestResult, PortalListResult<T>, PortalError, PortalClientOptions, EndpointManagerProps.
• Tailwind 4 internal compile pipeline: dist/style.css ships pre-compiled with the package. The @theme block defines --color-whe-* tokens (background, text, border, accent, success, danger, warning) — consumers override at :root or .whe-portal scope to re-theme without touching component code.
• 42-test vitest suite covering the client contract, capability gating, field-narrowing, JSON validation, secret-override entropy floor, signed-request preview, status badge color-coding, and pagination boundaries.
• samples/portal-host/ reference app in the engine repo demonstrating consumer integration: Vite + mocked fetch + browser-side JWT mint (DEMO ONLY — production minting belongs on the host SaaS's own backend).

Notes

• Engine compatibility: v0.2.0 or later. Earlier engines lack the /api/v1/portal/* surface.
• JWT requirements: HS256, signed with the per-app PortalSigningKey (rotated from the engine's operator dashboard). Lifetime cap defaults to 15 min on the engine side. The component never sees the signing key — only the bearer token.
• Provenance: Published with sigstore attestation via --provenance.

Links

• npm: https://www.npmjs.com/package/@webhookengine/endpoint-manager/v/0.1.0
• Docs: https://github.com/voyvodka/webhook-engine/blob/main/docs/PORTAL.md
• Sample: https://github.com/voyvodka/webhook-engine/tree/main/samples/portal-host