Merged
Conversation
- Add src/utils/signature.js with Stripe, Shopify, GitHub, Slack, and custom provider support - Add src/utils/alerting.js with Slack and Discord notification support - Update input_schema.json with signatureVerification and alerts configuration - Add comprehensive tests: signature.test.js (18 tests), alerting.test.js (15 tests) - All 207 tests pass
- Add signature verification after event creation in middleware - Add alerting trigger in background tasks - Update WebhookEvent typedef with signatureValid, signatureProvider, signatureError fields - All 207 tests pass
- Add fs.watch for instant INPUT.json hot-reload in local development - Implement debouncing (100ms) to handle rapid file changes - Create shared handleHotReload() function for both fs.watch and polling - Add fileWatcherAbortController cleanup in shutdown - Simplify polling interval to use shared handler - All 207 tests pass
- Add request ID middleware (generates unique IDs, respects X-Request-ID) - Add X-Request-ID to all responses for tracing - Add Content-Security-Policy headers to dashboard - Add X-Content-Type-Options, X-Frame-Options, Referrer-Policy headers - Include requestId in WebhookEvent for log correlation - All 207 tests pass
- Add tests for request ID header generation and passthrough - Add tests for CSP headers on dashboard - Add tests for X-Frame-Options, X-Content-Type-Options, Referrer-Policy - All 215 tests pass (28 test suites)
- Add startTime, endTime query params for timestamp range filtering - Add signatureValid query param to filter by signature verification status - Add requestId query param for log correlation/tracing - All 215 tests pass
- Create src/routes/ directory with 6 modules: - utils.js (escapeHtml, asyncHandler) - logs.js (createLogsHandler) - info.js (createInfoHandler) - stream.js (createLogStreamHandler) - replay.js (createReplayHandler) - index.js (exports) - Replace inline route handlers with modular handlers - main.js reduced from 1023 to 693 lines (-330 lines, 32%) - All 215 tests pass
- Create src/middleware/ directory with 4 modules: - auth.js (createAuthMiddleware) - security.js (createRequestIdMiddleware, createCspMiddleware) - error.js (createErrorHandler) - index.js (exports) - Add createBroadcaster to routes/utils.js - Add createDashboardHandler, preloadTemplate to routes/dashboard.js - Replace inline implementations with modular factory calls - main.js reduced from 1023 to 544 lines (-47%) - All 215 tests pass
…anagement - Refactor to class - Extract logic from to - Create class () to centralize runtime configuration and updates - Extract to - Update to orchestrate new classes via dependency injection - Add typedef for stricter type safety
- **Architecture**: Modularized monolithic main.js into dedicated routes (logs, dashboard, replay) and middleware (auth, security, parsing). - **Security**: Implemented SSRF protection, Data Masking, Rate Limiting, and strict Security Headers. - **Testing**: Achieved 100% test coverage with 350+ tests covering unit, integration, stress, and edge cases. - **Features**: Added Hot-Reloading for configuration, Smart Replay with backoff, and Retention policy automation. - **Type Safety**: Enforced strict JSDoc typing across the entire codebase.
- Refactored webhook_manager, integration_lifecycle, and ssrf tests to use setupCommonMocks - Removed residual console logs in tests - Enforced strict mock usage standards
- Added database indices for requestId, remoteIp, size, requestUrl - Added requestUrl filtering and multi-sort support - Refactored LogRepository and SyncService to classes - Optimized Hot Reload with debounce and disable flag - Standardized pagination limits - Fixed API test cleanup and RateLimiter restoration
…iter` middleware JSDoc typing with a `RequestHandler` typedef.
BREAKING CHANGE: All console.log/warn/error calls replaced with structured Pino logger
## New Features
- Structured JSON logging with Pino for production observability
- Component-specific child loggers with context ({ component: "Name" })
- Consistent error serialization via serializeError() utility
- Sensitive data redaction (passwords, tokens, API keys)
- Configurable log levels via LOG_LEVEL environment variable
- Human-readable pretty-printing via PRETTY_LOGS=true for development
## New Files
- src/utils/logger.js: Logger factory and error serialization
- src/utils/webhook_rate_limiter.js: High-throughput rate limiting (10K/min)
- src/utils/storage_helper.js: KVS offload markers for large payloads
- src/routes/health.js, src/routes/system.js: Separated health endpoints
- docs/api-reference.md: Comprehensive API documentation
- docs/roadmap/: Future feature planning documents
## Refactored Files (23 total)
- main.js, webhook_manager.js, logger_middleware.js
- services/ForwardingService.js, services/SyncService.js
- middleware/error.js
- routes/dashboard.js, routes/replay.js, routes/stream.js, routes/utils.js
- utils/rate_limiter.js, utils/hot_reload_manager.js, utils/app_state.js
- utils/bootstrap.js, utils/alerting.js, utils/auth.js, utils/ssrf.js
- utils/config.js, utils/webhook_rate_limiter.js
- db/duckdb.js
## Test Updates
- Enhanced mock-setup.js with logger mock support
- New webhook_rate_limiter.test.js
- New cleanup.test.js, large_payload.test.js, log_payload.test.js
…nd Webhook Analytics roadmaps, and introduce a new roadmap for programmable responses and mock service virtualization.
- resolve mock setup circular dependencies - replace unstable fake timers in forwarding tests - relax log optimization test constraints - update CHANGELOG.md
- Fix: Serialized DuckDB teardown in to prevent tuple conflicts - Fix: Resolved mock pollution in and tests - Fix: Optimized dataset size to prevent timeouts - Feat: Added unit tests for , , - Chore: Updated with 3.0.2 release notes
- Fix SyncService recursion logic in tests - Resolve ReplayRoute mock configuration errors - Fix MiddlewareSuite read-only property assignment - Centralize LogRepository and Event mocks - Achieve 100% test pass rate (61 suites)
- Improved: Eliminated setTimeout usage in favor of robust utilities - Improved: Consolidated JSDoc types in shared-mocks.js - Improved: Simplified assertions for better readability (DRY) - Fixed: Resolved flakiness in SSE integration tests - Fixed: Removed redundancy and code cruft (zero TODOs) - Verified: 100% pass rate across 61 test suites
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 123 out of 286 changed files in this pull request and generated 5 comments.
Comments suppressed due to low confidence (1)
demo_cli.js:1
- The
setTimeout(async () => { ... })callbacks return promises that are not awaited/handled; if eitheraxios.postrejects, it can trigger unhandled promise rejections and crash the demo process. Wrap the body intry/catch(or append.catch(...)) inside each timeout callback to handle failures deterministically.
import "./src/utils/load_env.js";
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…Forwarded-Proto header fix(css): enhance focus-visible styles for unauthorized links refactor(docs): streamline mock rules evaluation steps in roadmap chore: update .lycheeignore patterns for improved matching
Contributor
|
Important Review skippedToo many files! This PR contains 278 files, which is 128 over the limit of 150. ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (9)
📒 Files selected for processing (278)
You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 123 out of 286 changed files in this pull request and generated 6 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 122 out of 285 changed files in this pull request and generated 10 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 122 out of 285 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 121 out of 285 changed files in this pull request and generated 5 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 121 out of 287 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 121 out of 287 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR brings the
release/v3.0.0branch into main and packages the current branch milestone for release.Summary of included work:
No related issue is being closed by this PR.
Type of change
If you selected "Breaking change", please describe the impact and migration path below:
This lands the v3.0.0 milestone and updates the published release contract and metadata.
Consumers should review the release notes and published API/docs before promotion to production.
Checklist