feat(cli): add the 'clerk webhooks' command group#323
Draft
rafa-thayto wants to merge 28 commits into
Draft
Conversation
…; gate listen deliveries until setup completes
…tdin pipes - delete / secret --rotate / replay --since now run the --yes/prompt gate before resolveAppContext, so agent mode gets the deterministic usage error without a network round-trip (and regardless of key validity) - the implicit piped-stdin --input-json expansion now stands down when a literal '-' is in argv, fixing 'verify --delivery -' / '--payload -' which previously had their stdin consumed and rejected as nested JSON
…li-core/undefined/
🦋 Changeset detectedLatest commit: 9f8329d The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
…he inbox URL Live-relay verified: play.svix.com returns 400 'Invalid token' for unprefixed tokens, and the relay only registers an inbox when the start frame carries the same c_ token. With c_ in both, a POST to the inbox round-trips through the WebSocket and the reply frame is accepted — proven end-to-end against the real relay with no PLAPI involvement. Reverses spec change #12 (recorded as spec change #27).
Contributor
Author
|
!snapshot |
Contributor
Snapshot publishednpm install -g clerk@2.0.1-snapshot.9f8329d
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds the full
clerk webhookscommand group (13 commands) per the final spec: CRUD, delivery inspection, local forwarding via the Svix relay, replay, offline signature verification, and portal open.list,get,create,update,delete,secret [--rotate],event-types,messageslisten(Svix relay WebSocket, persistent per-instance endpoint, HMAC verification, local forwarding with per-delivery diagnostics),trigger(validates event type first),replay(single message or bulk--since [--until]recovery)verify— pure HMAC-SHA256 check, no auth gate, consumeslistenNDJSON event lines via--delivery @file|-ERROR_CODEentries, per-instancerelayconfig, typed PLAPI functions for the 13 new routes (--iterator→starting_afterwire translation), group-level--app/--instance/--jsonwith an authpreActionhook that exemptsverifyAgent contract: bare domain JSON on stdout via
log.data(), structured{"error":{code,…}}on stderr, exit codes 0/1/2/130, NDJSON forlisten. Destructive commands (delete,secret --rotate,replay --since) prompt in human mode and require--yesin agent mode — validated before any network call.Notable fixes that came out of the verification passes:
triggervalidates the event type before endpoint resolution so agents always getunknown_event_typelistengates delivery processing until the signing secret is fetched (no false verification warnings during startup)--input-jsonexpansion stands down when a literal-is in argv, unblockingverify --delivery -pipesThe 13 PLAPI routes are being built in parallel in clerk_go; unit tests mock the PLAPI layer.
Test plan
bun run format/lint/typecheckcleanbun run test— 1846 tests pass (187 in the webhooks group)CLERK_MODE=agent, isolatedCLERK_CONFIG_DIR): verify success/mismatch/usage errors, stdin pipes, fail-fast--yesgates, structured API/auth error shapes