Cs 10217 trigger command on webhook event

[richardhjtan]

• Use command runner from headless chrome to run command when filter is matched
• Introduce github event card def, this can be use as data source for submission card to query the events of a PR
• Introduce process github event command to create github event card

[richardhjtan]

Added doNotWaitForPersist option for save card command, this avoid timeout issue when running the command in headless chrome

[github-actions]

Preview deployments

• Host staging preview
• Host production preview

[github-actions]

Host Test Results

    1 files  ±0      1 suites  ±0   1h 33m 46s ⏱️ - 2m 43s
1 871 tests ±0  1 854 ✅  - 1  15 💤 ±0  0 ❌ ±0  2 🔥 +1 
1 886 runs  ±0  1 867 ✅  - 2  15 💤 ±0  2 ❌ +1  2 🔥 +1 

For more details on these errors, see this check.

Results for commit d08e7f7. ± Comparison against base commit 36bd710.

♻️ This comment has been updated with latest results.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d08e7f78c8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[Copilot]

Pull request overview

This pull request implements webhook command execution functionality to automatically run commands when GitHub webhook events are received. It introduces a GitHub event card definition for storing webhook event data, adds a command to process GitHub events, and includes comprehensive test coverage for the new functionality.

Changes:

• Add webhook command execution with filtering support (event type, PR number)
• Introduce GitHub event card for storing webhook events as data
• Update session room queries to support world-readable realms
• Add webhook management methods to realm server service

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
packages/realm-server/handlers/handle-webhook-receiver.ts	Implements command execution logic with event filtering and queuing
packages/runtime-common/db-queries/session-room-queries.ts	Modifies query to include users with world-readable realm access
packages/realm-server/tests/server-endpoints/webhook-receiver-test.ts	Adds comprehensive tests for webhook command execution and filtering
packages/matrix/scripts/register-github-webhook.ts	New script for registering GitHub webhooks with event filtering
packages/host/app/services/realm-server.ts	Adds webhook management API methods (list, create)
packages/host/app/commands/save-card.ts	Adds support for non-blocking card persistence
packages/host/app/commands/bot-requests/create-listing-pr-request.ts	Integrates webhook registration into PR creation flow
packages/catalog-realm/github-event/github-event.gts	New card definition for storing GitHub webhook events
packages/catalog-realm/commands/process-github-event.gts	New command to process GitHub webhook events and create event cards
packages/base/commands/search-card-result.gts	Adds queryableValue implementation for JsonField
packages/base/command.gts	Adds doNotWaitForPersist field to SaveCardInput
packages/host/app/commands/create-listing-pr.ts	Minor comment update

Comments suppressed due to low confidence (2)

packages/realm-server/handlers/handle-webhook-receiver.ts:166

• Inconsistent logging approach: The code uses console.warn and console.error directly, while other handlers in the codebase use the logger utility from @cardstack/runtime-common. For consistency and better log management (including proper log levels and module identification), consider using the logger utility: const log = logger('webhook-receiver'); and then log.warn(...) and log.error(...).

      console.warn('Failed to parse webhook payload for filtering');
    }

    let eventType = ctxt.req.headers['x-github-event'] as string | undefined;

    let executedCommands = 0;
    for (let commandRow of commandRows) {
      let commandFilter = commandRow.command_filter as Record<
        string,
        any
      > | null;

      // Apply filter if specified
      if (commandFilter) {
        // Check if event type matches filter
        if (commandFilter.eventType && commandFilter.eventType !== eventType) {
          continue;
        }

        // Check if PR number matches filter (for pull_request events)
        if (
          commandFilter.prNumber &&
          payload.pull_request?.number !== commandFilter.prNumber
        ) {
          continue;
        }

        // Additional filter checks can be added here as needed
      }

      let commandURL = commandRow.command as string;
      let submissionRealmUrl =
        (commandFilter?.submissionRealmUrl as string | undefined) ??
        new URL('/submissions/', commandURL).href;

      // Run as the realm owner so they have write permissions in the submission realm
      let realmOwnerRows = await query(dbAdapter, [
        `SELECT username FROM realm_user_permissions WHERE realm_url = `,
        param(submissionRealmUrl),
        ` AND realm_owner = true LIMIT 1`,
      ]);
      let runAs =
        (realmOwnerRows[0]?.username as string | undefined) ??
        (webhook.username as string);

      let commandInput = {
        eventType: eventType ?? '',
        submissionRealmUrl,
        payload,
      };

      try {
        await enqueueRunCommandJob(
          {
            realmURL: submissionRealmUrl,
            realmUsername: runAs,
            runAs,
            command: commandURL,
            commandInput,
          },
          queue,
          dbAdapter,
          userInitiatedPriority,
        );
        executedCommands++;
      } catch (error) {
        console.error(
          `Failed to enqueue webhook command ${commandURL}:`,
          error,
        );

packages/matrix/scripts/register-github-webhook.ts:20

• Header name case mismatch: The script uses lowercase 'x-hub-signature-256' in the webhook configuration, but the tests use 'X-Hub-Signature-256' with proper capitalization. While the handler correctly normalizes headers to lowercase when reading (line 213), this inconsistency could cause confusion. Consider using the canonical capitalization 'X-Hub-Signature-256' consistently in both places, as this is the standard format used by GitHub webhooks.

    header: 'x-hub-signature-256',

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The import paths for services are incorrect. Since this file is in the bot-requests subdirectory, the imports should use '../../services/' instead of '../services/'. The correct paths should be:

• import type MatrixService from '../../services/matrix-service';
• import type RealmServerService from '../../services/realm-server';
• import type StoreService from '../../services/store';

This pattern is correctly used in send-bot-trigger-event.ts in the same directory.

Suggested change

	import type MatrixService from '../services/matrix-service';
	import type RealmServerService from '../services/realm-server';
	import type StoreService from '../services/store';
	import type MatrixService from '../../services/matrix-service';
	import type RealmServerService from '../../services/realm-server';
	import type StoreService from '../../services/store';

[Copilot]

The database query to fetch realm owner is not wrapped in a try-catch block, but it's inside a loop that processes webhook commands. If this query fails for any reason (e.g., database connection issues), it will cause the entire webhook request to fail with an unhandled exception, potentially losing valid webhook events. Consider wrapping this query in a try-catch block and logging the error while continuing to process other commands, or handle the error gracefully by skipping this specific command.

Suggested change

	let realmOwnerRows = await query(dbAdapter, [
	`SELECT username FROM realm_user_permissions WHERE realm_url = `,
	param(submissionRealmUrl),
	` AND realm_owner = true LIMIT 1`,
	]);
	let runAs =
	(realmOwnerRows[0]?.username as string | undefined) ??
	(webhook.username as string);
	let runAs = webhook.username as string;
	try {
	let realmOwnerRows = await query(dbAdapter, [
	`SELECT username FROM realm_user_permissions WHERE realm_url = `,
	param(submissionRealmUrl),
	` AND realm_owner = true LIMIT 1`,
	]);
	if (realmOwnerRows[0]?.username) {
	runAs = realmOwnerRows[0].username as string;
	}
	} catch (error) {
	console.error(
	`Failed to fetch realm owner for submission realm ${submissionRealmUrl}:`,
	error,
	);
	}

[Copilot]

The refactored query logic appears to have a potential issue. When a realm is world-readable (username = '*' with read = true), the query will return ALL users with session rooms, not just those who should have access to this specific realm. The OR EXISTS clause for world-readable realms doesn't restrict which users are returned - it just checks if such a permission exists for the realm, and if it does, all users in the WHERE clause match.

This could expose session room information for users who shouldn't have access to this realm. The original JOIN-based approach correctly filtered users to only those with explicit permissions for this realm. Consider revising the logic to ensure that world-readable access doesn't inadvertently expose all user session rooms.

[lukemelia]

This needs some work. See comments.

[lukemelia]

Why are we doing this? It seems problematic -- i.e. what if saving fails?

[richardhjtan]

Agree, reverted this

[lukemelia]

This is not a robust way to lookup the webhook. Other webhooks could use this verification type as well couldn't they?

[lukemelia]

Probably should go ahead and do the above TODO now

[lukemelia]

This seems awkwardly specific for the realm-server service. Can we define it somewhere else?

[lukemelia]

why was this necessary?

[richardhjtan]

@lukemelia This is to fix this card error

[lukemelia]

The command filter should specify a type along with its configuration and we should use the type to look up a code block somewhere that has this specific logic of comparing the payload with the filter configuration. The logic should not be in line within this handle-webhook-receiver.

[lukemelia]

This logic of assembling the command input also should not be in line here. It needs to be abstracted in some way. The idea is that this route handler should handle any webhook in the system, not just the github webhook.

[lukemelia]

This shouldn't be fixed. It should be based on something from the database.

[lukemelia]

Did you check other consumers of this method to see if there are any unintended consequences of this change?

[richardhjtan]

There are no tests about this, I have conducted a test to demonstrate different scenarios to understand and avoid unintentional behaviour

[richardhjtan]

Close this PR due to the base branch PR being closed and split into several PRs.

The feedback changes and newer approach are addressed in #4098

cc: @lukemelia @tintinthong