[COORD-001] Set up webhook receiver endpoint #157

New Issue

Closed

opened 2026-01-31 21:27:44 +00:00 by jason.woltje · 0 comments

jason.woltje commented 2026-01-31 21:27:44 +00:00

Owner

Copy Link

Objective

Implement FastAPI webhook receiver that handles Gitea issue assignment events.

Implementation Details

1. Create FastAPI application with /webhook/gitea endpoint
2. Implement signature verification (HMAC SHA256)
3. Route events: assigned, unassigned, closed
4. Add logging for all webhook events
5. Return 401 for invalid signatures
6. Return 200 for valid events

Context Estimate

• Files to modify: 4 (main.py, webhook.py, security.py, config.py)
• Implementation complexity: medium (20000 tokens)
• Test requirements: medium (10000 tokens)
• Documentation: medium (3000 tokens)
• Total estimated: 52000 tokens
• Recommended agent: glm

Difficulty

medium

Dependencies

• Blocked by: #156 (COORD-000 - needs bot user created)
• Blocks: COORD-002 (parser needs webhook to fire)

Acceptance Criteria

• FastAPI endpoint /webhook/gitea responds to POST
• Signature verification rejects invalid requests
• Event routing works for assigned/unassigned/closed
• All events logged with timestamp, issue number, action
• 85% test coverage (unit tests for each event type)
• Docker container runs webhook receiver
• Health check endpoint /health returns 200

Testing Requirements

• Unit tests for signature verification
• Unit tests for each event handler
• Integration test with mock Gitea webhook
• Security test: Invalid signature → 401
• Manual test: Send test webhook from Gitea

## Objective Implement FastAPI webhook receiver that handles Gitea issue assignment events. ## Implementation Details 1. Create FastAPI application with /webhook/gitea endpoint 2. Implement signature verification (HMAC SHA256) 3. Route events: assigned, unassigned, closed 4. Add logging for all webhook events 5. Return 401 for invalid signatures 6. Return 200 for valid events ## Context Estimate - Files to modify: 4 (main.py, webhook.py, security.py, config.py) - Implementation complexity: medium (20000 tokens) - Test requirements: medium (10000 tokens) - Documentation: medium (3000 tokens) - **Total estimated: 52000 tokens** - **Recommended agent: glm** ## Difficulty medium ## Dependencies - Blocked by: #156 (COORD-000 - needs bot user created) - Blocks: COORD-002 (parser needs webhook to fire) ## Acceptance Criteria - [ ] FastAPI endpoint /webhook/gitea responds to POST - [ ] Signature verification rejects invalid requests - [ ] Event routing works for assigned/unassigned/closed - [ ] All events logged with timestamp, issue number, action - [ ] 85% test coverage (unit tests for each event type) - [ ] Docker container runs webhook receiver - [ ] Health check endpoint /health returns 200 ## Testing Requirements - Unit tests for signature verification - Unit tests for each event handler - Integration test with mock Gitea webhook - Security test: Invalid signature → 401 - Manual test: Send test webhook from Gitea

jason.woltje added the p0apiapi labels 2026-01-31 21:27:44 +00:00

jason.woltje referenced this issue 2026-01-31 21:27:55 +00:00

[COORD-002] Implement issue parser agent #158

jason.woltje added this to the M4.1-Coordinator (0.0.4) milestone 2026-01-31 21:28:42 +00:00

jason.woltje referenced this issue from a commit 2026-02-01 23:34:56 +00:00

feat(#156): Create coordinator bot user documentation and setup scripts

jason.woltje closed this issue 2026-02-01 23:44:08 +00:00

jason.woltje referenced this issue from a commit 2026-02-02 00:10:25 +00:00

feat(#157): Set up webhook receiver endpoint

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/orchestrator-widget-endpoints

fix/dashboard-widget-mock-data

fix/ci-glibc-image

fix/dockerfile-npmrc

fix/matrix-native-binary

fix/kaniko-cache

fix/base-image-kaniko-v2

fix/base-image-kaniko

feat/custom-base-image

ci/pnpm-cache

fix/interceptor-tests

fix/kanban-tests

feat/wire-chat

feat/usage-widget

fix/security-hardening

fix/project-domain-v2

feat/kanban-add-task

fix/project-domain-attach

fix/logs-page-clean

fix/workspace-members

fix/ci-lint-632

fix/file-manager-tags

fix/csrf-debug-log

fix/controller-type-imports

fix/system-admin-env

fix/gateway-cors-trusted-origins

feat/project-detail-page

fix/fleet-provider-form-dto-v2

fix/ms22-audit

fix/orchestrator-widgets

fix/fleet-provider-form-dto

fix/csrf-bearer-bypass

fix/ms22-missing-authmodule-imports

fix/container-lifecycle-config-module

fix/swarm-compose-ms22-vars

chore/ms22-p1-complete

feat/ms22-p1h-settings-ui

feat/ms22-p1f-onboarding-ui

feat/ms22-p1i-chat-proxy

feat/ms22-p1k-idle-reaper

feat/ms22-p1j-docker

feat/ms22-p1e-onboarding-api

feat/ms22-p1g-settings-api

feat/ms22-p1d-container-mgr

feat/ms22-p1c-config-api

chore/ms22-prd-tracking

feat/ms22-p1a-schema

feat/ms22-p1b-crypto

chore/ms22-p1-tasks

docs/ms22-architecture

feat/ms22-openclaw-docker

feat/ms22-openclaw-gateway-module

chore/ms21-complete

chore/ms21-final-tasks-done

fix/ms21-ui-001-qa

test/ms21-ui-tests

chore/ms21-tasks-sync

chore/ms22-phase0-complete

feat/ms22-ingest-clean

feat/ms21-ui-users-members

feat/ms22-task-agent

chore/tasks-final

chore/tasks-update

feat/ms21-session-invalidation

feat/ms21-rbac-settings

feat/ms21-teams-page

feat/ms21-users-page

feat/ms19-terminal-persistence

v0.0.21

v0.20.0

v0.0.15

v0.0.2

Labels

Clear labels

ai

AI/LLM integration

api

Backend/API work

api

auth

Authentication

database

database

Database/schema work

devops

Docker/deployment

docs

Documentation

frontend

graph

knowledge-module

migration

Data migration

orchestrator

Orchestrator service (apps/orchestrator/)

p0

Critical priority

p1

High priority

p2

Medium priority

p3

Low priority

performance

Performance work

phase-1

phase-2

phase-3

phase-4

phase-5

plugin

MoltBot plugin work

search

security

Security-related

setup

Initial setup

testing

Testing/QA

web

Frontend work

No Label api api p0

Milestone

No items

No Milestone M4.1-Coordinator (0.0.4)

Projects

Clear projects

No project

Assignees

Clear assignees

jason.woltje

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: mosaic/stack#157