feat: Adding remaining API v2 endpoints - saved searches & webhooks#2586
feat: Adding remaining API v2 endpoints - saved searches & webhooks#2586jordan-simonovski wants to merge 8 commits into
Conversation
Saved searches and webhooks are the last API endpoints remaining. This frees us up to finalise the tf provider build
🦋 Changeset detectedLatest commit: 783b94e The changes in this PR will be included in the next version bump. This PR includes changesets to release 3 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
🔴 Tier 4 — CriticalTouches auth, data models, config, tasks, OTel pipeline, ClickHouse, or CI/CD. Why this tier:
Review process: Deep review from a domain expert. Synchronous walkthrough may be required. Stats
|
Greptile SummaryThis PR adds full CRUD to two previously read-only (or absent) external API v2 resources: a new
Confidence Score: 5/5Safe to merge. The new endpoints are well team-scoped, write-only secrets are never echoed back on reads, and the concurrent-modification edge case in webhook PUT is handled with a 409 rather than silently proceeding. The implementation is careful throughout: Zod strips unknown keys so team/_id cannot be spoofed in request bodies, sourceId ownership is validated before write, the PUT's destination-change detection prevents secret forwarding, and the cascade-delete ordering leaves the system in a recoverable state on partial failure. Integration tests cover team isolation, duplicate rejection, secret non-exposure, and pagination. The one non-blocking observation (meta.total skew when a malformed webhook exists in the DB) is a documented edge case that requires direct DB corruption to trigger. No files require special attention. Important Files Changed
Reviews (6): Last reviewed commit: "hardening webhooks according to P2 feedb..." | Re-trigger Greptile |
|
review content below |
E2E Test Results✅ All tests passed • 222 passed • 3 skipped • 1536s
Tests ran across 4 shards in parallel. |
Deep Review✅ No critical issues found. Correctness and security both traced the hardened paths — team-scoping on every query, write-only 🟡 P2 — recommended
🔵 P3 nitpicks (6)
Reviewers (12): correctness, testing, maintainability, project-standards, agent-native, learnings-researcher, security, api-contract, reliability, performance, adversarial, kieran-typescript. Testing gaps:
|
Summary
Adds bearer-auth CRUD to the External API v2 for two resources so a provider (clickstack) can manage them programmatically:
Why
The v2 external API previously had no way to manage saved searches at all (/api/v2/search only executes a query), and webhooks were read-only. OSS parity only needs the read-only webhook data source, but the provider integration needs to manage both as first-class resources. The webhook CRUD is specifically what unblocks the clickstack_webhook resource (HDX-4490).
Alerts v2 already had full CRUD, so it's untouched.
What changed
Security / sensitive data
Webhook headers and queryParams are write-only: accepted on create/update but never returned by any read endpoint (externalWebhookSchema omits them), so auth tokens and other secrets don't leak. All operations are team-scoped (create/read/update/delete all filter by team); request bodies can't spoof team/_id (Zod strips unknown keys, team is set server-side).
Testing
Coverage includes team-scoping/404 isolation, sourceId ownership validation, duplicate rejection, and assertions that webhook secrets are never returned on create.
Follow-up (not in this PR)
MCP agent tools don't yet cover the new write paths (webhook create/update/delete, saved-search delete) — tracked in HDX-4700.
Changeset
Included (@hyperdx/api minor).
resolves hdx-4673 hdx-4674