feat: add webhook options for encryption in CLI#120
feat: add webhook options for encryption in CLI#120dillonstreator merged 3 commits intoosbytes:mainfrom
Conversation
Introduces new command-line options for webhook integration during the encryption process. Users can now specify a webhook URL, name, and toggle notifications for various events such as successful reads, failed decryption, and burns. Updated README to include usage examples and detailed descriptions of the new options. Closes osbytes#118
dillonstreator
left a comment
dillonstreator
left a comment
There was a problem hiding this comment.
Thanks for the contribution! Direction is right but the flag interface needs rework before merge.
1. Replace per-event boolean flags with single --wh-events list
Current shape (5 flags w/ mixed --no-* / --*-on-* polarity) is confusing and won't scale. Every new server event = new CLI flag + new validation branch.
Proposed: one comma-separated --wh-events flag. Default read (matches server zod default r: true). Use wh- prefix to align with payload schema keys (wh.u, wh.n, wh.r, wh.b, wh.fpk, wh.fip).
.option('--wh-url <url>', 'webhook URL for notifications')
.option('--wh-events <list>', 'comma-separated events: read,burn,failed-key,failed-ip', 'read')
.option('--wh-name <name>', 'optional label (max 50 chars)')Usage:
cfyi encrypt "secret" \
--wh-url https://example.com/hook \
--wh-events read,burn \
--wh-name "CI token"Benefits:
- Drops ~20 lines of dangling-flag validation (
index.ts:50-69) - Uniform additive polarity (no
--no-*footgun) - CLI ↔ wire-format consistency via
wh-prefix - Future events = add to allow-list, no new flag
- No single-char shorts for now — leaves
-w/-Wnamespace open if demand emerges (and avoids the lowercase/uppercase-meaning-different-things pitfall)
Sketch for parsing:
const VALID_EVENTS = ['read', 'failed-key', 'failed-ip', 'burn'] as const;
const EVENT_TO_KEY = {
'read': 'r',
'failed-key': 'fpk',
'failed-ip': 'fip',
'burn': 'b',
} as const;
function parseWhEvents(raw: string) {
const events = raw.split(',').map(s => s.trim()).filter(Boolean);
const flags = { r: false, fpk: false, fip: false, b: false };
for (const e of events) {
if (!(e in EVENT_TO_KEY)) {
throw new Error(`Unknown webhook event: '${e}'. Valid: ${VALID_EVENTS.join(', ')}`);
}
flags[EVENT_TO_KEY[e as keyof typeof EVENT_TO_KEY]] = true;
}
return flags;
}2. Drop duplicate validation; reuse zod schema from @crypt.fyi/core
validateWebhookCliInput (index.ts:213-231) re-implements URL parsing + name length checks already enforced by vaultValueSchema.wh in core. Single source of truth:
import { vaultValueSchema } from '@crypt.fyi/core';
vaultValueSchema.shape.wh.unwrap().parse({
u: whUrl,
n: trimmedWhName(options.whName),
...eventFlags,
});Catches future schema changes (new constraints, new fields) automatically. Removes ~14 lines.
3. Don't hardcode CLI defaults that mirror server defaults
Currently CLI sends r: options.webhookOnRead (commander default true). Server zod also defaults r: true. Fine today, but means future server-side default change won't propagate to CLI users transparently. With --wh-events defaulting to 'read' at CLI level this is moot for read — but the principle still applies for failed-key/failed-ip/burn: send only what user requested, let server apply zod defaults to absent keys.
4. README example wording
Example uses --webhook-on-burn alone — payload fires on read AND burn. Current text mentions "By default, the API is also notified on a successful read" but it's buried after the example. With --wh-events-style interface this is naturally explicit (--wh-events read,burn).
5. Tests
PR adds zero tests. At minimum, unit-test parseWhEvents (valid list, unknown event, empty string, whitespace handling, duplicates).
Nits
- Trailing whitespace
index.ts:215afterlet url: URL; - Smart quote (U+2019) in README "website's" — check repo convention
TL;DR: collapse 5 booleans → 1 list flag (--wh-events), use schema for validation, add tests. Happy to pair on the rewrite if helpful.
…ate via schema Reworks the CLI webhook interface based on PR review feedback: - Replace 5 per-event boolean flags with single --wh-events comma-separated list - Use vaultValueSchema from @crypt.fyi/core for validation instead of manual checks - Add parseWhEvents and trimmedWhName helpers in new webhook.ts module - Add jest + ts-jest and unit tests for webhook event parsing - Update README with new --wh-url, --wh-events, --wh-name usage examples
2 participants
Introduces new command-line options for webhook integration during the encryption process. Users can now specify a webhook URL, an optional label, and a comma-separated list of events to receive notifications for.
Usage:
Available events for --wh-events:
Multiple events can be specified as a comma-separated list (e.g., read,burn,failed-key).
Changes:
Closes #51