@hogsend/db 0.7.0 → 0.9.0

package/drizzle/meta/_journal.json

@@ -127,6 +127,20 @@
       "when": 1780841637175,
       "tag": "0017_long_spacker_dave",
       "breakpoints": true
+    },
+    {
+      "idx": 18,
+      "version": "7",
+      "when": 1780855021994,
+      "tag": "0018_webhooks",
+      "breakpoints": true
+    },
+    {
+      "idx": 19,
+      "version": "7",
+      "when": 1780907482971,
+      "tag": "0019_flippant_songbird",
+      "breakpoints": true
     }
   ]
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hogsend/db",
-  "version": "0.7.0",
+  "version": "0.9.0",
   "type": "module",
   "license": "MIT",
   "repository": {

package/src/schema/enums.ts

@@ -50,3 +50,11 @@ export const bucketMembershipStatusEnum = pgEnum("bucket_membership_status", [
   "active",
   "left",
 ]);
+
+export const webhookDeliveryStatusEnum = pgEnum("webhook_delivery_status", [
+  "pending", // enqueued, awaiting first attempt OR a scheduled retry (nextRetryAt)
+  "sending", // a delivery run CAS'd the row and is mid-POST (orphan-recovery sentinel)
+  "delivered", // 2xx received — TERMINAL
+  "failed", // attempts exhausted — TERMINAL, mirrored to dead_letter_queue
+  "discarded", // endpoint disabled/deleted mid-flight — TERMINAL, NOT an error, NOT dead-lettered
+]);

package/src/schema/index.ts

@@ -20,3 +20,5 @@ export * from "./link-clicks.js";
 export * from "./relations.js";
 export * from "./tracked-links.js";
 export * from "./user-events.js";
+export * from "./webhook-deliveries.js";
+export * from "./webhook-endpoints.js";

package/src/schema/relations.ts

@@ -25,6 +25,8 @@ import { journeyStates } from "./journey-states.js";
 import { linkClicks } from "./link-clicks.js";
 import { trackedLinks } from "./tracked-links.js";
 import { userEvents } from "./user-events.js";
+import { webhookDeliveries } from "./webhook-deliveries.js";
+import { webhookEndpoints } from "./webhook-endpoints.js";
 
 export const alertRulesRelations = relations(alertRules, ({ many }) => ({
   history: many(alertHistory),
@@ -142,6 +144,23 @@ export const linkClicksRelations = relations(linkClicks, ({ one }) => ({
   }),
 }));
 
+export const webhookEndpointsRelations = relations(
+  webhookEndpoints,
+  ({ many }) => ({
+    deliveries: many(webhookDeliveries),
+  }),
+);
+
+export const webhookDeliveriesRelations = relations(
+  webhookDeliveries,
+  ({ one }) => ({
+    endpoint: one(webhookEndpoints, {
+      fields: [webhookDeliveries.endpointId],
+      references: [webhookEndpoints.id],
+    }),
+  }),
+);
+
 export const userRelations = relations(user, ({ many }) => ({
   sessions: many(session),
   accounts: many(account),

package/src/schema/webhook-deliveries.ts

@@ -0,0 +1,58 @@
+import {
+  index,
+  integer,
+  jsonb,
+  pgTable,
+  text,
+  timestamp,
+  uniqueIndex,
+  uuid,
+} from "drizzle-orm/pg-core";
+import { timestamps } from "./_shared.js";
+import { webhookDeliveryStatusEnum } from "./enums.js";
+import { webhookEndpoints } from "./webhook-endpoints.js";
+
+export const webhookDeliveries = pgTable(
+  "webhook_deliveries",
+  {
+    // internal PK ONLY — NOT the Webhook-Id header.
+    id: uuid("id").defaultRandom().primaryKey(),
+    endpointId: uuid("endpoint_id")
+      .notNull()
+      .references(() => webhookEndpoints.id, { onDelete: "cascade" }),
+    // denormalized, nullable (MT deferred).
+    organizationId: text("organization_id"),
+    // == Webhook-Id header; ONE per logical event, shared across endpoints +
+    // reused across retries.
+    webhookId: text("webhook_id").notNull(),
+    eventType: text("event_type").notNull(),
+    // producer-side dedup (idempotencyKey/stateId/emailSendId/...).
+    dedupeKey: text("dedupe_key"),
+    // the EXACT signed envelope { id, type, timestamp, data }.
+    payload: jsonb("payload").$type<Record<string, unknown>>().notNull(),
+    status: webhookDeliveryStatusEnum("status").notNull().default("pending"),
+    attemptCount: integer("attempt_count").notNull().default(0),
+    nextRetryAt: timestamp("next_retry_at", { withTimezone: true }),
+    lastAttemptAt: timestamp("last_attempt_at", { withTimezone: true }),
+    responseStatus: integer("response_status"),
+    // truncated to ≤1KB in app.
+    responseBodySnippet: text("response_body_snippet"),
+    deliveredAt: timestamp("delivered_at", { withTimezone: true }),
+    lastError: text("last_error"),
+    ...timestamps,
+  },
+  (table) => [
+    index("webhook_deliveries_endpoint_idx").on(table.endpointId),
+    // reaper sweep: due-pending + stale-sending recovery.
+    index("webhook_deliveries_status_next_retry_idx").on(
+      table.status,
+      table.nextRetryAt,
+    ),
+    // producer-side fan-out idempotency. PARTIAL-effective: Postgres treats
+    // multiple NULL dedupeKey as distinct, so undeduped events are never blocked.
+    uniqueIndex("webhook_deliveries_endpoint_dedupe_idx").on(
+      table.endpointId,
+      table.dedupeKey,
+    ),
+  ],
+);

package/src/schema/webhook-endpoints.ts

@@ -0,0 +1,55 @@
+import {
+  boolean,
+  index,
+  jsonb,
+  pgTable,
+  text,
+  timestamp,
+  uuid,
+} from "drizzle-orm/pg-core";
+import { timestamps } from "./_shared.js";
+
+// Locally declared to avoid an engine→db dependency cycle: the engine's
+// `webhook-signing.ts` owns the authoritative `WEBHOOK_EVENT_TYPES` tuple +
+// `WebhookEventType` union. This schema keeps a structural string alias so the
+// jsonb column is typed without importing the engine.
+export type WebhookEventType = string;
+
+export const webhookEndpoints = pgTable(
+  "webhook_endpoints",
+  {
+    id: uuid("id").defaultRandom().primaryKey(),
+    organizationId: text("organization_id"),
+    url: text("url").notNull(),
+    description: text("description"),
+    // The delivery adapter selector. "webhook" (the default) is the signed
+    // Standard-Webhooks POST that existing subscribers receive — byte-identical
+    // to before this column existed. Any other value (e.g. "posthog") selects a
+    // delivery-time TRANSFORM adapter that reuses the same durable delivery
+    // machinery but rewrites url/headers/body for a vendor destination.
+    kind: text("kind").notNull().default("webhook"),
+    // Per-destination configuration for keyed adapters (e.g. PostHog's
+    // `{ apiKey, host }`). Null for `kind="webhook"` (it reads `secret` instead).
+    // Keyed destinations keep their credentials HERE, not in a fake `whsec_`.
+    config: jsonb("config").$type<Record<string, unknown>>(),
+    // whsec_<base64url> PLAINTEXT (recoverable; re-signed every delivery).
+    // Nullable: only `kind="webhook"` carries a signing secret; keyed
+    // destinations authenticate via `config` and the webhook adapter is the only
+    // reader of this column.
+    secret: text("secret"),
+    // e.g. "whsec_AbCd" — safe to show on list/get. Nullable alongside `secret`.
+    secretPrefix: text("secret_prefix"),
+    eventTypes: jsonb("event_types")
+      .$type<WebhookEventType[]>()
+      .notNull()
+      .default([]),
+    disabled: boolean("disabled").notNull().default(false),
+    // written by the delivery task on a successful (2xx) delivery.
+    lastDeliveryAt: timestamp("last_delivery_at", { withTimezone: true }),
+    ...timestamps,
+  },
+  (table) => [
+    index("webhook_endpoints_org_idx").on(table.organizationId),
+    index("webhook_endpoints_disabled_idx").on(table.disabled),
+  ],
+);