@strav/notification 1.0.0-alpha.25

package/src/drivers/database/tenanted/tenanted_notification_repository.ts

@@ -0,0 +1,63 @@
+/**
+ * `TenantedNotificationRepository` — same surface as the
+ * non-tenanted `NotificationRepository`, scoped to the tenanted
+ * schema. Callers MUST be inside a `TenantManager.withTenant(...)`
+ * scope; the INSERT relies on the session's `app.tenant_id` setting
+ * (RLS).
+ *
+ * The implementation deliberately mirrors the non-tenanted Repository
+ * line-for-line — minor duplication keeps both variants narrowly
+ * scoped and avoids runtime branching on a tenancy flag (matches the
+ * `@strav/social/tenanted` pattern).
+ */
+
+import { quoteIdent, Repository } from '@strav/database'
+import type { Notifiable } from '../../../notifiable.ts'
+import { tenantedNotificationSchema } from './schemas/tenanted_notification_schema.ts'
+import { TenantedNotificationRecord } from './tenanted_notification_record.ts'
+
+export interface RecordInput {
+  id: string
+  notifiable: Notifiable
+  type: string
+  data: Record<string, unknown>
+}
+
+export class TenantedNotificationRepository extends Repository<TenantedNotificationRecord> {
+  static override readonly schema = tenantedNotificationSchema
+  static override readonly model = TenantedNotificationRecord
+
+  async record(input: RecordInput): Promise<TenantedNotificationRecord> {
+    const now = new Date()
+    return this.create({
+      id: input.id,
+      notifiable_id: String(input.notifiable.id),
+      notifiable_type: input.notifiable.notifiableType ?? 'Notifiable',
+      type: input.type,
+      data: input.data,
+      read_at: null,
+      created_at: now,
+      updated_at: now,
+    } as Partial<TenantedNotificationRecord>)
+  }
+
+  async unread(notifiable: Notifiable): Promise<TenantedNotificationRecord[]> {
+    const table = quoteIdent(tenantedNotificationSchema.name)
+    const rows = await this.db.query<Record<string, unknown>>(
+      `SELECT * FROM ${table}
+       WHERE "notifiable_id" = $1 AND "read_at" IS NULL
+       ORDER BY "created_at" DESC`,
+      [String(notifiable.id)],
+    )
+    return rows.map((r) => this.hydrate(r))
+  }
+
+  async markAsRead(id: string): Promise<TenantedNotificationRecord | undefined> {
+    const found = await this.findMany([id])
+    const model = found[0]
+    if (!model) return undefined
+    return this.update(model, {
+      read_at: new Date(),
+    } as Partial<TenantedNotificationRecord>)
+  }
+}

package/src/drivers/log/index.ts

@@ -0,0 +1,6 @@
+export type { LogChannelConfig } from './log_config.ts'
+export {
+  LogNotificationDriver,
+  type LogNotificationDriverOptions,
+} from './log_notification_driver.ts'
+export { LogNotificationProvider } from './log_notification_provider.ts'

package/src/drivers/log/log_config.ts

@@ -0,0 +1,12 @@
+/**
+ * Vendor-specific config shape for the log channel. The discriminator
+ * `driver: 'log'` selects this factory at `manager.use(...)` time.
+ */
+
+import type { ChannelConfig } from '../../notification_config.ts'
+
+export interface LogChannelConfig extends ChannelConfig {
+  driver: 'log'
+  /** Log level for this channel. Default `'info'`. */
+  level?: 'info' | 'warn' | 'error'
+}

package/src/drivers/log/log_notification_driver.ts

@@ -0,0 +1,72 @@
+/**
+ * `LogNotificationDriver` — writes notification records to the
+ * configured `Logger` channel. Useful for dev-mode + smoke tests
+ * where the cost of a real channel (mail, push, broadcast) isn't
+ * warranted.
+ *
+ * Reads `notification.toLog(notifiable)` to get the message body
+ * — apps' `BaseNotification` subclass implements that. When the
+ * hook is absent, the driver logs a minimal `{ type, id }` line
+ * so devs still see something fire without forcing every
+ * notification to define `toLog`.
+ *
+ * No external deps beyond `@strav/kernel`.
+ */
+
+import type { Logger } from '@strav/kernel'
+import type { Notifiable } from '../../notifiable.ts'
+import type { BaseNotification } from '../../notification.ts'
+import type { NotificationDriver } from '../../notification_driver.ts'
+import type { NotificationContext, NotificationDeliveryResult } from '../../types.ts'
+
+/** Optional hook surface — apps add `toLog(notifiable)` to their notification. */
+interface LogCapableNotification extends BaseNotification {
+  toLog?(notifiable: Notifiable): string | Record<string, unknown>
+}
+
+export interface LogNotificationDriverOptions {
+  /** Channel name surfaced as `driver.name`. Defaults to the manager-bound instance name. */
+  name: string
+  logger: Logger
+  /** Log level. Default `'info'`. */
+  level?: 'info' | 'warn' | 'error'
+}
+
+export class LogNotificationDriver implements NotificationDriver {
+  readonly name: string
+  private readonly logger: Logger
+  private readonly level: 'info' | 'warn' | 'error'
+
+  constructor(options: LogNotificationDriverOptions) {
+    this.name = options.name
+    this.logger = options.logger
+    this.level = options.level ?? 'info'
+  }
+
+  async send(
+    notifiable: Notifiable,
+    notification: BaseNotification,
+    context: NotificationContext,
+  ): Promise<NotificationDeliveryResult> {
+    const hook = (notification as LogCapableNotification).toLog
+    const payload = typeof hook === 'function' ? hook.call(notification, notifiable) : undefined
+
+    const fields: Record<string, unknown> = {
+      'notification.id': context.id,
+      'notification.type': notification.constructor.name,
+      'notification.channel': this.name,
+      'notifiable.id': notifiable.id,
+    }
+    if (typeof payload === 'string') {
+      this.logger[this.level](payload, fields)
+    } else if (payload !== undefined) {
+      this.logger[this.level](`${notification.constructor.name} dispatched to ${this.name}`, {
+        ...fields,
+        ...payload,
+      })
+    } else {
+      this.logger[this.level](`${notification.constructor.name} dispatched to ${this.name}`, fields)
+    }
+    return { channel: this.name, delivered: true, reference: context.id }
+  }
+}

package/src/drivers/log/log_notification_provider.ts

@@ -0,0 +1,29 @@
+/**
+ * ServiceProvider that registers the log-channel factory on the
+ * `NotificationManager`. Apps include this in their provider list
+ * AFTER `NotificationProvider`; the factory then resolves whenever
+ * `config.notification.channels.<name>.driver === 'log'`.
+ */
+
+import { type Application, Logger, ServiceProvider } from '@strav/kernel'
+import { NotificationManager } from '../../notification_manager.ts'
+import type { LogChannelConfig } from './log_config.ts'
+import { LogNotificationDriver } from './log_notification_driver.ts'
+
+export class LogNotificationProvider extends ServiceProvider {
+  override readonly name = 'notification.log'
+  override readonly dependencies = ['notification', 'logger']
+
+  override async boot(app: Application): Promise<void> {
+    const manager = app.resolve(NotificationManager)
+    const logger = app.resolve(Logger)
+    manager.extend('log', ({ instanceName, config }) => {
+      const cfg = config as LogChannelConfig
+      return new LogNotificationDriver({
+        name: instanceName,
+        logger,
+        ...(cfg.level ? { level: cfg.level } : {}),
+      })
+    })
+  }
+}

package/src/drivers/mail/index.ts

@@ -0,0 +1,6 @@
+export type { MailChannelConfig } from './mail_config.ts'
+export {
+  MailNotificationDriver,
+  type MailNotificationDriverOptions,
+} from './mail_notification_driver.ts'
+export { MailNotificationProvider } from './mail_notification_provider.ts'

package/src/drivers/mail/mail_config.ts

@@ -0,0 +1,7 @@
+import type { ChannelConfig } from '../../notification_config.ts'
+
+export interface MailChannelConfig extends ChannelConfig {
+  driver: 'mail'
+  /** Optional named transport — passed through to `MailManager.via(name)`. */
+  transport?: string
+}

package/src/drivers/mail/mail_notification_driver.ts

@@ -0,0 +1,66 @@
+/**
+ * `MailNotificationDriver` — fans a notification into the configured
+ * `MailManager`. Reads `notification.toMail(notifiable)` for the
+ * message body; skips delivery (returns `{ delivered: false }` with
+ * no error) when the hook is absent — the channel chooses not to
+ * service notifications that don't model themselves as mail.
+ *
+ * Depends on `@strav/mail` (peer, optional on `@strav/notification`).
+ * Apps that want this driver register `MailNotificationProvider` AND
+ * have `MailProvider` + `MailManager` already in the container.
+ */
+
+import type { MailManager, Message } from '@strav/mail'
+import type { Notifiable } from '../../notifiable.ts'
+import type { BaseNotification } from '../../notification.ts'
+import type { NotificationDriver } from '../../notification_driver.ts'
+import { NotificationDeliveryError } from '../../notification_error.ts'
+import type { NotificationContext, NotificationDeliveryResult } from '../../types.ts'
+
+/** Optional hook surface — apps add `toMail(notifiable)` on their notification. */
+interface MailCapableNotification extends BaseNotification {
+  toMail?(notifiable: Notifiable): Message | Promise<Message>
+}
+
+export interface MailNotificationDriverOptions {
+  name: string
+  mail: MailManager
+}
+
+export class MailNotificationDriver implements NotificationDriver {
+  readonly name: string
+  private readonly mail: MailManager
+
+  constructor(options: MailNotificationDriverOptions) {
+    this.name = options.name
+    this.mail = options.mail
+  }
+
+  async send(
+    notifiable: Notifiable,
+    notification: BaseNotification,
+    context: NotificationContext,
+  ): Promise<NotificationDeliveryResult> {
+    const hook = (notification as MailCapableNotification).toMail
+    if (typeof hook !== 'function') {
+      return { channel: this.name, delivered: false }
+    }
+    try {
+      const message = await hook.call(notification, notifiable)
+      await this.mail.send(message)
+      return { channel: this.name, delivered: true, reference: context.id }
+    } catch (cause) {
+      throw new NotificationDeliveryError(
+        `MailNotificationDriver: send failed for channel "${this.name}".`,
+        {
+          context: {
+            channel: this.name,
+            notifiableId: notifiable.id,
+            notification: notification.constructor.name,
+          },
+          cause,
+        },
+      )
+    }
+  }
+}

package/src/drivers/mail/mail_notification_provider.ts

@@ -0,0 +1,18 @@
+import { type Application, ServiceProvider } from '@strav/kernel'
+import { MailManager } from '@strav/mail'
+import { NotificationManager } from '../../notification_manager.ts'
+import { MailNotificationDriver } from './mail_notification_driver.ts'
+
+export class MailNotificationProvider extends ServiceProvider {
+  override readonly name = 'notification.mail'
+  override readonly dependencies = ['notification', 'mail']
+
+  override async boot(app: Application): Promise<void> {
+    const notifications = app.resolve(NotificationManager)
+    const mail = app.resolve(MailManager)
+    notifications.extend(
+      'mail',
+      ({ instanceName }) => new MailNotificationDriver({ name: instanceName, mail }),
+    )
+  }
+}

package/src/drivers/mock.ts

@@ -0,0 +1,48 @@
+/**
+ * In-memory notification recorder for tests. Captures every
+ * `(notifiable, notification, context)` triple and reports them
+ * as delivered. Apps under test assert on the recorded array.
+ *
+ * Pairs with `@strav/testing`-style flows: register via
+ * `manager.useDriver('test', new MockNotificationDriver())` after
+ * boot, send notifications, inspect `driver.records`.
+ */
+
+import type { Notifiable } from '../notifiable.ts'
+import type { BaseNotification } from '../notification.ts'
+import type { NotificationDriver, NotificationDriverFactory } from '../notification_driver.ts'
+import type { NotificationContext, NotificationDeliveryResult } from '../types.ts'
+
+export interface MockNotificationRecord {
+  notifiable: Notifiable
+  notification: BaseNotification
+  context: NotificationContext
+}
+
+export class MockNotificationDriver implements NotificationDriver {
+  readonly records: MockNotificationRecord[] = []
+
+  constructor(public readonly name = 'mock') {}
+
+  async send(
+    notifiable: Notifiable,
+    notification: BaseNotification,
+    context: NotificationContext,
+  ): Promise<NotificationDeliveryResult> {
+    this.records.push({ notifiable, notification, context })
+    return { channel: this.name, delivered: true, reference: context.id }
+  }
+
+  /** Drop everything recorded so far. Useful between assertions. */
+  clear(): void {
+    this.records.length = 0
+  }
+}
+
+/**
+ * Factory shape so apps can register `driver: 'mock'` in config and
+ * get a fresh instance per channel. Defaults the channel name to the
+ * configured key (matches other channel factories).
+ */
+export const mockNotificationDriverFactory: NotificationDriverFactory = ({ instanceName }) =>
+  new MockNotificationDriver(instanceName)

package/src/drivers/unsupported.ts

@@ -0,0 +1,15 @@
+/**
+ * Shared "throw unsupported" helper. Mirrors the same pattern in
+ * `@strav/payment/drivers/unsupported.ts` and
+ * `@strav/social/drivers/unsupported.ts` — kept inline for
+ * package-specific error code throwing.
+ */
+
+import { NotificationDeliveryError } from '../notification_error.ts'
+
+export function unsupported(channel: string, reason?: string): never {
+  throw new NotificationDeliveryError(
+    `Channel "${channel}" cannot perform this operation${reason ? `: ${reason}` : ''}.`,
+    { context: { channel } },
+  )
+}

package/src/drivers/webhook/index.ts

@@ -0,0 +1,10 @@
+export { signWebhook, verifyWebhookSignature } from './sign.ts'
+export type {
+  WebhookChannelConfig,
+  WebhookSignatureAlgorithm,
+} from './webhook_config.ts'
+export {
+  WebhookNotificationDriver,
+  type WebhookNotificationDriverOptions,
+} from './webhook_notification_driver.ts'
+export { WebhookNotificationProvider } from './webhook_notification_provider.ts'

package/src/drivers/webhook/sign.ts

@@ -0,0 +1,47 @@
+/**
+ * HMAC signing helpers for the webhook channel.
+ *
+ * Wire shape — Stripe-style canonical signature:
+ *
+ *   stringToSign = `${unixTimestampSeconds}.${rawJsonBody}`
+ *   signature    = HMAC-{algo}(stringToSign, secret) as hex
+ *   header       = `${algo}=${signature}`
+ *
+ * The leading timestamp in `stringToSign` is mandatory: it lets
+ * receivers reject replays by comparing the signed `x-strav-timestamp`
+ * against a tolerated window. Without it, a captured request body +
+ * signature pair stays valid forever.
+ */
+
+import { createHmac, timingSafeEqual } from 'node:crypto'
+import type { WebhookSignatureAlgorithm } from './webhook_config.ts'
+
+export function signWebhook(
+  algorithm: WebhookSignatureAlgorithm,
+  secret: string,
+  timestamp: string,
+  body: string,
+): string {
+  return createHmac(algorithm, secret).update(`${timestamp}.${body}`).digest('hex')
+}
+
+/**
+ * Constant-time verification helper exported for receiver-side use.
+ * Apps consuming `@strav/notification` webhooks call this on incoming
+ * requests; rejects on length mismatch (short-circuit) and on byte
+ * mismatch (timing-safe compare).
+ */
+export function verifyWebhookSignature(
+  algorithm: WebhookSignatureAlgorithm,
+  secret: string,
+  timestamp: string,
+  body: string,
+  receivedSignatureHex: string,
+): boolean {
+  const expected = signWebhook(algorithm, secret, timestamp, body)
+  if (expected.length !== receivedSignatureHex.length) return false
+  return timingSafeEqual(
+    new Uint8Array(Buffer.from(expected, 'utf-8')),
+    new Uint8Array(Buffer.from(receivedSignatureHex, 'utf-8')),
+  )
+}

package/src/drivers/webhook/webhook_config.ts

@@ -0,0 +1,43 @@
+/**
+ * Vendor-specific config shape for the webhook channel. The
+ * discriminator `driver: 'webhook'` selects this factory at
+ * `manager.use(...)` time.
+ */
+
+import type { ChannelConfig } from '../../notification_config.ts'
+
+export type WebhookSignatureAlgorithm = 'sha256' | 'sha1' | 'sha512'
+
+export interface WebhookChannelConfig extends ChannelConfig {
+  driver: 'webhook'
+  /**
+   * Endpoint URL to POST notifications to. Required at the config
+   * level — apps that need per-recipient routing register multiple
+   * webhook channels and pick between them in `notification.via()`.
+   */
+  endpoint: string
+  /**
+   * HMAC secret used to sign every request. Required. Pull from env
+   * in `config/notification.ts`; never hard-code. Rotating the secret
+   * requires coordinating with every receiver.
+   */
+  secret: string
+  /**
+   * Hash algorithm for the HMAC. Default `'sha256'`. Receivers should
+   * compute against the same algorithm — the algorithm name is also
+   * sent as the prefix on the `x-strav-signature` header so receivers
+   * can validate during rotations.
+   */
+  algorithm?: WebhookSignatureAlgorithm
+  /**
+   * Headers added to every request. Merge order: built-in (`x-strav-*`,
+   * `content-type`) → these → per-request override is NOT supported (the
+   * notification only contributes the body, not the transport metadata).
+   * Useful for auth tokens the receiver requires in addition to the
+   * HMAC signature (a fixed `Authorization` header on the receiving
+   * service, an `x-tenant-id`, etc.).
+   */
+  headers?: Record<string, string>
+  /** Request timeout in ms. Default `5000`. */
+  timeoutMs?: number
+}

package/src/drivers/webhook/webhook_notification_driver.ts

@@ -0,0 +1,172 @@
+/**
+ * `WebhookNotificationDriver` — POSTs notifications to a configured
+ * HTTPS endpoint, HMAC-signed.
+ *
+ * The wire shape:
+ *
+ *   POST {endpoint}
+ *   content-type: application/json
+ *   x-strav-notification-id: 01J...                ← ULID, matches NotificationContext.id
+ *   x-strav-notification-type: InvoicePaid         ← notification subclass name
+ *   x-strav-timestamp: 1737000000                  ← unix seconds at send time
+ *   x-strav-signature: sha256=ab12...              ← HMAC over `${timestamp}.${body}`
+ *   [...configured headers...]
+ *
+ *   {
+ *     "notification": { "id": "01J...", "type": "InvoicePaid",
+ *                       "dispatchedAt": "2026-05-30T08:30:00.000Z" },
+ *     "notifiable":    { "id": "u_1", "type": "User" },
+ *     "data":          { ...whatever toWebhook returned... }
+ *   }
+ *
+ * Verification on the receiver:
+ *
+ *   import { verifyWebhookSignature } from '@strav/notification/webhook'
+ *   const [algo, sig] = req.headers['x-strav-signature'].split('=')
+ *   if (!verifyWebhookSignature(algo, SECRET, req.headers['x-strav-timestamp'],
+ *                               rawBody, sig)) return 401
+ *   if (Math.abs(now - Number(req.headers['x-strav-timestamp'])) > 300) return 401
+ *
+ * Reads `notification.toWebhook(notifiable)` for the body data. Skips
+ * delivery (returns `{ delivered: false }` with no error) when the hook
+ * is absent — channel-level opt-out is intentional, same as the mail
+ * driver. Throws `NotificationDeliveryError` on non-2xx, network
+ * failure, or timeout — the manager captures it into the dispatch
+ * result without rethrowing.
+ *
+ * No external deps. Stays pure-fetch; the only Node-stdlib reach is
+ * `node:crypto` for HMAC.
+ */
+
+import type { Notifiable } from '../../notifiable.ts'
+import type { BaseNotification } from '../../notification.ts'
+import type { NotificationDriver } from '../../notification_driver.ts'
+import { NotificationDeliveryError } from '../../notification_error.ts'
+import type { NotificationContext, NotificationDeliveryResult } from '../../types.ts'
+import { signWebhook } from './sign.ts'
+import type { WebhookSignatureAlgorithm } from './webhook_config.ts'
+
+/** Optional hook surface — apps add `toWebhook(notifiable)` on their notification. */
+interface WebhookCapableNotification extends BaseNotification {
+  toWebhook?(notifiable: Notifiable): unknown | Promise<unknown>
+}
+
+export interface WebhookNotificationDriverOptions {
+  name: string
+  endpoint: string
+  secret: string
+  algorithm?: WebhookSignatureAlgorithm
+  headers?: Record<string, string>
+  timeoutMs?: number
+  /** Custom `fetch` for tests. */
+  fetch?: typeof fetch
+  /** Override clock for deterministic signatures in tests. */
+  now?: () => Date
+}
+
+export class WebhookNotificationDriver implements NotificationDriver {
+  readonly name: string
+  private readonly endpoint: string
+  private readonly secret: string
+  private readonly algorithm: WebhookSignatureAlgorithm
+  private readonly extraHeaders: Record<string, string>
+  private readonly timeoutMs: number
+  private readonly fetchFn: typeof fetch
+  private readonly nowFn: () => Date
+
+  constructor(options: WebhookNotificationDriverOptions) {
+    this.name = options.name
+    this.endpoint = options.endpoint
+    this.secret = options.secret
+    this.algorithm = options.algorithm ?? 'sha256'
+    this.extraHeaders = options.headers ?? {}
+    this.timeoutMs = options.timeoutMs ?? 5000
+    this.fetchFn = options.fetch ?? fetch
+    this.nowFn = options.now ?? (() => new Date())
+  }
+
+  async send(
+    notifiable: Notifiable,
+    notification: BaseNotification,
+    context: NotificationContext,
+  ): Promise<NotificationDeliveryResult> {
+    const hook = (notification as WebhookCapableNotification).toWebhook
+    if (typeof hook !== 'function') {
+      return { channel: this.name, delivered: false }
+    }
+
+    const data = await hook.call(notification, notifiable)
+    const envelope = {
+      notification: {
+        id: context.id,
+        type: notification.constructor.name,
+        dispatchedAt: context.dispatchedAt.toISOString(),
+      },
+      notifiable: {
+        id: notifiable.id,
+        ...(notifiable.notifiableType !== undefined ? { type: notifiable.notifiableType } : {}),
+      },
+      data,
+    }
+
+    const body = JSON.stringify(envelope)
+    const timestamp = Math.floor(this.nowFn().getTime() / 1000).toString()
+    const signature = signWebhook(this.algorithm, this.secret, timestamp, body)
+
+    const headers: Record<string, string> = {
+      ...this.extraHeaders,
+      'content-type': 'application/json',
+      'x-strav-notification-id': context.id,
+      'x-strav-notification-type': notification.constructor.name,
+      'x-strav-timestamp': timestamp,
+      'x-strav-signature': `${this.algorithm}=${signature}`,
+    }
+
+    let response: Response
+    try {
+      response = await this.fetchFn(this.endpoint, {
+        method: 'POST',
+        headers,
+        body,
+        signal: AbortSignal.timeout(this.timeoutMs),
+      })
+    } catch (cause) {
+      throw new NotificationDeliveryError(
+        `WebhookNotificationDriver: network failure for channel "${this.name}".`,
+        {
+          context: {
+            channel: this.name,
+            endpoint: this.endpoint,
+            notifiableId: notifiable.id,
+            notification: notification.constructor.name,
+            retryable: true,
+          },
+          cause,
+        },
+      )
+    }
+
+    if (response.ok) {
+      return { channel: this.name, delivered: true, reference: context.id }
+    }
+
+    // Best-effort capture of the response body for diagnostics — truncated
+    // so a 50MB HTML error page from a misconfigured reverse proxy doesn't
+    // bloat log records.
+    const responseBody = await response.text().catch(() => '')
+    throw new NotificationDeliveryError(
+      `WebhookNotificationDriver: endpoint responded HTTP ${response.status} ${response.statusText}.`,
+      {
+        context: {
+          channel: this.name,
+          endpoint: this.endpoint,
+          notifiableId: notifiable.id,
+          notification: notification.constructor.name,
+          status: response.status,
+          retryable: response.status >= 500 || response.status === 408 || response.status === 429,
+          responseBody: responseBody.slice(0, 1024),
+        },
+      },
+    )
+  }
+}

package/src/drivers/webhook/webhook_notification_provider.ts

@@ -0,0 +1,44 @@
+/**
+ * ServiceProvider that registers the webhook-channel factory on the
+ * `NotificationManager`. Apps include this in their provider list
+ * AFTER `NotificationProvider`; the factory then resolves whenever
+ * `config.notification.channels.<name>.driver === 'webhook'`.
+ */
+
+import { type Application, ServiceProvider } from '@strav/kernel'
+import { NotificationConfigError } from '../../notification_error.ts'
+import { NotificationManager } from '../../notification_manager.ts'
+import type { WebhookChannelConfig } from './webhook_config.ts'
+import { WebhookNotificationDriver } from './webhook_notification_driver.ts'
+
+export class WebhookNotificationProvider extends ServiceProvider {
+  override readonly name = 'notification.webhook'
+  override readonly dependencies = ['notification']
+
+  override async boot(app: Application): Promise<void> {
+    const manager = app.resolve(NotificationManager)
+    manager.extend('webhook', ({ instanceName, config }) => {
+      const cfg = config as WebhookChannelConfig
+      if (!cfg.endpoint) {
+        throw new NotificationConfigError(
+          `WebhookNotificationProvider: channel "${instanceName}" requires a non-empty \`endpoint\`.`,
+          { context: { channel: instanceName } },
+        )
+      }
+      if (!cfg.secret) {
+        throw new NotificationConfigError(
+          `WebhookNotificationProvider: channel "${instanceName}" requires a non-empty \`secret\`.`,
+          { context: { channel: instanceName } },
+        )
+      }
+      return new WebhookNotificationDriver({
+        name: instanceName,
+        endpoint: cfg.endpoint,
+        secret: cfg.secret,
+        ...(cfg.algorithm !== undefined ? { algorithm: cfg.algorithm } : {}),
+        ...(cfg.headers !== undefined ? { headers: cfg.headers } : {}),
+        ...(cfg.timeoutMs !== undefined ? { timeoutMs: cfg.timeoutMs } : {}),
+      })
+    })
+  }
+}