feat: add mailgun-webhooks skill#48
Merged
Merged
Conversation
3 tasks
Adds a complete skill for receiving and verifying Mailgun webhooks across Express, Next.js, and FastAPI. Mailgun is unusual in delivering the signature inside the request body (not a header) as a top-level signature object; the handler computes HMAC-SHA256 over timestamp+token (no separator) using the HTTP Webhook Signing Key and compares hex digests with timing-safe equality. Includes optional parent-signature handling for subaccount events, full coverage of the common event types (accepted, rejected, delivered, failed with severity, opened, clicked, unsubscribed, complained, stored, list_member_uploaded), and 33 passing tests across the three frameworks. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
…rce arg Applies the new project convention from PR #40: use `npx hookdeck-cli listen <port> <source> --path /webhooks/<source>` everywhere instead of `hookdeck listen <port> --path /webhooks/<source>`. Skips the global-install prereq (webhook-skills is provider-neutral) and passes the required `[source]` positional so the command is copy-paste- runnable without falling into an interactive prompt. https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
leggetter
force-pushed
the
feat/mailgun-webhooks
branch
from
a50dad4 to
099faf4
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a complete
mailgun-webhooksprovider skill. Mailgun is unusual in delivering the signature inside the request body (not a header) — this skill covers HMAC-SHA256 verification overtimestamp+tokenusing the HTTP Webhook Signing Key.What's included
skills/mailgun-webhooks/SKILL.md— entry pointskills/mailgun-webhooks/references/— overview, setup, verificationskills/mailgun-webhooks/examples/— Express, Next.js, FastAPI handlers (33 passing tests across the 3 frameworks)parent-signaturehandling for subaccount eventsNotes
signatureobject withtimestamp,token,signaturefieldstimestamp+token(no separator), hex-encoded, compared with timing-safe equalitytokenvalues to drop replays; optionally reject stale timestamps (be lenient — delivery can lag)parent-signaturefield signed with the parent account's keyaccepted,rejected,delivered,failed(withseverity: permanent|temporary),opened,clicked,unsubscribed,complained,stored,list_member_uploadedTest plan
cd skills/mailgun-webhooks/examples/express && npm testcd skills/mailgun-webhooks/examples/nextjs && npm testcd skills/mailgun-webhooks/examples/fastapi && pytest test_webhook.py -vparent-signaturepath with a subaccount webhookGeneration details
./scripts/generate-skills.sh generatewith--config providers.yaml(entry added in PR docs: IS_SANDBOX=1 generator note + normative Hookdeck CLI invocation #40)claude-opus-4-7https://claude.ai/code/session_01NNTgQRJss1V7gyzzJ9rjnB
Generated by Claude Code