Conversation
…ates Bumps the all-actions group with 2 updates in the / directory: [actions/checkout](https://github.com/actions/checkout) and [actions/setup-node](https://github.com/actions/setup-node). Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) Updates `actions/setup-node` from 4 to 6 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions ... Signed-off-by: dependabot[bot] <support@github.com>
Per-org config for the scheduled execution digest: enabled flag, daily/ weekly cadence, explicit subscriber user-id list, and last-sent marker. Migration hand-authored (idempotent) because drizzle-kit generate is blocked by a pre-existing snapshot-chain collision in drizzle/meta.
Add the notifications.failure-digest feature (requiredPlan: pro). No actionTypes, so it is a pure plan entitlement -- not a workflow action -- read by useFeature client-side and isFeatureEnabledForOrg server-side.
getOrgFailureDigest aggregates an org's executions over a window (totals, success rate inputs, on-chain tx count + gas, most-executed, top failing with last error). isDigestDue pins weekly sends to Tuesday and daily to a ~24h cadence. sendWorkflowFailureDigestEmail renders the summary. Shared copy lives in digest-messages. Unit tests cover the scheduling logic.
GET /api/internal/failure-digest (internal-service auth) sends due digests to subscribed members, re-checking the org plan at send time. Wired as a k8s CronJob running daily at 14:00 UTC via deploy/scripts/digest-cron.sh; daily-cadence orgs send each run, weekly orgs on Tuesdays. Returns a reaper-style summary listing the orgs notified (id + name).
GET/PUT /api/organizations/{id}/failure-digest, owner/admin only. GET
returns the config plus the org's owners/admins for the subscriber
picker; PUT validates cadence and that subscribers are current owners/
admins, returns 402 for free orgs and 400 if enabled with no subscriber.
New Notifications tab in the manage-orgs modal (active org, owner/admin): enable toggle, daily/weekly frequency, owner/admin subscriber checkboxes. Free orgs see a grayed-out card that routes to /billing. Pin the dialog to a fixed size with top-aligned content so tabs no longer resize on switch.
The registry enabled-features assertion pinned the exact pro+ list; the new notifications.failure-digest entry is now part of it.
The feature summarizes all executions (runs, successes, failures), not just failures. Rename the table, migration, feature id, routes, cron job, lib, email helper, settings UI and tests accordingly. No behavior change.
…e and k8s Add an independent execution-digest cron to the local environments so the feature is runnable end-to-end without staging/prod: a docker-compose service and a local-k8s CronJob, both calling /api/internal/execution-digest with the scheduler service key. The endpoint self-throttles via its own daily/weekly due-logic.
Sponsored write/transfer/approve runs now set sponsored:true on their result so the execution digest can count sponsored transactions per org.
…ored section
- Center stat cards via email-safe tables (flex was left-aligned in clients).
- Link each workflow name to /workflows/{id} in most-executed and top-failing.
- Add a sponsored-transaction count + card, computed and shown only when gas
sponsorship is enabled (isGasSponsorshipEnabled).
- Fix stale schedule comments (Tuesday 14:00 UTC) and digest copy.
The Frequency control now shows an info tooltip describing exactly when emails go out for the selected cadence (daily 14:00 UTC / Tuesday 14:00 UTC).
Drop the stray blank line in the text email when sponsorship is off, and
add tests asserting the sponsored section renders only when a sponsored
count is present and that workflow names link to /workflows/{id}.
Resolve digest recipients to current owners/admins only, so a subscriber downgraded to member after being saved stops receiving emails. Share SUBSCRIBABLE_ROLES between the settings API and the cron.
feat(notifications): scheduled workflow execution digest emails (paid)
joelorzet
requested review from
a team,
OleksandrUA,
eskp and
suisuss
and removed request for
a team
The pre-flight validation flagged {{...}} references inside JavaScript
comments as unresolved template variables and failed the step, even
though the executor leaves commented references untouched.
Replace the regex string-stripper with a single-pass scanner that skips
both string/template-literal bodies and // + block comments before the
unresolved-template scan, matching the comment-aware tokenizing the
executor already uses. Real unresolvable refs in executable code still
fail as before.
Catch-all app/api/[...slug]/route.ts returns the canonical {error, detail, request_id} envelope (lib/errors/api-envelope.ts) instead of Next.js HTML 404, so unknown /api/* paths stop being mistakable for 401s. Specific routes take precedence by App Router rules; existing /api/auth/[...all] and /api/execute/[...slug] catch-alls keep their own behavior. Cache-Control no-store prevents edge caching of transient misconfigs.
Reconcile docs/api/chains.md with the bare-array shape /api/chains actually returns; align field list with what the route returns and document why defaultPrimaryRpc/defaultFallbackRpc are server-only (provider API keys).
Fix docs/api/user.md rpc-preferences: GET returns {preferences, resolved}; remove phantom POST /api/user/rpc-preferences entry (no handler exists); document per-chain PUT shape.
Remove phantom GET /api/web3/fetch-abi and GET /api/workflows/taxonomy entries from docs (no routes implement them).
scripts/check-api-docs-routes.ts parses every (METHOD, /api/path) line in docs/api/*.md inside fenced http blocks and asserts the corresponding route file exports that method, allowing param-name differences ({id} vs [executionId]); supports both export-function, export-const, and re-export styles. Emits specs/api-coverage.json. Wired into pr-checks.yml as check:api-docs plus a drift check on the artifact.
deploy-keeperhub.yaml gets a warn-only post-deploy HEAD probe that walks specs/api-coverage.json and reports any documented GET endpoint returning 404/5xx; reuses TEST_API_KEY from SSM and CF Access secrets already used by the health probe.
fix: wire schedule-dispatcher through shared HMAC http-client
feat: enable INTERNAL_AUTH_REQUIRE_HMAC on staging
…in env The Helm chart only creates ExternalSecrets for entries in the main deployment env block, not for CronJob env blocks. The reaper and digest-cron CronJobs reference the K8s secret keeperhub-common-internal-service-hmac-secret but that secret was never created because the parameterStore entries only existed inside cronjob.jobs[].env (added in the prior PR). Adding INTERNAL_SERVICE_HMAC_SECRET to the top-level env block causes the Helm chart to create the ExternalSecret on the next deploy, which syncs the K8s secret from SSM and unblocks the reaper CronJob. Applied to both staging and prod values.
feat: enable INTERNAL_AUTH_REQUIRE_HMAC on prod
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.