You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For a captured hook, verify a Standard-Webhooks signature: HMAC-SHA256 over {id}.{timestamp}.{body} against a configured secret, plus timestamp-freshness check.
Dashboard shows a per-hook verdict (valid / invalid / stale) and the reason.
Part of #49 (WebhookSink epic). Slice S4. One agent run,
samples/**only.Blocked by #66.
Acceptance criteria
{id}.{timestamp}.{body}against a configured secret, plus timestamp-freshness check.WebhookVerifierwhen M3 lands (epic: security hardening + receiver verify #9 / the M3d issue).Definition of done
samples/**.Design: docs/design/webhook-sink-design.md (seam #1: signature verification, S4).