@pmcollab/coworkstream-webhooks
v0.1.0
Published
Inbound webhook receivers that convert GitHub / Stripe / Slack / generic email payloads into WorkStreamItems.
Readme
@pmcollab/coworkstream-webhooks
Inbound webhook receivers that convert provider payloads into WorkStreamItems.
Install
npm install @pmcollab/coworkstream-webhooksUse
import express from 'express'
import {
fromGitHub, verifyGitHubSignature,
fromStripe, verifyStripeSignature,
} from '@pmcollab/coworkstream-webhooks'
const app = express()
app.use(express.json({ verify: (req, res, buf) => { req.rawBody = buf.toString() } }))
app.post('/webhooks/github', async (req, res) => {
try {
verifyGitHubSignature(req, process.env.GITHUB_WEBHOOK_SECRET)
const item = fromGitHub(req.body, req.headers['x-github-event'])
if (item) await store.upsert(item)
res.json({ ok: true })
} catch (err) {
res.status(err.status ?? 500).json({ error: err.code ?? 'internal' })
}
})Mappers
| Provider | Maps |
|---|---|
| GitHub | pull_request (opened, review_requested) → draft; issues (opened) → decision; workflow_run (failed) → incident |
| Stripe | charge.failed → incident; customer.subscription.deleted → signal; charge.dispute.created → decision |
| Slack | slash commands → decision; app_mention → signal |
| Microsoft Teams | outgoing-webhook @-mention → decision; Power Automate / Adaptive Card actions → decision |
| Email | generic Postmark / Mailgun / SendGrid Parse payload → decision |
Each mapper returns null for unhandled events so you can pass everything through and only persist the actionable items.
Signature verification
verifyGitHubSignature, verifyStripeSignature, and verifySlackSignature throw WebhookSignatureError (status 401) on failure. They use node:crypto timingSafeEqual for constant-time comparison.
License
Commercial. See LICENSE in the repository root.
