feat: add github and linear webhook events#34
Merged
knechtionscoding merged 5 commits intoprodfrom Mar 30, 2026
Merged
Conversation
github-actions
bot
added
needs-triage
needs-kind
needs-priority
needs-actor
needs-release-note
labels
Greptile SummaryThis PR adds GitHub and Linear webhook event sources to Kelos, introducing a new The overall architecture is well-structured — per-source servers provide fault isolation, idempotency is tracked via a delivery cache, and filter semantics (OR within type, AND across filter fields) are correctly documented and implemented. The signature validation and Linear filter logic in particular are clean and well-tested. Issues found:
Confidence Score: 4/5Three P1 bugs in handler.go should be resolved before merging — concurrency response code, broken owner references, and a delivery-ID race condition. The new feature is architecturally sound and well-tested, but handler.go has three distinct P1 defects that affect observable production behavior: wrong HTTP status for concurrency limits, broken task ownership (garbage collection won't work), and a race condition that can produce duplicate tasks under concurrent retries. These are straightforward to fix but real enough to block merge. internal/webhook/handler.go requires the most attention for all three P1 issues; internal/webhook/github_filter.go has a P2 silent-filter gap for IssuesEvent BodyContains. Important Files Changed
Sequence DiagramsequenceDiagram
participant GH as GitHub/Linear
participant WH as WebhookHandler (ServeHTTP)
participant SIG as signature.go (ValidateSignature)
participant DC as DeliveryCache
participant PW as processWebhook
participant K8S as Kubernetes API (client.List / client.Create)
participant TB as TaskBuilder
GH->>WH: POST /webhook (event headers + body)
WH->>SIG: ValidateGitHubSignature / ValidateLinearSignature
SIG-->>WH: ok / err
WH->>DC: IsProcessed(deliveryID)
DC-->>WH: false (not yet seen)
WH->>PW: processWebhook(eventType, body)
PW->>K8S: client.List(TaskSpawners)
K8S-->>PW: []TaskSpawner
loop For each matching TaskSpawner
PW->>PW: matchesSpawner (MatchesGitHubEvent / MatchesLinearEvent)
PW->>TB: BuildTask(templateVars)
TB-->>PW: *Task
PW->>K8S: client.Create(Task)
end
PW-->>WH: (tasksCreated, nil)
WH->>DC: MarkProcessed(deliveryID)
WH-->>GH: HTTP 200 OK
Reviews (1): Last reviewed commit: "feat: add github and linear webhook even..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
1. P1 - MaxConcurrencyError HTTP Response ✅ Fixed ServeHTTP to properly handle MaxConcurrencyError with HTTP 503 and Retry-After header Previously returned generic HTTP 500, now correctly returns 503 for rate limiting 2. P1 - Empty APIVersion/Kind in Owner References ✅ Fixed owner reference creation to use client.Scheme().ObjectKinds() to get proper GVK Added missing Controller and BlockOwnerDeletion fields for proper garbage collection Previously had empty strings, now has correct API version and kind 3. P1 - TOCTOU Race Condition in Idempotency ✅ Replaced separate IsProcessed()/MarkProcessed() with atomic CheckAndMark() Eliminated race window where two requests with same delivery ID could both pass the check Now uses single lock operation for check-and-set 4. P2 - Invalid Kubernetes Names from Truncation ✅ Fixed task name generation to handle nil/empty ID values safely Added strings.TrimRight(taskName[:63], "-.") to ensure names don't end with invalid characters Prevents server-side validation failures 5. P2 - BodyContains Filter Ignored for IssuesEvent ✅ Fixed GitHub filter to check issue body for BodyContains on IssuesEvent Previously only checked comment body on IssueCommentEvent Now properly filters by issue body content All tests pass and the implementation builds successfully. The webhook system now properly handles rate limiting, ensures atomic idempotency checks, creates valid owner references for garbage collection, generates valid Kubernetes resource names, and correctly applies all filter conditions.
knechtionscoding
added a commit
that referenced
this pull request
Mar 30, 2026
* feat: add github and linear webhook events * fix: build images * Fixed Issues 1. P1 - MaxConcurrencyError HTTP Response ✅ Fixed ServeHTTP to properly handle MaxConcurrencyError with HTTP 503 and Retry-After header Previously returned generic HTTP 500, now correctly returns 503 for rate limiting 2. P1 - Empty APIVersion/Kind in Owner References ✅ Fixed owner reference creation to use client.Scheme().ObjectKinds() to get proper GVK Added missing Controller and BlockOwnerDeletion fields for proper garbage collection Previously had empty strings, now has correct API version and kind 3. P1 - TOCTOU Race Condition in Idempotency ✅ Replaced separate IsProcessed()/MarkProcessed() with atomic CheckAndMark() Eliminated race window where two requests with same delivery ID could both pass the check Now uses single lock operation for check-and-set 4. P2 - Invalid Kubernetes Names from Truncation ✅ Fixed task name generation to handle nil/empty ID values safely Added strings.TrimRight(taskName[:63], "-.") to ensure names don't end with invalid characters Prevents server-side validation failures 5. P2 - BodyContains Filter Ignored for IssuesEvent ✅ Fixed GitHub filter to check issue body for BodyContains on IssuesEvent Previously only checked comment body on IssueCommentEvent Now properly filters by issue body content All tests pass and the implementation builds successfully. The webhook system now properly handles rate limiting, ensures atomic idempotency checks, creates valid owner references for garbage collection, generates valid Kubernetes resource names, and correctly applies all filter conditions. * chore: generate
knechtionscoding
added a commit
that referenced
this pull request
Mar 30, 2026
* feat: add github and linear webhook events * fix: build images * Fixed Issues 1. P1 - MaxConcurrencyError HTTP Response ✅ Fixed ServeHTTP to properly handle MaxConcurrencyError with HTTP 503 and Retry-After header Previously returned generic HTTP 500, now correctly returns 503 for rate limiting 2. P1 - Empty APIVersion/Kind in Owner References ✅ Fixed owner reference creation to use client.Scheme().ObjectKinds() to get proper GVK Added missing Controller and BlockOwnerDeletion fields for proper garbage collection Previously had empty strings, now has correct API version and kind 3. P1 - TOCTOU Race Condition in Idempotency ✅ Replaced separate IsProcessed()/MarkProcessed() with atomic CheckAndMark() Eliminated race window where two requests with same delivery ID could both pass the check Now uses single lock operation for check-and-set 4. P2 - Invalid Kubernetes Names from Truncation ✅ Fixed task name generation to handle nil/empty ID values safely Added strings.TrimRight(taskName[:63], "-.") to ensure names don't end with invalid characters Prevents server-side validation failures 5. P2 - BodyContains Filter Ignored for IssuesEvent ✅ Fixed GitHub filter to check issue body for BodyContains on IssuesEvent Previously only checked comment body on IssueCommentEvent Now properly filters by issue body content All tests pass and the implementation builds successfully. The webhook system now properly handles rate limiting, ensures atomic idempotency checks, creates valid owner references for garbage collection, generates valid Kubernetes resource names, and correctly applies all filter conditions. * chore: generate
knechtionscoding
added a commit
that referenced
this pull request
Mar 30, 2026
* feat: add github and linear webhook events * fix: build images * Fixed Issues 1. P1 - MaxConcurrencyError HTTP Response ✅ Fixed ServeHTTP to properly handle MaxConcurrencyError with HTTP 503 and Retry-After header Previously returned generic HTTP 500, now correctly returns 503 for rate limiting 2. P1 - Empty APIVersion/Kind in Owner References ✅ Fixed owner reference creation to use client.Scheme().ObjectKinds() to get proper GVK Added missing Controller and BlockOwnerDeletion fields for proper garbage collection Previously had empty strings, now has correct API version and kind 3. P1 - TOCTOU Race Condition in Idempotency ✅ Replaced separate IsProcessed()/MarkProcessed() with atomic CheckAndMark() Eliminated race window where two requests with same delivery ID could both pass the check Now uses single lock operation for check-and-set 4. P2 - Invalid Kubernetes Names from Truncation ✅ Fixed task name generation to handle nil/empty ID values safely Added strings.TrimRight(taskName[:63], "-.") to ensure names don't end with invalid characters Prevents server-side validation failures 5. P2 - BodyContains Filter Ignored for IssuesEvent ✅ Fixed GitHub filter to check issue body for BodyContains on IssuesEvent Previously only checked comment body on IssueCommentEvent Now properly filters by issue body content All tests pass and the implementation builds successfully. The webhook system now properly handles rate limiting, ensures atomic idempotency checks, creates valid owner references for garbage collection, generates valid Kubernetes resource names, and correctly applies all filter conditions. * chore: generate
knechtionscoding
added a commit
that referenced
this pull request
Mar 30, 2026
* feat: add github and linear webhook events * fix: build images * Fixed Issues 1. P1 - MaxConcurrencyError HTTP Response ✅ Fixed ServeHTTP to properly handle MaxConcurrencyError with HTTP 503 and Retry-After header Previously returned generic HTTP 500, now correctly returns 503 for rate limiting 2. P1 - Empty APIVersion/Kind in Owner References ✅ Fixed owner reference creation to use client.Scheme().ObjectKinds() to get proper GVK Added missing Controller and BlockOwnerDeletion fields for proper garbage collection Previously had empty strings, now has correct API version and kind 3. P1 - TOCTOU Race Condition in Idempotency ✅ Replaced separate IsProcessed()/MarkProcessed() with atomic CheckAndMark() Eliminated race window where two requests with same delivery ID could both pass the check Now uses single lock operation for check-and-set 4. P2 - Invalid Kubernetes Names from Truncation ✅ Fixed task name generation to handle nil/empty ID values safely Added strings.TrimRight(taskName[:63], "-.") to ensure names don't end with invalid characters Prevents server-side validation failures 5. P2 - BodyContains Filter Ignored for IssuesEvent ✅ Fixed GitHub filter to check issue body for BodyContains on IssuesEvent Previously only checked comment body on IssueCommentEvent Now properly filters by issue body content All tests pass and the implementation builds successfully. The webhook system now properly handles rate limiting, ensures atomic idempotency checks, creates valid owner references for garbage collection, generates valid Kubernetes resource names, and correctly applies all filter conditions. * chore: generate
knechtionscoding
added a commit
that referenced
this pull request
Mar 30, 2026
* feat: add github and linear webhook events * fix: build images * Fixed Issues 1. P1 - MaxConcurrencyError HTTP Response ✅ Fixed ServeHTTP to properly handle MaxConcurrencyError with HTTP 503 and Retry-After header Previously returned generic HTTP 500, now correctly returns 503 for rate limiting 2. P1 - Empty APIVersion/Kind in Owner References ✅ Fixed owner reference creation to use client.Scheme().ObjectKinds() to get proper GVK Added missing Controller and BlockOwnerDeletion fields for proper garbage collection Previously had empty strings, now has correct API version and kind 3. P1 - TOCTOU Race Condition in Idempotency ✅ Replaced separate IsProcessed()/MarkProcessed() with atomic CheckAndMark() Eliminated race window where two requests with same delivery ID could both pass the check Now uses single lock operation for check-and-set 4. P2 - Invalid Kubernetes Names from Truncation ✅ Fixed task name generation to handle nil/empty ID values safely Added strings.TrimRight(taskName[:63], "-.") to ensure names don't end with invalid characters Prevents server-side validation failures 5. P2 - BodyContains Filter Ignored for IssuesEvent ✅ Fixed GitHub filter to check issue body for BodyContains on IssuesEvent Previously only checked comment body on IssueCommentEvent Now properly filters by issue body content All tests pass and the implementation builds successfully. The webhook system now properly handles rate limiting, ensures atomic idempotency checks, creates valid owner references for garbage collection, generates valid Kubernetes resource names, and correctly applies all filter conditions. * chore: generate * fix: normalize the tasknames
knechtionscoding
added a commit
that referenced
this pull request
Mar 31, 2026
* feat: add github webhook events * fix: build images * Fixed Issues 1. P1 - MaxConcurrencyError HTTP Response ✅ Fixed ServeHTTP to properly handle MaxConcurrencyError with HTTP 503 and Retry-After header Previously returned generic HTTP 500, now correctly returns 503 for rate limiting 2. P1 - Empty APIVersion/Kind in Owner References ✅ Fixed owner reference creation to use client.Scheme().ObjectKinds() to get proper GVK Added missing Controller and BlockOwnerDeletion fields for proper garbage collection Previously had empty strings, now has correct API version and kind 3. P1 - TOCTOU Race Condition in Idempotency ✅ Replaced separate IsProcessed()/MarkProcessed() with atomic CheckAndMark() Eliminated race window where two requests with same delivery ID could both pass the check Now uses single lock operation for check-and-set 4. P2 - Invalid Kubernetes Names from Truncation ✅ Fixed task name generation to handle nil/empty ID values safely Added strings.TrimRight(taskName[:63], "-.") to ensure names don't end with invalid characters Prevents server-side validation failures 5. P2 - BodyContains Filter Ignored for IssuesEvent ✅ Fixed GitHub filter to check issue body for BodyContains on IssuesEvent Previously only checked comment body on IssueCommentEvent Now properly filters by issue body content All tests pass and the implementation builds successfully. The webhook system now properly handles rate limiting, ensures atomic idempotency checks, creates valid owner references for garbage collection, generates valid Kubernetes resource names, and correctly applies all filter conditions. * chore: generate * fix: normalize the tasknames
knechtionscoding
added a commit
that referenced
this pull request
Mar 31, 2026
* feat: add github webhook events * fix: build images * Fixed Issues 1. P1 - MaxConcurrencyError HTTP Response ✅ Fixed ServeHTTP to properly handle MaxConcurrencyError with HTTP 503 and Retry-After header Previously returned generic HTTP 500, now correctly returns 503 for rate limiting 2. P1 - Empty APIVersion/Kind in Owner References ✅ Fixed owner reference creation to use client.Scheme().ObjectKinds() to get proper GVK Added missing Controller and BlockOwnerDeletion fields for proper garbage collection Previously had empty strings, now has correct API version and kind 3. P1 - TOCTOU Race Condition in Idempotency ✅ Replaced separate IsProcessed()/MarkProcessed() with atomic CheckAndMark() Eliminated race window where two requests with same delivery ID could both pass the check Now uses single lock operation for check-and-set 4. P2 - Invalid Kubernetes Names from Truncation ✅ Fixed task name generation to handle nil/empty ID values safely Added strings.TrimRight(taskName[:63], "-.") to ensure names don't end with invalid characters Prevents server-side validation failures 5. P2 - BodyContains Filter Ignored for IssuesEvent ✅ Fixed GitHub filter to check issue body for BodyContains on IssuesEvent Previously only checked comment body on IssueCommentEvent Now properly filters by issue body content All tests pass and the implementation builds successfully. The webhook system now properly handles rate limiting, ensures atomic idempotency checks, creates valid owner references for garbage collection, generates valid Kubernetes resource names, and correctly applies all filter conditions. * chore: generate * fix: normalize the tasknames
knechtionscoding
added a commit
that referenced
this pull request
Mar 31, 2026
* feat: add github webhook events * fix: build images * Fixed Issues 1. P1 - MaxConcurrencyError HTTP Response ✅ Fixed ServeHTTP to properly handle MaxConcurrencyError with HTTP 503 and Retry-After header Previously returned generic HTTP 500, now correctly returns 503 for rate limiting 2. P1 - Empty APIVersion/Kind in Owner References ✅ Fixed owner reference creation to use client.Scheme().ObjectKinds() to get proper GVK Added missing Controller and BlockOwnerDeletion fields for proper garbage collection Previously had empty strings, now has correct API version and kind 3. P1 - TOCTOU Race Condition in Idempotency ✅ Replaced separate IsProcessed()/MarkProcessed() with atomic CheckAndMark() Eliminated race window where two requests with same delivery ID could both pass the check Now uses single lock operation for check-and-set 4. P2 - Invalid Kubernetes Names from Truncation ✅ Fixed task name generation to handle nil/empty ID values safely Added strings.TrimRight(taskName[:63], "-.") to ensure names don't end with invalid characters Prevents server-side validation failures 5. P2 - BodyContains Filter Ignored for IssuesEvent ✅ Fixed GitHub filter to check issue body for BodyContains on IssuesEvent Previously only checked comment body on IssueCommentEvent Now properly filters by issue body content All tests pass and the implementation builds successfully. The webhook system now properly handles rate limiting, ensures atomic idempotency checks, creates valid owner references for garbage collection, generates valid Kubernetes resource names, and correctly applies all filter conditions. * chore: generate * fix: normalize the tasknames
knechtionscoding
added a commit
that referenced
this pull request
Mar 31, 2026
* feat: add github webhook events * fix: build images * Fixed Issues 1. P1 - MaxConcurrencyError HTTP Response ✅ Fixed ServeHTTP to properly handle MaxConcurrencyError with HTTP 503 and Retry-After header Previously returned generic HTTP 500, now correctly returns 503 for rate limiting 2. P1 - Empty APIVersion/Kind in Owner References ✅ Fixed owner reference creation to use client.Scheme().ObjectKinds() to get proper GVK Added missing Controller and BlockOwnerDeletion fields for proper garbage collection Previously had empty strings, now has correct API version and kind 3. P1 - TOCTOU Race Condition in Idempotency ✅ Replaced separate IsProcessed()/MarkProcessed() with atomic CheckAndMark() Eliminated race window where two requests with same delivery ID could both pass the check Now uses single lock operation for check-and-set 4. P2 - Invalid Kubernetes Names from Truncation ✅ Fixed task name generation to handle nil/empty ID values safely Added strings.TrimRight(taskName[:63], "-.") to ensure names don't end with invalid characters Prevents server-side validation failures 5. P2 - BodyContains Filter Ignored for IssuesEvent ✅ Fixed GitHub filter to check issue body for BodyContains on IssuesEvent Previously only checked comment body on IssueCommentEvent Now properly filters by issue body content All tests pass and the implementation builds successfully. The webhook system now properly handles rate limiting, ensures atomic idempotency checks, creates valid owner references for garbage collection, generates valid Kubernetes resource names, and correctly applies all filter conditions. * chore: generate * fix: normalize the tasknames
knechtionscoding
added a commit
that referenced
this pull request
Mar 31, 2026
* feat: add github webhook events * fix: build images * Fixed Issues 1. P1 - MaxConcurrencyError HTTP Response ✅ Fixed ServeHTTP to properly handle MaxConcurrencyError with HTTP 503 and Retry-After header Previously returned generic HTTP 500, now correctly returns 503 for rate limiting 2. P1 - Empty APIVersion/Kind in Owner References ✅ Fixed owner reference creation to use client.Scheme().ObjectKinds() to get proper GVK Added missing Controller and BlockOwnerDeletion fields for proper garbage collection Previously had empty strings, now has correct API version and kind 3. P1 - TOCTOU Race Condition in Idempotency ✅ Replaced separate IsProcessed()/MarkProcessed() with atomic CheckAndMark() Eliminated race window where two requests with same delivery ID could both pass the check Now uses single lock operation for check-and-set 4. P2 - Invalid Kubernetes Names from Truncation ✅ Fixed task name generation to handle nil/empty ID values safely Added strings.TrimRight(taskName[:63], "-.") to ensure names don't end with invalid characters Prevents server-side validation failures 5. P2 - BodyContains Filter Ignored for IssuesEvent ✅ Fixed GitHub filter to check issue body for BodyContains on IssuesEvent Previously only checked comment body on IssueCommentEvent Now properly filters by issue body content All tests pass and the implementation builds successfully. The webhook system now properly handles rate limiting, ensures atomic idempotency checks, creates valid owner references for garbage collection, generates valid Kubernetes resource names, and correctly applies all filter conditions. * chore: generate * fix: normalize the tasknames
knechtionscoding
added a commit
that referenced
this pull request
Mar 31, 2026
* feat: add github webhook events * fix: build images * Fixed Issues 1. P1 - MaxConcurrencyError HTTP Response ✅ Fixed ServeHTTP to properly handle MaxConcurrencyError with HTTP 503 and Retry-After header Previously returned generic HTTP 500, now correctly returns 503 for rate limiting 2. P1 - Empty APIVersion/Kind in Owner References ✅ Fixed owner reference creation to use client.Scheme().ObjectKinds() to get proper GVK Added missing Controller and BlockOwnerDeletion fields for proper garbage collection Previously had empty strings, now has correct API version and kind 3. P1 - TOCTOU Race Condition in Idempotency ✅ Replaced separate IsProcessed()/MarkProcessed() with atomic CheckAndMark() Eliminated race window where two requests with same delivery ID could both pass the check Now uses single lock operation for check-and-set 4. P2 - Invalid Kubernetes Names from Truncation ✅ Fixed task name generation to handle nil/empty ID values safely Added strings.TrimRight(taskName[:63], "-.") to ensure names don't end with invalid characters Prevents server-side validation failures 5. P2 - BodyContains Filter Ignored for IssuesEvent ✅ Fixed GitHub filter to check issue body for BodyContains on IssuesEvent Previously only checked comment body on IssueCommentEvent Now properly filters by issue body content All tests pass and the implementation builds successfully. The webhook system now properly handles rate limiting, ensures atomic idempotency checks, creates valid owner references for garbage collection, generates valid Kubernetes resource names, and correctly applies all filter conditions. * chore: generate * fix: normalize the tasknames
knechtionscoding
added a commit
that referenced
this pull request
Mar 31, 2026
* feat: add github webhook events * fix: build images * Fixed Issues 1. P1 - MaxConcurrencyError HTTP Response ✅ Fixed ServeHTTP to properly handle MaxConcurrencyError with HTTP 503 and Retry-After header Previously returned generic HTTP 500, now correctly returns 503 for rate limiting 2. P1 - Empty APIVersion/Kind in Owner References ✅ Fixed owner reference creation to use client.Scheme().ObjectKinds() to get proper GVK Added missing Controller and BlockOwnerDeletion fields for proper garbage collection Previously had empty strings, now has correct API version and kind 3. P1 - TOCTOU Race Condition in Idempotency ✅ Replaced separate IsProcessed()/MarkProcessed() with atomic CheckAndMark() Eliminated race window where two requests with same delivery ID could both pass the check Now uses single lock operation for check-and-set 4. P2 - Invalid Kubernetes Names from Truncation ✅ Fixed task name generation to handle nil/empty ID values safely Added strings.TrimRight(taskName[:63], "-.") to ensure names don't end with invalid characters Prevents server-side validation failures 5. P2 - BodyContains Filter Ignored for IssuesEvent ✅ Fixed GitHub filter to check issue body for BodyContains on IssuesEvent Previously only checked comment body on IssueCommentEvent Now properly filters by issue body content All tests pass and the implementation builds successfully. The webhook system now properly handles rate limiting, ensures atomic idempotency checks, creates valid owner references for garbage collection, generates valid Kubernetes resource names, and correctly applies all filter conditions. * chore: generate * fix: normalize the tasknames
knechtionscoding
added a commit
that referenced
this pull request
Mar 31, 2026
* feat: add github webhook events * fix: build images * Fixed Issues 1. P1 - MaxConcurrencyError HTTP Response ✅ Fixed ServeHTTP to properly handle MaxConcurrencyError with HTTP 503 and Retry-After header Previously returned generic HTTP 500, now correctly returns 503 for rate limiting 2. P1 - Empty APIVersion/Kind in Owner References ✅ Fixed owner reference creation to use client.Scheme().ObjectKinds() to get proper GVK Added missing Controller and BlockOwnerDeletion fields for proper garbage collection Previously had empty strings, now has correct API version and kind 3. P1 - TOCTOU Race Condition in Idempotency ✅ Replaced separate IsProcessed()/MarkProcessed() with atomic CheckAndMark() Eliminated race window where two requests with same delivery ID could both pass the check Now uses single lock operation for check-and-set 4. P2 - Invalid Kubernetes Names from Truncation ✅ Fixed task name generation to handle nil/empty ID values safely Added strings.TrimRight(taskName[:63], "-.") to ensure names don't end with invalid characters Prevents server-side validation failures 5. P2 - BodyContains Filter Ignored for IssuesEvent ✅ Fixed GitHub filter to check issue body for BodyContains on IssuesEvent Previously only checked comment body on IssueCommentEvent Now properly filters by issue body content All tests pass and the implementation builds successfully. The webhook system now properly handles rate limiting, ensures atomic idempotency checks, creates valid owner references for garbage collection, generates valid Kubernetes resource names, and correctly applies all filter conditions. * chore: generate * fix: normalize the tasknames
knechtionscoding
added a commit
that referenced
this pull request
Mar 31, 2026
* feat: add github webhook events * fix: build images * Fixed Issues 1. P1 - MaxConcurrencyError HTTP Response ✅ Fixed ServeHTTP to properly handle MaxConcurrencyError with HTTP 503 and Retry-After header Previously returned generic HTTP 500, now correctly returns 503 for rate limiting 2. P1 - Empty APIVersion/Kind in Owner References ✅ Fixed owner reference creation to use client.Scheme().ObjectKinds() to get proper GVK Added missing Controller and BlockOwnerDeletion fields for proper garbage collection Previously had empty strings, now has correct API version and kind 3. P1 - TOCTOU Race Condition in Idempotency ✅ Replaced separate IsProcessed()/MarkProcessed() with atomic CheckAndMark() Eliminated race window where two requests with same delivery ID could both pass the check Now uses single lock operation for check-and-set 4. P2 - Invalid Kubernetes Names from Truncation ✅ Fixed task name generation to handle nil/empty ID values safely Added strings.TrimRight(taskName[:63], "-.") to ensure names don't end with invalid characters Prevents server-side validation failures 5. P2 - BodyContains Filter Ignored for IssuesEvent ✅ Fixed GitHub filter to check issue body for BodyContains on IssuesEvent Previously only checked comment body on IssueCommentEvent Now properly filters by issue body content All tests pass and the implementation builds successfully. The webhook system now properly handles rate limiting, ensures atomic idempotency checks, creates valid owner references for garbage collection, generates valid Kubernetes resource names, and correctly applies all filter conditions. * chore: generate * fix: normalize the tasknames
knechtionscoding
added a commit
that referenced
this pull request
Mar 31, 2026
* docs: move pollInterval to per-source form in README snippets The README YAML snippets used the deprecated top-level spec.pollInterval field. Move pollInterval inside the githubIssues source block in both the self-development section and the TaskSpawner quick-start example, aligning them with the reference docs, examples, and the actual kelos-workers.yaml manifest. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Update opencode image to 1.3.9 * Update claude-code image to 2.1.88 * Update cursor image to 2026.03.30-a5d3e17 * feat: log cache misses in ghproxy * fix: use fetch-depth 2 for fork e2e merge ref checkout Shallow clone with depth 1 prevents git from reporting parent SHAs of the merge commit, causing the head SHA validation to always fail. * feat: add github webhook events (#34) * feat: add github webhook events * fix: build images * Fixed Issues 1. P1 - MaxConcurrencyError HTTP Response ✅ Fixed ServeHTTP to properly handle MaxConcurrencyError with HTTP 503 and Retry-After header Previously returned generic HTTP 500, now correctly returns 503 for rate limiting 2. P1 - Empty APIVersion/Kind in Owner References ✅ Fixed owner reference creation to use client.Scheme().ObjectKinds() to get proper GVK Added missing Controller and BlockOwnerDeletion fields for proper garbage collection Previously had empty strings, now has correct API version and kind 3. P1 - TOCTOU Race Condition in Idempotency ✅ Replaced separate IsProcessed()/MarkProcessed() with atomic CheckAndMark() Eliminated race window where two requests with same delivery ID could both pass the check Now uses single lock operation for check-and-set 4. P2 - Invalid Kubernetes Names from Truncation ✅ Fixed task name generation to handle nil/empty ID values safely Added strings.TrimRight(taskName[:63], "-.") to ensure names don't end with invalid characters Prevents server-side validation failures 5. P2 - BodyContains Filter Ignored for IssuesEvent ✅ Fixed GitHub filter to check issue body for BodyContains on IssuesEvent Previously only checked comment body on IssueCommentEvent Now properly filters by issue body content All tests pass and the implementation builds successfully. The webhook system now properly handles rate limiting, ensures atomic idempotency checks, creates valid owner references for garbage collection, generates valid Kubernetes resource names, and correctly applies all filter conditions. * chore: generate * fix: normalize the tasknames * feat: scope ghproxy by workspace with own auth Replace the centralized static ghproxy with per-workspace instances managed by a new WorkspaceReconciler. Each workspace ghproxy owns its GitHub auth directly via token-refresher sidecar, fixing the ETag-per-token cache invalidation cycle caused by multiple spawner pods using different tokens through a shared proxy. Also logs cache misses with the cache key for observability. * fix: populate SpawnerRef fields for Task owner references PR kelos-dev#851 introduced taskbuilder.BuildTask with SpawnerRef but the spawner call site only set Name, leaving APIVersion, Kind, and UID empty. Kubernetes rejects owner references with empty required fields, causing Task creation to fail. Also remove BlockOwnerDeletion since neither the spawner nor webhook RBAC role has the permissions Kubernetes requires for that field. * Merge upstream prod into fork: add GitHub webhook improvements, Linear webhooks, Slack support Merges upstream GitHub webhook events and Linear webhook support into the fork which already has Slack integration. All three webhook sources (GitHub, Linear, Slack) are now supported alongside cron and poll-based task spawners. Resolves all merge conflicts across 21 files. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Gunju Kim <gjkim042@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
What this PR does / why we need it:
Which issue(s) this PR is related to:
Special notes for your reviewer:
Does this PR introduce a user-facing change?