Feat: OLAP Table for CEL Eval Failures (#2012)

* feat: add table, wire up partitioning

* feat: wire failures into the OLAP db from rabbit

* feat: bubble failures up to controller

* fix: naming

* fix: hack around enum type

* fix: typo

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fix: typos

* fix: migration name

* feat: log debug failure

* feat: pub message from debug endpoint to log failure

* fix: error handling

* fix: use ingestor

* fix: olap suffix

* fix: pass source through

* fix: dont log ingest failure

* fix: rm debug as enum opt

* chore: gen

* Feat: Webhooks (#1978)

* feat: migration + go gen

* feat: non unique source name

* feat: api types

* fix: rm cruft

* feat: initial api for webhooks

* feat: handle encryption of incoming keys

* fix: nil pointer errors

* fix: import

* feat: add endpoint for incoming webhooks

* fix: naming

* feat: start wiring up basic auth

* feat: wire up cel event parsing

* feat: implement authentication

* fix: hack for plain text content

* feat: add source to enum

* feat: add source name enum

* feat: db source name enum fix

* fix: use source name enums

* feat: nest sources

* feat: first pass at stripe

* fix: clean up source name passing

* fix: use unique name for webhook

* feat: populator test

* fix: null values

* fix: ordering

* fix: rm unnecessary index

* fix: validation

* feat: validation on create

* fix: lint

* fix: naming

* feat: wire triggering webhook name through to events table

* feat: cleanup + python gen + e2e test for basic auth

* feat: query to insert webhook validation errors

* refactor: auth handler

* fix: naming

* refactor: validation errors, part II

* feat: wire up writes through olap

* fix: linting, fallthrough case

* fix: validation

* feat: tests for failure cases for basic auth

* feat: expand tests

* fix: correctly return 404 out of task getter

* chore: generated stuff

* fix: rm cruft

* fix: longer sleep

* debug: print name + events to logs

* feat: limit to N

* feat: add limit env var

* debug: ci test

* fix: apply namespaces to keys

* fix: namespacing, part ii

* fix: sdk config

* fix: handle prefixing

* feat: handle partitioning logic

* chore: gen

* feat: add webhook limit

* feat: wire up limits

* fix: gen

* fix: reverse order of generic fallthrough

* fix: comment for potential unexpected behavior

* fix: add check constraints, improve error handling

* chore: gen

* chore: gen

* fix: improve naming

* feat: scaffold webhooks page

* feat: sidebar

* feat: first pass at page

* feat: improve feedback on UI

* feat: initial work on create modal

* feat: change default to basic

* fix: openapi spec discriminated union

* fix: go side

* feat: start wiring up placeholders for stripe and github

* feat: pre-populated fields for Stripe + Github

* feat: add name section

* feat: copy improvements, show URL

* feat: UI cleanup

* fix: check if tenant populator errors

* feat: add comments

* chore: gen again

* fix: default name

* fix: styling

* fix: improve stripe header processing

* feat: docs, part 1

* fix: lint

* fix: migration order

* feat: implement rate limit per-webhook

* feat: comment

* feat: clean up docs

* chore: gen

* fix: migration versions

* fix: olap naming

* fix: partitions

* chore: gen

* feat: store webhook cel eval failures properly

* fix: pk order

* fix: auth tweaks, move fetches out of populator

* fix: pgtype.Text instead of string pointer

* chore: gen

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

sql/schema/v1-core.sql

@@ -495,6 +495,74 @@ CREATE UNIQUE INDEX v1_filter_unique_tenant_workflow_id_scope_expression_payload
     payload_hash
 );
 
+CREATE TYPE v1_incoming_webhook_auth_type AS ENUM ('BASIC', 'API_KEY', 'HMAC');
+CREATE TYPE v1_incoming_webhook_hmac_algorithm AS ENUM ('SHA1', 'SHA256', 'SHA512', 'MD5');
+CREATE TYPE v1_incoming_webhook_hmac_encoding AS ENUM ('HEX', 'BASE64', 'BASE64URL');
+
+-- Can add more sources in the future
+CREATE TYPE v1_incoming_webhook_source_name AS ENUM ('GENERIC', 'GITHUB', 'STRIPE');
+
+CREATE TABLE v1_incoming_webhook (
+    tenant_id UUID NOT NULL,
+
+    -- names are tenant-unique
+    name TEXT NOT NULL,
+
+    source_name v1_incoming_webhook_source_name NOT NULL,
+
+    -- CEL expression that creates an event key
+    -- from the payload of the webhook
+    event_key_expression TEXT NOT NULL,
+
+    auth_method v1_incoming_webhook_auth_type NOT NULL,
+
+    auth__basic__username TEXT,
+    auth__basic__password BYTEA,
+
+    auth__api_key__header_name TEXT,
+    auth__api_key__key BYTEA,
+
+    auth__hmac__algorithm v1_incoming_webhook_hmac_algorithm,
+    auth__hmac__encoding v1_incoming_webhook_hmac_encoding,
+    auth__hmac__signature_header_name TEXT,
+    auth__hmac__webhook_signing_secret BYTEA,
+
+    inserted_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP,
+
+    PRIMARY KEY (tenant_id, name),
+    CHECK (
+        (
+            auth_method = 'BASIC'
+            AND (
+                auth__basic__username IS NOT NULL
+                AND auth__basic__password IS NOT NULL
+            )
+        )
+        OR
+        (
+            auth_method = 'API_KEY'
+            AND (
+                auth__api_key__header_name IS NOT NULL
+                AND auth__api_key__key IS NOT NULL
+            )
+        )
+        OR
+        (
+            auth_method = 'HMAC'
+            AND (
+                auth__hmac__algorithm IS NOT NULL
+                AND auth__hmac__encoding IS NOT NULL
+                AND auth__hmac__signature_header_name IS NOT NULL
+                AND auth__hmac__webhook_signing_secret IS NOT NULL
+            )
+        )
+    ),
+    CHECK (LENGTH(event_key_expression) > 0),
+    CHECK (LENGTH(name) > 0)
+);
+
+
 CREATE INDEX v1_match_condition_filter_idx ON v1_match_condition (
     tenant_id ASC,
     event_type ASC,