chore: simplify honeycomb alerts (#26142)

2026-05-13 15:44:56 +00:00 · 2026-05-07 09:56:10 +02:00
parent 293bb422fa
commit f8aa4a3be0
15 changed files with 186 additions and 409 deletions
--- a/packages/console/app/package.json
+++ b/packages/console/app/package.json
@@ -31,7 +31,6 @@
    "solid-js": "catalog:",
    "solid-list": "0.3.0",
    "solid-stripe": "0.8.1",
-    "svix": "1.92.2",
    "vite": "catalog:",
    "zod": "catalog:"
  },
--- a/packages/console/app/src/routes/honeycomb/webhook.ts
+++ b/packages/console/app/src/routes/honeycomb/webhook.ts
@@ -0,0 +1,81 @@
+import type { APIEvent } from "@solidjs/start/server"
+import { z } from "zod"
+import { Resource } from "@opencode-ai/console-resource"
+import { safeEqual } from "@opencode-ai/console-core/util/crypto.js"
+
+const DISCORD_ALERT_ROLE_ID = "1501447160175136838"
+
+const basePayload = z.object({
+  name: z.string().optional(),
+  status: z.string().optional(),
+  isTest: z.boolean().optional(),
+  url: z.string(),
+})
+
+const groups = z.object({ group: z.object({ key: z.string(), value: z.string() }).array() }).array()
+
+const honeycombWebhookPayload = z.discriminatedUnion("type", [
+  basePayload.extend({
+    type: z.literal("model_http_errors"),
+    groups,
+  }),
+  basePayload.extend({
+    type: z.literal("provider_http_errors"),
+    groups,
+  }),
+])
+
+const postDiscordMessage = async (payload: z.infer<typeof honeycombWebhookPayload>) => {
+  const group = payload.type === "model_http_errors" ? "model" : "provider"
+  const names = (payload.groups ?? []).flatMap((item) => item.group.map((g) => g.value))
+
+  const content = [
+    `[**${payload.isTest ? "[TEST] " : ""}${payload.name ?? "Honeycomb alert"}**](${payload.url})`,
+    names.length > 0 ? `Affected ${group}s:` : undefined,
+    ...names.map((name) => `- ${name}`),
+    "",
+    `<@&${DISCORD_ALERT_ROLE_ID}>`,
+  ]
+    .filter((line) => line !== undefined)
+    .join("\n")
+
+  return fetch(Resource.DISCORD_INCIDENT_WEBHOOK_URL.value, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      content,
+      allowed_mentions: { roles: [DISCORD_ALERT_ROLE_ID] },
+      flags: 4,
+    }),
+  })
+}
+
+export async function POST(input: APIEvent) {
+  const token = input.request.headers.get("X-Honeycomb-Webhook-Token")
+  if (!safeEqual(token ?? "", Resource.HoneycombWebhookSecret.value)) {
+    console.debug("Invalid Honeycomb webhook token")
+    return Response.json({ message: "invalid token" }, { status: 401 })
+  }
+
+  const body = await input.request.json()
+  console.log(body, JSON.stringify(body, null, 2))
+
+  const parsed = honeycombWebhookPayload.safeParse(body)
+
+  if (!parsed.success) {
+    console.error(parsed.error)
+    return Response.json({ message: "invalid payload" }, { status: 400 })
+  }
+
+  if (parsed.data.status !== "TRIGGERED") {
+    console.debug("Skipping resolved alert Honeycomb webhook")
+    return Response.json({ message: "ignored" }, { status: 200 })
+  }
+
+  const response = await postDiscordMessage(parsed.data)
+  if (!response.ok) {
+    return Response.json({ message: "discord webhook failed" }, { status: 502 })
+  }
+
+  return Response.json({ message: "sent" }, { status: 200 })
+}
--- a/packages/console/app/src/routes/incident/webhook.ts
+++ b/packages/console/app/src/routes/incident/webhook.ts
@@ -1,77 +0,0 @@
-import type { APIEvent } from "@solidjs/start/server"
-import { Resource } from "@opencode-ai/console-resource"
-import { Webhook } from "svix"
-
-const DISCORD_INCIDENT_ROLE_ID = "1501447160175136838"
-
-type Incident = {
-  mode?: "test" | "standard"
-  name?: string
-  permalink?: string
-  summary?: string
-}
-
-type IncidentWebhookPayload = {
-  event_type?: string
-  "public_incident.incident_created_v2"?: Incident
-}
-
-const verifyWebhook = async (request: Request) => {
-  const body = await request.text()
-  try {
-    return new Webhook(Resource.INCIDENT_WEBHOOK_SIGNING_SECRET.value).verify(
-      body,
-      Object.fromEntries(request.headers.entries()),
-    ) as IncidentWebhookPayload
-  } catch {
-    return undefined
-  }
-}
-
-const postDiscordMessage = async (incident: Incident) => {
-  return fetch(Resource.DISCORD_INCIDENT_WEBHOOK_URL.value, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-    },
-    body: JSON.stringify({
-      content: [
-        `**${incident.mode === "test" ? "[TEST] " : ""}${incident.name ?? "Incident has been created"}**`,
-        incident.summary,
-        "",
-        `<@&${DISCORD_INCIDENT_ROLE_ID}>`,
-        "",
-        incident.permalink,
-      ]
-        .filter((line) => line !== undefined)
-        .join("\n"),
-      allowed_mentions: {
-        roles: [DISCORD_INCIDENT_ROLE_ID],
-      },
-      flags: 4,
-    }),
-  })
-}
-
-export async function POST(input: APIEvent) {
-  const payload = await verifyWebhook(input.request)
-  if (!payload) {
-    return Response.json({ message: "invalid signature" }, { status: 401 })
-  }
-
-  if (payload.event_type !== "public_incident.incident_created_v2") {
-    return Response.json({ message: "ignored event" }, { status: 200 })
-  }
-
-  const incident = payload["public_incident.incident_created_v2"]
-  if (!incident) {
-    return Response.json({ message: "missing incident" }, { status: 400 })
-  }
-
-  const response = await postDiscordMessage(incident)
-  if (!response.ok) {
-    return Response.json({ message: "discord webhook failed" }, { status: 502 })
-  }
-
-  return Response.json({ message: "sent" }, { status: 200 })
-}
--- a/packages/console/core/src/util/crypto.ts
+++ b/packages/console/core/src/util/crypto.ts
@@ -0,0 +1,8 @@
+import { timingSafeEqual } from "node:crypto"
+
+export function safeEqual(a: string, b: string): boolean {
+  const encoder = new TextEncoder()
+  const aBytes = encoder.encode(a)
+  const bBytes = encoder.encode(b)
+  return aBytes.length === bBytes.length && timingSafeEqual(aBytes, bBytes)
+}
--- a/packages/console/core/sst-env.d.ts
+++ b/packages/console/core/sst-env.d.ts
@@ -91,8 +91,8 @@ declare module "sst" {
      "type": "sst.sst.Secret"
      "value": string
    }
-    "INCIDENT_WEBHOOK_SIGNING_SECRET": {
-      "type": "sst.sst.Secret"
+    "HoneycombWebhookSecret": {
+      "type": "random.index/randomPassword.RandomPassword"
      "value": string
    }
    "R2AccessKey": {
--- a/packages/console/function/sst-env.d.ts
+++ b/packages/console/function/sst-env.d.ts
@@ -91,8 +91,8 @@ declare module "sst" {
      "type": "sst.sst.Secret"
      "value": string
    }
-    "INCIDENT_WEBHOOK_SIGNING_SECRET": {
-      "type": "sst.sst.Secret"
+    "HoneycombWebhookSecret": {
+      "type": "random.index/randomPassword.RandomPassword"
      "value": string
    }
    "R2AccessKey": {
--- a/packages/console/resource/sst-env.d.ts
+++ b/packages/console/resource/sst-env.d.ts
@@ -91,8 +91,8 @@ declare module "sst" {
      "type": "sst.sst.Secret"
      "value": string
    }
-    "INCIDENT_WEBHOOK_SIGNING_SECRET": {
-      "type": "sst.sst.Secret"
+    "HoneycombWebhookSecret": {
+      "type": "random.index/randomPassword.RandomPassword"
      "value": string
    }
    "R2AccessKey": {