feat: configurable webhook timeout

[GHkrishna]

What

• Make webhook timeout configurable

Summary by CodeRabbit

• New Features
  • Webhook timeouts are now configurable through an environment variable with a 5-second default fallback.
  • Added logging to display the webhook URL and timeout value during message transmission.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 94c161ec-ae16-4f5f-9cf5-4f18e42267ff

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

The pull request adds a new WEBHOOK_TIMEOUT_MS environment variable to the demo configuration and updates the sendWebhookEvent function to resolve its timeout default from this variable with a fallback mechanism, while introducing logging for webhook dispatch operations.

Changes

Cohort / File(s)	Summary
Configuration .env.demo	Adds new environment variable WEBHOOK_TIMEOUT_MS with default value of 10,000 ms.
Webhook Event Handling src/events/WebhookEvent.ts	Updates sendWebhookEvent function to read timeout from WEBHOOK_TIMEOUT_MS environment variable with fallback to DEFAULT_TIMEOUT constant (5,000 ms), and adds console logging of webhook URL and computed timeout before dispatch.

Estimated Code Review Effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A timeout so grand, now configurable with care,
Webhooks shall whisper before vanishing in air,
From environment variables, values now flow free,
Default fallbacks ensure reliability—hop with glee! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: configurable webhook timeout' clearly and concisely summarizes the main change—making webhook timeout configurable through environment variables.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/configurable-webhook-timeout

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[GHkrishna]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/events/WebhookEvent.ts`:
- Around line 5-12: The timeout resolution in sendWebhookEvent trusts
parseInt(process.env.WEBHOOK_TIMEOUT_MS) and can yield negative or NaN values;
validate the resolved timeoutMs inside sendWebhookEvent (or at point of
defaulting) to ensure it's a positive integer and if not, fall back to
DEFAULT_TIMEOUT. Specifically, after obtaining timeoutMs (from the parameter or
parsed env), check that it's a finite number >= 0 (or > 0 per desired semantics)
and replace invalid values with DEFAULT_TIMEOUT before using it for the
request/abort logic so negative env values cannot cause immediate aborts.
- Line 14: Replace the direct console.log call in WebhookEvent (the line using
console.log(`Sending webhook event to ${webhookUrl} with timeout of
${timeoutMs}ms`)) with the injected logger by calling logger.info with the same
message; update any imports or class constructor if needed to ensure the logger
instance used by the WebhookEvent.send/sendEvent (or whichever method contains
that console.log) is the injected logger so linting and structured logging are
used consistently.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 61667e3a-8691-4ce1-9ef1-a537b1bd0fcc

📥 Commits

Reviewing files that changed from the base of the PR and between c029523 and af3ab83.

📒 Files selected for processing (2)

• .env.demo
• src/events/WebhookEvent.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Validate resolved timeout before using it.

Line 11 currently trusts parsed env values too much; a negative WEBHOOK_TIMEOUT_MS will cause near-immediate aborts. Since several event modules call this function without an explicit timeout, this can break webhook delivery globally.

💡 Proposed fix

-const DEFAULT_TIMEOUT = 5000;
+const DEFAULT_TIMEOUT = 5000

 export const sendWebhookEvent = async (
   webhookUrl: string,
   body: Record<string, unknown>,
   logger: Logger,
-  timeoutMs: number = parseInt(process.env.WEBHOOK_TIMEOUT_MS || '', 10) || DEFAULT_TIMEOUT,
+  timeoutMs?: number,
 ): Promise<void> => {
-
-  console.log(`Sending webhook event to ${webhookUrl} with timeout of ${timeoutMs}ms`)
+  const envTimeout = parseInt(process.env.WEBHOOK_TIMEOUT_MS ?? '', 10)
+  const candidateTimeout = timeoutMs ?? envTimeout
+  const resolvedTimeout = candidateTimeout > 0 ? candidateTimeout : DEFAULT_TIMEOUT
   // Abort the webhook send events if the request hangs-in for >5 secs
   // This can avoid failure of services due to bad webhook listners
   const controller = new AbortController()
-  const timeout = setTimeout(() => controller.abort(), timeoutMs)
+  const timeout = setTimeout(() => controller.abort(), resolvedTimeout)

Also applies to: 18-18

🧰 Tools

🪛 ESLint

[error] 5-5: Delete ;

(prettier/prettier)

🪛 GitHub Check: SonarCloud Code Analysis

[warning] 11-11: Prefer Number.parseInt over parseInt.

See more on https://sonarcloud.io/project/issues?id=credebl_afj-controller&issues=AZ3PACJiNgPe1EPLZpl-&open=AZ3PACJiNgPe1EPLZpl-&pullRequest=365

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/events/WebhookEvent.ts` around lines 5 - 12, The timeout resolution in
sendWebhookEvent trusts parseInt(process.env.WEBHOOK_TIMEOUT_MS) and can yield
negative or NaN values; validate the resolved timeoutMs inside sendWebhookEvent
(or at point of defaulting) to ensure it's a positive integer and if not, fall
back to DEFAULT_TIMEOUT. Specifically, after obtaining timeoutMs (from the
parameter or parsed env), check that it's a finite number >= 0 (or > 0 per
desired semantics) and replace invalid values with DEFAULT_TIMEOUT before using
it for the request/abort logic so negative env values cannot cause immediate
aborts.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Verify which logger levels are used in the repo so replacement matches existing conventions.
rg -n --type=ts -C2 '\blogger\.(trace|debug|info|warn|error)\('

# Inspect local logger-related typings/usages to confirm available methods.
rg -n --type=ts -C2 'type Logger|interface Logger|from .+Logger'

Repository: credebl/agent-controller

Length of output: 12863

---

🏁 Script executed:

cat -n src/events/WebhookEvent.ts

Repository: credebl/agent-controller

Length of output: 1597

---

Replace console.log with logger.info.

Line 14 uses direct console logging which triggers no-console linting and can leak webhook URLs into unmanaged logs. Replace with the injected logger for structured, policy-controlled logging:

Replace with:

logger.info(`Sending webhook event to ${webhookUrl} with timeout of ${timeoutMs}ms`)

🧰 Tools

🪛 ESLint

[error] 14-14: Unexpected console statement.

(no-console)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/events/WebhookEvent.ts` at line 14, Replace the direct console.log call
in WebhookEvent (the line using console.log(`Sending webhook event to
${webhookUrl} with timeout of ${timeoutMs}ms`)) with the injected logger by
calling logger.info with the same message; update any imports or class
constructor if needed to ensure the logger instance used by the
WebhookEvent.send/sendEvent (or whichever method contains that console.log) is
the injected logger so linting and structured logging are used consistently.

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud