Module subscriptions 

v0.6.0.0 — webhook subscriptions.

Subscribers register a URL + shared secret + event/namespace/agent filters. When a matching event fires (e.g. memory_store), a fire-and-forget thread POSTs an HMAC-SHA256-signed JSON payload.

SSRF hardening:

• http:// only to 127.0.0.0/8 or localhost hosts; everywhere else requires https://
• RFC1918 / RFC4193 / link-local hosts are rejected unless allow_private_networks = true in the daemon config

Signature:

• Header X-Ai-Memory-Signature: sha256=<hex> over the raw JSON body
• The secret stored in the DB is a SHA-256 of the plaintext shared secret; the plaintext is returned once at subscription time and never leaves the DB after.

Structs

NewSubscription

Parameters for creating a subscription.

Subscription

Public-facing subscription record (no secret plaintext).

Functions

delete

Delete a subscription by id. Returns true if a row was removed.

dispatch_event

Fire an event to all matching subscribers. Each dispatch runs in its own OS thread and does NOT block the caller. Errors are logged and counted in the DB via failure_count.

insert

Insert a subscription, hashing any secret before persisting.

list

List all active subscriptions.

validate_url

SSRF guard. Rejects URLs that would cause the daemon to connect to private-range addresses, link-local, loopback (except explicitly), or non-HTTPS remote hosts.

validate_url_dns

SSRF guard with DNS resolution (#301 item 2). Resolves the host via the stdlib resolver and rejects if ANY returned SocketAddr’s IP is private / loopback / link-local. Guards against DNS-rebind attacks where an attacker-controlled hostname resolves to an internal IP at connect time.