Revert #230 (constant-time signature swap) to restore live webhook delivery#232
Merged
Merged
Conversation
#230 (constant-time signature swap) broke production webhook ingestion: GitHub App deliveries have failed (429) since 2026-06-21 05:27Z, ~4 min after deploy. Revert verifyGitHubSignature to the prior working implementation to stop the bleeding; constant-time re-fix is tracked forward in #231. #230 のデプロイ直後から実機 webhook が全弾 429 で停止していた。止血のため署名 検証を #230 以前へ戻す。timing side-channel の再修正は #231 で fix-forward する。 Refs #231
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ✅ Deployment successful! View logs |
github-webhook-mcp | 8959e33 | Jun 22 2026, 07:31 AM |
liplus-lin-lay
commented
Jun 22, 2026
liplus-lin-lay
left a comment
Member
Author
There was a problem hiding this comment.
self-review(AI): 既知の動作版(#230 以前)への純 revert。CI 全緑(test / Workers Builds / CI)。スコープ = worker/src/signature.ts +対応テストの巻き戻しのみ、機能契約は #230 以前へ復帰。release type = patch(hotfix/revert、内部実装の復旧、ユーザー/システム観測影響は webhook 復旧方向のみ)。トレードオフ(#229 timing side-channel の一時後退)は本文と #231 に明示済、fix-forward は #231 で追跡。マージ後に Workers Builds デプロイ完了→実機 webhook 配送の緑化を確認する(緑 CI だけで完了としない)。
This was referenced Jun 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
概要
#230(2085f03, constant-time signature verification)のデプロイ直後から、GitHub Appliplus-webhook-mcpの webhook 配送が全件 429 で失敗し、intake が停止していた(詳細 RCA = #231)。本 PR はverifyGitHubSignatureを #230 以前の動作版へ revert して止血する。影響スコープ
patch(hotfix / revert)。
worker/src/signature.tsを #230 以前へ戻す+対応テストも巻き戻し。実機 webhook 配送の復旧が目的。トレードオフ(明示)
revert により #229 が塞いだ timing side-channel が一時的に後退する(#230 以前=数ヶ月続いた状態、深刻度低)。定数時間検証の正しい再実装は #231 で fix-forward する。本 PR は #231 を閉じない(fix-forward 追跡のため)。
確認
get_pending_statusに実イベント着弾、を確認する。Refs #231