fix: sync changelog automation + harden Zapier integration

[bd73-com]

Summary

The What's New page stopped updating after v1.16.1 because sync-changelog.yml triggered on release: published, but releases are published by github-actions[bot] using GITHUB_TOKEN — GitHub intentionally suppresses cross-workflow triggers from GITHUB_TOKEN to prevent infinite loops. This PR moves the changelog sync inline into release.yml and regenerates changelog.ts to catch up through v1.23.0.

Additionally, this PR hardens the Zapier REST Hook integration (shipped in #336) with fixes found during security, architecture, skeptic, and documentation review phases.

Changes

Changelog automation fix

• .github/workflows/release.yml — Added sync-changelog job that runs after publish-release (same workflow = no cross-workflow trigger needed)
• .github/workflows/sync-changelog.yml — Removed dead release: published trigger, kept workflow_dispatch for manual runs
• client/src/data/changelog.ts — Regenerated with all 165 releases (v1.16.2–v1.23.0 were missing)

Zapier integration hardening

• server/storage.ts — Handle unique constraint race in createAutomationSubscription (catch 23505, retry SELECT); use .returning() instead of (result as any).rowCount; add recordAutomationDeliveryFailure with circuit breaker (auto-deactivate after 5 consecutive failures)
• server/services/notification.ts — Move automation delivery before conditions/hasActiveChannels so Zapier fires on all real changes regardless of conditions; skip first-change baseline captures; restore hasActiveChannels early return to avoid unnecessary DB queries
• server/services/automationDelivery.ts — Auto-deactivate subscriptions on HTTP 410 Gone (Zapier REST Hook contract); record delivery failures via circuit breaker
• server/routes/zapier.ts — Extract direct DB query to storage.getRecentChangesForMonitors(); remove unused imports
• shared/schema.ts — Add consecutiveFailures column to automationSubscriptions
• server/services/ensureTables.ts — Include consecutive_failures in table DDL

Documentation

• client/src/pages/Support.tsx — Fix FAQ: Zapier fires independently of alert conditions (not gated by them)

Tests

• server/routes/zapier.test.ts — 18 new tests for Zapier route logic (SSRF, limits, ownership, schemas)
• server/services/automationDelivery.test.ts — Added tests for 410 Gone auto-deactivation and circuit breaker failure recording

How to test

1. Changelog: Visit /changelog — should show releases up to v1.23.0 (was stuck at v1.16.0)
2. Workflow: Merge a PR to main → release.yml should draft release, upload extension, publish, then sync changelog — all in one workflow run
3. Zapier subscribe race: Send two simultaneous POST /api/v1/zapier/subscribe with same hookUrl — both should return 201 (idempotent), not 500
4. 410 Gone: Mock a Zapier hook returning 410 → subscription should auto-deactivate
5. Circuit breaker: Deliver to a consistently-failing hook 5+ times → subscription auto-deactivates
6. First change: Create a new monitor with a Zapier subscription → first baseline capture should NOT fire to Zapier
7. Conditions independence: Set conditions on a monitor with Zapier subscription → Zapier should fire even when conditions block traditional channels
8. Run npm run check && npm run test — 87 test files, 2130 tests pass

https://claude.ai/code/session_01HEBCxVf4bPGHmLdVyRcn1Q

Summary by CodeRabbit

• Documentation

  • Updated changelog with new entries covering versions 1.23.0 through 1.16.2, including detailed release notes and change comparison links for historical reference.

• Chores

  • Enhanced release automation to synchronize changelog updates automatically following each release publication.
  • Expanded test coverage for Zapier integration, including webhook subscription management and monitor change tracking functionality.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: ccb9071d-16f3-45df-897f-85ad38db267c

📥 Commits

Reviewing files that changed from the base of the PR and between 49c70d7 and 9b88766.

📒 Files selected for processing (6)

• .github/workflows/release.yml
• .github/workflows/sync-changelog.yml
• client/src/data/changelog.ts
• server/routes/zapier.test.ts
• server/routes/zapier.ts
• server/storage.ts

---

📝 Walkthrough

Walkthrough

This PR consolidates changelog synchronization into the release workflow by adding a new sync-changelog job, converts the standalone sync workflow to manual-only dispatch, prepends recent release entries (1.23.0–1.16.2) to the exported changelog data, refactors the Zapier /changes route to use a new storage layer abstraction for monitor change queries, and adds comprehensive test coverage for Zapier route behaviors and validation schemas.

Changes

Cohort / File(s)	Summary
Workflow Automation .github/workflows/release.yml, .github/workflows/sync-changelog.yml	Added sync-changelog job to release workflow that runs the sync script post-publish; converted sync-changelog.yml from automatic release triggers to manual workflow_dispatch only, preventing redundant automatic execution.
Changelog Data client/src/data/changelog.ts	Extended exported changelog array by prepending 500 lines of ChangelogEntry objects for versions 1.23.0 through 1.16.2 with formatted release notes and compare links.
Zapier Route Refactoring server/routes/zapier.ts, server/storage.ts	Migrated direct Drizzle database queries for monitor changes from route handler into new getRecentChangesForMonitors() storage method; updated deactivateAutomationSubscription() to use .returning() and check row count; removed unused imports.
Zapier Route Test Suite server/routes/zapier.test.ts	Added 191-line comprehensive Vitest test file covering SSRF validation, subscription limits, monitor ownership, monitor listing/sorting, automation subscription CRUD, and Zod schema validation for hooks and monitor IDs.

Sequence Diagram(s)

No sequence diagrams generated — changes are primarily refactoring, workflow configuration, and data updates rather than new multi-component interaction flows.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• fix: sync changelog with real GitHub releases #103: Modifies changelog sync pipeline and regenerates client changelog data entries in coordination with sync automation.
• fix: resolve 4 open bugs (#138, #145, #146, #147) #149: Implements the same abstraction pattern of migrating direct database queries into the storage layer for monitor-related data access.
• Add public changelog page with automated sync #96: Modifies changelog sync automation workflow and generated changelog data as part of sync pipeline consolidation.

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/fix-whats-new-automation-30UG7

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}