Skip to content

feat(trigger): add ServiceNow webhook triggers#4077

Merged
waleedlatif1 merged 4 commits intostagingfrom
waleedlatif1/servicenow-triggers
Apr 9, 2026
Merged

feat(trigger): add ServiceNow webhook triggers#4077
waleedlatif1 merged 4 commits intostagingfrom
waleedlatif1/servicenow-triggers

Conversation

@waleedlatif1
Copy link
Copy Markdown
Collaborator

@waleedlatif1 waleedlatif1 commented Apr 9, 2026

Summary

  • Add 5 ServiceNow webhook triggers: incident created/updated, change request created/updated, and generic webhook
  • Uses buildTriggerSubBlocks helper with setup instructions for Business Rules + RESTMessageV2
  • Register triggers in trigger registry and wire to existing ServiceNow block
  • No provider handler needed — default handler suffices (manual webhook setup via Business Rules)

Type of Change

  • New feature

Testing

Tested manually

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@vercel
Copy link
Copy Markdown

vercel bot commented Apr 9, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
docs Skipped Skipped Apr 9, 2026 8:47pm

Request Review

@cursor
Copy link
Copy Markdown

cursor bot commented Apr 9, 2026
edited
Loading

PR Summary

Medium Risk
Adds new inbound webhook entry points and event-matching logic for ServiceNow, which could affect workflow execution and webhook authorization if misconfigured. Changes are mostly additive but touch the webhook provider registry and trigger wiring.

Overview
Adds five ServiceNow webhook triggers (incident created/updated, change request created/updated, and a generic “all events” webhook), including shared setup instructions, configurable webhookSecret, optional tableName filtering, and standardized trigger outputs.

Wires these triggers into the UI and execution path by updating the ServiceNow integration metadata (integrations.json), enabling triggers in servicenow.ts via getTrigger(...).subBlocks, registering them in triggers/registry.ts, and adding a new servicenow webhook provider handler that validates secrets and filters events via isServiceNowEventMatch.

Reviewed by Cursor Bugbot for commit 952cc69. Configure here.

@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps bot commented Apr 9, 2026
edited
Loading

Greptile Summary

This PR adds 5 ServiceNow webhook triggers (incident_created, incident_updated, change_request_created, change_request_updated, and a generic webhook), a dedicated provider handler with bearer-token auth (verifyAuth) and table/event-type matching (matchEvent), wires the triggers into the existing ServiceNow block, and registers everything in the trigger and provider registries. Previous review concerns around missing authentication and non-TSDoc comments have been fully addressed.

Confidence Score: 5/5

Safe to merge — all prior security concerns are resolved and remaining findings are P2 style improvements.

The PR is well-structured, follows established patterns (Salesforce/GitHub triggers), and has addressed the two prior review issues (webhook secret auth + non-TSDoc comment). The two remaining findings are P2: a missing tableName/eventType in the setup instructions example and an unnecessary dynamic import. Neither blocks merge.

apps/sim/triggers/servicenow/utils.ts (setup instructions example payload), apps/sim/lib/webhooks/providers/servicenow.ts (dynamic import)

Vulnerabilities
  • Auth is enforced in verifyAuth: rejects unconditionally when webhookSecret is not configured (no unauthenticated pass-through), and validates via timing-safe comparison against both Bearer token and X-Sim-Webhook-Secret header.
  • The servicenowHandler is registered in the provider registry, preventing fallback to the unauthenticated default handler.
  • No secrets are hardcoded; the webhook secret is user-supplied and stored via the standard password: true subblock.

Important Files Changed

Filename Overview
apps/sim/triggers/servicenow/utils.ts Core utility: setup instructions, output builders, and event-matching logic. Event matching logic is correct and handles all 5 trigger IDs; example payload is missing tableName/eventType fields that the matching logic relies on.
apps/sim/lib/webhooks/providers/servicenow.ts New provider handler with correct auth (Bearer + X-Sim-Webhook-Secret) and event matching via delegated isServiceNowEventMatch. Uses an unnecessary dynamic import for a synchronous utility.
apps/sim/blocks/blocks/servicenow.ts Trigger subBlocks correctly spread from all 5 trigger configs via getTrigger(); trigger IDs and tool access arrays are consistent.
apps/sim/triggers/servicenow/incident_created.ts Primary trigger with includeDropdown: true; structure and ID match registry and block config correctly.
apps/sim/triggers/registry.ts All 5 ServiceNow triggers registered correctly; imports are alphabetically placed in the right section.
apps/sim/lib/webhooks/providers/registry.ts servicenowHandler correctly registered under the 'servicenow' key; no longer falls through to the unauthenticated default handler.

Reviews (2): Last reviewed commit: "lint" | Re-trigger Greptile

greptile-apps[bot]
greptile-apps bot reviewed Apr 9, 2026
View reviewed changes
@waleedlatif1 @claude
fix(trigger): add webhook secret field and remove non-TSDoc comment
bb3aee3 
Add webhookSecret field to ServiceNow triggers (matching Salesforce pattern)
so users are prompted to protect the webhook endpoint. Update setup
instructions to include Authorization header in the Business Rule example.
Remove non-TSDoc inline comment in the block config.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
cursor[bot]
cursor bot reviewed Apr 9, 2026
View reviewed changes
@waleedlatif1 @claude
feat(trigger): add ServiceNow provider handler with event matching
77712e6 
Add dedicated ServiceNow webhook provider handler with:
- verifyAuth: validates webhookSecret via Bearer token or X-Sim-Webhook-Secret
- matchEvent: filters events by trigger type and table name using
  isServiceNowEventMatch utility (matching Salesforce/GitHub pattern)

The event matcher handles incident created/updated and change request
created/updated triggers with table name enforcement and event type
normalization. The generic webhook trigger passes through all events
but still respects the optional table name filter.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@waleedlatif1
Copy link
Copy Markdown
Collaborator Author

waleedlatif1 commented Apr 9, 2026

@greptile

@waleedlatif1
Copy link
Copy Markdown
Collaborator Author

waleedlatif1 commented Apr 9, 2026

@cursor review

cursor[bot]
cursor bot reviewed Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 952cc69. Configure here.

@waleedlatif1 waleedlatif1 merged commit fc3e762 into staging Apr 9, 2026
12 checks passed
@waleedlatif1 waleedlatif1 deleted the waleedlatif1/servicenow-triggers branch April 9, 2026 20:59
@waleedlatif1 waleedlatif1 mentioned this pull request Apr 9, 2026
Merged
waleedlatif1 added a commit that referenced this pull request Apr 10, 2026
@waleedlatif1 @claude
feat(trigger): add ServiceNow webhook triggers (#4077)
9f032d9 
* feat(trigger): add ServiceNow webhook triggers

* fix(trigger): add webhook secret field and remove non-TSDoc comment

Add webhookSecret field to ServiceNow triggers (matching Salesforce pattern)
so users are prompted to protect the webhook endpoint. Update setup
instructions to include Authorization header in the Business Rule example.
Remove non-TSDoc inline comment in the block config.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat(trigger): add ServiceNow provider handler with event matching

Add dedicated ServiceNow webhook provider handler with:
- verifyAuth: validates webhookSecret via Bearer token or X-Sim-Webhook-Secret
- matchEvent: filters events by trigger type and table name using
  isServiceNowEventMatch utility (matching Salesforce/GitHub pattern)

The event matcher handles incident created/updated and change request
created/updated triggers with table name enforcement and event type
normalization. The generic webhook trigger passes through all events
but still respects the optional table name filter.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* lint

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@waleedlatif1