Skip to content

Releases: DizzyZ7/SignalBox

SignalBox v1.1.0 — Open-source launch readiness, Admin UI, audit, incident tools and HTTP provider foundation

Choose a tag to compare

@DizzyZ7 DizzyZ7 released this 12 Jun 21:50

SignalBox v1.1.0

This release moves SignalBox from a compact webhook gateway toward a public open-source product: better operations UI, auditability, incident diagnostics, self-hosting documentation, examples, provider architecture groundwork and launch-ready repository structure.

Highlights

  • Embedded Admin UI for source, event and delivery operations.
  • Admin audit log for source, event, delivery and template actions.
  • Source health badges and source incident snapshot.
  • Copyable source diagnostics for debugging failed or noisy integrations.
  • HTTP forwarding hardening with HMAC signatures and SSRF protection.
  • Delivery filters by status, channel, source and event.
  • HTTP delivery provider architecture foundation.
  • Admin-only source test events.
  • Better metrics, runbook and operational documentation.
  • Open-source launch documentation, issue templates, PR template and examples.

Added

Admin UI and operations

  • Added embedded /admin UI.
  • Added source editor, source test event payloads and template preview flow.
  • Added delivery filters by source and event.
  • Added admin audit log panel.
  • Added source investigation shortcuts.
  • Added source health badges.
  • Added source incident snapshot panel.
  • Added copyable diagnostics for source incidents.

Admin audit

  • Added admin_audit_events storage.
  • Added admin audit domain model.
  • Added admin audit API endpoint.
  • Added audit filters and UI rendering.
  • Added documentation for admin audit behavior.

Delivery and forwarding

  • Added durable HTTP forwarding docs.
  • Added HTTP forwarding SSRF guard.
  • Added resolved-host validation for outgoing forwarding.
  • Added HMAC signing documentation.
  • Added Provider contract for future delivery providers.
  • Added HTTPForwardProvider skeleton and delivery implementation.
  • Added HTTP provider tests.
  • Connected HTTP enqueue payload creation to HTTPForwardProvider.BuildJobPayload.

Documentation and launch readiness

  • Added getting started guide.
  • Added self-hosting guide.
  • Added environment variable reference.
  • Added recipes.
  • Added comparison guide.
  • Added public roadmap.
  • Added documentation index and navigation paths.
  • Added public launch checklist.
  • Added demo script.
  • Added screenshots plan.
  • Added contributing guide.
  • Added issue templates.
  • Added pull request template.
  • Added funding configuration.
  • Added synthetic example payloads.

Examples

Added safe synthetic payloads for:

  • landing lead events;
  • repository push events;
  • checkout/payment-style events;
  • monitoring alerts.

Changed

  • Improved README positioning around SignalBox as a lightweight self-hosted webhook gateway.
  • Improved production environment example.
  • Improved local environment example.
  • Improved delivery queue documentation.
  • Improved HTTP forwarding documentation.
  • Improved admin UI documentation.
  • Improved architecture documentation.
  • Improved API documentation.

Security

  • Source tokens remain hashed and are shown only on create/rotate.
  • Admin API remains protected by X-API-Key.
  • HMAC keys remain write-only from API/UI perspective.
  • HTTP forwarding blocks localhost/private/internal destinations by default.
  • Webhook token redaction and security headers remain enabled.
  • Release docs explicitly warn against leaking tokens, keys and private payload data.

Operational notes

Recommended upgrade path:

  1. Pull the new release tag.
  2. Review .env.production.example.
  3. Use SIGNALBOX_VERSION=v1.1.0.
  4. Restart the production Compose stack.
  5. Check /healthz, /readyz, /metrics.
  6. Open /admin and verify events, deliveries and source diagnostics.

Known notes

  • The HTTP provider architecture is being introduced gradually.
  • HTTP enqueue now uses provider payload building.
  • The existing delivery worker path remains stable while provider dispatch extraction continues.
  • Admin UI JavaScript syntax CI and JSON example validation are planned next quality gates.

Upgrade

For production Compose deployments:

cp .env.production.example .env.production
# set SIGNALBOX_VERSION=v1.1.0
docker compose --env-file .env.production -f docker-compose.prod.yml pull
docker compose --env-file .env.production -f docker-compose.prod.yml up -d

SignalBox v1.0.0 — production-ready webhook ingestion service

Choose a tag to compare

@DizzyZ7 DizzyZ7 released this 11 Jun 15:33
10bfa17

SignalBox v1.0.0 — production-ready webhook ingestion service

First stable production-ready release of SignalBox.

SignalBox is a Go-based webhook/event ingestion service with PostgreSQL storage, deduplication, source token management, Telegram delivery queue, retries, admin API and Docker deployment.

Highlights

  • Webhook ingestion with per-source tokens
  • Source tokens stored as SHA-256 hashes
  • PostgreSQL event storage
  • Duplicate detection without losing audit records
  • Admin API protected by X-API-Key
  • Public webhook rate limiting
  • Admin API rate limiting
  • Cursor-based event pagination
  • Telegram delivery queue with retry/backoff
  • Manual delivery retry
  • Manual event replay
  • Security headers middleware
  • Webhook token redaction in access logs
  • Docker and Docker Compose support
  • Production docker-compose.prod.yml
  • GHCR image publishing
  • Production runbook
  • Backup and restore helper scripts
  • ShellCheck validation for recovery scripts
  • Dependabot updates
  • CodeQL security scanning
  • Trivy filesystem and Docker image scanning

Production deployment

Recommended deployment uses the prebuilt GHCR image and docker-compose.prod.yml.

docker pull ghcr.io/dizzyz7/signalbox:v1.0.0

For VPS deployment, use the production runbook:

docs/RUNBOOK.md

Upgrade notes from v0.9.1

This release adds production hardening and operational safety improvements.

Recommended before upgrading:

  • create a PostgreSQL backup;
  • verify .env.production;
  • use a strong ADMIN_API_KEY;
  • run behind HTTPS reverse proxy;
  • keep webhook rate limits enabled;
  • check GitHub Actions status after deployment.

Image

ghcr.io/dizzyz7/signalbox:v1.0.0
ghcr.io/dizzyz7/signalbox:latest

SignalBox v0.9.1 — Stable GHCR Docker Image Publishing

Choose a tag to compare

@DizzyZ7 DizzyZ7 released this 10 Jun 09:41

Fix

SignalBox v0.9.0 — GHCR Docker Image Publishing

Choose a tag to compare

@DizzyZ7 DizzyZ7 released this 10 Jun 09:32

SignalBox v0.9.0

Added

  • GHCR Docker image publishing workflow
  • Versioned Docker image tags for releases
  • latest Docker image tag for the newest release
  • Deployment documentation for GHCR images

Improved

  • Dockerfile updated to Go 1.25
  • Docker build now runs go mod tidy
  • README release instructions
  • Deployment guide for prebuilt Docker images

Docker images

  • ghcr.io/dizzyz7/signalbox:v0.9.0
  • ghcr.io/dizzyz7/signalbox:latest