Enable LLMs to handle webhooks with plaintext files
add allowUnverified handler option and security callout
+8
+8
README.md
+8
README.md
···
48
48
vendor-specific requirements. Only one verification method can be specified per
49
49
lure.
50
50
51
+
> **Note:** A lure without a `verify` block will accept requests from any
52
+
> sender. Unverified lures should only be used on trusted internal networks;
53
+
> any publicly-exposed lure endpoint should specify a verification method. Set
54
+
> `allowUnverified: false` at handler creation time to reject unverified lures
55
+
> at startup.
56
+
51
57
### Template scope
52
58
53
59
Templates are evaluated using [Liquid](https://liquidjs.com). The following
···
81
87
`config` frontmatter value.
82
88
- `maxAttempts`: How many times to attempt the `callback` before giving up.
83
89
Defaults to `1` (no retries). If all attempts fail, the webhook is dropped.
90
+
- `allowUnverified`: If `false`, lures without a `verify` block will be
91
+
rejected at startup. Defaults to `true`.
84
92
- `watch`: If `true`, Lure watches `luresDir` for changes and reloads lures as
85
93
they are added, modified, or removed. Defaults to `false`.
86
94