{"service":"webhooks.platphormnews.com","auth":{"protectedHeader":"X-PlatPhorm-API-Key","protectedBearer":"Authorization: Bearer $PLATPHORM_API_KEY"},"publicReadOnly":true,"publicSafeAccess":["homepage, docs, FAQ, OpenAPI, llms, RSS, sitemap, robots, and well-known policy files","Lab shell, local-only payload generation, public templates, JSON/schema validation, and transient signature utilities","redacted event, endpoint, delivery, contract, integration, health, and route-compliance summaries when storage is available","read-only MCP introspection and public-safe MCP tools"],"publicSafeRoutes":["/","/lab","/dashboard","/docs","/status","/capabilities","/faq","/api/health","/api/capabilities","/api/docs","/api/mcp","/llms.txt","/sitemap.xml","/robots.txt"],"protectedActions":["persistent endpoint registration, update, and deletion","persistent event creation that sends to registered endpoints","third-party delivery attempts, replay, cancel, retry, and async delivery job mutation","contract create, update, delete, persistent test runs, and protected handoffs to Spec, Evals, Sandbox, AgentUI, Monitor, Docs, Sheets, and Decks","raw delivery details, raw request headers, private payloads, private traces, private audits, registry mutation, and report publishing"],"domainAllowlist":["*.platphormnews.com"],"trustLine":"Web dashboard, public-safe discovery, browser-based operations, trusted-domain discovery, standard route compliance, Vercel metadata capture, trace inspection, and agentic workflow discovery are intentionally supported for public read-only debugging and operator workflows. Mutating, administrative, ingestion, replay, fork, remediation, deployment, sync, test-triggering, reporting, and write actions require PLATPHORM_API_KEY.","signatureSecretPolicy":"Signature generation and verification accept transient secrets but never persist or return raw secrets.","ssrfPolicy":"Endpoint registration and delivery must reject localhost, private, link-local, metadata, local DNS, unsafe schemes, and unsafe redirects.","vercelMetadataPolicy":"Store only safe Vercel metadata, redact IP/auth/token details.","tracePropagationPolicy":"traceparent and tracestate are propagated for webhook events and deliveries.","securityContact":"security@platphormnews.com"}