Webhook Trigger Rules

FATAL Constraints

• MUST NOT run without supabase-mcp-verification passing first. HALT otherwise.
• NEVER create a bare AFTER UPDATE trigger without an OF <column_list> clause. Unscoped UPDATE triggers fire on every column change and cause unnecessary HTTP callouts. HALT if column list is missing.
• NEVER use row_to_json(*) or manual JSON construction. MUST use row_to_json(NEW) or row_to_json(OLD) exclusively for payload serialization.
• NEVER hardcode secrets (API keys, tokens) directly in trigger function bodies. MUST reference secrets via current_setting('app.settings.<key>') or Supabase Vault.
• MUST NOT create triggers on system tables or pg_catalog schemas.
• NEVER use BEFORE triggers for webhook callouts. Webhooks MUST fire as AFTER triggers to ensure the transaction has committed.

Mandatory Behaviors

• MUST use the pg_net extension (net.http_post()) for all HTTP callouts. NEVER use pg_cron, dblink, or external scripts for webhook delivery.
• MUST use MCP execute_sql for all DDL operations. NEVER use direct psql or ORM migrations.
• MUST set Content-Type: application/json header on every HTTP callout.
• MUST validate trigger existence via information_schema.triggers after creation.
• MUST validate function existence via pg_proc after creation.
• MUST name triggers with the pattern trg_<table>_<event>_webhook (e.g., trg_orders_insert_webhook).
• MUST name trigger functions with the pattern fn_<table>_<event>_webhook (e.g., fn_orders_insert_webhook).
• MUST use CREATE OR REPLACE FUNCTION to allow idempotent re-runs.