chore(integrations): drop Sentry->Paperclip webhook proxy (#212)

Paperclip v2026.416.0 ships signingMode='none', so Sentry can fire the QA
routine trigger directly. Removed the FastAPI proxy that existed only because
older Paperclip required Bearer auth on triggers.

- Delete src/integrations/paperclip.py (proxy router + notify_qa_sync helper)
- Remove paperclip_router mount from src/main.py
- Drop config keys WEBHOOK_PROXY_SECRET, SENTRY_CLIENT_SECRET,
  PAPERCLIP_QA_TRIGGER_URL, PAPERCLIP_QA_TRIGGER_SECRET
- Simplify notify_telegram_on_failure: Prefect failures now surface via the
  QA Log Scan 3h cron instead of an instant push (accepted: less code, slower
  detection)
- Mark phase 3b done in docs/paperclip-native-migration.md

Verified end-to-end on prod: Sentry Internal Integration webhook URL
flipped to https://org.ffmemes.com/api/routine-triggers/public/<id>/fire,
new RuntimeError event reached Paperclip directly and created
routine_execution issue FFM-820 with raw Sentry payload.

Author: ohld

docs/paperclip-native-migration.md

@@ -89,10 +89,7 @@ Concurrency group `paperclip-deploy-agents` prevents overlapping runs; `cancel-i
 **3a. Adapter config sync from `.paperclip.yaml`** (next iteration of `agents/deploy.sh`).
 Read agent block from manifest, PATCH `/api/agents/<id>` with `adapterConfig`, `runtimeConfig`, `permissions`, `desiredSkills` (parsed from AGENTS.md frontmatter). Currently we only sync the prompt text.
 
-**3b. Retire the webhook proxy.** Paperclip v416 ships `none` and `github_hmac` signing modes (per `infra_paperclip_webhook_fix_shipped.md`). Switch QA trigger signing to `none`, point Sentry/Coolify/Prefect directly at the trigger URL, delete:
-- `src/integrations/paperclip.py` `/webhooks/qa-alert` route + HMAC helpers (~150 LOC)
-- `src/flows/hooks.py::notify_qa_sync` (~30 LOC) → replace with Prefect's native "Send a webhook" automation
-- env vars `WEBHOOK_PROXY_SECRET`, `SENTRY_CLIENT_SECRET`
+**3b. Retire the webhook proxy.** ✅ Done 2026-04-29. QA trigger `30901464-...` flipped to `signingMode: none`, Sentry Internal Integration `paperclip-qa-alert-b86aa3` now POSTs directly to `https://org.ffmemes.com/api/routine-triggers/public/18a2f9e439c396e9b21a02fa/fire`. Deleted: `src/integrations/paperclip.py`, `notify_qa_sync` callsite in `src/flows/hooks.py`, env vars `WEBHOOK_PROXY_SECRET` / `SENTRY_CLIENT_SECRET` / `PAPERCLIP_QA_TRIGGER_URL` / `PAPERCLIP_QA_TRIGGER_SECRET`. Coolify webhook path was unused (no hits in 24h prior to removal). Prefect failures now surface via the QA Log Scan 3h cron instead of an instant push — accepted tradeoff for less code. Trigger publicId leakage = at most noisy QA scans (no user input or commands accepted).
 
 **3c. CLI-native agent skills.** In each AGENTS.md, replace raw `curl https://org.ffmemes.com/api/...` with `paperclipai issue list --json`, `paperclipai approval create`, `paperclipai dashboard get`, `paperclipai heartbeat run --agent-id`. Reduces per-wake context.
 

src/config.py

@@ -52,11 +52,6 @@ class Config(BaseSettings):
     PREFECT_API_URL: str | None = None
     PREFECT_AUTH_STRING: str | None = None
 
-    PAPERCLIP_QA_TRIGGER_URL: str | None = None
-    PAPERCLIP_QA_TRIGGER_SECRET: str | None = None
-    WEBHOOK_PROXY_SECRET: str | None = None
-    SENTRY_CLIENT_SECRET: str | None = None
-
     TELEGRAM_API_ID: int | None = None
     TELEGRAM_API_HASH: str | None = None
     TELEGRAM_SESSION_STRING: str | None = None

src/flows/hooks.py

@@ -28,18 +28,9 @@ def _extract_error_msg(state) -> str:
 
 
 def notify_telegram_on_failure(flow, flow_run, state):
-    """Send failure alerts to Telegram and Paperclip QA when a flow fails."""
+    """Send failure alert to Telegram admin chat when a flow fails."""
     error_msg = _extract_error_msg(state)
 
-    # Notify Paperclip QA (independent of Telegram config)
-    try:
-        from src.integrations.paperclip import notify_qa_sync
-
-        notify_qa_sync(flow.name, flow_run.name, error_msg)
-    except Exception as e:
-        logger.error("Failed to notify Paperclip QA: %s", e)
-
-    # Notify Telegram admin chat
     bot_token = settings.TELEGRAM_BOT_TOKEN
     chat_id = settings.ADMIN_LOGS_CHAT_ID
 

src/integrations/__init__.py

@@ -146,7 +146,3 @@ async def prefect_deployments():
 
 
 app.include_router(tgbot_router, prefix="/tgbot", tags=["Telegram Bot"])
-
-from src.integrations.paperclip import router as paperclip_router  # noqa: E402
-
-app.include_router(paperclip_router, tags=["Integrations"])