feat(triggers): add Twilio SMS, Clerk, incident.io, Rootly, RevenueCat, Loops, and Sentry webhook triggers (#5230)

* feat(triggers): add Twilio SMS, Clerk, incident.io, Rootly, RevenueCat, Loops, Sentry webhook triggers

Adds inbound webhook triggers for seven existing integrations, each verified
against the provider's official webhook docs (event types, payload fields,
signature scheme) and aligned with Sim's trigger conventions.

- Twilio SMS: inbound message + status callback (X-Twilio-Signature, HMAC-SHA1)
- Clerk: user/session/organization lifecycle (Svix)
- incident.io: incident created/updated/status + alert created (Svix)
- Rootly: incident created/updated/resolved + alert created (HMAC-SHA256);
  auto-registers and tears down the webhook via the Rootly API
- RevenueCat: purchase/renewal/cancellation/expiration/product-change
  (Authorization header); auto-registers via the RevenueCat v2 API
- Loops: email lifecycle + campaign/loop/transactional sent (Svix-compatible)
- Sentry: issue/error/issue-alert/metric-alert (Sentry-Hook-Signature, fail-closed)

Clerk, incident.io, Loops, Twilio, and Sentry use manual signing-secret setup
where the provider exposes no clean webhook-management API; Rootly and RevenueCat
auto-provision so the user only supplies an API key.

* fix(triggers): address review — fail-closed auth, Twilio event filtering, user-only secrets

- Twilio: add matchEvent so inbound-SMS and status-callback triggers don't
  cross-fire on a shared webhook URL (inbound = SmsStatus 'received')
- Rootly + RevenueCat: verifyAuth now fails closed (401) when the signing
  secret is absent from provider config (both auto-register, so it is always
  present after deploy) instead of skipping verification
- Mark every user-provided credential field paramVisibility 'user-only'
  (Clerk, incident.io, RevenueCat, Sentry, Twilio) so secrets are never
  exposed as LLM-visible trigger params
- Sentry: correct metric_alert web_url description per docs

* fix(triggers): key Twilio status callbacks by SID + status for idempotency

Twilio sends multiple delivery callbacks per message (sent -> delivered -> ...)
sharing one MessageSid; keying idempotency on the SID alone dropped every status
after the first. Status callbacks now key on SID + delivery status so each state
is distinct (while still deduping Twilio's retries of the same status); inbound
messages still key by SID since they fire once.

* fix(triggers): require a positive signal in Twilio matchEvent routing

Previously an empty MessageStatus/SmsStatus was treated as a status callback,
so an ambiguous or partial payload could match twilio_sms_status (or skip
twilio_sms_received). Both triggers now require a positive signal — inbound
needs status 'received', status callbacks need a non-'received' status — so a
payload missing both fields matches neither rather than misrouting.

* fix(triggers): attach Twilio auth fields to both triggers so status callbacks are verified

The Account SID / Auth Token fields were only on the primary trigger, so
deploying twilio_sms_status alone never captured authToken into providerConfig
and signature verification was silently skipped. Following the incident.io /
Rootly / RevenueCat pattern, the auth fields are now added to each trigger
conditioned on its own selectedTriggerId; the shared inner subBlock IDs keep the
values persisted across trigger types.

* fix(triggers): mark shared block-level API keys user-only to protect trigger secrets

The trigger credential fields (RevenueCat/Rootly apiKey, Twilio authToken) are
user-only, but the same-id tool-level block fields were not, so the stored
secret stayed reachable as an LLM-visible block parameter. Mark those block
credential fields paramVisibility 'user-only' too (matching instantly.ts) so the
secret is user-only on every path. accountSid is an identifier, not a secret, so
it is left as-is.

Author: waleedlatif1

apps/sim/blocks/blocks/clerk.ts

@@ -2,6 +2,7 @@ import { ClerkIcon } from '@/components/icons'
 import type { BlockConfig, BlockMeta } from '@/blocks/types'
 import { IntegrationType } from '@/blocks/types'
 import type { ClerkResponse } from '@/tools/clerk/types'
+import { getTrigger } from '@/triggers'
 
 export const ClerkBlock: BlockConfig<ClerkResponse> = {
   type: 'clerk',
@@ -275,8 +276,28 @@ export const ClerkBlock: BlockConfig<ClerkResponse> = {
       },
       mode: 'advanced',
     },
+    ...getTrigger('clerk_user_created').subBlocks,
+    ...getTrigger('clerk_user_updated').subBlocks,
+    ...getTrigger('clerk_user_deleted').subBlocks,
+    ...getTrigger('clerk_session_created').subBlocks,
+    ...getTrigger('clerk_organization_created').subBlocks,
+    ...getTrigger('clerk_organization_membership_created').subBlocks,
+    ...getTrigger('clerk_webhook').subBlocks,
   ],
 
+  triggers: {
+    enabled: true,
+    available: [
+      'clerk_user_created',
+      'clerk_user_updated',
+      'clerk_user_deleted',
+      'clerk_session_created',
+      'clerk_organization_created',
+      'clerk_organization_membership_created',
+      'clerk_webhook',
+    ],
+  },
+
   tools: {
     access: [
       'clerk_list_users',

apps/sim/blocks/blocks/incidentio.ts

@@ -2,6 +2,7 @@ import { IncidentioIcon } from '@/components/icons'
 import type { BlockConfig, BlockMeta } from '@/blocks/types'
 import { AuthMode, IntegrationType } from '@/blocks/types'
 import type { IncidentioResponse } from '@/tools/incidentio/types'
+import { getTrigger } from '@/triggers'
 
 export const IncidentioBlock: BlockConfig<IncidentioResponse> = {
   type: 'incidentio',
@@ -15,6 +16,15 @@ export const IncidentioBlock: BlockConfig<IncidentioResponse> = {
   integrationType: IntegrationType.Observability,
   bgColor: '#FFFFFF',
   icon: IncidentioIcon,
+  triggers: {
+    enabled: true,
+    available: [
+      'incidentio_incident_created',
+      'incidentio_incident_updated',
+      'incidentio_incident_status_updated',
+      'incidentio_alert_created',
+    ],
+  },
   subBlocks: [
     {
       id: 'operation',
@@ -929,6 +939,11 @@ Return ONLY the JSON array - no explanations or markdown formatting.`,
       password: true,
       required: true,
     },
+    // Trigger subBlocks (webhook configuration)
+    ...getTrigger('incidentio_incident_created').subBlocks,
+    ...getTrigger('incidentio_incident_updated').subBlocks,
+    ...getTrigger('incidentio_incident_status_updated').subBlocks,
+    ...getTrigger('incidentio_alert_created').subBlocks,
   ],
   tools: {
     access: [

apps/sim/blocks/blocks/loops.ts

@@ -2,6 +2,7 @@ import { LoopsIcon } from '@/components/icons'
 import type { BlockConfig, BlockMeta } from '@/blocks/types'
 import { AuthMode, IntegrationType } from '@/blocks/types'
 import type { LoopsResponse } from '@/tools/loops/types'
+import { getTrigger } from '@/triggers'
 
 export const LoopsBlock: BlockConfig<LoopsResponse> = {
   type: 'loops',
@@ -391,7 +392,28 @@ Return ONLY the JSON object - no explanations, no extra text.`,
       password: true,
       required: true,
     },
+    ...getTrigger('loops_email_delivered').subBlocks,
+    ...getTrigger('loops_email_opened').subBlocks,
+    ...getTrigger('loops_email_clicked').subBlocks,
+    ...getTrigger('loops_email_hard_bounced').subBlocks,
+    ...getTrigger('loops_email_soft_bounced').subBlocks,
+    ...getTrigger('loops_campaign_email_sent').subBlocks,
+    ...getTrigger('loops_loop_email_sent').subBlocks,
+    ...getTrigger('loops_transactional_email_sent').subBlocks,
   ],
+  triggers: {
+    enabled: true,
+    available: [
+      'loops_email_delivered',
+      'loops_email_opened',
+      'loops_email_clicked',
+      'loops_email_hard_bounced',
+      'loops_email_soft_bounced',
+      'loops_campaign_email_sent',
+      'loops_loop_email_sent',
+      'loops_transactional_email_sent',
+    ],
+  },
   tools: {
     access: [
       'loops_create_contact',

apps/sim/blocks/blocks/revenuecat.ts

@@ -2,6 +2,7 @@ import { RevenueCatIcon } from '@/components/icons'
 import type { BlockConfig, BlockMeta } from '@/blocks/types'
 import { AuthMode, IntegrationType } from '@/blocks/types'
 import type { RevenueCatResponse } from '@/tools/revenuecat/types'
+import { getTrigger } from '@/triggers'
 
 export const RevenueCatBlock: BlockConfig<RevenueCatResponse> = {
   type: 'revenuecat',
@@ -40,6 +41,7 @@ export const RevenueCatBlock: BlockConfig<RevenueCatResponse> = {
       title: 'API Key',
       type: 'short-input',
       password: true,
+      paramVisibility: 'user-only',
       placeholder: 'Enter your RevenueCat API key',
       required: true,
     },
@@ -359,7 +361,24 @@ Return ONLY the numeric timestamp, no text.`,
       },
       mode: 'advanced',
     },
+    ...getTrigger('revenuecat_initial_purchase').subBlocks,
+    ...getTrigger('revenuecat_renewal').subBlocks,
+    ...getTrigger('revenuecat_cancellation').subBlocks,
+    ...getTrigger('revenuecat_expiration').subBlocks,
+    ...getTrigger('revenuecat_non_renewing_purchase').subBlocks,
+    ...getTrigger('revenuecat_product_change').subBlocks,
   ],
+  triggers: {
+    enabled: true,
+    available: [
+      'revenuecat_initial_purchase',
+      'revenuecat_renewal',
+      'revenuecat_cancellation',
+      'revenuecat_expiration',
+      'revenuecat_non_renewing_purchase',
+      'revenuecat_product_change',
+    ],
+  },
   tools: {
     access: [
       'revenuecat_get_customer',

apps/sim/blocks/blocks/rootly.ts

@@ -2,6 +2,7 @@ import { RootlyIcon } from '@/components/icons'
 import type { BlockConfig, BlockMeta } from '@/blocks/types'
 import { AuthMode, IntegrationType } from '@/blocks/types'
 import type { RootlyResponse } from '@/tools/rootly/types'
+import { getTrigger } from '@/triggers'
 
 export const RootlyBlock: BlockConfig<RootlyResponse> = {
   type: 'rootly',
@@ -16,6 +17,15 @@ export const RootlyBlock: BlockConfig<RootlyResponse> = {
   bgColor: '#6C72C8',
   iconColor: '#6C72C8',
   icon: RootlyIcon,
+  triggers: {
+    enabled: true,
+    available: [
+      'rootly_incident_created',
+      'rootly_incident_updated',
+      'rootly_incident_resolved',
+      'rootly_alert_created',
+    ],
+  },
   subBlocks: [
     {
       id: 'operation',
@@ -1640,8 +1650,14 @@ export const RootlyBlock: BlockConfig<RootlyResponse> = {
       type: 'short-input',
       placeholder: 'Enter your Rootly API key',
       password: true,
+      paramVisibility: 'user-only',
       required: true,
     },
+
+    ...getTrigger('rootly_incident_created').subBlocks,
+    ...getTrigger('rootly_incident_updated').subBlocks,
+    ...getTrigger('rootly_incident_resolved').subBlocks,
+    ...getTrigger('rootly_alert_created').subBlocks,
   ],
   tools: {
     access: [

apps/sim/blocks/blocks/sentry.ts

@@ -3,6 +3,7 @@ import { SentryIcon } from '@/components/icons'
 import type { BlockConfig, BlockMeta } from '@/blocks/types'
 import { AuthMode, IntegrationType } from '@/blocks/types'
 import type { SentryResponse } from '@/tools/sentry/types'
+import { getTrigger } from '@/triggers'
 
 export const SentryBlock: BlockConfig<SentryResponse> = {
   type: 'sentry',
@@ -605,7 +606,23 @@ Return ONLY the timestamp string - no explanations, no quotes, no extra text.`,
       placeholder: 'Your Sentry organization slug',
       required: true,
     },
+
+    ...getTrigger('sentry_issue_created').subBlocks,
+    ...getTrigger('sentry_issue_resolved').subBlocks,
+    ...getTrigger('sentry_error_created').subBlocks,
+    ...getTrigger('sentry_issue_alert').subBlocks,
+    ...getTrigger('sentry_metric_alert').subBlocks,
   ],
+  triggers: {
+    enabled: true,
+    available: [
+      'sentry_issue_created',
+      'sentry_issue_resolved',
+      'sentry_error_created',
+      'sentry_issue_alert',
+      'sentry_metric_alert',
+    ],
+  },
   tools: {
     access: [
       'sentry_issues_list',

apps/sim/blocks/blocks/twilio.ts

@@ -2,6 +2,7 @@ import { TwilioIcon } from '@/components/icons'
 import type { BlockConfig, BlockMeta } from '@/blocks/types'
 import { AuthMode, IntegrationType } from '@/blocks/types'
 import type { TwilioSMSBlockOutput } from '@/tools/twilio/types'
+import { getTrigger } from '@/triggers'
 
 export const TwilioSMSBlock: BlockConfig<TwilioSMSBlockOutput> = {
   type: 'twilio_sms',
@@ -43,6 +44,7 @@ export const TwilioSMSBlock: BlockConfig<TwilioSMSBlockOutput> = {
       type: 'short-input',
       placeholder: 'Your Twilio Auth Token',
       password: true,
+      paramVisibility: 'user-only',
       required: true,
     },
     {
@@ -52,7 +54,13 @@ export const TwilioSMSBlock: BlockConfig<TwilioSMSBlockOutput> = {
       placeholder: 'e.g. +1234567890',
       required: true,
     },
+    ...getTrigger('twilio_sms_received').subBlocks,
+    ...getTrigger('twilio_sms_status').subBlocks,
   ],
+  triggers: {
+    enabled: true,
+    available: ['twilio_sms_received', 'twilio_sms_status'],
+  },
   tools: {
     access: ['twilio_send_sms'],
     config: {