Aerostack
Aerostack
Smart Webhooks are coming soon — the features below show our vision for this product.

Webhooks receive. This one understands.

Stop writing
webhook handlers.

Write one English instruction. The AI reads every incoming event, decides what to do, and takes action using your connected tools — no code, no flowcharts, no maintenance.

StripeGitHubShopifyCustomHMAC VerifiedAsync Support
Create Smart WebhookSee the Difference
//Before & After

40 lines of code. Or one sentence.

Before — handler code29 lines
webhook-handler.ts
app.post('/webhook/stripe', async (req, res) => {
  const sig = req.headers['stripe-signature'];
  const event = stripe.webhooks.construct(req.body, sig, secret);

  if (event.type === 'payment_intent.failed') {
    const amount = event.data.object.amount / 100;
    const customer = await stripe.customers.retrieve(
      event.data.object.customer
    );

    if (amount > 50) {
      await slack.chat.postMessage({
        channel: '#billing',
        text: `Payment failed: ${customer.name} - $${amount}`
      });

      await jira.issues.createIssue({
        fields: {
          project: { key: 'SUP' },
          summary: `Failed payment: ${customer.email}`,
          priority: { name: 'High' },
          issuetype: { name: 'Bug' }
        }
      });
    }
  }
  // ... 12 more event types
  res.json({ received: true });
});
After — one instruction1 sentence
smart-webhook config

When a payment fails for more than $50, notify #billing on Slack with the customer name and amount. Create a high-priority support ticket in Jira.

Source

Stripepayment_intent.failed

Tools the AI will use
slack__send_messagejira__create_issue
What happens with a new event type?

The AI adapts. No code change needed.

//How it works

Four steps. Zero code.

1

Webhook fires

Stripe, GitHub, Shopify, or any service sends a POST to your smart webhook URL. HMAC signature is verified automatically.

2

AI reads the payload

The AI receives the full event payload plus your plain-English instructions. It understands context — not just keywords.

3

AI calls your tools

Based on your instructions, the AI selects and executes MCP tools — Slack, Jira, CRM, database, anything connected to your workspace.

4

Done

Actions completed. Run logged with what the AI did, which tools it called, and cost. No polling, no callbacks needed.

//Why Aerostack

Not another automation tool.

The difference isn't incremental — it's architectural.

Zapier / n8nCustom CodeAerostack
Configuration
Setup methodVisual node graphCode handlerEnglish sentence
Handle new event typesBuild new workflowWrite new handlerAI adapts automatically
Conditional logicPre-configure every branchif/else codeAI reasons from context
Edge casesMust anticipate each oneMust code each oneAI handles novel events
Security
HMAC signature verification
Silent rejection (always 200)
Constant-time comparison
Replay protection
Operations
MCP tool ecosystem
Run history & audit trail
Async mode with callbacks
Edge-deployed (sub-50ms)

Natural language replaces nodes

Zapier needs a visual graph with explicit branches for every condition. Here: one English sentence covers every variation the AI can reason about.

AI adapts to novel events

New event type from Stripe? With Zapier, you build a new workflow. With Aerostack, the same instruction handles it — the AI reads the payload and decides.

Enterprise-grade security

Every invalid request returns 200 OK. Attackers can't enumerate webhooks, discover signatures, or probe event filters. Constant-time HMAC verification.

//Sources

Works with any webhook source.

Native support for Stripe, GitHub, and Shopify event formats. Or bring any custom webhook.

S

Stripe

payment_intent.failedcustomer.subscription.deletedinvoice.payment_succeededcharge.refunded
Example instruction

When a subscription is cancelled for a customer with lifetime value over $500, notify #retention on Slack and create a win-back task in the CRM.

slack__send_messagecrm__create_task
G

GitHub

pull_request.mergedissues.openedpush (to main)release.published
Example instruction

When a PR is merged that changes database migrations, post in #deployments with the author, PR title, and list of migration files.

slack__send_message
S

Shopify

orders/createorders/fulfilledproducts/updaterefunds/create
Example instruction

When a new order comes in for more than $200, check inventory levels. If any item is below 10 units, send a restock alert to #operations.

inventory__checkslack__send_message
C

Custom

Any JSON payloadAny event type fieldAny HMAC signatureNo verification (open)
Example instruction

When an error event arrives with severity "critical", create an incident in PagerDuty and post the error details to #incidents on Slack.

pagerduty__create_incidentslack__send_message
//Security

Silent rejection. By design.

Every failure returns 200 OK. Attackers learn nothing.

ScenarioTraditional webhookAerostack
Unknown slug404 Not Found

Attacker enumerates valid webhooks

200 { "ok": true }
Bad HMAC signature401 Unauthorized

Attacker confirms signature is checked

200 { "ok": true }
Rate limited429 Too Many Requests

Attacker discovers rate limit threshold

200 { "ok": true }
Filtered event type400 Bad Request

Attacker probes event filter config

200 { "ok": true, "skipped": true }
Oversized body413 Payload Too Large

Attacker discovers size limits

200 { "ok": true }

HMAC-SHA256

Supports Stripe, GitHub, Slack, and custom HMAC signatures. Verified before any processing.

Constant-time comparison

HMAC verification uses timingSafeEqual — immune to timing side-channel attacks.

Replay protection

Timestamp verification with configurable window. Rejects stale requests silently.

Replace your webhook handlers
with one sentence.

Write what should happen. The AI handles the rest.

Create Smart WebhookRead the Docs