`gh api repos/chasko-labs/heraldstack-core/hooks` shows `last_response=unused` because the webhook target is `http://192.168.4.53:8210\` (LAN-only). github delivery workers cannot reach it — pipelines must be manually triggered via the woodpecker API until a public tunnel or reverse proxy fronts the woodpecker server.
options to evaluate:
- cloudflare tunnel — check paid-services whitelist before committing
- aws alb + vpn — prefer if already in sprint, fits aws ssm/secrets pattern
- wireguard with github-allowed egress — lightweight, self-hosted, no saas dependency
until one of these lands, manual event trigger is enabled on tier-1 (PR #52). this issue tracks the sprint-2 public ingress work.
`gh api repos/chasko-labs/heraldstack-core/hooks` shows `last_response=unused` because the webhook target is `http://192.168.4.53:8210\` (LAN-only). github delivery workers cannot reach it — pipelines must be manually triggered via the woodpecker API until a public tunnel or reverse proxy fronts the woodpecker server.
options to evaluate:
until one of these lands, manual event trigger is enabled on tier-1 (PR #52). this issue tracks the sprint-2 public ingress work.