Sentinel: Critical Webhook Token Vulnerability Exposed in Production Code

A critical security vulnerability was discovered in the application's Meta webhook integration, where a guessable default string could allow attackers to bypass endpoint verification. The flaw resided in the `api/webhooks.ts` file, which used the hardcoded fallback value `'your-webhook-verify-token-here'` for the `WEBHOOK_VERIFY_TOKEN` environment variable. If this variable was accidentally omitted in a production deployment, an attacker could provide this known string to forge a successful verification, potentially subscribing to webhooks and receiving unauthorized data.

The fix removes this insecure default for production environments, replacing it with `undefined`. This ensures the verification will securely fail if the required token is missing. A separate, non-guessable fallback token (`'test-token'`) is now strictly permitted only when `NODE_ENV === 'test'` to maintain automated testing workflows. The update also introduces critical warning logs to immediately flag any missing configuration, providing an operational safeguard against deployment oversights.

This vulnerability highlights a common but dangerous pattern of leaving placeholder credentials in code destined for production. The immediate risk was unauthorized webhook access, which could have led to data leakage or system manipulation depending on the webhook's function. The remediation enforces a fail-secure principle, shifting the risk from a silent, exploitable failure to a noisy, blocked one that demands administrator intervention.