Problem: commons/webhook.Deliverer creates the outbound HTTP request internally, so downstream services cannot inject W3C trace context into webhook receiver requests without wrapping the HTTP transport. A local transport wrapper is risky because the deliverer owns SSRF validation, DNS pinning, redirect blocking, and pinned HTTPS/SNI behavior, and parts of that path expect a concrete *http.Transport. Impact: plugin-br-bank-transfer extracts broker trace context and creates delivery spans, but webhook receivers do not receive traceparent/tracestate, breaking end-to-end correlation. Desired behavior: add a request/header mutator option or built-in trace-context-only injection inside commons/webhook after http.NewRequestWithContext and before client.Do. Constraints: preserve SSRF, DNS pinning, redirect blocking, pinned HTTPS/SNI; do not propagate arbitrary baggage by default; do not force callers to reimplement delivery. Suggested tests: httptest receiver gets traceparent from active span context; trace ID matches; no tenant IDs, broker signatures, or payload data are propagated as headers. Downstream: plugin-br-bank-transfer will keep a TODO near commonswebhook.WithHTTPClient and remove it after lib-commons exposes this capability and the dependency is bumped.
Problem: commons/webhook.Deliverer creates the outbound HTTP request internally, so downstream services cannot inject W3C trace context into webhook receiver requests without wrapping the HTTP transport. A local transport wrapper is risky because the deliverer owns SSRF validation, DNS pinning, redirect blocking, and pinned HTTPS/SNI behavior, and parts of that path expect a concrete *http.Transport. Impact: plugin-br-bank-transfer extracts broker trace context and creates delivery spans, but webhook receivers do not receive traceparent/tracestate, breaking end-to-end correlation. Desired behavior: add a request/header mutator option or built-in trace-context-only injection inside commons/webhook after http.NewRequestWithContext and before client.Do. Constraints: preserve SSRF, DNS pinning, redirect blocking, pinned HTTPS/SNI; do not propagate arbitrary baggage by default; do not force callers to reimplement delivery. Suggested tests: httptest receiver gets traceparent from active span context; trace ID matches; no tenant IDs, broker signatures, or payload data are propagated as headers. Downstream: plugin-br-bank-transfer will keep a TODO near commonswebhook.WithHTTPClient and remove it after lib-commons exposes this capability and the dependency is bumped.