DHC
/
bmad-template
Obserwuj 4
Gwiazdka 0
Forkuj 0
Kod Problemy 0 Pull Requests 0 Wydania 0 Wiki Aktywność
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commity
2 Gałęzie
Gałąź: master
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z 'master'
${ noResults }
bmad-template/.codebuddy/skills/bmad-testarch-atdd/resources/knowledge/webhook-risk-guidance.md

webhook-risk-guidance.md 6.3KB
Bezpośredni odnośnik Normal View Historia Czysty

chore(repo): 初始化 BMAD 成品模板
5 dni temu
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114 
  1. # Webhook Testing Risk Guidance

  2. 

  3. ## Principle

  4. 

  5. Webhook integration points are high-risk boundaries — they represent asynchronous side effects that cross service boundaries. A missing or malformed webhook means a downstream system never received its trigger. Default risk level: **P2 × I3** (medium probability, high impact = Risk Score 6) → must be covered by integration tests.

  6. 

  7. ## When Webhook Tests Are Required

  8. 

  9. Webhook tests are **required** (not optional) when:

  10. 

  11. | Condition                                                          | Rationale                                                              |

  12. | ------------------------------------------------------------------ | ---------------------------------------------------------------------- |

  13. | Application publishes events to external subscribers               | External consumers depend on correct payload shape and delivery timing |

  14. | Event-driven architecture (Kafka/SQS/event bus → webhook delivery) | The delivery pipeline is a risk boundary; delivery failures are silent |

  15. | Payment, order, or notification side effects                       | Business-critical; missed webhooks = missed transactions               |

  16. | Integration with third-party services via webhooks                 | Breaking payload changes won't surface in unit or component tests      |

  17. | Any async side effect that a consumer polls-on or reacts-to        | Polling tests (`recurse`) can mask webhook delivery failures entirely  |

  18. 

  19. ## Risk Scoring

  20. 

  21. ```

  22. Risk = Probability × Impact

  23. 

  24. Probability factors (P1–P3):

  25.   P1 (low):    Webhook system is mature, well-tested, no history of failures

  26.   P2 (medium): Kafka pipeline, multiple consumers, new integrations

  27.   P3 (high):   New delivery mechanism, external third-party webhooks, no retry logic

  28. 

  29. Impact factors (I1–I3):

  30.   I1 (low):    Non-critical notifications (e.g. audit logs)

  31.   I2 (medium): Feature-level side effects (e.g. search index updates)

  32.   I3 (high):   Business-critical events (payments, orders, compliance)

  33. ```

  34. 

  35. Default webhook integrations: **P2 × I3 = 6** → High → must be tested.

  36. 

  37. ## What a Complete Webhook Test Looks Like

  38. 

  39. A complete webhook test covers:

  40. 

  41. 1. **Happy path**: Action fires → webhook arrives with correct payload

  42. 2. **Sequential events (drain pattern)**: Preceding event drained before asserting on next

  43. 3. **Parallel isolation**: Template scoped by entity ID — workers don't cross-contaminate

  44. 4. **Timeout/error shape**: `WebhookTimeoutError` tested for negative path coverage

  45. 5. **Cleanup verification**: Fixture auto-cleans; no leaked webhooks after test

  46. 

  47. **Minimal complete example** (from playwright-utils E2E suite):

  48. 

  49. ```typescript

  50. // Template factories scoped by ID — parallel safety

  51. const movieCreated = (movieId: number) =>

  52.   webhookTemplate<{ event: string; data: { id: number } }>('movie.created')

  53.     .matchField('event', 'movie.created')

  54.     .matchField('data.id', movieId)

  55.     .withTimeout(15_000)

  56.     .withInterval(500)

  57.     .build();

  58. 

  59. const movieDeleted = (movieId: number) =>

  60.   webhookTemplate<{ event: string; data: { id: number } }>('movie.deleted')

  61.     .matchField('event', 'movie.deleted')

  62.     .matchField('data.id', movieId)

  63.     .withTimeout(15_000)

  64.     .withInterval(500)

  65.     .build();

  66. 

  67. test('movie deletion triggers a webhook with correct payload', async ({ authToken, addMovie, deleteMovie, webhookRegistry }) => {

  68.   const movie = generateMovieWithoutId();

  69.   const { body: createResponse } = await addMovie(authToken, movie);

  70.   const movieId = createResponse.data.id;

  71. 

  72.   // Drain: consume the create webhook before testing the delete path

  73.   await webhookRegistry.waitFor(movieCreated(movieId));

  74. 

  75.   await deleteMovie(authToken, movieId);

  76.   const webhook = await webhookRegistry.waitFor(movieDeleted(movieId));

  77. 

  78.   expect(webhook.body).toMatchObject({

  79.     event: 'movie.deleted',

  80.     data: { id: movieId, name: movie.name },

  81.   });

  82. });

  83. ```

  84. 

  85. ## Common Failure Patterns

  86. 

  87. | Failure pattern                        | Root cause                                             | How the module addresses it                                                  |

  88. | -------------------------------------- | ------------------------------------------------------ | ---------------------------------------------------------------------------- |

  89. | Test passes but webhook never verified | Test asserted on status endpoint, not delivery         | `waitFor` forces assertion on actual webhook arrival                         |

  90. | Flaky under `fullyParallel: true`      | `full-reset` cleanup deletes another worker's webhooks | `matched-only` strategy — only matched webhooks are deleted                  |

  91. | Timeout gives no useful information    | No payload inspection on failure                       | `WebhookTimeoutError.receivedWebhooks` snapshot                              |

  92. | Template matches wrong test's webhook  | Template not scoped by entity ID                       | Template factories accept ID parameter; `matchPredicate` for complex scoping |

  93. | Test hangs at 30s default timeout      | Webhook not arriving; pipeline is slow                 | Use `withTimeout()` and `withInterval(500)` per template                     |

  94. | Journal grows unbounded                | No cleanup strategy configured                         | Configure `cleanupStrategy` in `webhookConfig`; fixture auto-cleans          |

  95. 

  96. ## Risk Mitigation Checklist (for TA assessment)

  97. 

  98. When a system uses webhooks, verify the test suite covers:

  99. 

  100. - [ ] Happy path for each event type that has an external subscriber

  101. - [ ] Template factories scoped by entity ID (parallel-safe)

  102. - [ ] Drain pattern applied to all sequential event assertions

  103. - [ ] Cleanup strategy matches provider capability: `matched-only` for providers that support `deleteById` (e.g. WireMock); `full-reset` with serial execution or an isolated provider instance per worker for MockServer/Mockoon

  104. - [ ] Timeout values appropriate for the delivery pipeline latency (Kafka pipelines need 15s+)

  105. - [ ] `WebhookTimeoutError` imported and tested in negative path coverage

  106. - [ ] Mock server (WireMock/MockServer/Mockoon) in Docker Compose / test infra

  107. 

  108. ## Related Fragments

  109. 

  110. - `webhook-testing-fundamentals.md` — Why webhook tests are hard

  111. - `webhook-module-setup.md` — Fixture wiring for each provider

  112. - `webhook-template-matchers.md` — Template and matcher patterns

  113. - `risk-governance.md` — Risk scoring framework

  114. - `probability-impact.md` — P×I scale definitions