webhookgate-sdk 1.0.1 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +135 -0
  2. package/package.json +1 -1
package/README.md ADDED
@@ -0,0 +1,135 @@
1
+ # WebhookGate
2
+
3
+ WebhookGate guarantees **no duplicate webhook side effects**.
4
+
5
+ https://webhookgate.com
6
+
7
+ It does this by combining:
8
+ - **durable webhook intake and de-duplication** at the gateway layer, and
9
+ - a **consumer-side idempotency SDK** that makes duplicate side effects **structurally impossible** within the consumer.
10
+
11
+ WebhookGate sits in front of webhook consumers and ensures that each `(provider, eventId)` is **accepted exactly once**, even under retries, replays, or noisy providers — and ensures downstream effects are never duplicated when the consumer uses the SDK.
12
+
13
+ ---
14
+
15
+ ## Documentation (problem-first)
16
+
17
+ If you want to understand *why* WebhookGate exists — not just how to use it — these documents explain the underlying failure modes and constraints:
18
+
19
+ - **Why Webhook Retries Cause Duplicate Side Effects**
20
+ https://webhookgate.com/docs/why-retries-cause-duplicates
21
+
22
+ - **Exactly-once Delivery Is a Myth**
23
+ https://webhookgate.com/docs/exactly-once-is-a-myth
24
+
25
+ - **What a Real Guarantee Requires**
26
+ https://webhookgate.com/docs/what-a-real-guarantee-requires
27
+
28
+ These explain the distributed-systems constraints that make ad-hoc idempotency fragile,
29
+ and the architectural boundaries required to make duplicate side effects impossible.
30
+
31
+ ---
32
+
33
+ ## What WebhookGate guarantees (MVP)
34
+
35
+ WebhookGate provides a durable webhook “inbox” in front of your consumer.
36
+
37
+ ### Gateway guarantees
38
+
39
+ - **Exactly-once acceptance** per `(provider, eventId)`
40
+ - **De-duplication at intake**: repeated deliveries of the same event are not re-accepted
41
+ - **Durable delivery jobs + transport retries**: downstream delivery is retried on network/transport failure
42
+ - **Deterministic Idempotency-Key propagation** on every downstream delivery
43
+
44
+ The gateway delivers events **at-least-once** downstream, always with the same
45
+ Idempotency-Key, even across retries, crashes, or restarts.
46
+
47
+ ---
48
+
49
+ ## Consumer SDK: No duplicate side effects
50
+
51
+ The consumer SDK converts delivery guarantees into **hard correctness**.
52
+
53
+ ### What the SDK guarantees
54
+
55
+ - **At-most-once execution** of the handler per Idempotency-Key
56
+ - **Duplicate deliveries never re-run side effects**
57
+ - **Crash-safe behavior**: if the process crashes mid-handler, the handler is never re-entered (row remains processing)
58
+ - **Error behavior (terminal)**: if the handler throws, the idempotency row transitions to 'failed' and is never re-entered automatically
59
+ - **Transactional DB effects** for database operations performed via the provided db client
60
+
61
+ Once a key is successfully claimed, the handler will **never** be executed again — even if the process crashes, restarts, or receives the same event repeatedly.
62
+
63
+ > Result: side effects are never duplicated.
64
+
65
+ ---
66
+
67
+ ## Exactly-once effects (clarified)
68
+
69
+ WebhookGate guarantees that your handler runs at most once per Idempotency-Key.
70
+
71
+ If your handler calls external systems (payments, email providers, APIs), those systems must respect idempotency keys to achieve end-to-end exactly-once effects across system boundaries.
72
+
73
+ This design deliberately favors **safety over re-execution**:
74
+ WebhookGate will never risk double-charging, double-emailing, or double-writing.
75
+
76
+ ---
77
+
78
+ ## Install
79
+
80
+ ```bash
81
+ npm install webhookgate-sdk
82
+ ```
83
+
84
+ The SDK automatically creates the required idempotency tables on first use.
85
+
86
+ ---
87
+
88
+ ## What the developer writes (locked API)
89
+
90
+ ```js
91
+ import { idempotent } from "webhookgate-sdk";
92
+
93
+ app.post(
94
+ "/webhooks/stripe",
95
+ idempotent(async ({ event, db }) => {
96
+ await chargeCustomer(event); // never executed twice
97
+ await sendReceipt(event); // never executed twice
98
+ })
99
+ );
100
+ ```
101
+
102
+ ---
103
+
104
+ ## Proof: No duplicate side effects (60 seconds)
105
+
106
+ 1. Start Postgres
107
+ 2. Install dependencies
108
+ npm install
109
+ 3. Start the consumer
110
+ npm run consumer
111
+ 4. Start the gateway
112
+ npm run dev
113
+ 5. Send a replay storm
114
+ npm run chaos -- evt_test_1
115
+
116
+ Result:
117
+ - Gateway receives 50 duplicate events
118
+ - Consumer executes the handler once
119
+ - /stats shows charges = 1
120
+
121
+ Crash test:
122
+ - Start consumer with CRASH_ONCE=true
123
+ - Re-run chaos
124
+ - Restart consumer
125
+ - Charges still = 1
126
+
127
+ ---
128
+
129
+ ## When you need production-grade durability
130
+
131
+ WebhookGate adds durable intake, replay protection, and operational safeguards for environments where local correctness is no longer sufficient.
132
+
133
+ Learn more:
134
+ - Overview: https://webhookgate.com
135
+ - Technical docs: https://webhookgate.com/docs
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "webhookgate-sdk",
3
- "version": "1.0.1",
3
+ "version": "1.0.3",
4
4
  "type": "module",
5
5
  "main": "index.js",
6
6
  "exports": {