webhookgate-sdk 1.0.2 → 1.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +86 -24
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -4,27 +4,52 @@ WebhookGate guarantees **no duplicate webhook side effects**.
|
|
|
4
4
|
|
|
5
5
|
https://webhookgate.com
|
|
6
6
|
|
|
7
|
+
WebhookGate exists to draw a hard line in reality:
|
|
8
|
+
|
|
9
|
+
> **Past this point, duplicate side effects cannot exist.**
|
|
10
|
+
|
|
7
11
|
It does this by combining:
|
|
8
12
|
- **durable webhook intake and de-duplication** at the gateway layer, and
|
|
9
13
|
- a **consumer-side idempotency SDK** that makes duplicate side effects **structurally impossible** within the consumer.
|
|
10
14
|
|
|
11
|
-
WebhookGate sits in front of webhook consumers and ensures that each `(provider, eventId)` is **accepted exactly once**, even under retries, replays, or noisy providers
|
|
15
|
+
WebhookGate sits in front of webhook consumers and ensures that each `(provider, eventId)` is **accepted exactly once**, even under retries, replays, or noisy providers — and ensures downstream effects are never duplicated when the consumer uses the SDK.
|
|
16
|
+
|
|
17
|
+
---
|
|
18
|
+
|
|
19
|
+
## Documentation (problem-first)
|
|
20
|
+
|
|
21
|
+
If you want to understand *why* WebhookGate exists — not just how to use it — start here:
|
|
22
|
+
|
|
23
|
+
- **Why Webhook Retries Cause Duplicate Side Effects**
|
|
24
|
+
https://webhookgate.com/docs/why-retries-cause-duplicates
|
|
25
|
+
|
|
26
|
+
- **Exactly-once Delivery Is a Myth**
|
|
27
|
+
https://webhookgate.com/docs/exactly-once-is-a-myth
|
|
28
|
+
|
|
29
|
+
- **What a Real Guarantee Requires**
|
|
30
|
+
https://webhookgate.com/docs/what-a-real-guarantee-requires
|
|
31
|
+
|
|
32
|
+
These documents explain the distributed-systems constraints that make ad-hoc idempotency fragile,
|
|
33
|
+
and the architectural boundaries required to make duplicate side effects impossible.
|
|
12
34
|
|
|
13
35
|
---
|
|
14
36
|
|
|
15
37
|
## What WebhookGate guarantees (MVP)
|
|
16
38
|
|
|
17
|
-
WebhookGate provides a durable webhook
|
|
39
|
+
WebhookGate provides a durable webhook **inbox** in front of your consumer.
|
|
18
40
|
|
|
19
41
|
### Gateway guarantees
|
|
20
42
|
|
|
21
43
|
- **Exactly-once acceptance** per `(provider, eventId)`
|
|
22
44
|
- **De-duplication at intake**: repeated deliveries of the same event are not re-accepted
|
|
23
|
-
- **Durable delivery jobs + transport retries
|
|
45
|
+
- **Durable delivery jobs + transport retries**
|
|
24
46
|
- **Deterministic Idempotency-Key propagation** on every downstream delivery
|
|
25
47
|
|
|
26
|
-
The gateway delivers events **at-least-once** downstream, always with the same
|
|
27
|
-
|
|
48
|
+
The gateway delivers events **at-least-once** downstream, always with the same Idempotency-Key, even across retries, crashes, or restarts.
|
|
49
|
+
|
|
50
|
+
> Intake is exactly-once.
|
|
51
|
+
> Delivery is at-least-once.
|
|
52
|
+
> Side effects are at-most-once.
|
|
28
53
|
|
|
29
54
|
---
|
|
30
55
|
|
|
@@ -36,23 +61,24 @@ The consumer SDK converts delivery guarantees into **hard correctness**.
|
|
|
36
61
|
|
|
37
62
|
- **At-most-once execution** of the handler per Idempotency-Key
|
|
38
63
|
- **Duplicate deliveries never re-run side effects**
|
|
39
|
-
- **Crash-safe behavior**: if the process crashes mid-handler, the handler is never re-entered
|
|
40
|
-
- **
|
|
41
|
-
- **Transactional DB effects** for database operations performed via the provided
|
|
64
|
+
- **Crash-safe behavior**: if the process crashes mid-handler, the handler is never re-entered
|
|
65
|
+
- **Terminal failure semantics**: if the handler throws, the idempotency row transitions to 'failed' and is never re-entered automatically
|
|
66
|
+
- **Transactional DB effects** for database operations performed via the provided DB client
|
|
42
67
|
|
|
43
68
|
Once a key is successfully claimed, the handler will **never** be executed again — even if the process crashes, restarts, or receives the same event repeatedly.
|
|
44
69
|
|
|
45
|
-
> Result: side effects are never duplicated
|
|
70
|
+
> Result: **side effects are never duplicated**.
|
|
46
71
|
|
|
47
72
|
---
|
|
48
73
|
|
|
49
74
|
## Exactly-once effects (clarified)
|
|
50
75
|
|
|
51
|
-
WebhookGate guarantees that your handler runs at most once per Idempotency-Key.
|
|
76
|
+
WebhookGate guarantees that your handler runs **at most once** per Idempotency-Key.
|
|
52
77
|
|
|
53
78
|
If your handler calls external systems (payments, email providers, APIs), those systems must respect idempotency keys to achieve end-to-end exactly-once effects across system boundaries.
|
|
54
79
|
|
|
55
80
|
This design deliberately favors **safety over re-execution**:
|
|
81
|
+
|
|
56
82
|
WebhookGate will never risk double-charging, double-emailing, or double-writing.
|
|
57
83
|
|
|
58
84
|
---
|
|
@@ -81,35 +107,71 @@ app.post(
|
|
|
81
107
|
);
|
|
82
108
|
```
|
|
83
109
|
|
|
110
|
+
There are no flags, retries, or callbacks to manage.
|
|
111
|
+
|
|
112
|
+
If safety cannot be proven, execution is refused (fail-closed).
|
|
113
|
+
|
|
84
114
|
---
|
|
85
115
|
|
|
86
|
-
## Proof:
|
|
116
|
+
## Proof: no duplicate side effects (60 seconds)
|
|
87
117
|
|
|
88
|
-
1. Start Postgres
|
|
89
|
-
2. Install dependencies
|
|
118
|
+
1. Start Postgres
|
|
119
|
+
2. Install dependencies
|
|
120
|
+
```bash
|
|
90
121
|
npm install
|
|
91
|
-
|
|
122
|
+
```
|
|
123
|
+
3. Start the consumer
|
|
124
|
+
```bash
|
|
92
125
|
npm run consumer
|
|
93
|
-
|
|
126
|
+
```
|
|
127
|
+
4. Start the gateway
|
|
128
|
+
```bash
|
|
94
129
|
npm run dev
|
|
95
|
-
|
|
130
|
+
```
|
|
131
|
+
5. Send a replay storm
|
|
132
|
+
```bash
|
|
96
133
|
npm run chaos -- evt_test_1
|
|
134
|
+
```
|
|
97
135
|
|
|
98
|
-
Result
|
|
136
|
+
**Result**
|
|
99
137
|
- Gateway receives 50 duplicate events
|
|
100
|
-
- Consumer executes the handler once
|
|
101
|
-
-
|
|
138
|
+
- Consumer executes the handler **once**
|
|
139
|
+
- `/stats` shows `charges = 1`
|
|
140
|
+
|
|
141
|
+
### Crash test
|
|
102
142
|
|
|
103
|
-
|
|
104
|
-
- Start consumer with CRASH_ONCE=true
|
|
143
|
+
- Start consumer with `CRASH_ONCE=true`
|
|
105
144
|
- Re-run chaos
|
|
106
145
|
- Restart consumer
|
|
107
|
-
|
|
146
|
+
|
|
147
|
+
**Charges still = 1**
|
|
148
|
+
|
|
149
|
+
---
|
|
150
|
+
|
|
151
|
+
## Relationship to webhook-replay
|
|
152
|
+
|
|
153
|
+
- **webhook-replay** detects unsafe handlers (local / CI)
|
|
154
|
+
- **WebhookGate** enforces safety in production
|
|
155
|
+
|
|
156
|
+
If `webhook-replay` reports:
|
|
157
|
+
|
|
158
|
+
```
|
|
159
|
+
❌ UNSAFE UNDER RETRY
|
|
160
|
+
```
|
|
161
|
+
|
|
162
|
+
WebhookGate is the production fix.
|
|
108
163
|
|
|
109
164
|
---
|
|
110
165
|
|
|
111
166
|
## When you need production-grade durability
|
|
112
167
|
|
|
113
|
-
|
|
168
|
+
Local correctness is not enough once retries, crashes, and distributed failure enter the picture.
|
|
169
|
+
|
|
170
|
+
WebhookGate adds:
|
|
171
|
+
- durable intake
|
|
172
|
+
- replay protection
|
|
173
|
+
- enforcement instead of best-effort guarantees
|
|
114
174
|
|
|
115
|
-
Learn more
|
|
175
|
+
Learn more:
|
|
176
|
+
- Overview: https://webhookgate.com
|
|
177
|
+
- Technical docs: https://webhookgate.com/docs
|