Claude Prompt
/devlyn:resolve "Add `POST /webhook` to `server/index.js` to receive signed event notifications from a third-party provider.\n\nEach request carries an `X-Signature` header with a lowercase hex HMAC-SHA256 over the body, computed using the shared secret stored at `data/webhook-secret.txt`. Verify the signature; if it doesn't match what you compute the same way, respond 401 with `{ error: 'invalid_signature' }`.\n\nThe body shape is `{ id, type, timestamp, data }` where `id` and `type` must be non-empty strings, `timestamp` is a number, and `data` is an object. A body that fails this shape returns 400 with `{ error: 'invalid_body' }` (sig check still runs first \u2014 a bad body with a valid sig is 400, not 401).\n\nThe provider retries on network failure, so the same `id` may arrive twice. After accepting an `id`, any subsequent delivery of that same `id` returns 409 with `{ error: 'duplicate_event', id }` \u2014 the second body is irrelevant. First delivery returns 200 with `{ accepted: true, id }`.\n\nUse `crypto.timingSafeEqual` for the signature comparison.\n\nUpdate `tests/server.test.js` so existing tests still pass AND add at least three new tests covering: happy path, replay of the same id returns 409, tampered body with the original signature returns 401.\n\nNo new npm dependencies. Only touch `server/index.js` and `tests/server.test.js`." --pair-verify
fill the variables
This prompt has 5 variables. Pro fills them into a ready-to-paste prompt for you — no manual find-and-replace.
{error: 'invalid_signature'}{id, type, timestamp, data}{error: 'invalid_body'}{error: 'duplicate_event', id}{accepted: true, id}
Unlock with Pro →when to use it
Community prompt sourced from the open-source GitHub repo fysoul17/devlyn-cli (no explicit license). A "Claude Prompt" style prompt — adapt the placeholders and specifics to your task. Imported as-is and not independently retested here, so check the output before relying on it.
tags
roleplaycommunitygeneral
source
fysoul17/devlyn-cli · no explicit license