zap-webhooks-routing-and-verification

Build webhook ingestion with @zap-studio/webhooks using createWebhookRouter, register path keys, prefix normalization, schema validation, lifecycle hooks, createHmacVerifier, and BaseAdapter request/response mapping.

155 stars

byzap-studio

View on GitHub Installation ↓

Best use case

zap-webhooks-routing-and-verification is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Teams using zap-webhooks-routing-and-verification should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/zap-webhooks-routing-and-verification/SKILL.md --create-dirs "https://raw.githubusercontent.com/zap-studio/monorepo/main/packages/webhooks/skills/zap-webhooks-routing-and-verification/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/zap-webhooks-routing-and-verification/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How zap-webhooks-routing-and-verification Compares

Feature / Agent	zap-webhooks-routing-and-verification	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# @zap-studio/webhooks — Routing and Verification

## Setup

```ts
import { createWebhookRouter } from "@zap-studio/webhooks";
import { createHmacVerifier } from "@zap-studio/webhooks/verify";
import { z } from "zod";

const router = createWebhookRouter({
  prefix: "/webhooks/",
  verify: createHmacVerifier({
    headerName: "x-hub-signature-256",
    secret: process.env.WEBHOOK_SECRET!,
  }),
});

router.register("github/push", {
  schema: z.object({ ref: z.string() }),
  handler: async ({ payload, ack }) => {
    console.log(payload.ref);
    return ack({ status: 200, body: "ok" });
  },
});
```

## Core Patterns

### Add global hooks for observability and error shaping

```ts
const router = createWebhookRouter({
  before: (req) => {
    console.log("incoming", req.path);
  },
  after: (_req, res) => {
    console.log("status", res.status);
  },
  onError: (error) => ({
    status: 500,
    body: { error: error.message },
  }),
});
```

### Register route-specific hooks

```ts
router.register("payments/succeeded", {
  schema: PaymentSchema,
  before: (req) => {
    req.headers.set("x-processed", "1");
  },
  after: (_req, res) => {
    console.log("finished", res.status);
  },
  handler: async ({ payload, ack }) => ack({ body: { id: payload.id } }),
});
```

### Implement an adapter with `BaseAdapter`

```ts
import { BaseAdapter } from "@zap-studio/webhooks/adapters/base";

class MyAdapter extends BaseAdapter {
  async toNormalizedRequest(req: Request) {
    return {
      method: req.method,
      path: req.url,
      headers: req.headers,
      rawBody: Buffer.from(await req.text()),
    };
  }

  async toFrameworkResponse(res: Response, normalized) {
    return new Response(JSON.stringify(normalized.body), {
      status: normalized.status,
      headers: normalized.headers,
    }) as unknown as Response;
  }
}
```

## Common Mistakes

### HIGH Registering paths with leading slash

Wrong:

```ts
router.register("/github/push", {
  schema: PushSchema,
  handler,
});
```

Correct:

```ts
router.register("github/push", {
  schema: PushSchema,
  handler,
});
```

Incoming paths normalize to slashless keys; leading slash route keys do not match and return 404.

Source: zap-studio/monorepo:packages/webhooks/src/index.ts

### CRITICAL Verifying a transformed payload instead of raw body

Wrong:

```ts
const parsed = JSON.parse(req.rawBody.toString());
await verifyProvider(JSON.stringify(parsed));
```

Correct:

```ts
await verify(req); // uses req.rawBody bytes
const parsed = JSON.parse(req.rawBody.toString());
```

Signature checks must run on exact raw bytes; any parse/serialize transformation can invalidate signatures.

Source: zap-studio/monorepo:packages/webhooks/src/verify.ts

### HIGH Assuming `createHmacVerifier` is Node-only

Wrong:

```ts
const verify = createHmacVerifier({
  headerName: "x-signature",
  secret: env.WEBHOOK_SECRET,
});
// used in edge runtime
```

Correct:

```ts
const verify = createHmacVerifier({
  headerName: "x-signature",
  secret: env.WEBHOOK_SECRET,
});
```

`createHmacVerifier` uses the Web Crypto API and works across runtimes that expose `globalThis.crypto.subtle`.

Source: zap-studio/monorepo:packages/webhooks/src/verify.ts

See also: zap-validation-standard-schema/SKILL.md — payload validation result handling.

Related Skills

zap-validation-standard-schema

155

from zap-studio/monorepo

Validate unknown data with @zap-studio/validation using isStandardSchema, standardValidate/standardValidateSync, createStandardValidator, createSyncStandardValidator, and throwOnError result/exception modes.

zap-permit-policy-authoring

155

from zap-studio/monorepo

Author typed authorization policies with @zap-studio/permit using createPolicy, allow/deny/when, condition combinators, has/hasRole, and mergePolicies vs mergePoliciesAny decision strategies.

zap-fetch-typed-http

155

from zap-studio/monorepo

Implement type-safe HTTP requests with @zap-studio/fetch using $fetch, api.get/post/put/patch/delete, createFetch defaults, searchParams merging, and throwOnFetchError/throwOnValidationError return modes.

laravel-verification

144923

from affaan-m/everything-claude-code

Verification loop for Laravel projects: env checks, linting, static analysis, tests with coverage, security scans, and deployment readiness.

DevelopmentClaude

springboot-verification

144923

from affaan-m/everything-claude-code

Verification loop for Spring Boot projects: build, static analysis, tests with coverage, security scans, and diff review before release or PR.

DevelopmentClaude

django-verification

144923

from affaan-m/everything-claude-code

Verification loop for Django projects: migrations, linting, tests with coverage, security scans, and deployment readiness checks before release or PR.

DevelopmentClaude

verification-loop

144923

from affaan-m/everything-claude-code

A comprehensive verification system for Claude Code sessions.

DevelopmentClaude

sRouting Development

from ThangKM/sRouting

Configures sRouting library, defines @sRoute enums, registers NavigationStack-based screens, sets up tab navigation with @sRouteCoordinator, and implements deep linking via SRContext in SwiftUI apps. Use when the user asks about sRouting setup, SwiftUI navigation with sRouting, adding new screens or routes, configuring NavigationStack routing, tab bar navigation, deep linking, push/pop transitions, or presenting sheets and alerts.

verification-before-completion

31392

from sickn33/antigravity-awesome-skills

Claiming work is complete without verification is dishonesty, not efficiency. Use when ANY variation of success/completion claims, ANY expression of satisfaction, or ANY positive statement about work state.

android_ui_verification

31392

from sickn33/antigravity-awesome-skills

Automated end-to-end UI testing and verification on an Android Emulator using ADB.

verification-before-completion

24269

from davila7/claude-code-templates

Use when about to claim work is complete, fixed, or passing, before committing or creating PRs - requires running verification commands and confirming output before making any success claims; evidence before assertions always

mime-detection-routing

7385

from kreuzberg-dev/kreuzberg

mime detection routing