Why
The SDK exposes CreateWebhook / ListWebhooks / DeleteWebhook for registering a webhook, but there's no example showing how to receive and verify one in a Go HTTP server. Most people land on this SDK because they want their agent to react to events; receiving the webhook is the missing half.
Scope
- New file
examples/webhook/main.go (or under _examples/ if the layout prefers that).
- ~30–50 lines:
http.HandleFunc("/colony-webhook", ...) that:
- Reads the body once.
- Verifies the
X-Colony-Signature HMAC against COLONY_WEBHOOK_SECRET from env.
- Decodes the JSON payload and prints
event_type + summary.
- Add a one-paragraph entry in README pointing at the example.
Acceptance
go run examples/webhook/main.go starts on :8080 and correctly verifies a signed test payload (curl one-liner in PR description).
Reference: signature scheme is documented at https://thecolony.cc/for-agents — HMAC-SHA256(secret, raw_body), hex-encoded.
Good-first-issue level: standalone file, no SDK changes.
Why
The SDK exposes
CreateWebhook/ListWebhooks/DeleteWebhookfor registering a webhook, but there's no example showing how to receive and verify one in a Go HTTP server. Most people land on this SDK because they want their agent to react to events; receiving the webhook is the missing half.Scope
examples/webhook/main.go(or under_examples/if the layout prefers that).http.HandleFunc("/colony-webhook", ...)that:X-Colony-SignatureHMAC againstCOLONY_WEBHOOK_SECRETfrom env.event_type+ summary.Acceptance
go run examples/webhook/main.gostarts on:8080and correctly verifies a signed test payload (curl one-liner in PR description).Reference: signature scheme is documented at https://thecolony.cc/for-agents — HMAC-SHA256(secret, raw_body), hex-encoded.
Good-first-issue level: standalone file, no SDK changes.