Webhook Dispatcher — Service Readiness
Status: populated Owner: Platform Engineering Last updated: 2026-04-18
1. Definition of Ready (Before Sprint Start)
- Domain model documented and reviewed
- REST API contracts agreed with consumer teams
- Event schemas published to schema registry
- DB migrations reviewed by DBA
- KMS key provisioned in all environments
- Kong route configuration reviewed
2. Definition of Done (Before Merge)
- Unit + integration tests pass; coverage ≥ 80%
- Pact contracts verified (dlr-processor as provider)
-
npm auditno CRITICAL/HIGH - Trivy scan clean
- PR reviewed by ≥ 1 engineer
- HMAC signature generation reviewed by security team
- Secret never appears in logs (confirmed via test)
3. Production Readiness Checklist
Code Quality
- No
console.log - No plaintext secrets in source or environment at build time
- Error handling at all layers
- Graceful shutdown: drain NATS consumer → wait for in-flight deliveries (max 30 s) → close PG pool
Observability
- All 14 metrics from OBSERVABILITY.md §1 implemented
- Structured log events cover all delivery paths
- OTLP traces include outbound HTTP spans
- Grafana dashboard approved
Operations
- Runbooks for all FM-HOOK-* failure modes
- Dead-letter monitoring alert configured
- On-call rotation updated
Security
- Security review completed
- Webhook secret encryption reviewed
- SSRF NetworkPolicy verified
- Kong JWT plugin configured
4. Launch Phases
| Phase | Criteria | Rollout |
|---|---|---|
| Alpha | Internal test accounts only | 1 replica, staging |
| Beta | 10% of production accounts | 2 replicas + logging |
| GA | All accounts | 3 replicas + HPA |