Follow-up from #917 and the cross-SDK ergonomics work in adcp-client-python#272 / adcp-go#88.
`#917` defaulted `replayStore` and `revocationStore` on `verifySignatureAsAuthenticator` and `createExpressVerifier` — the request-signing surface. The webhook profile (`verifyWebhookSignature` in `@adcp/client/signing/server`) has a symmetric replay-store dependency and the same regression class applies: omitting the store silently disables webhook-replay dedup.
Compliance vector `compliance/cache/3.0.0/test-vectors/webhook-signing/negative/016-replayed-nonce.json` is identical in shape to the request-signing version.
Proposal:
- Default `replayStore` to a fresh `InMemoryReplayStore` on `verifyWebhookSignature` (or whatever the equivalent option bag is named).
- Mirror the same security-by-default story across TS / Python / Go webhook verifiers — symmetric to the request-signing work that just shipped.
- Add a regression test that confirms a replayed webhook gets rejected when the caller didn't pass an explicit store.
cc @benminer (this came out of adcp#3064 review)
Follow-up from #917 and the cross-SDK ergonomics work in adcp-client-python#272 / adcp-go#88.
`#917` defaulted `replayStore` and `revocationStore` on `verifySignatureAsAuthenticator` and `createExpressVerifier` — the request-signing surface. The webhook profile (`verifyWebhookSignature` in `@adcp/client/signing/server`) has a symmetric replay-store dependency and the same regression class applies: omitting the store silently disables webhook-replay dedup.
Compliance vector `compliance/cache/3.0.0/test-vectors/webhook-signing/negative/016-replayed-nonce.json` is identical in shape to the request-signing version.
Proposal:
cc @benminer (this came out of adcp#3064 review)