fix(examples): correct from_jwk call signature + warn on missing WEBHOOK_BEARER_TOKEN

claude · claude · commit 47386c4e5d3c · 2026-05-04T02:38:16.000Z
Pre-PR review blockers: - from_jwk takes a JWK dict; kid/alg/adcp_use live inside the dict, not as separate kwargs. Fix the doc table and hello_seller.py comment accordingly. - hello_seller_with_webhooks.py now warns (instead of silently continuing) when WEBHOOK_BEARER_TOKEN is unset, so developers discover the dev-fixture default rather than running a production server with it. https://claude.ai/code/session_01Ay2SJvRpBg8EP9nG9DgQMy
diff --git a/docs/handler-authoring.md b/docs/handler-authoring.md
@@ -1053,7 +1053,7 @@ Pick one per `WebhookSender` instance. All three share the same
 
 | Constructor | Auth mode | When to use |
 |---|---|---|
-| `WebhookSender.from_jwk(jwk, key_id, alg)` | RFC 9421 HTTP-signature | AdCP-conformant buyers; spec baseline |
+| `WebhookSender.from_jwk(jwk)` | RFC 9421 HTTP-signature | AdCP-conformant buyers; spec baseline (`kid`/`alg`/`adcp_use` live in the JWK dict) |
 | `WebhookSender.from_bearer_token(token)` | `Authorization: Bearer` | Simplest; no key management; requires TLS |
 | `WebhookSender.from_standard_webhooks_secret(secret)` | Standard Webhooks v1 | Svix / Resend / standardwebhooks.com receivers |
 
diff --git a/examples/hello_seller.py b/examples/hello_seller.py
@@ -344,8 +344,9 @@ def _get_packages(req: Any) -> list[dict[str, Any]]:
     #   from adcp.webhook_sender import WebhookSender
     #   from adcp.webhook_supervisor import InMemoryWebhookDeliverySupervisor
     #
-    #   # RFC 9421 JWK signing — AdCP spec baseline (recommended):
-    #   sender = WebhookSender.from_jwk(signing_jwk, key_id="kid_1", alg="ES256")
+    #   # RFC 9421 JWK signing — AdCP spec baseline (recommended).
+    #   # signing_jwk must be a dict with kid, alg, and adcp_use="webhook-signing":
+    #   sender = WebhookSender.from_jwk(signing_jwk)
     #
     #   # Shared bearer token — no key management, requires TLS:
     #   sender = WebhookSender.from_bearer_token(os.environ["WEBHOOK_BEARER_TOKEN"])
diff --git a/examples/hello_seller_with_webhooks.py b/examples/hello_seller_with_webhooks.py
@@ -35,7 +35,16 @@
 from adcp.webhook_supervisor import InMemoryWebhookDeliverySupervisor
 
 if __name__ == "__main__":
-    token = os.environ.get("WEBHOOK_BEARER_TOKEN", "dev-fixture-token")
+    token = os.environ.get("WEBHOOK_BEARER_TOKEN", "")
+    if not token:
+        import warnings
+
+        warnings.warn(
+            "WEBHOOK_BEARER_TOKEN is not set; using 'dev-fixture-token'. "
+            "Set WEBHOOK_BEARER_TOKEN=<real-token> before connecting real buyers.",
+            stacklevel=1,
+        )
+        token = "dev-fixture-token"
     sender = WebhookSender.from_bearer_token(token)
     # InMemoryWebhookDeliverySupervisor wraps the sender with retry
     # (exponential backoff, 3 attempts) and per-endpoint circuit breakers.

Original file line number	Diff line number	Diff line change
`@@ -344,8 +344,9 @@ def _get_packages(req: Any) -> list[dict[str, Any]]:`
`344`	`344`	`# from adcp.webhook_sender import WebhookSender`
`345`	`345`	`# from adcp.webhook_supervisor import InMemoryWebhookDeliverySupervisor`
`346`	`346`	`#`
`347`		`- # # RFC 9421 JWK signing — AdCP spec baseline (recommended):`
`348`		`- # sender = WebhookSender.from_jwk(signing_jwk, key_id="kid_1", alg="ES256")`
	`347`	`+ # # RFC 9421 JWK signing — AdCP spec baseline (recommended).`
	`348`	`+ # # signing_jwk must be a dict with kid, alg, and adcp_use="webhook-signing":`
	`349`	`+ # sender = WebhookSender.from_jwk(signing_jwk)`
`349`	`350`	`#`
`350`	`351`	`# # Shared bearer token — no key management, requires TLS:`
`351`	`352`	`# sender = WebhookSender.from_bearer_token(os.environ["WEBHOOK_BEARER_TOKEN"])`