fix: handle Coinbase webhook post-verification crashes gracefully

[GsCommand]

Motivation

• A signed Coinbase webhook could cause an unhandled exception after HMAC verification, producing Vercel FUNCTION_INVOCATION_FAILED instead of a JSON error response.
• The failure site was in unguarded post-HMAC processing: JSON normalization/signature resolution and signReceipt can throw on invalid key material or unsupported event shapes.
• The goal was a minimal patch to return structured JSON errors for those failure modes without changing HMAC logic, receipt schema, or logging secrets.

Description

• Added input validation to normalizeReceipt in api/examples/coinbase-webhook.js to reject non-object payloads and missing/non-string id|event_id or type, throwing a sentinel error for unsupported shapes.
• Wrapped the normalization/signing sequence in a small try/catch that maps the sentinel error to 400 normalization_failed and other errors to 503 signing_unavailable, preserving successful signing behavior.
• Adjusted the earlier missing-eventId check to return 400 normalization_failed for consistency with the new normalization guard.
• No changes were made to HMAC verification logic, receipt canonicalization, or to logging of secrets or raw payloads.

Testing

• Added tests in tests/api-coinbase-webhook.test.js for invalid base64/PEM signing key (expects 503 signing_unavailable) and malformed event shape after valid HMAC (expects 400 normalization_failed).
• Kept and validated the existing successful signed payload and duplicate behavior tests to ensure no regression in the happy path.
• Ran npm test and all tests passed: 69 passed, 0 failed.

---

Codex Task

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
commandlayer-commandlayer-org	Ready	Preview, Comment	May 23, 2026 4:32pm
commandlayer-org	Ready	Preview, Comment	May 23, 2026 4:32pm
commandlayer-org111	Ready	Preview, Comment	May 23, 2026 4:32pm