PolySwarmPolySwarmPolySwarmPolySwarm
Go to PolySwarm
Home

End-to-end testing in the Development Community

This page covers end-to-end testing against PolySwarm using the Development Community. It validates that your Engine can receive real bounties via engine webhook and send valid assertions back to the marketplace.

Before you start

You should have:

  • Completed local tests on the Engine template (see Testing your Engine)

  • A running engine webhook service that:

    • Validates signatures
    • Returns 202 quickly
    • Processes bounties asynchronously
    • Posts assertions back to the provided response endpoint

Process

Step 1 - Create an engine webhook in the PolySwarm UI

In your Team account:

  1. Create a new engine webhook endpoint
  2. Set the shared secret (store it securely)
  3. Configure the URL to your engine webhook server (must be reachable from PolySwarm)

Step 2 - Attach the engine webhook to your Engine

In your Team account:

  1. Open your Engine
  2. Attach the engine webhook you created
  3. Confirm the Engine is in a development state for testing

Step 3 - Send test bounties

Run test bounties appropriate to your Engine type:

  • File engine: send an EICAR style test where appropriate
  • URL engine: send WICAR style test
  • Also test unsupported artifact types and confirm UNKNOWN is returned safely

Your goals:

  • Confirm the engine webhook receives the bounty
  • Confirm the worker processes it
  • Confirm an assertion is sent back successfully
  • Confirm the UI shows activity for the Engine

Step 4 - Validate expected behavior

Required checks

  • Signature validation is enforced (invalid signature requests are rejected)
  • Response is posted within expected timing
  • Verdict format is correct
  • Unknown is used for unsupported artifacts
  • Errors do not crash the service
  • Repeated bounties behave consistently
  • Metadata is stable and meaningful
  • Logging is sufficient to debug failures quickly

Common failure modes

  • Engine webhook never receives bounties

    • URL not reachable from the internet
    • wrong endpoint configured in UI
    • TLS or firewall issues

  • Requests arrive but are rejected

    • Incorrect shared secret
    • Signature validation mismatch

  • Engine receives bounty but no assertion is posted

    • Worker not running
    • Broker misconfigured
    • Crash during analysis
    • Response endpoint call failing (network, auth, formatting)

  • Slow responses

    • Analysis running in the web server process instead of the worker
    • External tools lacking timeouts
    • Insufficient concurrency

Next Steps

You are ready to request verification when:

  • End to end dev community tests pass repeatedly
  • Assertions are valid and timely
  • Unsupported artifacts return UNKNOWN cleanly
  • Logs are sufficient to diagnose issues
  • Reliability is stable under repeated bounties

Articles in This Section

Reliability

Keep your Engine healthy, responsive, and consistent so results arrive on time and you avoid failures.

Roles

Who does what in the marketplace, and how Engines interact with PolySwarm and ground truth.

Operate and Optimise

Once your Engine is verified and running in production, the goal shifts from...

2026 © Swarm Technologies Inc.