PolySwarmPolySwarmPolySwarmPolySwarm
Go to PolySwarm
Home

End-to-end testing in the Development Community

This page covers end-to-end testing against PolySwarm using the Development Community. It validates that your Engine can receive real bounties via webhook and send valid assertions back to the marketplace.

Before you start

You should have:

  • Completed local tests on the Engine template (see Testing your Engine)

  • A running webhook service that:

    • Validates signatures
    • Returns 202 quickly
    • Processes bounties asynchronously
    • Posts assertions back to the provided response endpoint

Process

Step 1 - Create a webhook in the PolySwarm UI

In your Team account:

  1. Create a new webhook endpoint
  2. Set the shared secret (store it securely)
  3. Configure the URL to your webhook server (must be reachable from PolySwarm)

Step 2 - Attach the webhook to your Engine

In your Team account:

  1. Open your Engine
  2. Attach the webhook you created
  3. Confirm the Engine is in a development state for testing

Step 3 - Send test bounties

Run test bounties appropriate to your Engine type:

  • File engine: send an EICAR style test where appropriate
  • URL engine: send WICAR style test
  • Also test unsupported artifact types and confirm UNKNOWN is returned safely

Your goals:

  • Confirm the webhook receives the bounty
  • Confirm the worker processes it
  • Confirm an assertion is sent back successfully
  • Confirm the UI shows activity for the Engine

Step 4 - Validate expected behavior

Required checks

  • Signature validation is enforced (invalid signature requests are rejected)
  • Response is posted within expected timing
  • Verdict format is correct
  • Unknown is used for unsupported artifacts
  • Errors do not crash the service
  • Repeated bounties behave consistently
  • Metadata is stable and meaningful
  • Logging is sufficient to debug failures quickly

Common failure modes

  • Webhook never receives bounties

    • URL not reachable from the internet
    • wrong endpoint configured in UI
    • TLS or firewall issues

  • Requests arrive but are rejected

    • Incorrect shared secret
    • Signature validation mismatch

  • Engine receives bounty but no assertion is posted

    • Worker not running
    • Broker misconfigured
    • Crash during analysis
    • Response endpoint call failing (network, auth, formatting)

  • Slow responses

    • Analysis running in the web server process instead of the worker
    • External tools lacking timeouts
    • Insufficient concurrency

Next Steps

You are ready to request verification when:

  • End to end dev community tests pass repeatedly
  • Assertions are valid and timely
  • Unsupported artifacts return UNKNOWN cleanly
  • Logs are sufficient to diagnose issues
  • Reliability is stable under repeated bounties

Articles in This Section

Examples

Working patterns and sample implementations you can copy and adapt.

Production verification

What PolySwarm tests during verification, pass criteria, and common failure reasons.

Operate and Optimise

Once your Engine is verified and running in production, the goal shifts from...

2026 © Swarm Technologies Inc.