Proof that all four LIQAA SDKs (JS, PHP, Python, Go) implement identical behaviour.
A single test scenario, executed in matrix CI against every SDK release, every commit. If any SDK drifts from the spec, this turns red. Inspired by go/x/text, oauth2-test, and Stripe's internal test suite (which they don't publish).
A real customer flow, executed step-by-step:
- Init client with
sk_live_test_… - Create a room named
compliance_<random> - Issue a JWT for user
agent@compliance.test, scoped to that room, TTL 60s - Decode the JWT, assert claims match:
sub,room,exp,iss,iat - Register a webhook subscription for
call.ended - Fire a synthetic webhook delivery with a known payload
- Verify the signature server-side (constant time)
- Reject a tampered signature with the SDK's verifier
- Reject an expired timestamp (older than 5 min)
- List rooms, assert pagination metadata matches the OpenAPI spec
- End the room, assert it disappears from the list
- Delete the webhook, assert it disappears
- Idempotency: repeat step 2 with the same
Idempotency-Key, assert same room ID returned - Rate limit: burst 30 token issuances in 1s, assert exactly 20 succeed (we publish 20/s)
- Error shapes: intentionally pass invalid input, assert the SDK throws / returns the documented error type
15 assertions × 4 SDKs = 60 cells in the matrix. All must be green.
Polyrepo SDKs (one per language, see ADR-007) have one famous failure mode: behaviour drift. The PHP SDK fixes a bug, the Python SDK forgets to. Six months later, a customer ports their app from PHP to Python and dropAfterTimeout() no longer fires.
The OpenAPI spec (liqaa-openapi) prevents type drift. This suite prevents behaviour drift.
.
scenarios/
01-rooms.yaml · declarative scenario steps
02-tokens.yaml
03-webhooks.yaml
04-idempotency.yaml
05-error-shapes.yaml
runners/
js/ · Node 18/20/22 → liqaa-js
php/ · PHP 8.2/8.3/8.4 → liqaa-php
python/ · Python 3.10/3.11/3.12/3.13 → liqaa-python
go/ · Go 1.21/1.22/1.23 → liqaa-go
scripts/
run-all.sh · one command runs the matrix locally
generate-matrix.mjs · emits GitHub Actions matrix from scenarios
Each runner is a thin shim: it reads a scenario YAML, calls the SDK methods, asserts the responses. The shims share zero code — that's the point. If any runner cheats, real behaviour will diverge from what's tested.
git clone https://github.com/hartemyaakoub/liqaa-compliance
cd liqaa-compliance
export LIQAA_TEST_SK=sk_test_… # get one at https://liqaa.io/console (test mode)
./scripts/run-all.shYou'll need: Node 20+, PHP 8.3+, Python 3.11+, Go 1.22+. Or use the Codespaces config (cmd-shift-P → "Codespaces: Create new").
The matrix.yml workflow runs on:
- Every push to
mainof this repo - Every release tag of
liqaa-js,liqaa-php,liqaa-python,liqaa-go(viarepository_dispatch) - Daily at 03:00 UTC (catches downstream dep changes)
Total runtime: ~6 min. Cost: $0 (free GitHub Actions minutes for public repos).
- Drop a YAML file in
scenarios/ - The runners auto-discover it
- Open a PR — CI runs the new scenario across all 4 SDKs
If three SDKs pass and one fails, the SDK is wrong, not the scenario.
Apache 2.0 — fork it, run it against your own video API, learn from it.