Integration smoke test (recommended order)
Step-by-step order to validate GitHub, Slack, and optional HTTP integrations with execution logs and proofs—not just “did it run.”
Follow this order the first time you wire a deployment. It matches how the product is built today: integration primitives (GitHub PAT / Slack webhook / HTTP) rather than full SaaS connectors.
What “testing integrations” actually means here
There are three layers. A smoke test is about proving they work together, not checking a single screen.
| Layer | Role | Examples |
|---|---|---|
Secrets (secrets table) | Encrypted store for raw credentials referenced by name | GITHUB_PAT, SLACK_WEBHOOK — values encrypted at rest; resolved only during a run when a node or integration config references them |
Integration configs (integration_configs) | Per-user row per provider: how workflows use that vendor | GitHub: inline PAT or secretKey, default repo owner/repo. Slack: webhook URL or webhookSecretKey |
| Workflow execution | github, slack, api nodes resolve credentials at runtime from the map above | If a required integration row is missing, requireIntegration fails the task deterministically (integration_missing in logs) instead of guessing |
Testing integrations = validate secrets (present, decryptable, correct shape), integration configs (saved, enabled, pointing at the right secret or inline value), and execution (node reaches the executor, external side effect + logs + proof). Skip any one layer and you are not testing the real path.
Clean environment: Run checks against a new workflow run (fresh workflow_run / new run id) when you care about proof payload hashes and log lineups. Comparing a new integration setup to stale runs mixes old task outputs into expectations and makes hash / metadata diffing ambiguous.
Operational cheat sheet: failure signals
Use this when triaging execution_logs.event_type, task errors, or integration save errors. It turns the guide from descriptive to operational (failure → likely cause).
| Signal | Likely cause |
|---|---|
integration_missing | No enabled integration_configs row for that provider on your user, but the node still ran the live path (typical on custom graphs; bundled presets usually branch on hasIntegration:* and stub instead). |
github_executor_missing_token | PAT not resolved: missing inline token, wrong or missing secretKey (secret row / name), broken secretRef env, or encryption not configured so secret-backed validation failed at save time. |
github_executor_invalid_repo | Bad owner/repo, empty repo string, or repository: "__default__" without a saved default on the GitHub integration. |
github_issue_create_failed | GitHub API rejected the create (permissions, rate limit, org rules, etc.) — read the log message / response snippet. |
slack_executor_missing_webhook | No usable webhook: missing webhookUrl / webhookSecretKey on the Slack config, secret decrypts to a non–hooks.slack.com URL, or integration row missing. |
slack_webhook_failed | Slack returned a non-OK HTTP status (revoked webhook, URL typo, payload rejected). |
invalid_repository (saving GitHub in the dashboard / POST /api/integrations/github) | defaultRepository not in owner/repo form (validation before any run). |
Expected log severity
When scanning the run timeline, execution_logs.level is as important as event_type:
| Pattern | Typical level |
|---|---|
integration_missing | warn (task still fails afterward; see task_failed / task_attempt_failed as error) |
github_issue_created, slack_webhook_sent | info |
github_executor_missing_token, github_executor_invalid_repo, slack_executor_missing_webhook | error |
github_issue_create_failed, slack_webhook_failed | error |
task_failed, task_attempt_failed | error |
Rule of thumb: *_created / *_sent → info, integration_missing → warn, *_failed / *_missing_* / executor validation errors → error.
For bundled presets, missing vendor config often shows as stub task output instead of the rows above — that is intentional. To force the diagnostic signals, use a workflow whose github / slack node is not behind hasIntegration:*, or temporarily disable the guard in a copy of the graph.
1. Start with GitHub (do this first)
Why first: Path is wired end-to-end, output is deterministic (a real issue), and the external result is easy to verify.
Setup
- Open Dashboard → Integrations.
- Under GitHub, save either:
- A Personal Access Token (classic:
repo, or fine-grained with Issues write on the target repo), or - A saved secret (
secretKey) whose value is the PAT — see GitHub Integration (PAT).
- A Personal Access Token (classic:
- Set default repository to
owner/repoif your workflow nodes userepository: "__default__".
Run a known-good workflow
Use one of:
- Verified Incident Response (demo) —
wf-cascades-incident-response - Incident Triage + Proof —
wf-incident-triage-proof
Both include GitHub on an escalation / notify path (with a hasIntegration:github gate on presets so missing config does not hard-fail the whole demo).
Use Run with sample inputs from the workflow builder, or POST /api/workflows/run with the sample context from each guide.
If everything is correct
- The workflow completes the branch that hits the live GitHub node.
- A real issue appears in your repository.
execution_logsinclude success-path events from the executor; on a successful create you should seegithub_issue_created(see GitHub Integration (PAT)).- Task output on the GitHub node includes issue metadata (number, URL, etc.).
proof_records/ proof payload hashing reflects those outputs — see Execution proofs.
If something fails
Use the Operational cheat sheet above.
Do not treat “run finished” as success until you have checked logs + task output + proof.
2. Then Slack (second step)
Why second: Simpler setup, but the structural proof is mostly in logs and run detail, not a durable artifact in your repo.
Setup
- Dashboard → Integrations → Slack — paste an incoming webhook URL (
https://hooks.slack.com/services/…) or awebhookSecretKeypointing at a secret whose value is that URL. - Run Incident Triage + Proof so the remediate → Slack branch can execute (again gated by
hasIntegration:slackon the preset).
Expected
- A message appears in the Slack channel for that webhook.
execution_logsincludeslack_webhook_senton success (orslack_webhook_failed/ executor errors if the URL or payload path fails).
3. Optional: generic API node
Use a safe, obvious endpoint, for example:
https://httpbin.org/post
This checks:
- HTTP executor wiring
{{ secrets.* }}interpolation in node params (if you use secrets)- Upstream payload flowing into the node
Inspect execution_logs, task output, and proof metadata the same way as for GitHub.
Known-good test path (baseline sanity check)
Use Incident Triage + Proof (wf-incident-triage-proof) as a single catalog reference. It exercises both vendor branches, but not in the same run — severity drives the condition. Use a fresh run per attempt (see Clean environment above).
Run A (high severity — escalation / GitHub)
Context: { "sampleAlert": { "id": "INC-0001", "severity": "high", "service": "api" } }
Requires: GitHub integration configured and hasIntegration:github TRUE on the live path.
- Expect: A GitHub issue is created in your default repo (visible in GitHub).
- Log:
github_issue_createdatinfo(see expected log severity). - Proof: Proof / task output for the GitHub node includes issue payload (e.g. issue number, URL, state) and contributes to the run’s proof hash — see Execution proofs.
Run B (low severity — remediation / Slack)
Context: { "sampleAlert": { "id": "INC-0002", "severity": "low", "service": "api" } }
Requires: Slack integration configured and hasIntegration:slack TRUE after remediate.
- Expect: A Slack message appears in the channel for your incoming webhook.
- Log:
slack_webhook_sentatinfo. - Proof: Proof / task output for the Slack node includes delivery payload (e.g.
httpStatus,messageTs, upstreambodyPreviewin the recorded output — not necessarily the full Slack message text, but enough to anchor the run).
After both runs
execution_logs— event types and levels match the tables above (or stub/guard behavior if an integration is absent).catalogItemId/ workflow id — stillwf-incident-triage-proofon each new run.
If both GitHub and Slack are configured, execute Run A and Run B once each on separate new runs — that is the minimal end-to-end baseline for this preset.
What to verify (minimum bar)
Do not stop at “the run completed.”
Confirm:
execution_logs— event types and severity (info/warn/error): e.g.github_issue_created,slack_webhook_sent,integration_missing, executor errors.- Task outputs — JSON on the node row reflects external IDs, URLs, or HTTP status where the executor records them.
proof_records— payload hash and metadata change in a way consistent with those outputs; see Execution proofs.- Metadata —
catalogItemId/ workflow identity consistent across run detail, proof, and API.
Minimal success criteria:
- GitHub creates real issues when the live branch runs.
- Slack delivers real messages when the live branch runs.
- Missing integrations fail cleanly (not silently) on graphs that hit a live node without config — e.g.
integration_missingand a failed task whenrequireIntegrationapplies; bundled presets may stub behindhasIntegration:*instead. - Proof records include external outputs in the hashed / persisted proof path where the platform records them.
What not to test yet
Avoid ServiceNow, n8n, or long multi-vendor chains until you have dedicated connector docs and credentials. Those need full connector layers beyond the current integration primitives (GitHub / Slack / HTTP + secrets).
Related guides
- Integration Overview — provider matrix and composition patterns
- GitHub Integration (PAT)
- Verified Incident Response (demo)
- Incident Triage + Proof
- Execution proofs
- DAG execution