test: cover empty webhook list for creators with no registered webhooks (#551)

[CodingAngel1]

Summary\n\nCloses #551\n\nAdds an integration test verifying that GET /api/v1/creators/:id/webhooks returns 200 OK with an empty array (instead of 404 Not Found) when a creator exists in the system but has not registered any webhooks.\n\nThe listWebhooksHandler in src/modules/webhooks/webhook.controllers.ts delegates to webhookService.listWebhooks, which already returns [] when no rows match — so the controller behavior is correct. This PR ensures that documented behavior is locked in by an automated test.\n\n## Scope\n\n- Register a creator (User → StellarWallet → CreatorProfile) but intentionally do not register any webhooks.\n- Call GET /api/v1/creators/:id/webhooks with valid wallet-signed auth headers from the creator's own Stellar keypair.\n- Assert:\n - HTTP status 200\n - Response envelope: success: true\n - data is an array equal to []\n\n## Files Changed\n\n| File | Change |\n| --- | --- |\n| src/modules/webhooks/webhook.integration.test.ts | New describe block — empty list for creator with no webhooks. |\n\n## Test Design Notes\n\n- Creator ID format: positive-integer-format string (\"551001\") so it satisfies parseCreatorId in src/modules/webhooks/webhook-signature.middleware.ts (regex ^\\d+$). CreatorProfile.id is a Prisma String column, so this is accepted at the DB layer.\n- Dedicated Stellar keypair: Keypair.random() generated for this scenario so the signature middleware's ECDSA verification succeeds.\n- Auth path: reuses existing authHeadersFor(keypair, method, path, creatorId) helper to match the signing-payload format used by every other test in this file.\n- Sanity guard: asserts prisma.webhook.count({ where: { creatorId: emptyCreatorId } }) === 0 before the request.\n- Cleanup: afterAll removes webhooks → CreatorProfile → StellarWallet → User in dependency-safe order.\n\n## Acceptance Criteria Coverage\n\n| Acceptance criterion | Coverage |\n| --- | --- |\n| Register a creator but do not register any webhooks | beforeAll creates User/Wallet/CreatorProfile; webhook.create is never called. |\n| Call GET /creators/:id/webhooks with valid creator auth | Uses authHeadersFor(emptyKeypair, \"GET\", emptyListPath, emptyCreatorId) — passes Stellar signature verification. |\n| Returns 200 with empty array for creator with no webhook | res.status === 200, Array.isArray(res.body.data) === true, res.body.data deep-equals []. |\n\n## Verification\n\n\ndocker compose up -d postgres\nDATABASE_URL=postgresql://postgres:postgres@localhost:5432/accesslayer pnpm exec prisma db push --force-reset --skip-generate\npnpm exec prisma generate\nDATABASE_URL=postgresql://postgres:postgres@localhost:5432/accesslayer pnpm jest src/modules/webhooks/webhook.integration.test.ts -t \"#551\" --runInBand\npnpm exec tsc --noEmit\n\n\nVerified locally on this branch: the new #551 test passes and tsc --noEmit exits 0.\n\n## Risk\n\nLow. Test-only change; no production code modified.\n\n## Out of Scope\n\nPre-existing tests in the same file that still use non-integer creator IDs (e.g. \"webhook-test-creator-id\") and may not pass the current parseCreatorId middleware — tracked separately, not introduced by this PR.

[drips-wave]

@CodingAngel1 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits