smartcontractkit · MStreet3 · Feb 13, 2026 · Feb 5, 2026 · Feb 5, 2026 · Feb 5, 2026
@@ -0,0 +1,5 @@
+---
+"chainlink": patch
+---
+
+#bugfix passes http capability headers via MultiHeaders
@@ -4,10 +4,10 @@ go 1.25.5
 
 require (
 	github.com/ethereum/go-ethereum v1.16.8
-	github.com/smartcontractkit/chainlink-common v0.9.6-0.20260202175443-ee6c9d2f8935
-	github.com/smartcontractkit/chainlink-evm/gethwrappers v0.0.0-20251022073203-7d8ae8cf67c1
-	github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20251124151448-0448aefdaab9
-	github.com/smartcontractkit/cre-sdk-go v1.0.1-0.20251111122439-00032d582c18
+	github.com/smartcontractkit/chainlink-common v0.10.0
+	github.com/smartcontractkit/chainlink-evm/gethwrappers v0.0.0-20251222115927-36a18321243c
+	github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260210221717-2546aed27ebe
+	github.com/smartcontractkit/cre-sdk-go v1.3.0
 	github.com/smartcontractkit/cre-sdk-go/capabilities/blockchain/evm v0.10.0
 	github.com/smartcontractkit/cre-sdk-go/capabilities/networking/http v0.10.0
 	github.com/smartcontractkit/cre-sdk-go/capabilities/scheduler/cron v0.10.0
@@ -49,6 +49,7 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pion/dtls/v2 v2.2.12 // indirect
 	github.com/pion/transport/v2 v2.2.10 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_golang v1.23.0 // indirect
 	github.com/prometheus/client_model v0.6.2 // indirect

@@ -233,14 +233,14 @@ github.com/shirou/gopsutil v3.21.11+incompatible h1:+1+c1VGhc88SSonWP6foOcLhvnKl
 github.com/shirou/gopsutil v3.21.11+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
 github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=
 github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
-github.com/smartcontractkit/chainlink-common v0.9.6-0.20260202175443-ee6c9d2f8935 h1:Uj+LW45bBgdaDRF8C7hUtM8LOh7rZ5qZJxZhsTTusvY=
-github.com/smartcontractkit/chainlink-common v0.9.6-0.20260202175443-ee6c9d2f8935/go.mod h1:zBuRC7el/pQQB95t7JnLOvCfZ3lmi5jjXYRUY2XUD+g=
-github.com/smartcontractkit/chainlink-evm/gethwrappers v0.0.0-20251022073203-7d8ae8cf67c1 h1:NTODgwAil7BLoijS7y6KnEuNbQ9v60VUhIR9FcAzIhg=
-github.com/smartcontractkit/chainlink-evm/gethwrappers v0.0.0-20251022073203-7d8ae8cf67c1/go.mod h1:oyfOm4k0uqmgZIfxk1elI/59B02shbbJQiiUdPdbMgI=
-github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20251124151448-0448aefdaab9 h1:QRWXJusIj/IRY5Pl3JclNvDre0cZPd/5NbILwc4RV2M=
-github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20251124151448-0448aefdaab9/go.mod h1:jUC52kZzEnWF9tddHh85zolKybmLpbQ1oNA4FjOHt1Q=
-github.com/smartcontractkit/cre-sdk-go v1.0.1-0.20251111122439-00032d582c18 h1:x8NX+vQzScvg4XbKDA0NF8hfxpruOjR78fag3SxhwOo=
-github.com/smartcontractkit/cre-sdk-go v1.0.1-0.20251111122439-00032d582c18/go.mod h1:sgiRyHUiPcxp1e/EMnaJ+ddMFL4MbE3UMZ2MORAAS9U=
+github.com/smartcontractkit/chainlink-common v0.10.0 h1:d90b9UPJecrIryzhl43F1oQwkJQoug3TaANlJ1xLHyI=
+github.com/smartcontractkit/chainlink-common v0.10.0/go.mod h1:13YN2kb3Vqpw2S7d4IwhX/578WPGC0JHN5JrOnAEsOc=
+github.com/smartcontractkit/chainlink-evm/gethwrappers v0.0.0-20251222115927-36a18321243c h1:eX7SCn5AGUGduv5OrjbVJkUSOnyeal0BtVem6zBSB2Y=
+github.com/smartcontractkit/chainlink-evm/gethwrappers v0.0.0-20251222115927-36a18321243c/go.mod h1:oyfOm4k0uqmgZIfxk1elI/59B02shbbJQiiUdPdbMgI=
+github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260210221717-2546aed27ebe h1:Vc4zoSc/j6/FdCQ7vcyHTTB7kzHI2f+lHCHqFuiCcJQ=
+github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260210221717-2546aed27ebe/go.mod h1:Jqt53s27Tr0jDl8mdBXg1xhu6F8Fci8JOuq43tgHOM8=
+github.com/smartcontractkit/cre-sdk-go v1.3.0 h1:zzbNf8CDjadz4xLZPmv0UQIphxs8ChXs4ow+bmF+2OI=
+github.com/smartcontractkit/cre-sdk-go v1.3.0/go.mod h1:LpkUDTXm7DUL0JljsZN1or9mR4/QcGdBai+G1Ng5LPA=
 github.com/smartcontractkit/cre-sdk-go/capabilities/blockchain/evm v0.10.0 h1:G0w0cLzHy/5m74IzSGz1Ynjffym4ZxLeUrRLp8EFP5w=
 github.com/smartcontractkit/cre-sdk-go/capabilities/blockchain/evm v0.10.0/go.mod h1:VVJ4mvA7wOU1Ic5b/vTaBMHEUysyxd0gdPPXkAu8CmY=
 github.com/smartcontractkit/cre-sdk-go/capabilities/networking/http v0.10.0 h1:nP6PVWrrTIICvjwQuFitsQecQWbqpPaYzaTEjx92eTQ=

@@ -46,7 +46,7 @@ require (
 	github.com/shopspring/decimal v1.4.0
 	github.com/smartcontractkit/chainlink-automation v0.8.1
 	github.com/smartcontractkit/chainlink-ccip v0.1.1-solana.0.20260203202624-5101f4d33736
-	github.com/smartcontractkit/chainlink-common v0.9.6-0.20260211140822-b833b412cdd9
+	github.com/smartcontractkit/chainlink-common v0.10.0
 	github.com/smartcontractkit/chainlink-common/keystore v1.0.2-0.20260211140822-b833b412cdd9
 	github.com/smartcontractkit/chainlink-data-streams v0.1.11
 	github.com/smartcontractkit/chainlink-deployments-framework v0.80.1-0.20260209182815-b296b7df28a6
@@ -514,7 +514,7 @@ require (
 	github.com/smartcontractkit/chainlink-ton v0.0.0-20260209205928-e7e034ed7976 // indirect
 	github.com/smartcontractkit/chainlink-ton/deployment v0.0.0-20260209205928-e7e034ed7976 // indirect
 	github.com/smartcontractkit/chainlink-tron/relayer v0.0.11-0.20251014143056-a0c6328c91e9 // indirect
-	github.com/smartcontractkit/cre-sdk-go v0.7.1-0.20250919133015-2df149f34a81 // indirect
+	github.com/smartcontractkit/cre-sdk-go v1.3.0 // indirect
 	github.com/smartcontractkit/freeport v0.1.3-0.20250716200817-cb5dfd0e369e // indirect
 	github.com/smartcontractkit/grpc-proxy v0.0.0-20240830132753-a7e17fec5ab7 // indirect
 	github.com/smartcontractkit/mcms v0.35.1-0.20260209175626-b68b54b6e8d0 // indirect

@@ -1612,8 +1612,8 @@ github.com/smartcontractkit/chainlink-ccip/deployment v0.0.0-20260129103204-4c84
 github.com/smartcontractkit/chainlink-ccip/deployment v0.0.0-20260129103204-4c8453dd8139/go.mod h1:gUbichNQBqk+fBF2aV40ZkzFmAJ8SygH6DEPd3cJkQE=
 github.com/smartcontractkit/chainlink-ccv v0.0.0-20260209181943-d6573e8f312f h1:F++iE5sQU020cJbbTosGgyPn2m3A0h2IOWoCKt/QWU8=
 github.com/smartcontractkit/chainlink-ccv v0.0.0-20260209181943-d6573e8f312f/go.mod h1:qvqpDbul4XF237R3zElpI0gyxWINg46YjQh68N4K5CU=
-github.com/smartcontractkit/chainlink-common v0.9.6-0.20260211140822-b833b412cdd9 h1:HX9SbpoRWUB1w8KtkXfN8gGI8+dE7NYuNYfuDQ3E8sI=
-github.com/smartcontractkit/chainlink-common v0.9.6-0.20260211140822-b833b412cdd9/go.mod h1:13YN2kb3Vqpw2S7d4IwhX/578WPGC0JHN5JrOnAEsOc=
+github.com/smartcontractkit/chainlink-common v0.10.0 h1:d90b9UPJecrIryzhl43F1oQwkJQoug3TaANlJ1xLHyI=
+github.com/smartcontractkit/chainlink-common v0.10.0/go.mod h1:13YN2kb3Vqpw2S7d4IwhX/578WPGC0JHN5JrOnAEsOc=
 github.com/smartcontractkit/chainlink-common/keystore v1.0.2-0.20260211140822-b833b412cdd9 h1:dWqd2lOW3GbwtgZEeDSDI1b1X175MPOlCU6GDQQVBjk=
 github.com/smartcontractkit/chainlink-common/keystore v1.0.2-0.20260211140822-b833b412cdd9/go.mod h1:SMegDBf3KDs2tuKApmTRyO2xQthMu3gV2J+IuHEs0Y0=
 github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.11-0.20251211140724-319861e514c4 h1:NOUsjsMzNecbjiPWUQGlRSRAutEvCFrqqyETDJeh5q4=
@@ -1700,8 +1700,8 @@ github.com/smartcontractkit/chainlink-tron/relayer v0.0.11-0.20251014143056-a0c6
 github.com/smartcontractkit/chainlink-tron/relayer v0.0.11-0.20251014143056-a0c6328c91e9/go.mod h1:h9hMs6K4hT1+mjYnJD3/SW1o7yC/sKjNi0Qh8hLfiCE=
 github.com/smartcontractkit/chainlink-tron/relayer/gotron-sdk v0.0.5-0.20251014124537-af6b1684fe15 h1:idp/RjsFznR48JWGfZICsrpcl9JTrnMzoUNVz8MhQMI=
 github.com/smartcontractkit/chainlink-tron/relayer/gotron-sdk v0.0.5-0.20251014124537-af6b1684fe15/go.mod h1:ea1LESxlSSOgc2zZBqf1RTkXTMthHaspdqUHd7W4lF0=
-github.com/smartcontractkit/cre-sdk-go v0.7.1-0.20250919133015-2df149f34a81 h1:CfnjzJvn3iX93PzdGucyGJmgv/KDXv8DfKcLw/mix24=
-github.com/smartcontractkit/cre-sdk-go v0.7.1-0.20250919133015-2df149f34a81/go.mod h1:CQY8hCISjctPmt8ViDVgFm4vMGLs5fYI198QhkBS++Y=
+github.com/smartcontractkit/cre-sdk-go v1.3.0 h1:zzbNf8CDjadz4xLZPmv0UQIphxs8ChXs4ow+bmF+2OI=
+github.com/smartcontractkit/cre-sdk-go v1.3.0/go.mod h1:LpkUDTXm7DUL0JljsZN1or9mR4/QcGdBai+G1Ng5LPA=
 github.com/smartcontractkit/cre-sdk-go/capabilities/scheduler/cron v0.8.0 h1:aO++xdGcQ8TpxAfXrm7EHeIVLDitB8xg7J8/zSxbdBY=
 github.com/smartcontractkit/cre-sdk-go/capabilities/scheduler/cron v0.8.0/go.mod h1:PWyrIw16It4TSyq6mDXqmSR0jF2evZRKuBxu7pK1yDw=
 github.com/smartcontractkit/freeport v0.1.3-0.20250716200817-cb5dfd0e369e h1:Hv9Mww35LrufCdM9wtS9yVi/rEWGI1UnjHbcKKU0nVY=

@@ -286,6 +286,7 @@ func (h *gatewayHandler) createHTTPRequestCallback(ctx context.Context, requestI
 		return gateway_common.OutboundHTTPResponse{
 			StatusCode:              resp.StatusCode,
 			Headers:                 resp.Headers,
+			MultiHeaders:            resp.MultiHeaders,
 			Body:                    resp.Body,
 			ExternalEndpointLatency: externalEndpointLatency,
 		}
@@ -331,7 +332,8 @@ func (h *gatewayHandler) makeOutgoingRequest(ctx context.Context, resp *jsonrpc.
 	httpReq := network.HTTPRequest{
 		Method:           req.Method,
 		URL:              req.URL,
-		Headers:          req.Headers,
+		Headers:          req.Headers, //nolint:staticcheck // forward deprecated Headers for backward compatibility; request uses MultiHeaders when set
+		MultiHeaders:     req.MultiHeaders,
 		Body:             req.Body,
 		MaxResponseBytes: req.MaxResponseBytes,
 		Timeout:          timeout,

@@ -5,11 +5,11 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"maps"
 	"testing"
 	"time"
 
 	"github.com/google/uuid"
-
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
 
@@ -148,6 +148,86 @@ func TestHandleNodeMessage(t *testing.T) {
 		handler.wg.Wait()
 	})
 
+	t.Run("successful node message handling with MultiHeaders", func(t *testing.T) {
+		mockDon := handler.don.(*handlermocks.DON)
+		mockHTTPClient := handler.httpClient.(*httpmocks.HTTPClient)
+
+		// Prepare outbound request
+		outboundReq := gateway_common.OutboundHTTPRequest{
+			Method:        "GET",
+			URL:           "https://example.com/api/multiheaders-test",
+			TimeoutMs:     5000,
+			MultiHeaders:  map[string][]string{"Content-Type": {"application/json"}},
+			Body:          []byte(`{"test": "data"}`),
+			CacheSettings: gateway_common.CacheSettings{},
+		}
+		reqBytes, err := json.Marshal(outboundReq)
+		require.NoError(t, err)
+
+		id := fmt.Sprintf("%s/%s", gateway_common.MethodHTTPAction, uuid.New().String())
+		rawRequest := json.RawMessage(reqBytes)
+		resp := &jsonrpc.Response[json.RawMessage]{
+			ID:     id,
+			Result: &rawRequest,
+		}
+
+		// Response with multiple Set-Cookie headers
+		httpResp := &network.HTTPResponse{
+			StatusCode: 200,
+			Headers: map[string]string{
+				"Set-Cookie": "sessionid=abc123; Path=/; HttpOnly",
+			},
+			MultiHeaders: map[string][]string{
+				"Set-Cookie": {
+					"sessionid=abc123; Path=/; HttpOnly",
+					"csrf_token=xyz789; Path=/; Secure",
+				},
+			},
+			Body: []byte(`{"result": "success"}`),
+		}
+
+		mockHTTPClient.EXPECT().Send(mock.Anything, mock.MatchedBy(func(req network.HTTPRequest) bool {
+			return req.Method == "GET" && req.URL == "https://example.com/api/multiheaders-test"
+		})).Return(httpResp, nil).Once()
+
+		capturedResponse := &gateway_common.OutboundHTTPResponse{}
+		mockDon.EXPECT().SendToNode(mock.Anything, "node1", mock.MatchedBy(func(req *jsonrpc.Request[json.RawMessage]) bool {
+			if req.Params == nil {
+				return false
+			}
+			paramsStr := string(*req.Params)
+			if !json.Valid(*req.Params) {
+				return false
+			}
+			err2 := json.Unmarshal(*req.Params, capturedResponse)
+			if err2 != nil {
+				t.Logf("Failed to unmarshal response: %v, params: %s", err2, paramsStr)
+				return false
+			}
+			if capturedResponse.StatusCode != 200 {
+				return false
+			}
+			return req.ID == id
+		})).Return(nil)
+
+		err = handler.HandleNodeMessage(testutils.Context(t), resp, "node1")
+		require.NoError(t, err)
+		handler.wg.Wait()
+
+		// Verify the response was captured
+		require.Equal(t, 200, capturedResponse.StatusCode, "Response should have status code 200")
+		require.NotNil(t, capturedResponse.MultiHeaders, "MultiHeaders should not be nil")
+		require.NotEmpty(t, capturedResponse.MultiHeaders, "MultiHeaders should not be empty")
+		setCookieValues, ok := capturedResponse.MultiHeaders["Set-Cookie"]
+		require.True(t, ok, "Set-Cookie header should be in MultiHeaders, got: %+v", capturedResponse.MultiHeaders)
+		require.Len(t, setCookieValues, 2, "Should have 2 Set-Cookie headers, got: %v", setCookieValues)
+		require.Contains(t, setCookieValues, "sessionid=abc123; Path=/; HttpOnly")
+		require.Contains(t, setCookieValues, "csrf_token=xyz789; Path=/; Secure")
+
+		// Verify backward compatibility: all keys in MultiHeaders should be in Headers
+		verifyBackwardCompatibility(t, capturedResponse.Headers, capturedResponse.MultiHeaders) //nolint:staticcheck // SA1019: intentionally asserting deprecated Headers for backward compatibility
+	})
+
 	t.Run("returns cached response if available", func(t *testing.T) {
 		outboundReq := gateway_common.OutboundHTTPRequest{
 			Method:    "GET",
@@ -282,6 +362,7 @@ func TestServiceLifecycle(t *testing.T) {
 		require.NoError(t, err)
 	})
 }
+
 func TestHandleNodeMessage_RoutesToTriggerHandler(t *testing.T) {
 	// This test covers the case where the response ID does not contain a "/"
 	// and should be routed to the triggerHandler.HandleNodeTriggerResponse.
@@ -415,6 +496,14 @@ func createTestHandler(t *testing.T) *gatewayHandler {
 	return createTestHandlerWithConfig(t, cfg)
 }
 
+// verifyBackwardCompatibility checks that all keys in MultiHeaders are also present in Headers
+// with non-empty values. Same logic as in gateway/network/httpclient_test.go (package boundary).
+func verifyBackwardCompatibility(t *testing.T, headers map[string]string, multiHeaders map[string][]string) {
+	for key := range maps.Keys(multiHeaders) {
+		require.NotEmpty(t, headers[key], "Headers should contain %s for backward compatibility", key)
+	}
+}
+
 func createTestHandlerWithConfig(t *testing.T, cfg ServiceConfig) *gatewayHandler {
 	configBytes, err := json.Marshal(cfg)
 	require.NoError(t, err)
@@ -494,6 +583,83 @@ func TestCreateHTTPRequestCallback(t *testing.T) {
 		require.Nil(t, response.Body)
 	})
 
+	t.Run("response with MultiHeaders is passed through correctly", func(t *testing.T) {
+		handler := createTestHandler(t)
+		mockHTTPClient := handler.httpClient.(*httpmocks.HTTPClient)
+
+		expectedResp := &network.HTTPResponse{
+			StatusCode: 200,
+			Headers: map[string]string{
+				"Set-Cookie": "sessionid=abc123; Path=/; HttpOnly, csrf_token=xyz789; Path=/; Secure",
+				"Via":        "1.0 proxy1,1.1 proxy2",
+			},
+			MultiHeaders: map[string][]string{
+				"Set-Cookie": {
+					"sessionid=abc123; Path=/; HttpOnly",
+					"csrf_token=xyz789; Path=/; Secure",
+				},
+				"Via": {
+					"1.0 proxy1",
+					"1.1 proxy2",
+				},
+			},
+			Body: []byte(`{"result": "success"}`),
+		}
+
+		mockHTTPClient.EXPECT().Send(mock.Anything, mock.Anything).Return(expectedResp, nil)
+
+		callback := handler.createHTTPRequestCallback(ctx, requestID, httpReq, outboundReq)
+		response := callback()
+
+		require.Equal(t, expectedResp.StatusCode, response.StatusCode)
+		require.Equal(t, expectedResp.Body, response.Body)
+		require.Empty(t, response.ErrorMessage)
+
+		// Verify MultiHeaders are passed through
+		require.NotNil(t, response.MultiHeaders, "MultiHeaders should not be nil")
+		require.Len(t, response.MultiHeaders["Set-Cookie"], 2, "Should have 2 Set-Cookie headers")
+		require.Contains(t, response.MultiHeaders["Set-Cookie"], "sessionid=abc123; Path=/; HttpOnly")
+		require.Contains(t, response.MultiHeaders["Set-Cookie"], "csrf_token=xyz789; Path=/; Secure")
+		require.Len(t, response.MultiHeaders["Via"], 2, "Should have 2 Via headers")
+		require.Contains(t, response.MultiHeaders["Via"], "1.0 proxy1")
+		require.Contains(t, response.MultiHeaders["Via"], "1.1 proxy2")
+
+		// Verify Headers field is also set (for backward compatibility)
+		require.NotNil(t, response.Headers, "Headers should not be nil")                         //nolint:staticcheck // SA1019: assert deprecated Headers for backward compatibility
+		require.NotEmpty(t, response.Headers["Set-Cookie"], "Headers should contain Set-Cookie") //nolint:staticcheck // SA1019: assert deprecated Headers for backward compatibility
+		require.NotEmpty(t, response.Headers["Via"], "Headers should contain Via")               //nolint:staticcheck // SA1019: assert deprecated Headers for backward compatibility
+
+		// Verify backward compatibility: all keys in MultiHeaders should be in Headers
+		verifyBackwardCompatibility(t, response.Headers, response.MultiHeaders) //nolint:staticcheck // SA1019: intentionally asserting deprecated Headers for backward compatibility
+	})
+
+	t.Run("response with empty MultiHeaders still sets Headers", func(t *testing.T) {
+		handler := createTestHandler(t)
+		mockHTTPClient := handler.httpClient.(*httpmocks.HTTPClient)
+
+		expectedResp := &network.HTTPResponse{
+			StatusCode: 200,
+			Headers:    map[string]string{"Content-Type": "application/json"},
+			MultiHeaders: map[string][]string{
+				"Content-Type": {"application/json"},
+			},
+			Body: []byte(`{"result": "success"}`),
+		}
+
+		mockHTTPClient.EXPECT().Send(mock.Anything, mock.Anything).Return(expectedResp, nil)
+
+		callback := handler.createHTTPRequestCallback(ctx, requestID, httpReq, outboundReq)
+		response := callback()
+
+		require.Equal(t, expectedResp.StatusCode, response.StatusCode)
+		require.NotNil(t, response.MultiHeaders)
+		require.Equal(t, []string{"application/json"}, response.MultiHeaders["Content-Type"])
+		require.Equal(t, "application/json", response.Headers["Content-Type"]) //nolint:staticcheck // SA1019: assert deprecated Headers for backward compatibility
+
+		// Verify backward compatibility: all keys in MultiHeaders should be in Headers
+		verifyBackwardCompatibility(t, response.Headers, response.MultiHeaders) //nolint:staticcheck // SA1019: intentionally asserting deprecated Headers for backward compatibility
+	})
+
 	t.Run("HTTP read error sets IsExternalEndpointError to true", func(t *testing.T) {
 		handler := createTestHandler(t)
 		mockHTTPClient := handler.httpClient.(*httpmocks.HTTPClient)

@@ -28,9 +28,11 @@ import (
 	"github.com/smartcontractkit/chainlink/v2/core/utils"
 )
 
-const workflowID = "0x1234567890abcdef1234567890abcdef12345678901234567890abcdef123456"
-const workflowOwner = "0x1234567890abcdef1234567890abcdef12345678"
-const requestID = "test-request-id"
+const (
+	workflowID    = "0x1234567890abcdef1234567890abcdef12345678901234567890abcdef123456"
+	workflowOwner = "0x1234567890abcdef1234567890abcdef12345678"
+	requestID     = "test-request-id"
+)
 
 func createTestMetrics(t *testing.T, donConfig *config.DONConfig) *metrics.Metrics {
 	m, err := metrics.NewMetrics(donConfig)
@@ -512,7 +514,7 @@ func TestHttpTriggerHandler_ServiceLifecycle(t *testing.T) {
 	})
 }
 
-func registerWorkflow(t *testing.T, handler *httpTriggerHandler, workflowID string, privateKey *ecdsa.PrivateKey) {
+func registerWorkflow(_ *testing.T, handler *httpTriggerHandler, workflowID string, privateKey *ecdsa.PrivateKey) {
 	handler.workflowMetadataHandler.authorizedKeys[workflowID] = map[gateway_common.AuthorizedKey]struct{}{
 		{
 			KeyType:   gateway_common.KeyTypeECDSAEVM,
@@ -1058,6 +1060,7 @@ func TestHttpTriggerHandler_HandleUserTriggerRequest_WorkflowLookup(t *testing.T
 		requireUserErrorSent(t, r, jsonrpc.ErrInvalidRequest)
 	})
 }
+
 func TestHttpTriggerHandler_HandleUserTriggerRequest_Validation(t *testing.T) {
 	handler, mockDon := createTestTriggerHandler(t)
 

@@ -43,7 +43,7 @@ func isCacheableStatusCode(statusCode int) bool {
 
 // isExpiredOrNotCached returns true if the cached response is expired or not cached.
 // IMPORTANT: this method does not lock the cache map. MUST be called with the cacheMu locked.
-func (rc *responseCache) isExpiredOrNotCached(workflowID string, req gateway.OutboundHTTPRequest) bool {
+func (rc *responseCache) isExpiredOrNotCached(_ string, req gateway.OutboundHTTPRequest) bool {
 	cachedResp, exists := rc.cache[req.Hash()]
 	if !exists || time.Now().After(cachedResp.storedAt.Add(rc.ttl)) {
 		return true