The full catalog of webhook events Mnemom emits — 47 events as of 2026-05-09, grouped by family. Every entry has a versioned JSON Schema, an example payload, and an emission-site reference. The schemas are the source of truth (canonical home:Documentation Index
Fetch the complete documentation index at: https://docs.mnemom.ai/llms.txt
Use this file to discover all available pages before exploring further.
mnemom-api/schemas/webhooks/). This page is generated by scripts/generate-webhook-catalog.mjs from mnemom-api/schemas/webhooks/index.json; CI ensures the page stays in sync with the catalog.
Every event in this catalog satisfies the seven contractual invariants — stable name, versioned JSON Schema, example payload, idempotency key, HMAC signature, retry policy, replay path. All entries are classified operator-actionable per §I15.
Catalog version: 2026-05-09. Subscription to a new endpoint defaults to event_types: [] (none) — explicit per-event opt-in is required.
Agent family
Lifecycle and exemption events for individual agents.agent.exemption.granted
Fired when an exemption is granted to an agent — temporarily relaxes a specific safe-house section for the agent. Operator-actionable: any exemption in the corpus warrants audit review.
agent.exemption.revoked
Fired when a previously-granted agent exemption is revoked. Tightens the safe-house surface for the agent.
agent.killed
Fired when an agent is killed — a stronger containment than paused. Gateway requests targeting the agent are rejected; reactivation requires explicit operator action.
agent.paused
Fired when an org owner/admin pauses an agent. The agent’s containment_status flips active → paused; gateway requests targeting the agent will be intercepted until resumed.
agent.resumed
Fired when a paused or killed agent is resumed. Containment_status transitions to active; gateway requests resume normal handling.
Billing family
Stripe-driven billing state and AAP transaction outcomes.subscription.status_changed
Fired when a billing subscription transitions state (e.g. trialing → active, active → past_due, active → cancelled). Surfaces customer-facing billing changes that may require operator action.
transaction.completed
Fired when an autonomous-operation transaction completes (CLPI policy evaluation pipeline finishes a billed operation).
Conscience family
Conscience escalations from AIP analysis and org-level values updates.conscience.escalation
Fired when AIP integrity-mode analysis detects conscience-level conflicts in agent reasoning that warrant operator attention beyond a routine boundary check. Companion to integrity.checkpoint/integrity.violation.
conscience.values_updated
Fired when an org owner/admin creates, updates, or removes a conscience value at the org level. Used by operator dashboards + audit pipelines to track governance-config drift.
Governance family
Card and template updates that flow through the composer to affect future agent turns.alignment_card.updated
Fired when an agent’s alignment card is updated. Operator-actionable: governance-config drift surfaces here.
org_alignment_template.deleted
Fired when an org-scope alignment template is cleared. Triggers recompose fan-out.
org_alignment_template.updated
Fired when an org-scope alignment template is set or updated. Triggers recompose fan-out (per ADR-044).
org_protection_template.deleted
Fired when an org-scope protection template is cleared.
org_protection_template.updated
Fired when an org-scope protection template is set or updated.
protection_card.updated
Fired when an agent’s protection card is updated.
Integrity family
AIP integrity-checkpoint events fired after every analyze pass.integrity.checkpoint
Fired on every AIP integrity-mode analyzer run regardless of verdict. Operators wanting a complete audit trail of integrity-mode evaluation subscribe to this; operators wanting paging-only on violations subscribe to integrity.violation instead.
integrity.violation
Fired when AIP analysis returns a boundary_violation verdict on agent reasoning. The agent’s response was either replaced (in enforce mode) or annotated (in nudge/observe mode) per the agent’s integrity_mode configuration. A companion integrity.checkpoint event always fires for the same checkpoint regardless of verdict — the violation event is a strict subset that lets operators page on boundary violations only.
Quota family
Org-level quota and risk-budget threshold crossings.quota.exceeded
Fired when integrity-check usage crosses the plan ceiling. Per ADR-050, this is operator-actionable — the customer should upgrade or expect overage billing per their plan terms.
quota.risk_exceeded
Fired when risk-assessment usage crosses plan ceiling.
quota.risk_warning
Fired once per period when risk-assessment usage crosses 80% of plan ceiling.
quota.sh_warning
Fired when Safe House usage cost-per-period crosses the customer-configured budget alert threshold.
quota.team_reputation_exceeded
Fired when team-reputation usage crosses plan ceiling.
quota.team_reputation_warning
Fired once per period when team-reputation usage crosses 80%.
quota.warning
Fired once per billing period when integrity-check usage crosses 80% of the plan ceiling. Operators are expected to upgrade plan or reduce usage before the quota.exceeded event fires.
Reputation family
Per-agent reputation evolution. (Catalog-only as of 2026-05-09 — emitter wiring pending.)reputation.grade_changed
Fired when an agent crosses a reputation-grade boundary (e.g. A → B → C). Coarser-grained companion to reputation.score_changed. (Declared, emitter currently absent.)
reputation.score_changed
Fired when an agent’s reputation score crosses a meaningful threshold. Operator-actionable signal for fleet-quality monitoring. (Declared in WEBHOOK_EVENT_TYPES; emitter currently absent — future producer in mnemom-api/src/reclassification/ or mnemom-api/src/intelligence/.)
Safe House family
Front-door evaluation outcomes and security tripwires. (Catalog-only as of 2026-05-09 — emitter wiring pending.)sh.campaign.detected
Fired when cross-session correlation detects a coordinated adversarial campaign targeting the agent or org. Strongest fleet-level operator signal.
sh.canary.triggered
Fired when a canary token (synthetic credential or sentinel string) appears in agent output — strong adversarial-behavior signal.
sh.evaluation.block
Fired when a Safe House evaluation blocks a request — strongest pre-ADR-040 verdict; the request was rejected.
sh.evaluation.quarantine
Fired when a Safe House evaluation quarantines a request — the request was set aside for operator inspection rather than passed through.
sh.evaluation.warn
Fired when a Safe House evaluation completes with a warn verdict — request was permitted but flagged for operator review. (Pre-ADR-040 shape; coexists with integrity.checkpoint/integrity.violation until Track 8 reconciles.)
sh.session.escalated
Fired when a session’s accumulated risk score crosses an escalation threshold — multiple borderline events in a session may not each warrant action, but the cumulative pattern does.
Sideband family
Cross-turn detector firings (drift, coherence, fault-line, fleet) and operator-marked drift resolutions.drift.resolved
Fired when an org owner/admin acknowledges a previously-fired drift alert. Closes the operator-side incident; companion event to sideband.drift.fired.
sideband.coherence.fired
Fired when team-coherence cron sweep detects a coherence regression for a team — pairwise governance floor below threshold, conflict edges above threshold, or specific outlier agents whose declared values diverge from the rest of the team. Per ADR-048 §I15 + ADR-025: coherence is operator-actionable; the agent receives no signal in its prompt. Operators are expected to inspect the team’s alignment cards and decide whether to reconcile.
sideband.drift.fired
Fired when N consecutive non-clear AIP verdicts in a session cross the configured drift-detection threshold. The agent’s behavior is drifting from its declared values across multiple turns. Operators are expected to investigate; the agent itself receives no signal (per ADR-048 §I15 — drift is operator-actionable, not agent-actionable). Replaces the legacy drift.detected event name (dropped 2026-05-09 per ADR-048 amendment + Q14 clean break).
sideband.fault_line.fired
Fired when team fault-line analysis detects a declared-values misalignment across a team — minority agents whose alignment cards diverge from the majority. Per ADR-048 §I15: operator-actionable; the agents themselves receive no signal.
sideband.fleet.fired
Fired when team-fleet-topology analysis detects a pattern: outliers (agents >1σ below fleet mean), cluster_partition (BFS components in the coherence graph), or min_pair_score below threshold.
Team family
Team lifecycle and membership events.team.archived
Fired when a team is archived. Member agents stay on their own alignment cards; team-scope composition no longer applies.
team.card_updated
Fired when a team’s alignment-template or protection-template card is set, updated, or cleared. Triggers mark_agents_for_recompose_for_team fan-out (per ADR-044 Piece 2).
team.created
Fired when a new team is created within an org.
team.member_added
Fired once per agent added to a team. Triggers team-scope composition for the agent on next gateway request (per ADR-044).
team.member_removed
Fired when an agent is removed from a team. Team-scope composition no longer contributes to the agent’s effective card.
Trace family
AAP alignment-trace verification and policy-violation events. (Emitted via the parallel AAP webhook rail — see debt #18.)policy.violation
Fired when CLPI policy evaluation flags a violation in agent behavior. Companion to integrity.violation for autonomy-checkpoint patterns.
trace.created
Fired when an AAP alignment trace is created. (Declared in WEBHOOK_EVENT_TYPES; emitter wiring follows AAP SDK integration.)
trace.escalation_required
Fired when AAP trace analysis identifies a pattern that warrants operator escalation beyond a routine trace.failed.
trace.failed
Fired when an AAP trace fails verification — signature mismatch, chain break, or boundary violation detected.
trace.verified
Fired when an AAP trace passes verification (signature + chain check + boundary analysis).
See also
- Webhook Contract — the seven contractual invariants.
- Headers reference —
X-Webhook-Signature+X-Webhook-Timestamp+X-Webhook-Iddelivery headers. - §I15 conformance audit — per-event classification and the surface-separation reasoning.