mnemom-api/schemas/webhooks/). This page is generated by scripts/generate-webhook-catalog.mjs from mnemom-api/schemas/webhooks/index.json; CI ensures the page stays in sync with the catalog.
Every event in this catalog satisfies the seven contractual invariants — stable name, versioned JSON Schema, example payload, idempotency key, HMAC signature, retry policy, replay path. All entries are classified operator-actionable.
Catalog version: 2026-05-09. Subscription to a new endpoint defaults to event_types: [] (none) — explicit per-event opt-in is required.
Aegis family
advisory.published
Fired when an advisory row transitions from status=‘draft’ (or never-published) to status=‘published’. Emitted exactly once per transition by the PUT /v1/admin/security/advisories/ handler. Carries the slug + severity so subscribers can route on severity without re-fetching the body. The synthetic flag is the calm-at-GA transparency indicator.
ioc.added
Fired when a new row is inserted into the iocs table. The public STIX feed at GET /v1/trust/iocs surfaces the same rows; subscribers wire this webhook for real-time fan-out. Carries the indicator value + type + Traffic Light Protocol class so consumers can ingest without re-fetching the feed. last_seen_at updates on existing rows do NOT fire — only fresh insertions.
recipe.candidate.created
Fired when a new detection-recipe candidate is recorded for review. Candidates come from several sources — customer false-positive/false-negative reports, internal observation, researcher submissions, and manual admin proposals. A new candidate starts in pending state and awaits review before it can be promoted (or is auto-promoted when the source qualifies).
recipe.promoted
Fired at two lifecycle moments, disambiguated by the optional transition field: (1) initial promotion — a newly composed, signed recipe set is published; and (2) observe-to-active — a recipe that has passed its 24-hour observation soak within false-positive thresholds transitions from observe to active. Carries the ids of both signing keys so subscribers can correlate the event with the gateway’s served, signed envelope.
recipe.retired
Fired when a detection recipe is archived. Three reasons cover the lifecycle: zero_hits_window (nightly retirement sweep — no hits in the configured window and the recipe is older than that window), fp_rate_exceeded (nightly — cumulative false-positive rate above threshold, with a minimum-evaluations guard), and observe_soak_fp (false-positive rate at or above threshold during the 24-hour observe soak — auto-rollback before the rule ever serves in enforce).
reviewer-mode.changed
Fired when a platform admin updates platform_settings.reviewer_mode or the high-confidence threshold via PUT /v1/admin/settings/reviewer-mode. Auto-approval modes (auto-approve-trusted-sources, auto-approve-high-confidence) only accelerate tier-3 (severity_p=p2) promotions; tier 1-2 (p0/p1) recipes always require dual-control human approval. The dual-control invariant is enforced structurally by the recipes_active_requires_quorum CHECK constraint on detection_recipes + the promoter handler’s distinct-approver count — auto-mode cannot bypass it.
Agent family
Lifecycle and exemption events for individual agents.agent.exemption.granted
Fired when an exemption is granted to an agent — temporarily relaxes a specific safe-house section for the agent. Operator-actionable: any exemption in the corpus warrants audit review.
agent.exemption.revoked
Fired when a previously-granted agent exemption is revoked. Tightens the safe-house surface for the agent.
agent.killed
Fired when an agent is killed — a stronger containment than paused. Gateway requests targeting the agent are rejected; reactivation requires explicit operator action.
agent.paused
Fired when an org owner/admin pauses an agent. The agent’s containment_status flips active → paused; gateway requests targeting the agent will be intercepted until resumed.
agent.resumed
Fired when a paused or killed agent is resumed. Containment_status transitions to active; gateway requests resume normal handling.
Billing family
Stripe-driven billing state and AAP transaction outcomes.subscription.status_changed
Fired when a billing subscription transitions state (e.g. trialing → active, active → past_due, active → cancelled). Surfaces customer-facing billing changes that may require operator action.
transaction.completed
Fired when an autonomous-operation transaction completes (CLPI policy evaluation pipeline finishes a billed operation).
Conscience family
Conscience escalations from AIP analysis and org-level values updates.conscience.escalation
Fired when AIP integrity-mode analysis detects conscience-level conflicts in agent reasoning that warrant operator attention beyond a routine boundary check. Companion to integrity.checkpoint/integrity.violation.
conscience.values_updated
Fired when an org owner/admin creates, updates, or removes a conscience value at the org level. Used by operator dashboards + audit pipelines to track governance-config drift.
Governance family
Card and template updates that flow through the composer to affect future agent turns.alignment_card.updated
Fired when an agent’s alignment card is updated. Operator-actionable: governance-config drift surfaces here.
org_alignment_template.deleted
Fired when an org-scope alignment template is cleared. Triggers recompose fan-out.
org_alignment_template.updated
Fired when an org-scope alignment template is set or updated. Triggers recompose fan-out.
org_protection_template.deleted
Fired when an org-scope protection template is cleared.
org_protection_template.updated
Fired when an org-scope protection template is set or updated.
protection_card.updated
Fired when an agent’s protection card is updated.
Integrity family
AIP integrity-checkpoint events fired after every analyze pass.integrity.checkpoint
Fired on every AIP integrity-mode analyzer run regardless of verdict. Operators wanting a complete audit trail of integrity-mode evaluation subscribe to this; operators wanting paging-only on violations subscribe to integrity.violation instead.
integrity.violation
Fired when AIP analysis returns a boundary_violation verdict on agent reasoning. The agent’s response was either replaced (in enforce mode) or annotated (in nudge/observe mode) per the agent’s integrity_mode configuration. A companion integrity.checkpoint event always fires for the same checkpoint regardless of verdict — the violation event is a strict subset that lets operators page on boundary violations only.
Quota family
Org-level quota and risk-budget threshold crossings.quota.exceeded
Fired when integrity-check usage crosses the plan ceiling. This is operator-actionable — the customer should upgrade or expect overage billing per their plan terms.
quota.risk_exceeded
Fired when risk-assessment usage crosses plan ceiling.
quota.risk_warning
Fired once per period when risk-assessment usage crosses 80% of plan ceiling.
quota.sh_warning
Fired when Safe House usage cost-per-period crosses the customer-configured budget alert threshold.
quota.team_reputation_exceeded
Fired when team-reputation usage crosses plan ceiling.
quota.team_reputation_warning
Fired once per period when team-reputation usage crosses 80%.
quota.warning
Fired once per billing period when integrity-check usage crosses 80% of the plan ceiling. Operators are expected to upgrade plan or reduce usage before the quota.exceeded event fires.
Reputation family
Per-agent reputation evolution. (Catalog-only as of 2026-05-09 — emitter wiring pending.)reputation.grade_changed
Fired when an agent crosses a reputation-grade boundary (e.g. A → B → C). Coarser-grained companion to reputation.score_changed. (Declared, emitter currently absent.)
reputation.score_changed
Fired when an agent’s reputation score crosses a meaningful threshold. Operator-actionable signal for fleet-quality monitoring. (Declared in WEBHOOK_EVENT_TYPES; emitter currently absent — future producer in mnemom-api/src/reclassification/ or mnemom-api/src/intelligence/.)
Safe House family
Front-door evaluation outcomes and security tripwires. (Catalog-only as of 2026-05-09 — emitter wiring pending.)sh.campaign.detected
Fired when cross-session correlation detects a coordinated adversarial campaign targeting the agent or org. Strongest fleet-level operator signal.
sh.canary.triggered
Fired when a canary token (synthetic credential or sentinel string) appears in agent output — strong adversarial-behavior signal.
sh.evaluation.block
Fired when a Safe House evaluation blocks a request — strongest legacy verdict; the request was rejected.
sh.evaluation.quarantine
Fired when a Safe House evaluation quarantines a request — the request was set aside for operator inspection rather than passed through.
sh.evaluation.warn
Fired when a Safe House evaluation completes with a warn verdict — request was permitted but flagged for operator review. (Legacy shape; coexists with integrity.checkpoint/integrity.violation.)
sh.session.escalated
Fired when a session’s accumulated risk score crosses an escalation threshold — multiple borderline events in a session may not each warrant action, but the cumulative pattern does.
Sideband family
Cross-turn detector firings (drift, coherence, fault-line, fleet) and operator-marked drift resolutions.drift.resolved
Fired when an org owner/admin acknowledges a previously-fired drift alert. Closes the operator-side incident; companion event to sideband.drift.fired.
sideband.coherence.fired
Fired when team-coherence cron sweep detects a coherence regression for a team — pairwise governance floor below threshold, conflict edges above threshold, or specific outlier agents whose declared values diverge from the rest of the team. Coherence is operator-actionable; the agent receives no signal in its prompt. Operators are expected to inspect the team’s alignment cards and decide whether to reconcile.
sideband.drift.fired
Fired when N consecutive non-clear AIP verdicts in a session cross the configured drift-detection threshold. The agent’s behavior is drifting from its declared values across multiple turns. Operators are expected to investigate; the agent itself receives no signal (drift is operator-actionable, not agent-actionable). Replaces the legacy drift.detected event name (dropped 2026-05-09).
sideband.fault_line.fired
Fired when team fault-line analysis detects a declared-values misalignment across a team — minority agents whose alignment cards diverge from the majority. Operator-actionable; the agents themselves receive no signal.
sideband.fleet.fired
Fired when team-fleet-topology analysis detects a pattern: outliers (agents >1σ below fleet mean), cluster_partition (BFS components in the coherence graph), or min_pair_score below threshold.
Team family
Team lifecycle and membership events.team.archived
Fired when a team is archived. Member agents stay on their own alignment cards; team-scope composition no longer applies.
team.card_updated
Fired when a team’s alignment-template or protection-template card is set, updated, or cleared. Triggers mark_agents_for_recompose_for_team fan-out.
team.created
Fired when a new team is created within an org.
team.member_added
Fired once per agent added to a team. Triggers team-scope composition for the agent on next gateway request.
team.member_removed
Fired when an agent is removed from a team. Team-scope composition no longer contributes to the agent’s effective card.
Trace family
AAP alignment-trace verification and policy-violation events. (Emitted via the parallel AAP webhook rail.)policy.violation
Fired when CLPI policy evaluation flags a violation in agent behavior. Companion to integrity.violation for autonomy-checkpoint patterns.
trace.created
Fired when an AAP alignment trace is created. (Declared in WEBHOOK_EVENT_TYPES; emitter wiring follows AAP SDK integration.)
trace.escalation_required
Fired when AAP trace analysis identifies a pattern that warrants operator escalation beyond a routine trace.failed.
trace.failed
Fired when an AAP trace fails verification — signature mismatch, chain break, or boundary violation detected.
trace.verified
Fired when an AAP trace passes verification (signature + chain check + boundary analysis).
See also
- Webhook Contract — the seven contractual invariants.
- Headers reference —
X-Webhook-Signature+X-Webhook-Timestamp+X-Webhook-Iddelivery headers.