OmegaEngine · Webhooks

Real-time alerts for every decision that matters.

Configure webhooks to push OmegaEngine events to Slack, PagerDuty, or any HTTP endpoint. Filter by event type, risk score, or policy outcome — and verify every payload with HMAC signatures.

Supported Integrations

💬

Slack

Channel alerts for blocked decisions, high-risk events, and quota warnings.

🚨

PagerDuty

Incident routing for critical risk events with auto-escalation.

📧

Email

Digest or real-time email alerts to your security team.

🔗

Custom Webhook

Any HTTP endpoint. JSON payload with HMAC-SHA256 signature verification.

📊

Datadog

Push decision metrics to Datadog for custom dashboards and alerting.

🪵

Splunk / SIEM

Forward audit events to your SIEM for centralized security monitoring.

Create a Webhook

webhook-setup.ts

// Create a webhook for high-risk events
const webhook = await omega.webhooks.create({
  name: "High Risk Alerts",
  url: "https://hooks.slack.com/services/T00/B00/xxx",
  events: ["decision.blocked", "decision.escalated"],
  filters: {
    riskScoreAbove: 0.8,
  },
  secret: "whsec_your_signing_secret",
});

// Test the webhook
await omega.webhooks.test({ webhookId: webhook.id });
// → Sends a test payload and returns delivery status

Webhook Payload

Every webhook delivery includes the full decision context and an HMAC signature for verification:

payload.json

{
  "event": "decision.escalated",
  "timestamp": "2026-01-14T12:00:00Z",
  "decision": {
    "id": "dec_abc123",
    "outcome": "ESCALATE",
    "riskScore": 0.85,
    "scenario": "Transfer $100k to new vendor",
    "policyMatches": ["high_value_transfer", "new_vendor"],
    "auditId": "aud_xyz789"
  },
  "signature": "sha256=a1b2c3d4e5f6..."
}

Available Events

Event	Description	Severity
`decision.allowed`	Agent action was approved	Info
`decision.blocked`	Agent action was blocked by policy	Warning
`decision.escalated`	Decision requires human review	High
`fuzz.finding`	Red team found a vulnerability	Critical
`quota.warning`	Usage approaching org limit	Warning
`calibration.drift`	Risk calibration exceeded tolerance	High

Signature Verification

Always verify webhook signatures to prevent spoofed events:

verify.ts

import crypto from "crypto";

function verifyWebhook(payload: string, signature: string, secret: string) {
  const expected = crypto
    .createHmac("sha256", secret)
    .update(payload)
    .digest("hex");
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(`sha256=${expected}`)
  );
}

API Reference →Audit Trails