Shelvia
Developer referenceAvailable

Webhooks

Subscribe to memory events with HMAC-SHA256 signed delivery, delivery safeguards against private networks, and exponential retry backoff.

MEMORY EVENTSmemory.candidate.createdcontext_pack.generatedhandoff.generatedSigned dispatcherretry backoff1m → 5m → 30m → …TRUSTED DESTINATIONX-Shelvia-Signature-256x-shelvia-timestampno private networks

Events

  • memory.candidate.created
  • context_pack.generated
  • handoff.generated

Verifying a signature

import crypto from "node:crypto";

function verify(req, secret) {
  // Header X-Shelvia-Signature-256 is "sha256=<hex>"; HMAC-SHA256 over the raw body.
  const sig = req.headers["x-shelvia-signature-256"];
  const body = req.rawBody;
  const expected =
    "sha256=" + crypto.createHmac("sha256", secret).update(body).digest("hex");
  return crypto.timingSafeEqual(
    Buffer.from(sig), Buffer.from(expected)
  );
}

Retry backoff

Exponential backoff: 1m → 5m → 30m → 3h → 12h → 24h. The dispatcher refuses to deliver to private networks. Admin test delivery is available from Settings → API.

For runnable code samples and the developer reference, see /developers. For the trust model in depth, see /security.