Choose events
Subscribe to the events that matter: run.completed, review.escalated, export.ready, alert.created. Each ships with a payload schema.
→Connectors for the systems your team already runs. Launch checks, proof archives, incident response, and the channels operators watch. Every event carries the context needed for consent and provenance to survive once it leaves us.
On the release path today. Typed payloads, signed delivery, evidence attached to every event.
Production-grade connectors covering launch checks, archives, and operator channels.
CI, data, incidents, collaboration, observability — grouped around how your team works.
Whether the connector is native or a raw webhook, every event is HMAC-signed. Downstream tools verify what fired, what changed, who reviewed it, and under what rights — so the consent chain holds once the event leaves us.
Subscribe to the events that matter: run.completed, review.escalated, export.ready, alert.created. Each ships with a payload schema.
→Point connectors or raw webhook endpoints at the scopes and verification rules your program requires.
→Every notification carries an HMAC signature back to the run, the reviewer, and the consent chain that triggered it, so downstream systems can verify where it came from.
The catalog is easier to scan when it matches how teams work — releases, data, incidents, collaboration, observability.
Gate releases with evaluation results before code or model changes ship.
Archive exports, results, and proof where analysts and auditors already look.
Turn critical failures and escalation events into tickets, alerts, and response workflows.
Push the right summary and proof link into the channels that keep operators aligned.
Stream health and run updates into the dashboards teams already trust during release windows.
Gate releases with evaluation results before code or model changes ship.
await client.integrations.github.dispatchWorkflow({ owner: 'aura', repo: 'evals', workflowId: 'ci.yml', ref: 'main' });One handler. Every payload is HMAC-signed, so you can prove it came from us, untampered, with the consent and provenance chain intact. Same response shape as the SDK. Archive, alert, or route from a single endpoint.
import { createHmac } from "crypto";
app.post("/webhooks/auraone", (req, res) => {
const signature = req.headers["x-auraone-signature"];
const expected = createHmac("sha256", process.env.AURAONE_WEBHOOK_SECRET!)
.update(JSON.stringify(req.body))
.digest("hex");
if (signature !== expected) return res.status(401).end();
if (req.body.event === "run.completed") {
archiveToS3(req.body.data.evidenceUrl);
postToSlack(req.body.data.summary);
}
res.status(200).json({ received: true });
});Map your connector choices, signed webhook events, and review outputs to a concrete docs path or a pilot engagement so your training data, packets, and handoff terms survive an EU AI Act audit.
Pick the events. Choose the destinations. Verify the signature once.
Signed events landing where auditors and operators already look, consent chain attached.