Webhooks and Demo Agent
This repository includes two public webhook routes and one public demo-agent stream route.Public operational routes
| Method | Route | Purpose |
|---|---|---|
POST | /api/webhooks/bridge | Receive Bridge transfer and KYC events |
POST | /api/webhooks/tempo | Receive Tempo transaction confirmation events |
POST | /api/demo/run-agent | Stream the demo agent terminal sequence as SSE |
Bridge webhook
Verification
- Header: canonical
x-webhook-signature - Compatibility header:
bridge-signature - Primary verification: RSA-SHA256 with
BRIDGE_WEBHOOK_SECRET - Fallback verification: HMAC-SHA256 for test or sandbox-style secrets
Canonical events handled
| Event type | Effect |
|---|---|
transfer.payment_processed | Updates payment_items.status by transfer id |
customer.updated | Updates employee kyc_status and records a compliance event |
card_transaction.created | Accepted without local persistence in the current code |
Compatibility events also accepted
transfer.state_changedkyc.status_updatedcard.transaction
Tempo webhook
Verification
- Header:
x-tempo-signature - Secret:
TEMPO_WEBHOOK_SECRET - Scheme: HMAC-SHA256 with
sha256=prefix
Events currently handled
| Event type | Effect |
|---|---|
transaction.confirmed | Marks a payroll run as completed and confirms its payment items |
transaction.failed | Marks the payroll run and payment items as failed |
Demo agent route
POST /api/demo/run-agent returns text/event-stream. The current implementation emits a scripted sequence that mirrors the sixty-second pitch:
- Session open
- Yield-rate request
- Treasury balance request
- Compliance sweep
- Payroll execute request
- Session close
scripts/demo-agent.ts script are built around this flow.