Webhooks & Events

remediation.plan_pending

Overview

Fired when a remediation plan awaits human authorization in the approvals queue.

Payloads are signed with HMAC-SHA256 using your webhook secret. Verify signatures before processing.

Who should read this

  • QA engineers, SREs, platform teams, and developers operating Zof Console and APIs.

When to use this workflow

  • Onboarding new team members to Zof terminology and workflows
  • Authoring internal runbooks aligned with Console labels
  • Designing CI/CD or webhook integrations against documented behavior

Step-by-step procedure

Subscribe

Include "remediation.plan_pending" in webhook events array at registration.

Use Admin Center or POST /v1/webhooks.

Verify delivery

Validate HMAC-SHA256 signature header against raw request body.

Return HTTP 200 within 10 seconds; queue heavy work asynchronously.

Handle idempotently

Store event id; ignore duplicate deliveries with same id.

Reconcile with Console state if payload and UI disagree.

Key concepts

Organization scope
All Zof Console and API operations are isolated to your authenticated tenant.
Governed execution
Agent output and remediation follow policy packs with human approval when configured.

Best practices

  • Respond with 2xx within 10 seconds; process asynchronously
  • Store event id for idempotent handling
  • Rotate webhook secrets periodically from Admin Center

Example payload envelope

{
  "id": "evt_abc123",
  "type": "remediation.plan_pending",
  "created": "2026-05-20T12:00:00Z",
  "data": {
    "object": {
      "id": "resource_id",
      "organization_id": "org_abc",
      "run_id": "run_xyz"
    }
  }
}

Was this page helpful?

01The operational surface

One surface for posture, operations, and what needs attention next.

The Zof home is not a marketing dashboard. It is the operational surface engineering, QA, and SRE teams use every day, quality posture, in-flight runs, coverage by module, and the actions a leader should look at next.

OPERATIONAL KPIs

  • Runs
  • Coverage
  • Risk

Live across every environment you ship to.

WORK SPINE

  • Specs
  • Tests
  • Schedules

From specification to scheduled regression.

GUARDRAILS

  • RBAC
  • SSO
  • audit

Every action attributable to a named human.

STAGING · LIVE/home
Zof AI home command center showing 12 runs at 94% pass, 3 open critical issues, 84% coverage, four module traceability bars, the specification pipeline, upcoming schedules, and recommended next actions with an active-runs sidebar.
Home view · Checkout Service · Staging · captured live from the product.
  • 01 · RUNS · 24H

    94% pass

    12 runs across staging

  • 02 · COVERAGE

    84%

    Across four modules

  • 03 · ACTIVE RUNS

    3 running

    Live on this branch

  • 04 · NEXT ACTIONS

    Recommended

    Triage gaps, new spec

remediation.plan_pending | Zof AI Documentation