Lucim creates one durable delivery intent per published signal and active destination. Delivery is at least once across the external HTTP and database commit boundary.

Configure a destination

In Destinations, add an HTTPS webhook URL and store the signing secret once. An owner or admin can pause, test, update, or remove the destination.

Verify the signature

Lucim signs a timestamped raw request body with HMAC-SHA256. Verify the exact raw bytes before parsing JSON and enforce an acceptable timestamp tolerance. Relevant headers include:

Handle retries

1

Verify

Reject an invalid signature without processing the event.
2

Deduplicate

Store X-Lucim-Idempotency-Key before applying side effects. Return success for a key already processed.
3

Process

Persist the signal payload and every evidence_id needed by your workflow.
4

Respond

Return a 2xx response only after durable acceptance. Retryable transport failures, 408, 429, and 5xx responses back off until the attempt limit.
After the configured attempt limit, a retryable delivery becomes dead_letter and appears in Health.
Never deduplicate on summary text or request timestamp. Use the stable idempotency key.