Webhooks, not polls: wire Manav into your SIEM

Polling identity events is how you miss the breach. Manav pushes signed events to your SIEM in under 200 ms — and your SOC inherits the full agent trail without writing custom integrations.

The four event types

delegation.issued — a human signed a new delegation. delegation.consumed — an agent presented the delegation at a relying party and the action ran. delegation.revoked — the human pulled the cord; relying parties must stop honoring within the SLA. delegation.violation — a relying party rejected an action because scope, magnitude, or freshness failed.

The schema

{
 "id": "evt_01HF3Y...",
 "type": "delegation.consumed",
 "occurred_at": "2026-05-04T14:22:11.842Z",
 "human_did": "did:manav:0x1a2b...",
 "agent": "checkout-bot/2.4.1",
 "delegation_id": "del_01HF3X...",
 "scope": ["payments:create"],
 "tool": "stripe.charges.create",
 "params_hash": "sha256:c3f2...",
 "magnitude": {"currency":"USD","amount":47.50},
 "outcome": "ok",
 "signature": "ed25519:..."
}

Every event is signed by Manav's HSM-held key. Your SIEM can verify the signature on ingest and refuse to index unsigned or malformed events. The params_hash lets you cross-reference the relying party's own logs without exfiltrating the parameters.

Setup, in three steps

Register your endpoint in the Manav console with a shared secret. Manav signs every payload with HMAC-SHA256 over the body and includes the signature in X-Manav-Signature. Your endpoint replies 200 within 5 seconds; on non-2xx Manav retries with exponential backoff for 24 hours. Idempotency: every event has a stable id, so safe to replay.

Four alerts every SOC should run

Alert when an agent's scope is broader than its baseline 7-day average — the early signal of a compromised delegation. Alert when revocation latency exceeds 500 ms — your relying parties are not subscribed correctly. Alert when an agent's magnitude consumption is 3σ above its rolling average — runaway spend. Alert when a single human DID issues delegations to more than 50 agents in 24 hours — likely automated misuse.

Native integrations

Splunk and Sumo Logic ingest Manav webhooks via HEC out of the box. Datadog accepts the JSON via the Logs API. Chronicle uses the Webhook Connector. The schema fields map cleanly to common security-event taxonomies; the event-class is AGENT_DELEGATION in the Manav reference dashboards we ship for each platform.

Common objections

Engineers push back on three things. Latency — the cache makes verification 18 µs hot-path, fine for any production system. Vendor lock-in — the protocol is open, the spec is published, the reference implementation is forkable. Adding another auth dance — the integration is twelve lines and middleware, not a new platform to manage.

Frequently asked questions

What is the runtime cost? Single-digit milliseconds per tool call when the verification cache is warm. Cold verification is 1–2 ms. Both numbers are small relative to the LLM round-trip the agent is already paying.

Does it work with our existing agent framework? Yes. The protocol is host-agnostic. SDKs ship for Python, Go, Node, Rust, and TypeScript; integrations exist for LangChain, CrewAI, AutoGen, and the Claude Agent SDK. Anything that calls a tool can present a delegation.

What happens to delegations when an engineer leaves? They die at the human's offboarding. The IdP de-provisions the human; the device key is rotated; every active delegation that human signed is invalidated within 200 ms. No service-account graveyard for the new owner to clean up six months later.

Where to start

Hands-on next: audit trail design ships in twelve lines; kill switch design adds the operational layer once you have the basics. Both link to working repos; clone, integrate, run the bench.

Adjacent reading

For the integration path, start with MCP + Identity in 12 lines, then the cross-platform reference architecture. For the operational surface, see webhooks not polls and performance at 100k RPS. Each of those is a working repo; the integration takes a coffee break, the production hardening takes a sprint.

What polling architectures get wrong about agents

Polling worked for system-to-system integrations because the polling intervals were short relative to human decision-making. An agent operating at machine speed makes the polling assumption fail. Between two polls, an agent can issue thousands of actions, exceed magnitude caps, and complete the activity that should have triggered an oversight prompt. The integration that was correct for human-driven systems produces an oversight gap when retrofitted onto agents. Webhooks close the gap by inverting the data flow — the substrate notifies the relying party at the moment of action, not at the next polling interval. The latency improvement is the surface change. The deeper change is that the audit semantics shift from eventually-consistent to immediately-consistent, which is the consistency property regulators expect. Builders who retrofit polling onto agent integrations discover the gap during the first regulator engagement. Builders who started with webhooks discover their architecture was already compliant with a requirement they had not yet read.

If your SIEM polls for identity events, you find out about the compromise after it's done. Push or perish.