# Integrations

## Supported types
- `outbound_webhook`
- `slack_webhook`
- `jira` (ticket policy + optional outbound signal)

## Security
- All secrets are stored encrypted (`AES-256-GCM`, `TokenCipher`).
- Plaintext secrets are not stored in the database.

## Webhook delivery
- Signed headers:
  - `X-Merchpilot-Signature`
  - `X-Merchpilot-Event`
  - `X-Merchpilot-Timestamp`
  - `X-Merchpilot-Idempotency-Key`
- Retries with backoff via `merch_webhook_deliveries`.

## Events
- `plan.created`, `plan.previewed`, `plan.submitted`, `plan.approved`, `plan.rejected`
- `run.queued`, `run.started`, `run.succeeded`, `run.failed`, `run.canceled`
- `campaign.scheduled`, `campaign.started`, `campaign.completed`, `campaign.failed`
- `drift.detected`, `drift.reconciled`