# Agent Triggers

> Drive agent executions from webhooks, Slack mentions, Telegram, Microsoft Teams, WhatsApp Business, or a cron schedule. One trigger model, six sources.

Source: https://0.0.0.0:8080/docs/agent-triggers

Agent triggers turn an external event into an agent run. Pick whichever source fits where your users already work — the agent code stays the same.

| Source   | What fires it                                                                 |
| -------- | ----------------------------------------------------------------------------- |
| Webhook  | Any HTTP `POST` carrying a JSON body — CI/CD, monitoring, custom integrations |
| Slack    | Mentions in a channel, direct messages, or reactions on the bot's replies     |
| Telegram | Direct messages and group mentions                                            |
| WhatsApp | WhatsApp Business Cloud API messages                                          |
| Teams    | Microsoft Teams Bot Framework messages                                        |
| Schedule | A cron expression — no inbound request required                               |

For Slack, Telegram, Teams, and WhatsApp the agent's response is **posted back to the same channel automatically** — no extra plumbing. Chat history is remembered so the agent picks up where the conversation left off.

## How it feels for users

**Slack** — a teammate mentions the bot in `#incidents`, the agent investigates and replies in-thread. A 👍 reaction on the reply records a positive score for that run.

**Telegram** — someone DMs the bot, or @mentions it in a group; the agent answers in the same chat.

**Schedule** — set `0 9 * * *` and the agent runs every weekday at 9am with no human in the loop.

**Webhook** — your CI pipeline POSTs build metadata, the agent reviews the PR, and the run shows up in the executions list with the right trigger attribution.

## Setup, at a glance

1. Open the **Triggers** tab on the agent you want to wire up.
2. Pick a source — Webhook, Slack, Telegram, Teams, WhatsApp, or Schedule.
3. Add the credentials that source needs (signing secret, bot token, app secret) from your workspace credentials.
4. Copy the public hook URL into the upstream system, or set a cron expression for schedule triggers.

That's it. Activate / deactivate the trigger without deleting it whenever you want.

## What's enforced for you

- **Authentication**: every public URL carries a unique encrypted token; Slack signatures, Telegram secret tokens, WhatsApp app secrets, and generic-webhook HMACs are all verified before the agent runs.
- **Rate limiting**: each trigger is limited per token so a noisy channel can't drown out the rest of your workspace.
- **SSRF protection**: outbound reply URLs are validated against an allowlist of provider hosts.
- **Bot-loop prevention**: bot-authored messages never re-trigger the agent.
- **Replay protection**: signed requests outside the 5-minute window are rejected in both directions.
- **Horizontal scaling**: schedule triggers fire exactly once per interval no matter how many service replicas you run.

## Approvals & scoring

Trigger-driven executions go through the same pipeline as anything else, so you can:

- Pause for human approval before the agent posts a reply ([Approvals](/docs/approvals))
- Capture emoji reactions on Slack/Telegram replies as evaluation scores ([Scoring & Evaluation](/docs/scoring-and-evaluation))
- Inspect the full trace, cost, and token usage in the executions list

## SDKs

Manage triggers from any SDK:

| Language   | Surface                 |
| ---------- | ----------------------- |
| Python     | `client.agent_triggers` |
| JavaScript | `client.agentTriggers`  |
| Go         | `client.AgentTriggers`  |

The REST contract for managing triggers is in the [API Reference](/docs/rest-api-reference); the public inbound hook URLs sit under `/api/v1/hooks/*`.

## API key scopes

| Scope                  | Allows                              |
| ---------------------- | ----------------------------------- |
| `agent_triggers:read`  | List and view triggers              |
| `agent_triggers:write` | Create, update, and delete triggers |

Public hook URLs don't need an API key — the token in the URL is the credential.

## Related Topics

- [Sessions & Chat](/docs/sessions-and-chat) — How conversation memory ties into the chat surface
- [Approvals](/docs/approvals) — Pausing trigger-initiated executions for human review
- [Scoring & Evaluation](/docs/scoring-and-evaluation) — Reactions on chat replies feed score signals
- [Virtual Filesystem](/docs/virtual-filesystem) — Long-term memory for trigger-driven agents
- [API Reference](/docs/rest-api-reference) — Endpoint specs and OpenAPI schema