Replay data has a shorter lifetime than event history
Webhook payloads can include secrets. Tofu keeps request bodies and headers only for the replay window, then removes them while preserving useful event metadata.
Payload data expires first
Request bodies, headers, query data, and replay data are removed after the payload retention window.
Event history remains visible
Metadata such as method, path, received time, delivery status, and errors can stay available after replay data expires.
Replay is explicit
Expired events cannot be replayed. Tofu shows when replay is unavailable instead of silently retrying.
Manual expiry is available
If a webhook contains secrets, expire its payload immediately. The event remains visible for debugging context.
$ tofu events expire <event-id>Expire on demand
Remove the stored request body and headers immediately when an event includes data you no longer need. The event row remains visible for debugging context, but replay is no longer available.
Diagnosis context and AI
Delivery diagnosis uses retained metadata, selected headers, body preview, delivery status, target error text, and target response preview. Tofu redacts authorization, cookie, token, secret, API key, and signature-like values before sending context to an AI provider. It never sends the full retained raw body. After payload expiry, diagnosis can still use delivery metadata and target response previews, but provider-specific evidence may be weaker.