diff --git a/agent/security/security.go b/agent/security/security.go
index ac83026..4bec457 100644
--- a/agent/security/security.go
+++ b/agent/security/security.go
@@ -88,13 +88,27 @@ func SignPayload(data interface{}) string {
 	if psk == "" {
 		return ""
 	}
-	
-	bytes, err := json.Marshal(data)
+
+	// First marshal the struct to JSON
+	raw, err := json.Marshal(data)
+	if err != nil {
+		return ""
+	}
+
+	// Round-trip through a generic interface so json.Marshal
+	// will sort map keys alphabetically, matching the Python
+	// manager's json.dumps(sort_keys=True) canonicalization.
+	var canonical interface{}
+	if err := json.Unmarshal(raw, &canonical); err != nil {
+		return ""
+	}
+
+	sorted, err := json.Marshal(canonical)
 	if err != nil {
 		return ""
 	}
 
 	h := hmac.New(sha256.New, []byte(psk))
-	h.Write(bytes)
+	h.Write(sorted)
 	return hex.EncodeToString(h.Sum(nil))
 }