grith.aidocs

Notifications: Slack

Route digest items and security events to a Slack channel via webhook.

Route grith events — queued digest items, canary fires, capability denials — to a Slack channel. Reviewers can approve or deny by clicking inline buttons.

1. Get an incoming webhook URL

In Slack, go to your workspace's app management:

  1. Apps → Add apps → Incoming Webhooks.
  2. Pick the channel that should receive grith notifications.
  3. Copy the webhook URL (it looks like https://hooks.slack.com/services/T.../B.../...).

2. Configure grith

Edit ~/.config/grith/config.toml:

[notifications.channels.slack]
enabled = true
webhook_url = "https://hooks.slack.com/services/T.../B.../..."
default_room = "#grith-alerts"
severity_map = { canary = "critical", queue = "warning", capability_deny = "high" }
allow_interactive = true

allow_interactive enables Slack-side approve/deny buttons. For that to work, grith also needs a way to receive Slack's callback — see Notification security for the HMAC callback setup.

3. Test

grith notifications test slack

You should see a test message in the configured channel within a couple of seconds.

What gets sent

By default:

  • Queue events — one message per queued digest item. Includes filter breakdown, session info, approve/deny/learn buttons.
  • Canary fires — high-severity alert. No interactive buttons; the canary already denied, this is for situational awareness.
  • Capability denies — informational unless severity_map.capability_deny is set to high or critical.

Customising what gets sent

[notifications.channels.slack]
events = ["queue", "canary", "capability_deny"]
exclude_filters = ["behavioural"]   # don't notify on behavioural-only queues
quiet_hours = { start = "22:00", end = "08:00", timezone = "Europe/London" }

quiet_hours suppresses non-critical events during the window — canary fires always send through regardless.

Multi-channel deployments

For "route critical to PagerDuty and everything else to Slack":

[notifications.channels.slack]
events = ["queue"]
# ... slack config

[notifications.channels.pagerduty]
events = ["canary", "capability_deny"]
# ... pagerduty config

See per-channel guides for the relevant setup.

See also

PreviousSetting up canary tokensNextNotifications: Discord
Last updated: 2026-05-14Edit this page on GitHub →
© 2026 grith. All rights reserved.