When a sandbox run finishes with one or more deviations, the FANGS notifier dispatches a single webhook POST per configured target containing the full deviation summary for that run. Targets are stored in the database and survive orchestrator restarts; delivery attempts are logged in theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/irchaosclub/FANGS/llms.txt
Use this file to discover all available pages before exploring further.
notifications table for audit and post-mortem. If the orchestrator is restarted mid-retry, the in-flight attempt is lost — the audit log records the last known state.
Adding a Notifier
Usefangs notifier add with the flags below:
| Flag | Required | Description |
|---|---|---|
-name | ✅ | Unique identifier for this target |
-url | ✅ | Webhook URL. Must be https:// in production; http:// only allowed for loopback hosts (127.0.0.1, localhost, ::1) |
-template | slack | discord | generic (default: generic) | |
-secret-env | Name of the env var holding the HMAC secret. Generic template only — ignored for Slack and Discord | |
-min-severity | Fire only when the run’s max deviation severity ≥ this value: low | medium | high | critical | |
-headers | Extra request headers as a JSON string-map, e.g. '{"X-API-Key":"$KEY"}' | |
-enabled | true | false (default: true) |
Templates
FANGS ships three built-in templates. Each produces a different JSON structure tuned for its target.- Slack
- Discord
- Generic (SIEM)
The Slack template produces an incoming-webhook payload using Block Kit. A top-level Up to 12 findings are shown inline; additional findings appear as a
text field ensures deviations appear in mobile push previews.… and N more line. Slack and Discord use the URL as the secret — the -secret-env flag is ignored for these templates.HMAC Request Signing
Generic-template targets can optionally sign every POST body with HMAC-SHA256. Set-secret-env to the name of a process environment variable that holds the shared secret. At delivery time the orchestrator reads the value of that env var, computes HMAC-SHA256(secret, body), and adds:
slack and discord templates — those services use the webhook URL itself as the authenticator.
Retry Policy
Each delivery attempt runs independently in a background goroutine. The retry logic is:| Outcome | Behavior |
|---|---|
| HTTP 2xx | Sent — no further attempts |
| HTTP 4xx (except 408, 429) | Permanent failure — no retry; bad request won’t improve |
| HTTP 408, 429 | Transient — retry with backoff |
| HTTP 5xx | Transient — retry with backoff |
| Network / timeout error | Transient — retry with backoff |
delay = baseDelay × 2^(attempt-1) with ±25% jitter, so concurrent targets don’t thunderherd. Default baseDelay is 1 second; maximum 5 attempts per run per target.
The retry state is in-memory only. If the orchestrator restarts while a target is mid-retry, that delivery is lost. The
notifications table records the last attempt status for post-mortem review.Severity Filtering
Use-min-severity to prevent low-signal runs from flooding a high-priority channel. The notifier evaluates the maximum deviation severity across the whole run before deciding whether to fire.
Managing Notifiers
fangs notifier test fires the appropriate template-specific test payload immediately without touching the deviation database. The test POST is not HMAC-signed even on targets that have -secret-env configured — it is a connectivity check only.
Boot-Time Notifiers File
Instead of runningfangs notifier add interactively, you can supply a JSON file at orchestrator startup with -notifiers-file. The orchestrator upserts each entry at boot. CLI-added entries coexist — the file is additive, not authoritative.
The file accepts either a top-level JSON array or an object with a notifiers key:
name, url, and template. Optional fields are secret_env, headers (map), min_severity, and enabled (boolean, default true).