Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/irchaosclub/FANGS/llms.txt

Use this file to discover all available pages before exploring further.

The fangs notifier command manages webhook delivery targets — the endpoints the orchestrator POSTs to when new deviations are detected. FANGS supports Slack and Discord out of the box, as well as a generic JSON template for custom integrations. Each notifier can be filtered by minimum severity, secured with an HMAC secret, and enriched with extra request headers. Once registered, notifiers fire automatically after every Differ run that produces deviations.

Subcommands

SubcommandPurpose
notifier listShow all configured webhook targets
notifier addRegister a new webhook target
notifier remove <name>Delete a webhook target by name
notifier test <name>Fire a synthetic test payload to verify connectivity
notifier history -run <run_id>Inspect delivery attempts for a specific run

fangs notifier list

Returns every row from the notifiers table — both enabled and disabled targets. 
fangs notifier list

Output columns

ColumnDescription
NAMEUnique identifier for the notifier
TEMPLATEPayload template: slack, discord, or generic
URLWebhook URL, truncated to 50 characters in table output
ENABLEDyes or no
MIN_SEVMinimum deviation severity required to fire; any if no threshold is set
HMACno if no HMAC secret is configured; otherwise $ENV_VAR_NAME
UPDATEDRFC 3339 timestamp of the last notifier add or update for this entry

Empty state

When no notifiers are configured, notifier list prints an example command: 
no notifiers configured. add one:
  fangs notifier add -name soc-slack -url https://hooks.slack.com/... -template slack

fangs notifier add

Inserts or updates a webhook target. The operation is idempotent on name — re-running with the same name updates all other fields in place. 
fangs notifier add -name <name> -url <url> [flags]

Flags

-name
string
required
A unique human-readable identifier for this target, e.g. soc-slack or security-discord. Used as the primary key — supplying an existing name performs an upsert.
-url
string
required
The full webhook URL the orchestrator will POST to. Use HTTPS in production environments. For Slack, this is the Incoming Webhook URL; for Discord, the channel webhook URL appended with /slack or /json.
-template
string
default:"generic"
Payload format. Accepted values:
  • slack — sends a Slack-compatible {"text": "..."} envelope
  • discord — sends a Discord embed via {"username": "FANGS", "embeds": [...]}
  • generic — sends a structured JSON object with source, schema_version, and deviation detail fields
-secret-env
string
The name of an environment variable (not the value itself) that holds the HMAC-SHA256 signing secret. When set, the orchestrator reads the secret from the environment at delivery time and attaches an X-FANGS-Signature: sha256=<hex> header. Note: HMAC signing is silently skipped for slack and discord templates at delivery time — those templates use the webhook URL as their shared secret. Stored as the variable name so the secret never touches the database.
-min-severity
string
Only fire this notifier when at least one deviation in the run has severity at or above this level. Accepted values: low, medium, high, critical. When omitted, the notifier fires for all severity levels.
-headers
string
A JSON string-map of additional HTTP request headers to include with every delivery, e.g. {"Authorization":"Bearer $TOKEN","X-Team":"security"}. The value is validated as a map[string]string at add time. Environment variable references in values are not expanded by FANGS — use a reverse proxy or secrets injection if you need dynamic header values.
-enabled
bool
default:"true"
Whether the notifier is active immediately. Set to false to register a target in a disabled state for later activation via another notifier add call.

Examples

fangs notifier add \
  -name soc-slack \
  -url https://hooks.slack.com/services/T000/B000/xxxx \
  -template slack \
  -min-severity critical

fangs notifier remove

Permanently deletes a webhook target by its exact name. The operation is idempotent — removing a name that does not exist returns without error. 
fangs notifier remove <name>
Removing a notifier also removes its entry from the delivery configuration going forward. Historical delivery attempts in notifier history are preserved in the notifications audit log and remain queryable by run ID.

fangs notifier test

Fires a synthetic POST request directly to the named notifier’s URL to verify that the endpoint is reachable and accepting requests. Test payloads are not HMAC-signed, regardless of the notifier’s secret-env setting. 
fangs notifier test <name>
The HTTP client enforces a 10-second timeout. On success, the command prints the HTTP status code and a confirmation line. On failure, it returns a non-zero exit code with the HTTP status.

Test payload by template

{"text":"FANGS notifier test — if you see this, your Slack webhook is wired correctly."}

Example output

→ POST https://hooks.slack.com/services/T000/B000/xxxx
  HTTP 200
✓ test notification accepted
notifier test uses the stored URL and headers but skips HMAC signing. If your endpoint requires a valid signature to accept requests, the test will receive an HTTP 4xx. In that case, temporarily disable signature validation on the receiving end to confirm basic connectivity.

fangs notifier history

Queries the notifications append-only audit log and displays every webhook delivery attempt made for a specific run. Accepts a full run ID or a unique short prefix. 
fangs notifier history -run <run_id>

Flags

-run
string
required
The run ID to inspect. Accepts the full 32-character hex ID or any unique short prefix. FANGS first tries an exact lookup; if not found, it falls back to prefix resolution.

Output columns

ColumnDescription
NOTIFIERName of the webhook target that made the attempt
ATTEMPTAttempt number, starting at 1; increments on retry
STATUSDelivery status: queued, sent, failed, or permanent
HTTPHTTP response code from the endpoint; if no response was received
DEVSNumber of deviations included in the payload
LAST_ATRFC 3339 timestamp of the most recent attempt
ERRORError message if the attempt failed (truncated to 40 characters)

Status values

StatusMeaning
queuedScheduled but not yet attempted
sentSuccessfully delivered (HTTP 2xx received)
failedAttempt failed; will be retried
permanentFailed and will not be retried (e.g. HTTP 4xx client error)

Example

fangs notifier history -run a3f2b1
Use notifier history alongside fangs pending to understand whether an alert was actually delivered for a high-severity run. If the status is permanent, check the ERROR column and verify the webhook URL and credentials are still valid.

Build docs developers (and LLMs) love

Get started for freeTalk to us