The Alerts webhook is the primary integration point between your Prometheus Alertmanager deployment and Sentinel SoftServe. When Alertmanager fires an alert, it POSTs the standard webhook payload toDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/nicolas344/Sentinel-SoftServe/llms.txt
Use this file to discover all available pages before exploring further.
/api/alerts. Sentinel processes each firing alert, creates an incident in Supabase, and immediately kicks off the LangGraph agent pipeline as a background task. This page covers authentication, payload schema, label conventions, and an Alertmanager configuration example.
POST /api/alerts
Receive a Prometheus Alertmanager webhook notification and create incidents for allfiring alerts in the payload.
Auth required: No (Supabase JWT not used). Protected by ALERT_WEBHOOK_SECRET when configured.
Authentication
This endpoint uses a shared webhook secret rather than user JWTs. Set theALERT_WEBHOOK_SECRET environment variable on the backend and configure the same value in your alertmanager.yml. Alertmanager sends it as:
hmac.compare_digest to prevent timing attacks.
Payload Schema
Sentinel accepts the standard Alertmanager webhook payload format (version 4):Alert Labels
Sentinel reads the following labels from each individual alert to determine the incident type and which agent to run:Determines the triage path. Use
container for Docker/Podman/Kubernetes workloads and database for PostgreSQL incidents. Defaults to container if not set.Specifies the container runtime:
docker, podman, or kubernetes. Determines which execution branch the action agent uses.Kubernetes namespace. Used when constructing
kubectl commands for namespace-scoped resources.The Prometheus alert rule name. Used to classify the incident type (e.g.
ContainerDown, HighMemoryUsage).Name of the affected container. Used as the
target field on the created incident.Only
firing alerts result in incident creation. resolved alerts are acknowledged but do not create incidents.Incident Creation Flow
Authenticate
The webhook secret is validated via
hmac.compare_digest. Unauthenticated requests are rejected with 401 Unauthorized.Process each alert
For every alert in the
alerts array, process_prometheus_alert() is called. This function extracts the target, severity, title, and container runtime from the alert labels.Create incident in Supabase
A new incident row is inserted with
status = "detected" and all extracted fields. Only firing alerts create incidents.Response
count reflects the total number of alerts in the payload (both firing and non-firing). The endpoint always returns 200 OK as long as the webhook secret is valid.
Alertmanager Configuration
Add Sentinel as a webhook receiver in youralertmanager.yml. Use the http_config.authorization block to pass the shared secret.
The value of
credentials in alertmanager.yml must exactly match the ALERT_WEBHOOK_SECRET environment variable set on the Sentinel backend container.Alert Rules with Sentinel Labels
For best results, includesource_type and container_runtime labels directly in your Prometheus alert rules so Sentinel can route them to the correct agent:
Kubernetes Example
For Kubernetes workloads, includenamespace in the alert labels:
PostgreSQL Example
For database incidents, setsource_type: database: