SafeClaw Webhook Integrations: Slack, Discord, and More
SafeClaw Webhook Integrations: Slack, Discord, and More
Your AI agent just got denied trying to delete a production config file. You should probably know about that — even if you're not staring at the SafeClaw dashboard at the moment. Webhook integrations bring SafeClaw's notifications to the tools you already use.
Why Webhooks
We could have built native integrations for every chat platform, email provider, and alerting system. Instead, we built a flexible webhook system and provided pre-built configurations for the most popular services. This approach gives us two advantages:
Configuration
Webhooks are defined in your SafeClaw configuration:
``yaml
webhooks:
- name: "slack-alerts"
url: "https://hooks.slack.com/services/YOUR/WEBHOOK/URL"
events: [deny, escalation, risk_threshold]
format: slack
- name: "discord-log"
url: "https://discord.com/api/webhooks/YOUR/WEBHOOK"
events: [deny, escalation, session_start, session_end]
format: discord
- name: "custom-siem"
url: "https://your-siem.internal/ingest"
events: [all]
format: json
headers:
Authorization: "Bearer ${SIEM_TOKEN}"
`
The
format field controls how the payload is structured. We provide built-in formatters for Slack (Block Kit), Discord (embeds), and generic JSON. For other services, the generic JSON format works with most webhook receivers.
Event Types
You can subscribe to any combination of SafeClaw events:
- deny — An action was denied by policy. Useful for security monitoring.
- escalation — An action was escalated for human review. Critical for teams that share approval responsibilities.
- risk_threshold — A session's risk score crossed a warning or critical threshold.
- budget_warning — A budget pool reached its warning threshold.
- budget_exhausted — A budget pool was fully consumed.
- session_start / session_end — Agent sessions beginning and ending, with summary statistics.
- all — Every event. Best for SIEM ingestion where you want the complete firehose.
Most users configure two webhooks: one for Slack or Discord with
deny and escalation events for immediate awareness, and one for a logging endpoint with all events for auditing.
Payload Customization
The default payloads include the event type, timestamp, session ID, action details, and the decision reason. You can customize payloads using a template system:
`yaml
webhooks:
- name: "minimal-slack"
url: "https://hooks.slack.com/..."
events: [deny]
template: |
:warning: Agent denied: {{action.type}} on {{action.target}}
Reason: {{decision.rule}}
`
Templates support Handlebars-style interpolation with access to the full event data. This is particularly useful for custom endpoints that expect specific payload formats.
Reliability
Webhook delivery is best-effort with retries. If a webhook endpoint returns a non-2xx status, SafeClaw retries with exponential backoff (1s, 5s, 30s, 5m) up to 5 times. Failed deliveries after all retries are logged locally and reported in the dashboard.
When SafeClaw is offline, webhook payloads are queued to disk and delivered when connectivity returns. The queue is bounded to prevent unbounded disk growth — oldest events are dropped first when the queue reaches capacity.
Security
Webhook payloads are signed using HMAC-SHA256 with a per-webhook secret. Receiving endpoints can verify the signature to ensure the payload came from your SafeClaw instance and wasn't tampered with. The signature is sent in the
X-SafeClaw-Signature` header.
Additionally, webhook payloads go through the secrets redaction engine before delivery. If an action contained a secret that SafeClaw redacted, the webhook payload will also contain the redacted version — never the raw secret.
Full webhook documentation, including formatter specifications and template reference, is in our docs. The webhook implementation is on GitHub.