feat(alerting): implement real Slack webhook notifications

- Add --slack-webhook CLI flag to sniff command
- Read STACKDOG_SLACK_WEBHOOK_URL env var (CLI overrides env)
- Implement actual HTTP POST to Slack incoming webhook API
- Build proper JSON payloads with serde_json (color-coded by severity)
- Add reqwest blocking feature for synchronous notification delivery
- Wire NotificationConfig through SniffConfig → Orchestrator → Reporter
- Add STACKDOG_WEBHOOK_URL env var support
- Update .env.sample with notification channel examples
- Add 3 tests for Slack webhook config (CLI, env, override priority)

Usage:
  stackdog sniff --once --slack-webhook https://hooks.slack.com/services/T/B/xxx
  # or via env:
  export STACKDOG_SLACK_WEBHOOK_URL=https://hooks.slack.com/services/T/B/xxx

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: vsilent

.env.sample

@@ -17,3 +17,9 @@ RUST_BACKTRACE=full
 #STACKDOG_AI_API_URL=http://localhost:11434/v1
 #STACKDOG_AI_API_KEY=
 #STACKDOG_AI_MODEL=llama3
+
+# Notification Channels
+# Slack: create an incoming webhook at https://api.slack.com/messaging/webhooks
+#STACKDOG_SLACK_WEBHOOK_URL=https://hooks.slack.com/services/T.../B.../xxxxx
+# Generic webhook endpoint for alert notifications
+#STACKDOG_WEBHOOK_URL=https://example.com/webhook

Cargo.toml

@@ -48,7 +48,7 @@ r2d2 = "0.8"
 bollard = "0.16"
 
 # HTTP client (for LLM API)
-reqwest = { version = "0.12", features = ["json"] }
+reqwest = { version = "0.12", features = ["json", "blocking"] }
 
 # Compression
 zstd = "0.13"

src/alerting/notifications.rs

@@ -111,14 +111,39 @@ impl NotificationChannel {
         Ok(NotificationResult::Success("sent to console".to_string()))
     }
 
-    /// Send to Slack
+    /// Send to Slack via incoming webhook
     fn send_slack(&self, alert: &Alert, config: &NotificationConfig) -> Result<NotificationResult> {
-        // In production, this would make HTTP request to Slack webhook
-        // For now, just log
-        if config.slack_webhook().is_some() {
-            log::info!("Would send to Slack: {}", alert.message());
-            Ok(NotificationResult::Success("sent to Slack".to_string()))
+        if let Some(webhook_url) = config.slack_webhook() {
+            let payload = build_slack_message(alert);
+            log::debug!("Sending Slack notification to webhook");
+            log::trace!("Slack payload: {}", payload);
+
+            // Blocking HTTP POST — notification sending is synchronous in this codebase
+            let client = reqwest::blocking::Client::new();
+            match client
+                .post(webhook_url)
+                .header("Content-Type", "application/json")
+                .body(payload)
+                .send()
+            {
+                Ok(resp) => {
+                    if resp.status().is_success() {
+                        log::info!("Slack notification sent successfully");
+                        Ok(NotificationResult::Success("sent to Slack".to_string()))
+                    } else {
+                        let status = resp.status();
+                        let body = resp.text().unwrap_or_default();
+                        log::warn!("Slack API returned {}: {}", status, body);
+                        Ok(NotificationResult::Failure(format!("Slack returned {}: {}", status, body)))
+                    }
+                }
+                Err(e) => {
+                    log::warn!("Failed to send Slack notification: {}", e);
+                    Ok(NotificationResult::Failure(format!("Slack request failed: {}", e)))
+                }
+            }
         } else {
+            log::debug!("Slack webhook not configured, skipping");
             Ok(NotificationResult::Failure("Slack webhook not configured".to_string()))
         }
     }
@@ -211,27 +236,19 @@ pub fn severity_to_slack_color(severity: AlertSeverity) -> &'static str {
 
 /// Build Slack message payload
 pub fn build_slack_message(alert: &Alert) -> String {
-    format!(
-        r#"{{
-            "text": "Security Alert",
-            "attachments": [{{
-                "color": "{}",
-                "title": "{:?} ",
-                "text": "{}",
-                "fields": [
-                    {{"title": "Severity", "value": "{}", "short": true}},
-                    {{"title": "Status", "value": "{}", "short": true}},
-                    {{"title": "Time", "value": "{}", "short": true}}
-                ]
-            }}]
-        }}"#,
-        severity_to_slack_color(alert.severity()),
-        alert.alert_type(),
-        alert.message(),
-        alert.severity(),
-        alert.status(),
-        alert.timestamp()
-    )
+    serde_json::json!({
+        "text": "🐕 Stackdog Security Alert",
+        "attachments": [{
+            "color": severity_to_slack_color(alert.severity()),
+            "title": format!("{:?}", alert.alert_type()),
+            "text": alert.message(),
+            "fields": [
+                {"title": "Severity", "value": alert.severity().to_string(), "short": true},
+                {"title": "Status", "value": alert.status().to_string(), "short": true},
+                {"title": "Time", "value": alert.timestamp().to_rfc3339(), "short": true}
+            ]
+        }]
+    }).to_string()
 }
 
 /// Build webhook payload

src/cli.rs

@@ -52,6 +52,10 @@ pub enum Command {
         /// AI API URL (e.g. "http://localhost:11434/v1" for Ollama)
         #[arg(long)]
         ai_api_url: Option<String>,
+
+        /// Slack webhook URL for alert notifications
+        #[arg(long)]
+        slack_webhook: Option<String>,
     },
 }
 
@@ -76,7 +80,7 @@ mod tests {
     fn test_sniff_subcommand_defaults() {
         let cli = Cli::parse_from(["stackdog", "sniff"]);
         match cli.command {
-            Some(Command::Sniff { once, consume, output, sources, interval, ai_provider, ai_model, ai_api_url }) => {
+            Some(Command::Sniff { once, consume, output, sources, interval, ai_provider, ai_model, ai_api_url, slack_webhook }) => {
                 assert!(!once);
                 assert!(!consume);
                 assert_eq!(output, "./stackdog-logs/");
@@ -85,6 +89,7 @@ mod tests {
                 assert!(ai_provider.is_none());
                 assert!(ai_model.is_none());
                 assert!(ai_api_url.is_none());
+                assert!(slack_webhook.is_none());
             }
             _ => panic!("Expected Sniff command"),
         }
@@ -120,9 +125,10 @@ mod tests {
             "--ai-provider", "openai",
             "--ai-model", "gpt-4o-mini",
             "--ai-api-url", "https://api.openai.com/v1",
+            "--slack-webhook", "https://hooks.slack.com/services/T/B/xxx",
         ]);
         match cli.command {
-            Some(Command::Sniff { once, consume, output, sources, interval, ai_provider, ai_model, ai_api_url }) => {
+            Some(Command::Sniff { once, consume, output, sources, interval, ai_provider, ai_model, ai_api_url, slack_webhook }) => {
                 assert!(once);
                 assert!(consume);
                 assert_eq!(output, "/tmp/logs/");
@@ -131,6 +137,7 @@ mod tests {
                 assert_eq!(ai_provider.unwrap(), "openai");
                 assert_eq!(ai_model.unwrap(), "gpt-4o-mini");
                 assert_eq!(ai_api_url.unwrap(), "https://api.openai.com/v1");
+                assert_eq!(slack_webhook.unwrap(), "https://hooks.slack.com/services/T/B/xxx");
             }
             _ => panic!("Expected Sniff command"),
         }

src/main.rs

@@ -72,8 +72,8 @@ async fn main() -> io::Result<()> {
     info!("Architecture: {}", std::env::consts::ARCH);
 
     match cli.command {
-        Some(Command::Sniff { once, consume, output, sources, interval, ai_provider, ai_model, ai_api_url }) => {
-            run_sniff(once, consume, output, sources, interval, ai_provider, ai_model, ai_api_url).await
+        Some(Command::Sniff { once, consume, output, sources, interval, ai_provider, ai_model, ai_api_url, slack_webhook }) => {
+            run_sniff(once, consume, output, sources, interval, ai_provider, ai_model, ai_api_url, slack_webhook).await
         }
         // Default: serve (backward compatible)
         Some(Command::Serve) | None => run_serve().await,
@@ -142,6 +142,7 @@ async fn run_sniff(
     ai_provider: Option<String>,
     ai_model: Option<String>,
     ai_api_url: Option<String>,
+    slack_webhook: Option<String>,
 ) -> io::Result<()> {
     let config = sniff::config::SniffConfig::from_env_and_args(
         once,
@@ -152,6 +153,7 @@ async fn run_sniff(
         ai_provider.as_deref(),
         ai_model.as_deref(),
         ai_api_url.as_deref(),
+        slack_webhook.as_deref(),
     );
 
     info!("🔍 Stackdog Sniff starting...");
@@ -162,6 +164,9 @@ async fn run_sniff(
     info!("AI Provider: {:?}", config.ai_provider);
     info!("AI Model: {}", config.ai_model);
     info!("AI API URL: {}", config.ai_api_url);
+    if config.slack_webhook.is_some() {
+        info!("Slack: configured ✓");
+    }
 
     let orchestrator = sniff::SniffOrchestrator::new(config)
         .map_err(|e| io::Error::new(io::ErrorKind::Other, e))?;

src/sniff/config.rs

@@ -46,6 +46,10 @@ pub struct SniffConfig {
     pub ai_model: String,
     /// Database URL
     pub database_url: String,
+    /// Slack webhook URL for alert notifications
+    pub slack_webhook: Option<String>,
+    /// Generic webhook URL for alert notifications
+    pub webhook_url: Option<String>,
 }
 
 impl SniffConfig {
@@ -59,6 +63,7 @@ impl SniffConfig {
         ai_provider_arg: Option<&str>,
         ai_model_arg: Option<&str>,
         ai_api_url_arg: Option<&str>,
+        slack_webhook_arg: Option<&str>,
     ) -> Self {
         let env_sources = env::var("STACKDOG_LOG_SOURCES").unwrap_or_default();
         let mut extra_sources: Vec<String> = env_sources
@@ -116,6 +121,10 @@ impl SniffConfig {
                 .unwrap_or_else(|| "llama3".into()),
             database_url: env::var("DATABASE_URL")
                 .unwrap_or_else(|_| "./stackdog.db".into()),
+            slack_webhook: slack_webhook_arg
+                .map(|s| s.to_string())
+                .or_else(|| env::var("STACKDOG_SLACK_WEBHOOK_URL").ok()),
+            webhook_url: env::var("STACKDOG_WEBHOOK_URL").ok(),
         }
     }
 }
@@ -136,6 +145,8 @@ mod tests {
         env::remove_var("STACKDOG_AI_MODEL");
         env::remove_var("STACKDOG_SNIFF_OUTPUT_DIR");
         env::remove_var("STACKDOG_SNIFF_INTERVAL");
+        env::remove_var("STACKDOG_SLACK_WEBHOOK_URL");
+        env::remove_var("STACKDOG_WEBHOOK_URL");
     }
 
     #[test]
@@ -152,7 +163,7 @@ mod tests {
         let _lock = ENV_MUTEX.lock().unwrap();
         clear_sniff_env();
 
-        let config = SniffConfig::from_env_and_args(false, false, "./stackdog-logs/", None, 30, None, None, None);
+        let config = SniffConfig::from_env_and_args(false, false, "./stackdog-logs/", None, 30, None, None, None, None);
         assert!(!config.once);
         assert!(!config.consume);
         assert_eq!(config.output_dir, PathBuf::from("./stackdog-logs/"));
@@ -170,7 +181,7 @@ mod tests {
         clear_sniff_env();
 
         let config = SniffConfig::from_env_and_args(
-            true, true, "/tmp/output/", Some("/var/log/app.log"), 60, Some("candle"), None, None,
+            true, true, "/tmp/output/", Some("/var/log/app.log"), 60, Some("candle"), None, None, None,
         );
 
         assert!(config.once);
@@ -188,7 +199,7 @@ mod tests {
         env::set_var("STACKDOG_LOG_SOURCES", "/var/log/syslog,/var/log/auth.log");
 
         let config = SniffConfig::from_env_and_args(
-            false, false, "./stackdog-logs/", Some("/var/log/app.log,/var/log/syslog"), 30, None, None, None,
+            false, false, "./stackdog-logs/", Some("/var/log/app.log,/var/log/syslog"), 30, None, None, None, None,
         );
 
         assert!(config.extra_sources.contains(&"/var/log/syslog".to_string()));
@@ -209,7 +220,7 @@ mod tests {
         env::set_var("STACKDOG_SNIFF_INTERVAL", "45");
         env::set_var("STACKDOG_SNIFF_OUTPUT_DIR", "/data/logs/");
 
-        let config = SniffConfig::from_env_and_args(false, false, "./stackdog-logs/", None, 30, None, None, None);
+        let config = SniffConfig::from_env_and_args(false, false, "./stackdog-logs/", None, 30, None, None, None, None);
         assert_eq!(config.ai_api_url, "https://api.openai.com/v1");
         assert_eq!(config.ai_api_key, Some("sk-test123".into()));
         assert_eq!(config.ai_model, "gpt-4o-mini");
@@ -226,7 +237,7 @@ mod tests {
 
         let config = SniffConfig::from_env_and_args(
             false, false, "./stackdog-logs/", None, 30,
-            Some("ollama"), Some("qwen2.5-coder:latest"), None,
+            Some("ollama"), Some("qwen2.5-coder:latest"), None, None,
         );
         // "ollama" maps to OpenAi internally (same API protocol)
         assert_eq!(config.ai_provider, AiProvider::OpenAi);
@@ -245,12 +256,56 @@ mod tests {
 
         let config = SniffConfig::from_env_and_args(
             false, false, "./stackdog-logs/", None, 30,
-            None, Some("llama3"), Some("http://localhost:11434/v1"),
+            None, Some("llama3"), Some("http://localhost:11434/v1"), None,
         );
         // CLI args take priority over env vars
         assert_eq!(config.ai_model, "llama3");
         assert_eq!(config.ai_api_url, "http://localhost:11434/v1");
 
         clear_sniff_env();
     }
+
+    #[test]
+    fn test_slack_webhook_from_cli() {
+        let _lock = ENV_MUTEX.lock().unwrap();
+        clear_sniff_env();
+
+        let config = SniffConfig::from_env_and_args(
+            false, false, "./stackdog-logs/", None, 30,
+            None, None, None, Some("https://hooks.slack.com/services/T/B/xxx"),
+        );
+        assert_eq!(config.slack_webhook.as_deref(), Some("https://hooks.slack.com/services/T/B/xxx"));
+
+        clear_sniff_env();
+    }
+
+    #[test]
+    fn test_slack_webhook_from_env() {
+        let _lock = ENV_MUTEX.lock().unwrap();
+        clear_sniff_env();
+        env::set_var("STACKDOG_SLACK_WEBHOOK_URL", "https://hooks.slack.com/services/T/B/env");
+
+        let config = SniffConfig::from_env_and_args(
+            false, false, "./stackdog-logs/", None, 30,
+            None, None, None, None,
+        );
+        assert_eq!(config.slack_webhook.as_deref(), Some("https://hooks.slack.com/services/T/B/env"));
+
+        clear_sniff_env();
+    }
+
+    #[test]
+    fn test_slack_webhook_cli_overrides_env() {
+        let _lock = ENV_MUTEX.lock().unwrap();
+        clear_sniff_env();
+        env::set_var("STACKDOG_SLACK_WEBHOOK_URL", "https://hooks.slack.com/services/T/B/env");
+
+        let config = SniffConfig::from_env_and_args(
+            false, false, "./stackdog-logs/", None, 30,
+            None, None, None, Some("https://hooks.slack.com/services/T/B/cli"),
+        );
+        assert_eq!(config.slack_webhook.as_deref(), Some("https://hooks.slack.com/services/T/B/cli"));
+
+        clear_sniff_env();
+    }
 }

src/sniff/mod.rs

@@ -33,7 +33,13 @@ impl SniffOrchestrator {
         let pool = create_pool(&config.database_url)?;
         init_database(&pool)?;
 
-        let notification_config = NotificationConfig::default();
+        let mut notification_config = NotificationConfig::default();
+        if let Some(ref url) = config.slack_webhook {
+            notification_config = notification_config.with_slack_webhook(url.clone());
+        }
+        if let Some(ref url) = config.webhook_url {
+            notification_config = notification_config.with_webhook_url(url.clone());
+        }
         let reporter = Reporter::new(notification_config);
 
         Ok(Self { config, pool, reporter })
@@ -226,7 +232,7 @@ mod tests {
     #[test]
     fn test_orchestrator_creates_with_memory_db() {
         let mut config = SniffConfig::from_env_and_args(
-            true, false, "./stackdog-logs/", None, 30, None, None, None,
+            true, false, "./stackdog-logs/", None, 30, None, None, None, None,
         );
         config.database_url = ":memory:".into();
 
@@ -249,7 +255,7 @@ mod tests {
         let mut config = SniffConfig::from_env_and_args(
             true, false, "./stackdog-logs/",
             Some(&log_path.to_string_lossy()),
-            30, Some("candle"), None, None,
+            30, Some("candle"), None, None, None,
         );
         config.database_url = ":memory:".into();