Skip to main content

Realtime Alerts

Realtime Alerts send an outbound notification the moment a guard fires. When a skill guard flags a skill, a runtime guard catches a tool call, or a prompt guard blocks, warns, or redacts a prompt, Willow delivers a real-time alert to the destinations you configure — a Webhook endpoint or your Slack workspace.

Alerts are delivered best-effort and never block the guard itself: the tool call, skill scan, or prompt is evaluated and enforced first, and the alert is dispatched asynchronously afterward.

Beta feature

Realtime Alerts is a beta feature. Enable Alerts under Settings → Beta Features to reveal the Realtime Alerts section. If you don't see it, ask your Willow contact to turn the beta flag on for your organization.

What triggers an alert

Alerts are driven by guards. An alert is emitted whenever a guard produces a block, warning, approval, or redaction across three families:

FamilyWhen it fires
Skill GuardBuild-time guards evaluate a skill — whether it was created or updated by a user or admin, or found during a device scan.
Runtime guardRuntime guards evaluate an MCP tool call's input or output during an AI session.
Prompt guardRuntime guards evaluate a prompt from the browser extension, Cursor, or Claude.

See Runtime vs Build-time guards for the difference between the two evaluation stages.

Event types

Each channel subscribes to any subset of the following event types. Only subscribed events are delivered to that channel.

EventDescription
Skill Guard - Skill blockedA build-time guard blocked a skill.
Skill Guard - Skill warningA build-time guard warned on a skill.
Skill Guard - Skill redactA build-time guard redacted content in a skill.
Runtime guard - BlockedA runtime guard blocked a tool call.
Runtime guard - WarningA runtime guard warned on a tool call.
Runtime guard - RedactedA runtime guard redacted content in a tool call.
Prompt guard - BlockedA prompt guard blocked a prompt.
Prompt guard - WarningA prompt guard warned on a prompt.
Prompt guard - RedactedA prompt guard redacted content in a prompt.
info

When more than one action fires for the same event, block takes priority: a blocked prompt or tool call suppresses a separate warning or redact alert for the same evaluation.

Skill Guard attributes

Skill Guard alerts carry extra context so you can see where a flagged skill came from — both in the in-app alert detail and in the Slack message:

AttributeDescription
SkillThe name of the flagged skill.
SourceHow the skill entered or changed: Device scan, Published, Created, or Updated.
Triggered byThe user or admin who created/updated the skill, or the owner of the scanned device.
DeviceThe device the skill was scanned on (when the source is a device scan).
GuardsThe guard(s) that triggered the alert.

Delivery channels

You can add as many channels as you need. Each channel has its own destination and its own set of subscribed events, so you can route (for example) blocks to a security webhook and warnings to a Slack channel.

Webhook

An HTTP endpoint that receives a JSON POST for every subscribed event.

FieldRequiredDescription
NameYesA label for the channel.
Webhook URLYesThe full destination URL (e.g., https://example.com/webhooks/willow).
EventsYesOne or more event types to subscribe to.

The request is sent with Content-Type: application/json and times out after 5 seconds. The payload looks like this:

{
"timestamp": "2026-07-01T10:30:00.000Z",
"type": "notification",
"event_type": "skill_guard.blocked",
"severity": "high",
"title": "Skill blocked: Invoice Summarizer",
"message": "The *Invoice Summarizer* skill was blocked before it could run.",
"action_url": "https://app.withwillow.ai/...",
"metadata": {
"skill_name": "Invoice Summarizer",
"source": "Device scan",
"actor": "user@example.com",
"device": "MacBook-Pro",
"guards": "Prompt Injection Detection"
}
}
  • severity is one of critical, high, medium, or low.
  • action_url links back to the relevant page in the Willow dashboard when available.
  • metadata carries event-specific context — for Skill Guard events this includes skill_name, source, actor, device, and guards; runtime and prompt guard events carry the relevant tool/prompt context.
tip

Add authentication on your receiver (for example, verify a shared secret in a header) and implement idempotency so repeated deliveries are safe.

Slack

Delivers alerts to your Slack workspace as formatted messages. Recipients can be a mix of:

  • Admin users — DM'd directly on their matching Slack account (resolved by email).
  • Slack channels — posted to a channel by its channel ID (e.g., C0123ABCD). The Willow bot must be a member of the channel.
Invite the bot to every channel

For Slack channel recipients, the Willow bot must be a member of the channel or delivery fails. Open the channel in Slack and run /invite @Willow (or use channel settings → Integrations → Add apps). DM recipients (admin users) don't need this. If the bot isn't in the channel, Test returns an actionable error telling you to invite it — it is not an outage.

FieldRequiredDescription
NameYesA label for the channel.
RecipientsYesAt least one admin user and/or one Slack channel ID.
EventsYesOne or more event types to subscribe to.

Slack delivery requires a connected Slack workspace (see below).

Connect your Slack workspace

Before creating a Slack channel, install the Willow Slack app:

  1. Go to Settings → Realtime Alerts.
  2. In the Slack workspace card, click Connect Slack and complete the OAuth flow.
  3. If a Slack admin must approve the app, the card shows Awaiting approval. Once approved, return and click Finish install.

When connected, the card shows a Connected badge and Slack becomes available as a channel type.

warning

If you disconnect Slack, existing Slack alert channels stop delivering and are flagged Not delivering. Reconnect the workspace to resume delivery, or remove the affected channels.

Add a channel

  1. Go to Settings → Realtime Alerts.
  2. Click Add Channel.
  3. Choose the Channel Type (Slack or Webhook). The type can't be changed after the channel is created.
  4. Give the channel a Name.
  5. Configure the destination:
    • Webhook: enter the destination URL.
    • Slack: select admin recipients and/or add Slack channel IDs.
  6. Under Events, select the event types this channel should receive.
  7. Click Add Channel.

Each channel row has a toggle to enable or disable delivery, a Test button to send a sample alert (this bypasses the rate limit), an Edit button, and a delete button.

Rate limiting

Each channel is limited to 50 alerts per hour. Additional alerts beyond that window are dropped rather than queued. Use focused event subscriptions and per-team channels to avoid hitting the limit during a burst of guard activity.

The Test button is exempt from the rate limit so you can always verify a channel is wired up correctly.

Troubleshooting

  • No alerts arriving:
    • Confirm the channel is enabled and subscribed to the event type you expect.
    • Use Test to confirm the destination is reachable.
    • Check that the underlying guard is actually firing in Monitor → Logs.
  • Webhook not receiving events:
    • Verify the URL is correct and returns a 2xx status.
    • Requests time out after 5 seconds — ensure your endpoint responds quickly.
    • Confirm outbound network egress from your deployment to the webhook host is allowed.
  • Slack alerts not delivering:
    • Ensure the Slack workspace shows Connected. A Not delivering badge means Slack is disconnected.
    • For channel recipients, confirm the channel ID is valid and the Willow bot has been invited to the channel with /invite @Willow. A test that fails with "the Willow bot isn't in this channel" means exactly this — invite the bot and retry.
    • For DM recipients, confirm the admin's Willow email matches their Slack account email.
  • Missing alerts during a spike: you may be hitting the 50-per-hour rate limit. Split traffic across channels or narrow event subscriptions.