Realtime Alerts
Realtime Alerts send an outbound notification the moment a guard fires. When a skill guard flags a skill, a runtime guard catches a tool call, or a prompt guard blocks, warns, or redacts a prompt, Willow delivers a real-time alert to the destinations you configure — a Webhook endpoint or your Slack workspace.
Alerts are delivered best-effort and never block the guard itself: the tool call, skill scan, or prompt is evaluated and enforced first, and the alert is dispatched asynchronously afterward.
Realtime Alerts is a beta feature. Enable Alerts under Settings → Beta Features to reveal the Realtime Alerts section. If you don't see it, ask your Willow contact to turn the beta flag on for your organization.
What triggers an alert
Alerts are driven by guards. An alert is emitted whenever a guard produces a block, warning, approval, or redaction across three families:
| Family | When it fires |
|---|---|
| Skill Guard | Build-time guards evaluate a skill — whether it was created or updated by a user or admin, or found during a device scan. |
| Runtime guard | Runtime guards evaluate an MCP tool call's input or output during an AI session. |
| Prompt guard | Runtime guards evaluate a prompt from the browser extension, Cursor, or Claude. |
See Runtime vs Build-time guards for the difference between the two evaluation stages.
Event types
Each channel subscribes to any subset of the following event types. Only subscribed events are delivered to that channel.
| Event | Description |
|---|---|
| Skill Guard - Skill blocked | A build-time guard blocked a skill. |
| Skill Guard - Skill warning | A build-time guard warned on a skill. |
| Skill Guard - Skill redact | A build-time guard redacted content in a skill. |
| Runtime guard - Blocked | A runtime guard blocked a tool call. |
| Runtime guard - Warning | A runtime guard warned on a tool call. |
| Runtime guard - Redacted | A runtime guard redacted content in a tool call. |
| Prompt guard - Blocked | A prompt guard blocked a prompt. |
| Prompt guard - Warning | A prompt guard warned on a prompt. |
| Prompt guard - Redacted | A prompt guard redacted content in a prompt. |
When more than one action fires for the same event, block takes priority: a blocked prompt or tool call suppresses a separate warning or redact alert for the same evaluation.
Skill Guard attributes
Skill Guard alerts carry extra context so you can see where a flagged skill came from — both in the in-app alert detail and in the Slack message:
| Attribute | Description |
|---|---|
| Skill | The name of the flagged skill. |
| Source | How the skill entered or changed: Device scan, Published, Created, or Updated. |
| Triggered by | The user or admin who created/updated the skill, or the owner of the scanned device. |
| Device | The device the skill was scanned on (when the source is a device scan). |
| Guards | The guard(s) that triggered the alert. |
Delivery channels
You can add as many channels as you need. Each channel has its own destination and its own set of subscribed events, so you can route (for example) blocks to a security webhook and warnings to a Slack channel.
Webhook
An HTTP endpoint that receives a JSON POST for every subscribed event.
| Field | Required | Description |
|---|---|---|
| Name | Yes | A label for the channel. |
| Webhook URL | Yes | The full destination URL (e.g., https://example.com/webhooks/willow). |
| Events | Yes | One or more event types to subscribe to. |
The request is sent with Content-Type: application/json and times out after 5 seconds. The payload looks like this:
{
"timestamp": "2026-07-01T10:30:00.000Z",
"type": "notification",
"event_type": "skill_guard.blocked",
"severity": "high",
"title": "Skill blocked: Invoice Summarizer",
"message": "The *Invoice Summarizer* skill was blocked before it could run.",
"action_url": "https://app.withwillow.ai/...",
"metadata": {
"skill_name": "Invoice Summarizer",
"source": "Device scan",
"actor": "user@example.com",
"device": "MacBook-Pro",
"guards": "Prompt Injection Detection"
}
}
severityis one ofcritical,high,medium, orlow.action_urllinks back to the relevant page in the Willow dashboard when available.metadatacarries event-specific context — for Skill Guard events this includesskill_name,source,actor,device, andguards; runtime and prompt guard events carry the relevant tool/prompt context.
Add authentication on your receiver (for example, verify a shared secret in a header) and implement idempotency so repeated deliveries are safe.
Slack
Delivers alerts to your Slack workspace as formatted messages. Recipients can be a mix of:
- Admin users — DM'd directly on their matching Slack account (resolved by email).
- Slack channels — posted to a channel by its channel ID (e.g.,
C0123ABCD). The Willow bot must be a member of the channel.
For Slack channel recipients, the Willow bot must be a member of the channel or delivery fails. Open the channel in Slack and run /invite @Willow (or use channel settings → Integrations → Add apps). DM recipients (admin users) don't need this. If the bot isn't in the channel, Test returns an actionable error telling you to invite it — it is not an outage.
| Field | Required | Description |
|---|---|---|
| Name | Yes | A label for the channel. |
| Recipients | Yes | At least one admin user and/or one Slack channel ID. |
| Events | Yes | One or more event types to subscribe to. |
Slack delivery requires a connected Slack workspace (see below).
Connect your Slack workspace
Before creating a Slack channel, install the Willow Slack app:
- Go to Settings → Realtime Alerts.
- In the Slack workspace card, click Connect Slack and complete the OAuth flow.
- If a Slack admin must approve the app, the card shows Awaiting approval. Once approved, return and click Finish install.
When connected, the card shows a Connected badge and Slack becomes available as a channel type.
If you disconnect Slack, existing Slack alert channels stop delivering and are flagged Not delivering. Reconnect the workspace to resume delivery, or remove the affected channels.
Add a channel
- Go to Settings → Realtime Alerts.
- Click Add Channel.
- Choose the Channel Type (Slack or Webhook). The type can't be changed after the channel is created.
- Give the channel a Name.
- Configure the destination:
- Webhook: enter the destination URL.
- Slack: select admin recipients and/or add Slack channel IDs.
- Under Events, select the event types this channel should receive.
- Click Add Channel.
Each channel row has a toggle to enable or disable delivery, a Test button to send a sample alert (this bypasses the rate limit), an Edit button, and a delete button.
Rate limiting
Each channel is limited to 50 alerts per hour. Additional alerts beyond that window are dropped rather than queued. Use focused event subscriptions and per-team channels to avoid hitting the limit during a burst of guard activity.
The Test button is exempt from the rate limit so you can always verify a channel is wired up correctly.
Troubleshooting
- No alerts arriving:
- Confirm the channel is enabled and subscribed to the event type you expect.
- Use Test to confirm the destination is reachable.
- Check that the underlying guard is actually firing in Monitor → Logs.
- Webhook not receiving events:
- Verify the URL is correct and returns a 2xx status.
- Requests time out after 5 seconds — ensure your endpoint responds quickly.
- Confirm outbound network egress from your deployment to the webhook host is allowed.
- Slack alerts not delivering:
- Ensure the Slack workspace shows Connected. A Not delivering badge means Slack is disconnected.
- For channel recipients, confirm the channel ID is valid and the Willow bot has been invited to the channel with
/invite @Willow. A test that fails with "the Willow bot isn't in this channel" means exactly this — invite the bot and retry. - For DM recipients, confirm the admin's Willow email matches their Slack account email.
- Missing alerts during a spike: you may be hitting the 50-per-hour rate limit. Split traffic across channels or narrow event subscriptions.