Notifications
Audience: Customer β this page documents rule violation notifications and alerts.
When a rule violation is detected, Rulecatch can send notifications through up to 8 channels. Channel availability depends on the subscription plan.
Channels
| Channel | Plan Required | Configuration |
|---|---|---|
| All plans | Recipient email addresses | |
| Slack | Enterprise | Webhook URL |
| Discord | Enterprise | Webhook URL |
| Microsoft Teams | Enterprise | Webhook URL |
| Custom Webhook | Enterprise | URL, optional headers |
| PagerDuty | Enterprise | Routing key |
| OpsGenie | Enterprise | API key |
| Datadog | Enterprise | API key, site |
Alert Frequency
| Frequency | Description | Plan Availability |
|---|---|---|
daily |
Aggregated daily digest | All plans |
hourly |
Aggregated hourly digest | Pro, Enterprise |
immediate |
Sent as violations occur | Enterprise only |
Frequency Enforcement
If a user configures an alert with immediate frequency but is on the Pro plan, the system automatically downgrades to hourly. This is enforced at send time, not configuration time β so Enterprise users who downgrade don't lose their alert configs.
Alert Configuration
Each alert specifies:
| Field | Description |
|---|---|
name |
Alert name (e.g., "Security Violations Alert") |
rules |
Which rule/template IDs to monitor |
severities |
Which severity levels to match (error, warning, info) |
frequency |
How often to send (immediate, hourly, daily) |
channels |
Channel configurations (see below) |
enabled |
Whether the alert is active |
Channel Configuration Examples
Email:
{
"email": {
"enabled": true,
"recipients": ["dev@example.com", "lead@example.com"]
}
}
Slack:
{
"slack": {
"enabled": true,
"webhookUrl": "https://hooks.slack.com/services/...",
"channel": "#security-alerts"
}
}
Custom Webhook:
{
"webhook": {
"enabled": true,
"url": "https://my-service.com/webhooks/rulecatch",
"headers": { "X-Custom-Auth": "secret" }
}
}
How Alerts Trigger
When the Tasks service creates a violation:
- Load user's alerts β Query
user_alertsfor enabled alerts - Check each alert β Does the violated rule ID match? Does the severity match?
- Determine frequency β Effective frequency based on user's plan
- Route accordingly:
immediateβ Send notifications now via all configured channelshourly/dailyβ Queue inalert_digest_queuefor batch processing
Alert Matching Logic
shouldAlertTrigger(alert, violation):
1. Alert must be enabled
2. Violation's rule ID must be in alert.rules[]
3. Violation's severity must be in alert.severities[]
Digest Processing
Non-immediate alerts are queued and processed in batches:
Daily Digest
- Triggered by a cron job calling
POST /api/v1/cron/daily-digest - Processes all entries in
alert_digest_queuewithfrequency: 'daily' - Aggregates violations per alert
- Sends a single notification per alert with all accumulated violations
- Queued items are deleted after processing
Hourly Digest
- Same mechanism as daily, but with
frequency: 'hourly' - Processes every hour
Notification Payloads
Sent via SendGrid from alerts@rulecatch.ai. Contains:
- Alert name
- Violation count and severity breakdown
- Top violated rules
- Link to dashboard violations page
Slack
Formatted as a Slack Block Kit message with:
- Alert name as header
- Violation summary
- Rule names and counts
- Dashboard link button
Discord
Formatted as a Discord embed with:
- Color coded by severity (red for errors, yellow for warnings)
- Violation details
- Dashboard link
Microsoft Teams
Formatted as an Adaptive Card with:
- Alert title
- Violation table
- Action button to dashboard
Custom Webhook
POST request with JSON payload:
{
"alert": { "name": "...", "id": "..." },
"violations": [
{
"ruleName": "...",
"severity": "error",
"filePath": "...",
"createdAt": "..."
}
],
"dashboardUrl": "https://dashboard.rulecatch.ai",
"isDigest": false
}
PagerDuty
Creates an incident event via the Events API v2.
OpsGenie
Creates an alert via the OpsGenie Alert API.
Datadog
Sends a custom event to the Datadog Events API.
Plan Restrictions
| Feature | Starter | Pro | Enterprise |
|---|---|---|---|
| Max alert configs | 1 | 10 | Unlimited |
| Email channel | Yes | Yes | Yes |
| Slack | - | - | Yes |
| Discord | - | - | Yes |
| Teams | - | - | Yes |
| Webhook | - | - | Yes |
| PagerDuty | - | - | Yes |
| OpsGenie | - | - | Yes |
| Datadog | - | - | Yes |
| Frequency options | Daily | Hourly + Daily | All (Immediate) |
Starter Plan
Starter users get a simplified Daily Digest β a single email notification summarizing the day's violations. No alert builder UI, just an automatic daily summary.
Test Notifications
Users can send a test notification from the alert creation/edit page. The test fires a sample payload through all configured channels to verify connectivity.
POST /api/v1/alerts/test
See Also
- Alerts Dashboard β Alert configuration UI
- Rule Engine Overview β How violations trigger alerts
- Feature Gating β Plan-based channel restrictions
- Pricing β Which plans include which channels