Notifications

Trust Alerts

Configure notifications for monitoring, compliance, security, and system events across multiple delivery channels. Stay informed about critical changes with severity-based routing and per-user preferences.

Notification Types

DRD generates notifications across eight event categories. Each category can be independently configured for delivery channel, severity filtering, and recipient routing.

monitoring

Agent rule triggers, threshold breaches, and anomaly detections

compliance

Framework status changes, audit completions, and gap alerts

security

Audit findings, credential leaks, and vulnerability discoveries

dmca

Takedown requests, status updates, and counter-notice filings

deepfake

Synthetic content detections and confidence score alerts

score

DRD Score changes, trend reversals, and threshold crossings

federation

Member activity, trust signal updates, and enforcement proposals

system

Platform updates, maintenance windows, and API deprecations

Severity Levels

Every notification is assigned a severity level that determines routing priority and delivery urgency.

emergency

Requires immediate action -- active security breach or critical system failure.

critical

High-priority issue that needs attention within the hour.

warning

Notable event that may require investigation or action.

info

Informational notification for awareness and record-keeping.

Delivery Channels

Notifications can be delivered through multiple channels simultaneously. Configure severity-based routing to ensure the right people get the right alerts at the right time.

In-App

Real-time notifications in the DRD dashboard with full context and action buttons.

Email

Rich HTML emails with event details, direct links, and configurable digest frequency.

Webhook

HMAC-signed HTTP POST payloads to your endpoints with retry and failure tracking.

Slack

Channel messages or DMs with formatted blocks, severity coloring, and action buttons.

SMS

Concise text messages for critical alerts requiring immediate attention. Limited to Critical and High severity by default.

configure-channels.ts

import { DRD } from '@drd/sdk';

const drd = new DRD({ apiKey: process.env.DRD_API_KEY });

// Configure channel routing by severity
await drd.alerts.configureRouting({
  routes: [
    {
      severity: 'emergency',
      channels: ['in_app', 'email', 'webhook', 'slack'],
      escalation: { after: '5m', fallback: 'email' },
    },
    {
      severity: 'critical',
      channels: ['in_app', 'slack', 'webhook'],
    },
    {
      severity: 'warning',
      channels: ['in_app', 'email'],
    },
    {
      severity: 'info',
      channels: ['in_app'],
    },
  ],
});

Notification Preferences

Each team member can customize their notification preferences, filtering by event type, severity, and delivery channel.

notification-preferences.ts

// Set per-user notification preferences
await drd.alerts.setPreferences({
  userId: 'user_abc123',
  preferences: {
    monitoring: {
      channels: ['in_app', 'slack'],
      minSeverity: 'warning',
    },
    compliance: {
      channels: ['email'],
      minSeverity: 'info',
    },
    security: {
      channels: ['in_app', 'email', 'slack'],
      minSeverity: 'info',
    },
    system: {
      channels: ['in_app'],
      minSeverity: 'warning',
    },
  },
  digest: {
    enabled: true,
    frequency: 'daily',
    time: '09:00',
    timezone: 'America/New_York',
  },
});

// Get current preferences
const prefs = await drd.alerts.getPreferences('user_abc123');
console.log(prefs.monitoring.channels);  // ['in_app', 'slack']

Webhooks

Create webhook endpoints to receive alert payloads in your own systems. All webhooks are HMAC-signed for verification and include automatic retry with failure tracking.

POST /api/alerts/webhooks

{
  "name": "SIEM Integration",
  "url": "https://siem.acme.com/api/drd-alerts",
  "secret": "whsec_...",
  "eventTypes": ["security", "monitoring", "compliance"],
  "minSeverity": "warning",
  "headers": {
    "X-Source": "drd-platform"
  }
}

// Response
{
  "webhookId": "wh_abc123",
  "name": "SIEM Integration",
  "url": "https://siem.acme.com/api/drd-alerts",
  "status": "active",
  "createdAt": "2026-02-12T10:00:00Z"
}

webhook-testing.ts

// Test a webhook endpoint
const testResult = await drd.alerts.testWebhook('wh_abc123');
console.log(testResult.success);       // true
console.log(testResult.statusCode);    // 200
console.log(testResult.latency);       // 89 (ms)

// View webhook delivery history
const deliveries = await drd.alerts.getWebhookDeliveries('wh_abc123', {
  since: '7d',
  status: 'failed',
});

for (const d of deliveries.items) {
  console.log(d.eventType);       // 'security.finding'
  console.log(d.statusCode);      // 500
  console.log(d.retryCount);      // 3
  console.log(d.lastAttempt);     // '2026-02-12T10:05:00Z'
}

Event Categories

Alerts are organized into 8 categories covering all aspects of AI governance. Subscribe to specific categories or receive all events.

trust.score

Score changes, threshold crossings, critical drops, recovery

Low - Critical

enforcement

Actions created, escalated, resolved, appealed

Medium - Critical

policy

Violations detected, approvals requested/resolved, policy changes

Low - High

deepfake

Synthetic content detected, identity match found, scan completed

Medium - Critical

security

Credential leaks, vulnerability findings, audit completions

Low - Critical

federation

Member joined/left, enforcement proposals, trust signal updates

Low - High

compliance

Framework violations, report generation, certification expiry

Medium - High

system

API key rotation reminders, rate limit warnings, connector failures

Low - Medium

Alert Configuration

Create alert rules that define which events trigger notifications, what severity levels to include, and which delivery channels to use.

create-alert-rule.ts

import { DRD } from '@drd/sdk';

const drd = new DRD({ apiKey: process.env.DRD_API_KEY });

// Create a critical governance alert rule
const alertRule = await drd.alerts.createRule({
  name: 'Critical Governance Alerts',
  description: 'Notify team of all critical governance events',
  enabled: true,
  filter: {
    categories: ['trust.score', 'enforcement', 'deepfake', 'security'],
    severities: ['critical', 'high'],
    agentIds: [],       // Empty = all agents
  },
  channels: [
    {
      type: 'slack',
      config: {
        webhookUrl: 'https://hooks.slack.com/services/...',
        channel: '#ai-governance-critical',
        mentionUsers: ['@oncall-engineer'],
      },
    },
    {
      type: 'email',
      config: {
        recipients: ['security@acme.com'],
      },
    },
  ],
  options: {
    cooldown: '5m',          // Suppress duplicate alerts for 5 minutes
    batchWindow: null,       // No batching for critical alerts
    escalation: {
      enabled: true,
      escalateAfter: '15m',  // Escalate if unacknowledged
      escalateTo: {
        type: 'email',
        config: { recipients: ['cto@acme.com'] },
      },
    },
  },
});

console.log(alertRule.ruleId);  // 'rule_abc123'

create-digest-rule.ts

// Batch low-severity alerts into a daily digest
const digestRule = await drd.alerts.createRule({
  name: 'Daily Governance Digest',
  enabled: true,
  filter: {
    categories: ['trust.score', 'policy', 'compliance', 'system'],
    severities: ['warning', 'info'],
  },
  channels: [
    {
      type: 'email',
      config: {
        recipients: ['ai-governance@acme.com'],
        format: 'digest',
      },
    },
  ],
  options: {
    batchWindow: '24h',
    deliveryTime: '09:00',
    timezone: 'America/New_York',
    includeMetrics: true,
  },
});

Managing Alerts

List, acknowledge, and resolve alerts. Acknowledging an alert stops the escalation timer. Resolving an alert closes it with a resolution note.

manage-alerts.ts

// List recent alerts
const alerts = await drd.alerts.list({
  status: 'open',
  severity: ['critical', 'high'],
  limit: 20,
});

for (const alert of alerts.items) {
  console.log(alert.severity);    // 'critical'
  console.log(alert.title);       // 'Trust score dropped below threshold'
  console.log(alert.category);    // 'trust.score'
  console.log(alert.createdAt);   // '2026-02-12T10:30:00Z'
}

// Acknowledge an alert (stops escalation)
await drd.alerts.acknowledge('alert_abc123', {
  note: 'Investigating - will resolve within 1 hour',
});

// Resolve an alert
await drd.alerts.resolve('alert_abc123', {
  resolution: 'Root cause identified and fixed. Deployed hotfix v2.1.1.',
});

alert-analytics.ts

// Get alert analytics
const analytics = await drd.alerts.getAnalytics({
  dateRange: {
    from: '2026-01-01T00:00:00Z',
    to: '2026-02-14T23:59:59Z',
  },
  groupBy: 'category',
});

for (const group of analytics.groups) {
  console.log(group.category);               // 'security'
  console.log(group.total);                  // 42
  console.log(group.critical);               // 3
  console.log(group.avgResolutionMinutes);   // 28
  console.log(group.escalationRate);         // 0.07
}

API Endpoints

Complete list of trust alert API endpoints.

GET

/api/alerts

List notifications

GET

/api/alerts/{id}

Get notification details

PATCH

/api/alerts/{id}

Mark as read or archive

POST

/api/alerts/routing

Configure severity routing

GET

/api/alerts/preferences/{userId}

Get user preferences

PUT

/api/alerts/preferences/{userId}

Set user preferences

POST

/api/alerts/webhooks

Create a webhook endpoint

GET

/api/alerts/webhooks

List webhook endpoints

POST

/api/alerts/webhooks/{id}/test

Test a webhook

GET

/api/alerts/webhooks/{id}/deliveries

View delivery history

POST

/api/alerts/rules

Create an alert rule

GET

/api/alerts/rules

List alert rules

PATCH

/api/alerts/rules/{id}

Update an alert rule

DELETE

/api/alerts/rules/{id}

Delete an alert rule

GET

/api/alerts/analytics

Get alert analytics and metrics

POST

/api/alerts/test

Send a test alert

Next Steps

Monitoring

Agent monitoring rules and alerts

Learn more →

Security Audit

Scan agents for vulnerabilities

Learn more →

Trust Connectors

Integrate with external services

Learn more →

Webhooks

Stream alert events to external systems

Learn more →

Notifications

Trust Alerts

Notification Types

DRD generates notifications across eight event categories. Each category can be independently configured for delivery channel, severity filtering, and recipient routing.

monitoring

Agent rule triggers, threshold breaches, and anomaly detections

compliance

Framework status changes, audit completions, and gap alerts

security

Audit findings, credential leaks, and vulnerability discoveries

dmca

Takedown requests, status updates, and counter-notice filings

deepfake

Synthetic content detections and confidence score alerts

score

DRD Score changes, trend reversals, and threshold crossings

federation

Member activity, trust signal updates, and enforcement proposals

system

Platform updates, maintenance windows, and API deprecations

Severity Levels

Every notification is assigned a severity level that determines routing priority and delivery urgency.

emergency

Requires immediate action -- active security breach or critical system failure.

critical

High-priority issue that needs attention within the hour.

warning

Notable event that may require investigation or action.

info

Informational notification for awareness and record-keeping.

Delivery Channels

Notifications can be delivered through multiple channels simultaneously. Configure severity-based routing to ensure the right people get the right alerts at the right time.

In-App

Real-time notifications in the DRD dashboard with full context and action buttons.

Email

Rich HTML emails with event details, direct links, and configurable digest frequency.

Webhook

HMAC-signed HTTP POST payloads to your endpoints with retry and failure tracking.

Slack

Channel messages or DMs with formatted blocks, severity coloring, and action buttons.

SMS

Concise text messages for critical alerts requiring immediate attention. Limited to Critical and High severity by default.

configure-channels.ts

import { DRD } from '@drd/sdk';

const drd = new DRD({ apiKey: process.env.DRD_API_KEY });

// Configure channel routing by severity
await drd.alerts.configureRouting({
  routes: [
    {
      severity: 'emergency',
      channels: ['in_app', 'email', 'webhook', 'slack'],
      escalation: { after: '5m', fallback: 'email' },
    },
    {
      severity: 'critical',
      channels: ['in_app', 'slack', 'webhook'],
    },
    {
      severity: 'warning',
      channels: ['in_app', 'email'],
    },
    {
      severity: 'info',
      channels: ['in_app'],
    },
  ],
});

Notification Preferences

Each team member can customize their notification preferences, filtering by event type, severity, and delivery channel.

notification-preferences.ts

// Set per-user notification preferences
await drd.alerts.setPreferences({
  userId: 'user_abc123',
  preferences: {
    monitoring: {
      channels: ['in_app', 'slack'],
      minSeverity: 'warning',
    },
    compliance: {
      channels: ['email'],
      minSeverity: 'info',
    },
    security: {
      channels: ['in_app', 'email', 'slack'],
      minSeverity: 'info',
    },
    system: {
      channels: ['in_app'],
      minSeverity: 'warning',
    },
  },
  digest: {
    enabled: true,
    frequency: 'daily',
    time: '09:00',
    timezone: 'America/New_York',
  },
});

// Get current preferences
const prefs = await drd.alerts.getPreferences('user_abc123');
console.log(prefs.monitoring.channels);  // ['in_app', 'slack']

Webhooks

Create webhook endpoints to receive alert payloads in your own systems. All webhooks are HMAC-signed for verification and include automatic retry with failure tracking.

POST /api/alerts/webhooks

{
  "name": "SIEM Integration",
  "url": "https://siem.acme.com/api/drd-alerts",
  "secret": "whsec_...",
  "eventTypes": ["security", "monitoring", "compliance"],
  "minSeverity": "warning",
  "headers": {
    "X-Source": "drd-platform"
  }
}

// Response
{
  "webhookId": "wh_abc123",
  "name": "SIEM Integration",
  "url": "https://siem.acme.com/api/drd-alerts",
  "status": "active",
  "createdAt": "2026-02-12T10:00:00Z"
}

webhook-testing.ts

// Test a webhook endpoint
const testResult = await drd.alerts.testWebhook('wh_abc123');
console.log(testResult.success);       // true
console.log(testResult.statusCode);    // 200
console.log(testResult.latency);       // 89 (ms)

// View webhook delivery history
const deliveries = await drd.alerts.getWebhookDeliveries('wh_abc123', {
  since: '7d',
  status: 'failed',
});

for (const d of deliveries.items) {
  console.log(d.eventType);       // 'security.finding'
  console.log(d.statusCode);      // 500
  console.log(d.retryCount);      // 3
  console.log(d.lastAttempt);     // '2026-02-12T10:05:00Z'
}

Event Categories

Alerts are organized into 8 categories covering all aspects of AI governance. Subscribe to specific categories or receive all events.

trust.score

Score changes, threshold crossings, critical drops, recovery

Low - Critical

enforcement

Actions created, escalated, resolved, appealed

Medium - Critical

policy

Violations detected, approvals requested/resolved, policy changes

Low - High

deepfake

Synthetic content detected, identity match found, scan completed

Medium - Critical

security

Credential leaks, vulnerability findings, audit completions

Low - Critical

federation

Member joined/left, enforcement proposals, trust signal updates

Low - High

compliance

Framework violations, report generation, certification expiry

Medium - High

system

API key rotation reminders, rate limit warnings, connector failures

Low - Medium

Alert Configuration

Create alert rules that define which events trigger notifications, what severity levels to include, and which delivery channels to use.

create-alert-rule.ts

import { DRD } from '@drd/sdk';

const drd = new DRD({ apiKey: process.env.DRD_API_KEY });

// Create a critical governance alert rule
const alertRule = await drd.alerts.createRule({
  name: 'Critical Governance Alerts',
  description: 'Notify team of all critical governance events',
  enabled: true,
  filter: {
    categories: ['trust.score', 'enforcement', 'deepfake', 'security'],
    severities: ['critical', 'high'],
    agentIds: [],       // Empty = all agents
  },
  channels: [
    {
      type: 'slack',
      config: {
        webhookUrl: 'https://hooks.slack.com/services/...',
        channel: '#ai-governance-critical',
        mentionUsers: ['@oncall-engineer'],
      },
    },
    {
      type: 'email',
      config: {
        recipients: ['security@acme.com'],
      },
    },
  ],
  options: {
    cooldown: '5m',          // Suppress duplicate alerts for 5 minutes
    batchWindow: null,       // No batching for critical alerts
    escalation: {
      enabled: true,
      escalateAfter: '15m',  // Escalate if unacknowledged
      escalateTo: {
        type: 'email',
        config: { recipients: ['cto@acme.com'] },
      },
    },
  },
});

console.log(alertRule.ruleId);  // 'rule_abc123'

create-digest-rule.ts

// Batch low-severity alerts into a daily digest
const digestRule = await drd.alerts.createRule({
  name: 'Daily Governance Digest',
  enabled: true,
  filter: {
    categories: ['trust.score', 'policy', 'compliance', 'system'],
    severities: ['warning', 'info'],
  },
  channels: [
    {
      type: 'email',
      config: {
        recipients: ['ai-governance@acme.com'],
        format: 'digest',
      },
    },
  ],
  options: {
    batchWindow: '24h',
    deliveryTime: '09:00',
    timezone: 'America/New_York',
    includeMetrics: true,
  },
});

Managing Alerts

List, acknowledge, and resolve alerts. Acknowledging an alert stops the escalation timer. Resolving an alert closes it with a resolution note.

manage-alerts.ts

// List recent alerts
const alerts = await drd.alerts.list({
  status: 'open',
  severity: ['critical', 'high'],
  limit: 20,
});

for (const alert of alerts.items) {
  console.log(alert.severity);    // 'critical'
  console.log(alert.title);       // 'Trust score dropped below threshold'
  console.log(alert.category);    // 'trust.score'
  console.log(alert.createdAt);   // '2026-02-12T10:30:00Z'
}

// Acknowledge an alert (stops escalation)
await drd.alerts.acknowledge('alert_abc123', {
  note: 'Investigating - will resolve within 1 hour',
});

// Resolve an alert
await drd.alerts.resolve('alert_abc123', {
  resolution: 'Root cause identified and fixed. Deployed hotfix v2.1.1.',
});

alert-analytics.ts

// Get alert analytics
const analytics = await drd.alerts.getAnalytics({
  dateRange: {
    from: '2026-01-01T00:00:00Z',
    to: '2026-02-14T23:59:59Z',
  },
  groupBy: 'category',
});

for (const group of analytics.groups) {
  console.log(group.category);               // 'security'
  console.log(group.total);                  // 42
  console.log(group.critical);               // 3
  console.log(group.avgResolutionMinutes);   // 28
  console.log(group.escalationRate);         // 0.07
}

API Endpoints

Complete list of trust alert API endpoints.

GET

/api/alerts

List notifications

GET

/api/alerts/{id}

Get notification details

PATCH

/api/alerts/{id}

Mark as read or archive

POST

/api/alerts/routing

Configure severity routing

GET

/api/alerts/preferences/{userId}

Get user preferences

PUT

/api/alerts/preferences/{userId}

Set user preferences

POST

/api/alerts/webhooks

Create a webhook endpoint

GET

/api/alerts/webhooks

List webhook endpoints

POST

/api/alerts/webhooks/{id}/test

Test a webhook

GET

/api/alerts/webhooks/{id}/deliveries

View delivery history

POST

/api/alerts/rules

Create an alert rule

GET

/api/alerts/rules

List alert rules

PATCH

/api/alerts/rules/{id}

Update an alert rule

DELETE

/api/alerts/rules/{id}

Delete an alert rule

GET

/api/alerts/analytics

Get alert analytics and metrics

POST

/api/alerts/test

Send a test alert

Next Steps

Monitoring

Agent monitoring rules and alerts

Learn more →

Security Audit

Scan agents for vulnerabilities

Learn more →

Trust Connectors

Integrate with external services

Learn more →

Webhooks

Stream alert events to external systems

Learn more →