Team Notification Workflows

AI review comments on a PR are useful, but they only help if the right people see them at the right time. This lesson sets up notification workflows so security findings reach your security lead, review summaries land in Slack, and developers get pinged when their PR needs attention.

<Prerequisites items={["Repository connected with review rules configured", "Slack or Microsoft Teams workspace", "OpenClaw Gateway running"]} />

Notification Architecture

  Review Complete              Router                  Destinations
  ┌──────────────┐      ┌──────────────┐      ┌────────────────────┐
  │ 8 findings   │      │              │      │ #dev-reviews (all) │
  │ 3 HIGH       │─────>│  Route by:   │─────>│ #security (HIGH)   │
  │ 2 MEDIUM     │      │  severity    │      │ @dev (DM)          │
  │ 3 LOW        │      │  category    │      │ Email (weekly)     │
  └──────────────┘      │  author      │      └────────────────────┘
                         └──────────────┘

Add your Slack workspace to OpenClaw for posting review notifications.

To get a webhook URL: go to Slack > Apps > Incoming Webhooks > Add New Webhook and select your channel.

Route different findings to different channels based on severity and category.

- name: security-alerts
  trigger: finding
  severity: [critical, high]
  category: security
  channel: "#security"
  format: detailed
  mention: "@security-team"

- name: author-dm
  trigger: review_complete
  target: pr_author
  format: summary
  only_if: has_findings

- name: weekly-digest
  trigger: schedule
  schedule: "0 9 * * MON"
  channel: "#engineering"
  format: digest
  period: 7d`}

OpenClaw supports three notification formats: summary, detailed, and digest.

A concise overview posted to a channel. Good for team visibility.

Findings: 🔒 1 security (HIGH) — SQL injection in users/route.ts ⚡ 2 performance — N+1 query, unnecessary re-render 🧹 3 code quality — console.log, missing types

Status: ❌ Blocked (1 HIGH finding) View PR: https://github.com/your-org/your-repo/pull/42`}

Full finding details with code snippets. Used for security alerts.

PR #42: "Add user authentication" File: src/app/api/users/route.ts:23 Author: @jane

Code: const user = await db.query( SELECT * FROM users WHERE id = ${params.id} );

Risk: User input interpolated in SQL query. Fix: Use parameterized query with $1 placeholder.

Action needed: Fix before merge. View: https://github.com/.../pull/42#L23`}

Weekly summary for engineering leads. Shows trends and patterns.

PRs reviewed: 23 Findings: 47 total 🔒 Security: 3 (all resolved) ⚡ Performance: 12 (8 resolved) 🧹 Quality: 32 (25 resolved)

Top issues this week:

1. Missing error handling (7 occurrences)
2. Console.log in production code (5)
3. Untyped function parameters (4)

Average review time: 1.8 minutes Merge block rate: 13% of PRs`}

For critical findings that go unaddressed, configure escalation.

Send a test notification to verify routing works.

Rule: all-reviews Channel: #dev-reviews Format: summary ✓ Webhook reachable ✓ Sample message formatted

Rule: security-alerts Channel: #security Format: detailed Mention: @security-team ✓ Webhook reachable ✓ Sample message formatted

Rule: author-dm Target: PR author (DM) ✓ Bot has DM permissions

Rule: weekly-digest Channel: #engineering Schedule: Mondays 9:00 AM ✓ Scheduler registered

All 4 notification rules validated. Send live test? openclaw notifications test --send`}

If your team uses Microsoft Teams instead of Slack, the setup is similar.

Teams notifications use Adaptive Cards for a richer visual experience, including expandable sections and action buttons.

Send notifications to any HTTP endpoint — PagerDuty, Jira, or your internal tools.