Doctor plugin checks: implement health check classes and documentation

Implement remediation-aware health checks across all Doctor plugin modules (Agent, Attestor, Auth, BinaryAnalysis, Compliance, Crypto, Environment, EvidenceLocker, Notify, Observability, Operations, Policy, Postgres, Release, Scanner, Storage, Vex) and their backing library counterparts (AI, Attestation, Authority, Core, Cryptography, Database, Docker, Integration, Notify, Observability, Security, ServiceGraph, Sources, Verification). Each check now emits structured remediation metadata (severity, category, runbook links, and fix suggestions) consumed by the Doctor dashboard remediation panel. Also adds: - docs/doctor/articles/ knowledge base for check explanations - Advisory AI search seed and allowlist updates for doctor content - Sprint plan for doctor checks documentation Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-27 12:28:00 +02:00
parent fbd24e71de
commit c58a236d70
326 changed files with 18500 additions and 463 deletions
--- a/docs/doctor/articles/integration/slack-webhook.md
+++ b/docs/doctor/articles/integration/slack-webhook.md
@@ -0,0 +1,74 @@
+---
+checkId: check.integration.slack
+plugin: stellaops.doctor.integration
+severity: info
+tags: [notification, slack, webhook]
+---
+# Slack Webhook
+
+## What It Checks
+Reads the Slack webhook URL from `Slack:WebhookUrl` or `Notify:Slack:WebhookUrl`. First validates the URL format: **warns** if the URL does not start with `https://hooks.slack.com/`. Then tests host reachability by sending an HTTP GET to the base URL (`https://hooks.slack.com`). The check **passes** if the Slack host is reachable, **warns** if the host is unreachable or if the URL format is suspicious. Does not send an actual webhook payload to avoid generating noise in the Slack channel.
+
+## Why It Matters
+Slack notifications keep operators informed about deployment status, policy violations, security findings, and approval requests in real time. A misconfigured or unreachable Slack webhook means critical alerts go undelivered, potentially delaying incident response, approval workflows, or security remediation.
+
+## Common Causes
+- Network connectivity issues between Stella Ops and Slack
+- Firewall blocking outbound HTTPS to `hooks.slack.com`
+- Proxy misconfiguration preventing external HTTPS
+- Webhook URL is malformed or points to the wrong service
+- Slack webhook URL has been regenerated (old URL invalidated)
+
+## How to Fix
+
+### Docker Compose
+```bash
+# Check Slack webhook configuration
+grep 'SLACK__WEBHOOKURL\|NOTIFY__SLACK' .env
+
+# Test connectivity to Slack
+docker compose exec gateway curl -sv https://hooks.slack.com/ -o /dev/null
+
+# Update webhook URL
+echo 'Slack__WebhookUrl=https://hooks.slack.com/services/T.../B.../xxx' >> .env
+docker compose restart platform
+
+# If behind a proxy
+echo 'HTTP_PROXY=http://proxy:8080' >> .env
+echo 'HTTPS_PROXY=http://proxy:8080' >> .env
+docker compose restart platform
+```
+
+### Bare Metal / systemd
+```bash
+# Verify configuration
+cat /etc/stellaops/appsettings.Production.json | jq '.Slack'
+
+# Test connectivity
+curl -sv https://hooks.slack.com/ -o /dev/null
+
+# Update webhook URL
+sudo nano /etc/stellaops/appsettings.Production.json
+sudo systemctl restart stellaops-platform
+```
+
+### Kubernetes / Helm
+```yaml
+# values.yaml
+slack:
+  webhookUrl: https://hooks.slack.com/services/T.../B.../xxx
+  # or use an existing secret
+  existingSecret: stellaops-slack-webhook
+```
+```bash
+helm upgrade stellaops ./chart -f values.yaml
+```
+
+## Verification
+```
+stella doctor run --check check.integration.slack
+```
+
+## Related Checks
+- `check.integration.teams` -- Microsoft Teams webhook (alternative notification channel)
+- `check.integration.webhooks` -- general webhook health monitoring