stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
c58a236d70742082c8dda5a967972d08424732f2
git.stella-ops.org/docs/doctor/articles/integration/teams-webhook.md
master c58a236d70 Doctor plugin checks: implement health check classes and documentation 
Implement remediation-aware health checks across all Doctor plugin modules
(Agent, Attestor, Auth, BinaryAnalysis, Compliance, Crypto, Environment,
EvidenceLocker, Notify, Observability, Operations, Policy, Postgres, Release,
Scanner, Storage, Vex) and their backing library counterparts (AI, Attestation,
Authority, Core, Cryptography, Database, Docker, Integration, Notify,
Observability, Security, ServiceGraph, Sources, Verification).

Each check now emits structured remediation metadata (severity, category,
runbook links, and fix suggestions) consumed by the Doctor dashboard
remediation panel.

Also adds:
- docs/doctor/articles/ knowledge base for check explanations
- Advisory AI search seed and allowlist updates for doctor content
- Sprint plan for doctor checks documentation

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-27 12:28:00 +02:00

2.7 KiB
Raw Blame History

checkId, plugin, severity, tags
checkId plugin severity tags
check.integration.teams stellaops.doctor.integration info
notification
teams
webhook

Teams Webhook

What It Checks

Reads the Microsoft Teams webhook URL from Teams:WebhookUrl or Notify:Teams:WebhookUrl. First validates the URL format: warns if the URL does not contain webhook.office.com or teams.microsoft.com. Then tests host reachability by sending an HTTP GET to the base URL of the webhook host. The check passes if the Teams host is reachable, warns if the host is unreachable or if the URL format is suspicious. Does not send an actual webhook payload to avoid generating noise in the Teams channel.

Why It Matters

Microsoft Teams notifications keep operators informed about deployment status, policy violations, security findings, and approval requests. A misconfigured or unreachable Teams webhook means critical alerts go undelivered, potentially delaying incident response and approval workflows. For organizations standardized on Microsoft 365, Teams may be the primary notification channel.

Common Causes

  • Network connectivity issues between Stella Ops and Microsoft services
  • Firewall blocking outbound HTTPS to webhook.office.com
  • Proxy misconfiguration preventing external HTTPS
  • Webhook URL is malformed or was copied incorrectly
  • Teams webhook connector has been removed or regenerated
  • Microsoft has migrated to a new webhook URL domain

How to Fix

Docker Compose

# Check Teams webhook configuration
grep 'TEAMS__WEBHOOKURL\|NOTIFY__TEAMS' .env

# Test connectivity to Teams webhook host
docker compose exec gateway curl -sv https://webhook.office.com/ -o /dev/null

# Update webhook URL
echo 'Teams__WebhookUrl=https://webhook.office.com/webhookb2/...' >> .env
docker compose restart platform

# If behind a proxy
echo 'HTTP_PROXY=http://proxy:8080' >> .env
echo 'HTTPS_PROXY=http://proxy:8080' >> .env
docker compose restart platform

Bare Metal / systemd

# Verify configuration
cat /etc/stellaops/appsettings.Production.json | jq '.Teams'

# Test connectivity
curl -sv https://webhook.office.com/ -o /dev/null

# Update webhook URL
sudo nano /etc/stellaops/appsettings.Production.json
sudo systemctl restart stellaops-platform

Kubernetes / Helm

# values.yaml
teams:
  webhookUrl: https://webhook.office.com/webhookb2/...
  # or use an existing secret
  existingSecret: stellaops-teams-webhook

helm upgrade stellaops ./chart -f values.yaml

Verification

stella doctor run --check check.integration.teams

Related Checks

  • check.integration.slack -- Slack webhook (alternative notification channel)
  • check.integration.webhooks -- general webhook health monitoring