Skip to main content
Panguard Chat is configured via a JSON file located at ~/.panguard-chat/config.json. This file manages notification channel credentials, formatting preferences, and delivery settings.

Configuration File Location

~/.panguard-chat/config.json
Sensitive fields (API tokens, passwords, webhook URLs) are encrypted using AES-256-GCM after initial setup. Do not manually edit encrypted fields — use panguard chat setup to reconfigure channels instead.

Full Configuration Example

{
  "channels": {
    "telegram": {
      "enabled": true,
      "botToken": "ENC:v1:...",
      "chatId": "ENC:v1:...",
      "parseMode": "HTML",
      "disablePreview": true
    },
    "slack": {
      "enabled": false,
      "webhookUrl": "ENC:v1:...",
      "channel": "#security-alerts",
      "username": "Panguard AI",
      "iconEmoji": ":shield:"
    },
    "email": {
      "enabled": false,
      "smtp": {
        "host": "smtp.gmail.com",
        "port": 587,
        "secure": true,
        "auth": {
          "user": "alerts@example.com",
          "pass": "ENC:v1:..."
        }
      },
      "from": "Panguard AI <alerts@example.com>",
      "to": ["admin@example.com"],
      "subjectPrefix": "[Panguard]"
    },
    "webhook": {
      "enabled": false,
      "url": "ENC:v1:...",
      "method": "POST",
      "headers": {
        "X-Custom-Header": "panguard"
      },
      "timeout": 10000
    }
  },
  "preferences": {
    "language": "en",
    "minSeverity": "medium",
    "cooldownMinutes": 15,
    "batchWindow": 60,
    "includeDetails": true,
    "includeRecommendations": true
  }
}

Channel Configuration

Telegram

FieldTypeDescription
enabledbooleanEnable Telegram notifications
botTokenstringBot API token from @BotFather (encrypted after setup)
chatIdstringTarget chat/group ID (encrypted after setup)
parseModestringMessage format: HTML or Markdown
disablePreviewbooleanDisable link previews in messages
panguard chat setup telegram
The CLI will prompt for:
  1. Bot token (from @BotFather)
  2. Chat ID (send a message to your bot first, then the CLI detects it)
Alternatively, set values directly:
panguard chat setup telegram --bot-token YOUR_TOKEN --chat-id YOUR_CHAT_ID
You must send a message to your bot first before it can send messages to you. This is a Telegram Bot API requirement.

Slack

FieldTypeDescription
enabledbooleanEnable Slack notifications
webhookUrlstringIncoming webhook URL (encrypted after setup)
channelstringTarget channel (overrides webhook default)
usernamestringBot display name
iconEmojistringBot icon emoji
panguard chat setup slack
Requires a Slack Incoming Webhook URL. Create one at:
  1. Go to api.slack.com/apps
  2. Create or select an app
  3. Enable Incoming Webhooks
  4. Add a webhook to your workspace
  5. Copy the webhook URL

Email

FieldTypeDescription
enabledbooleanEnable email notifications
smtp.hoststringSMTP server hostname
smtp.portnumberSMTP port (587 for TLS, 465 for SSL)
smtp.securebooleanUse TLS/SSL
smtp.auth.userstringSMTP username
smtp.auth.passstringSMTP password (encrypted after setup)
fromstringSender email address
tostring[]Recipient email addresses
subjectPrefixstringPrefix for email subject lines
panguard chat setup email
The CLI prompts for SMTP configuration. Common providers:
ProviderHostPort
Gmailsmtp.gmail.com587
Outlooksmtp.office365.com587
SendGridsmtp.sendgrid.net587
AWS SESemail-smtp.REGION.amazonaws.com587
For Gmail, use an App Password rather than your account password.

Webhook

FieldTypeDescription
enabledbooleanEnable webhook notifications
urlstringWebhook endpoint URL (encrypted after setup)
methodstringHTTP method: POST or PUT
headersobjectCustom HTTP headers to include
timeoutnumberRequest timeout in milliseconds
{
  "event": "threat_detected",
  "severity": "high",
  "hostname": "web-server-1",
  "type": "brute_force",
  "details": {
    "sourceIp": "198.51.100.42",
    "attempts": 150
  },
  "timestamp": "2026-03-07T08:15:00.000Z",
  "actionTaken": "ip_blocked"
}

Preferences

FieldTypeDefaultDescription
languagestringenNotification language (en, zh-TW, ja)
minSeveritystringmediumMinimum severity to send: low, medium, high, critical
cooldownMinutesnumber15Minimum interval between duplicate alerts
batchWindownumber60Seconds to batch related events before sending
includeDetailsbooleantrueInclude technical details in notifications
includeRecommendationsbooleantrueInclude AI-generated response recommendations

Encryption Details

Sensitive fields are encrypted at rest using AES-256-GCM:
  • Encrypted values are prefixed with ENC:v1:
  • The encryption key is derived from a machine-specific identifier
  • Encryption happens automatically during panguard chat setup
  • The CLI decrypts values transparently when sending notifications
Never manually edit fields prefixed with ENC:v1:. This will corrupt the encrypted data and break notification delivery. Always use panguard chat setup to modify credentials.

Testing Notifications

Verify your configuration by sending a test notification: 
# Test all enabled channels
panguard chat test

# Test a specific channel
panguard chat test --channel telegram