Skip to content

feat(cli): surface monit diagnose evidence#83

Merged
ysyneu merged 29 commits into
feat/api-review-auto-fixfrom
codex/monit-query-evidence-cli
Jul 14, 2026
Merged

feat(cli): surface monit diagnose evidence#83
ysyneu merged 29 commits into
feat/api-review-auto-fixfrom
codex/monit-query-evidence-cli

Conversation

@ysyneu

@ysyneu ysyneu commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Summary

  • upgrade go-flashduty so monit-query diagnose decodes the v2 RFC 3339 evidence response
  • generate operation-aware oneOf response help and retain property-level descriptions
  • refresh public command coverage, excluding three JWT-only operations
  • remove the ignored automation --dedup-key flag

Validation

  • make check
  • make check-cards
  • runner sandbox command-path verification for fduty monit-query diagnose --help

Depends on flashcatcloud/go-flashduty#29 and documents the public contract in flashcatcloud/flashduty-docs#173.

dependabot Bot and others added 29 commits June 25, 2026 04:43
Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v6...v7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
…ctions/checkout-7

chore(deps): bump actions/checkout from 6 to 7
…2a-openapi

chore: update go-flashduty SDK
fix: document automation schedules as UTC
…ination

Schedule/oncall output returns `person_id`s — a different id namespace from
`member_id`. The schedule.md card and the `oncall who` help told agents to
resolve names by joining `fduty member list` on `member_id`: wrong namespace,
and it forces a full-roster scan that silently drops people on later pages.
In prod this produced a confidently-incomplete on-call answer (a responder on
page 21 of 22 was missed).

The batch resolver already exists: `fduty person infos <person_id> ...`
(POST /person/infos) returns person_id + person_name in one call. Point the
cards and the oncall help at it, and warn that person_id != member_id.

- schedule.md: replace the member_id-join flow with `person infos`
- member.md: cross-reference `person infos`; add a person_id gotcha
- oncall.go: correct the `oncall who` Long help (table already enriches names;
  use `person infos` for raw ids elsewhere)

Surfaced by /audit-ai-sre-sessions (run audit-2026-06-26):
sess_8fKpUejeyKfHt2hx5XNSsc, sess_UtK6eDMFY4TVZCSAj64gKF.
…id 0`, never via fired alerts

`rule-counter-status` 400s "too many rules" on large accounts, and a guessed
`--folder-id N` 400s "Folder not found". With both paths blocked, a prod agent
fell back to FIRED alerts (`insight top-alerts 90d`) as a proxy for CONFIGURED
rules and produced a confidently-wrong coverage report — marking P0 checks as
"missing" when it had only verified them as not-fired-in-90d.

The enumerate-all path already exists: `rule-list-basic --folder-id 0` returns
every configured rule with no folder id needed. Make it the documented path,
add the two-error fallback, and add a hard CONFIGURED != FIRED warning.

monit.md only (skill card; edits are outside the GENERATED fence).

Note: `rule-counter-status` itself cannot be scoped/paginated from the CLI —
the SDK `ReadCounterStatus(ctx)` and `POST /monit/rule/counter/status` take no
params; making it not 400 on large accounts is backend work, out of scope here.

Surfaced by /audit-ai-sre-sessions (run audit-2026-06-26): sess_DiRDzjygi4NuYyAcsgzB6o.
… list

The first commit on this branch claimed `rule-list-basic --folder-id 0` lists
all rules. That is FALSE — verified against the live API (400 "Folder not
found") and confirmed in monit-webapi: ListRuleBasic -> SafeFolder ->
GetByID(0) -> nil -> 400. `rule-list-basic` also returns only a folder's
DIRECT rules, not its descendants, and there is no account-wide rule list;
`rule-counter-status`/`rule-status` abort with "too many rules" past a server
cap (default 100).

Corrected guidance: enumerate by walking the folder tree (rule-counter-status
-> rule-status -> rule-list-basic per node); past the cap, report the limit
honestly ("cannot fully enumerate configured rules on this account") instead of
fabricating a completeness %. Kept the CONFIGURED != FIRED guardrail. The
generated `--folder-id` help ("0 to list all accessible rules") is a known
SDK/OpenAPI bug, flagged for a backend round.

Surfaced by /audit-ai-sre-sessions (run audit-2026-06-26): sess_DiRDzjygi4NuYyAcsgzB6o.
…it-agent probes

P6 — incident-summary.sh dumped ~80K chars of toon per incident (81042/79075
in the audited sessions), most of it empty boilerplate, overflowing the inline
output cap and forcing 3-4 sequential reads to page it back in. Root cause: the
script appended `--output-format toon` to every command, which takes each verb's
machine-readable branch and marshals the full raw response object (every empty
field on `incident detail`, plus heavy blobs like a change's `labels.steps`).
The DEFAULT (table/summary) renderer of each of these read verbs is a curated
projection of exactly the summary-relevant fields (id/severity/status/title/
channel/timestamps/ai_summary/root_cause/…). Fix: drop `--output-format toon`
from run() so each command uses its lean default renderer; that default IS the
field projection a fault summary needs. Kept all six commands, set -uo pipefail,
and the read-only "print real output" intent.

P8 — monit-agent.md: parallelizing multiple probes against the SAME host hit the
per-target concurrency limit and returned `code=overloaded`, forcing an identical
retry that re-sent the growing context. Added a Gotchas line steering fan-out to
serialize probes per target (batch a host's tools into one `invoke`) and
parallelize only across distinct targets.

Evidence: audit run audit-2026-06-26, sessions sess_TRdrnq5oA345qF66GgbYrY (P6)
and sess_QmoruPkRjrwA2tcHvEbNvT (P8). Surfaced by /audit-ai-sre-sessions.

These two files are kept byte-identical with their embedded copies in fc-safari
(logic/runtime/bootstrap/skills/flashduty/); mirrored there in a linked PR.
…space-disambiguation-main

docs(skill): disambiguate Flashcat workspace spaces
@ysyneu ysyneu merged commit c3af496 into feat/api-review-auto-fix Jul 14, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants