Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/nicolas344/Sentinel-SoftServe/llms.txt

Use this file to discover all available pages before exploring further.

The Incidents API is the core of Sentinel SoftServe. It exposes endpoints to list, create, and inspect incidents, manage their lifecycle status, generate and save post-mortems, export full incident bundles, query relevant runbooks from ChromaDB, find similar past incidents via episodic memory, and fetch live Prometheus metrics. All endpoints require a valid Supabase JWT Bearer token.

Incident Status Lifecycle

Incidents move through the following statuses as the LangGraph agent pipeline and human operators interact with them:
StatusDescription
detectedIncident created; not yet analyzed
investigatingAgent is gathering logs and metrics
analyzedAgent has produced a diagnosis and proposed action
awaiting_approvalProposed action is pending human review
executing_solutionAction is actively being executed
verifyingPost-execution verification in progress
resolvedIncident fully resolved
failedExecution failed or action was rejected
resolved and failed are terminal statuses. The active filter alias matches all non-terminal statuses.

GET /api/incidents

List all incidents with optional filtering and pagination. Auth required: Yes
source_type
string
Filter by incident source. One of container, database, or manual.
container_runtime
string
Filter by container runtime. One of docker, podman, or kubernetes.
severity
string
Filter by severity level. One of critical, high, medium, or low.
status
string
Filter by status. Pass an exact StatusType value, or the special alias active to return all incidents not in resolved or failed.
page
integer
default:"1"
Page number (1-based).
limit
integer
default:"20"
Number of incidents per page.
Response
data
array
Array of incident objects for the current page.
total
integer
Total number of incidents matching the applied filters.
page
integer
Current page number.
limit
integer
Page size used for this response.
pages
integer
Total number of pages (ceil(total / limit)).
curl -H "Authorization: Bearer $TOKEN" \
  "https://sentinel-softserve.onrender.com/api/incidents?status=active&severity=critical&page=1&limit=10"

POST /api/incidents

Create a manual incident and immediately trigger the LangGraph analysis pipeline as a background task. Auth required: Yes
Status code: 201 Created
title
string
required
Short description of the incident. Maximum 200 characters.
target
string
required
The affected resource — a container name, database name, or service identifier. Maximum 100 characters.
severity
string
required
Severity level: critical, high, medium, or low.
source_type
string
default:"manual"
Origin of the incident: container, database, or manual.
description
string
Optional free-text description or initial log snippet. Maximum 5000 characters. Stored as the incident’s initial logs field.
When source_type is container, container_runtime defaults to docker. For database and manual sources, container_runtime is set to null.
curl -X POST \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "API gateway returning 503",
    "target": "api-gateway",
    "severity": "high",
    "source_type": "container",
    "description": "Health check endpoint returning 503 since 14:32 UTC"
  }' \
  https://sentinel-softserve.onrender.com/api/incidents

GET /api/incidents/

Retrieve a single incident by its UUID. Auth required: Yes
incident_id
string
required
UUID of the incident.
Returns 404 Not Found with {"detail": "Incidente no encontrado"} if the ID does not exist.
curl -H "Authorization: Bearer $TOKEN" \
  https://sentinel-softserve.onrender.com/api/incidents/a1b2c3d4-e5f6-7890-abcd-ef1234567890

PATCH /api/incidents//status

Update the status of an incident. If the new status is resolved, a post-mortem generation job is queued as a background task. Auth required: Yes
incident_id
string
required
UUID of the incident.
status
string
required
The new status. Must be a valid StatusType: detected, investigating, analyzed, awaiting_approval, executing_solution, verifying, resolved, or failed.
Setting status to resolved also writes the current UTC timestamp to resolved_at and schedules post-mortem generation in the background.
curl -X PATCH \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"status": "resolved"}' \
  https://sentinel-softserve.onrender.com/api/incidents/a1b2c3d4-.../status

GET /api/incidents//post-mortem

Retrieve the post-mortem report for an incident. If the incident is resolved but no post-mortem has been saved yet, one is generated on demand synchronously. Auth required: Yes
incident_id
string
required
UUID of the incident.
incident_id
string
UUID of the incident.
status
string
Current incident status.
content
string
Markdown-formatted post-mortem content. Empty string if not yet available.
updated_at
string
ISO 8601 timestamp of the last update, or null.
generated
boolean
true if the post-mortem was generated on-demand during this request rather than loaded from a previously saved value.
curl -H "Authorization: Bearer $TOKEN" \
  https://sentinel-softserve.onrender.com/api/incidents/a1b2c3d4-.../post-mortem

PUT /api/incidents//post-mortem

Save or overwrite the post-mortem content for an incident. Useful for human-edited post-mortems after review. Auth required: Yes
incident_id
string
required
UUID of the incident.
content
string
required
Markdown string. Minimum 1 character, maximum 100,000 characters.
curl -X PUT \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"content": "## Post-Mortem\n\nEdited by on-call engineer..."}' \
  https://sentinel-softserve.onrender.com/api/incidents/a1b2c3d4-.../post-mortem

GET /api/incidents//export

Export a complete incident bundle for archiving or sharing. Supports JSON and Markdown formats. Auth required: Yes
incident_id
string
required
UUID of the incident.
format
string
default:"json"
Output format: json or markdown. Any other value returns 400 Bad Request.
The JSON export payload includes the following top-level keys:
KeyDescription
metadataCore incident fields (title, severity, status, timestamps)
evidence.logsRaw log content captured during investigation
evidence.metrics_snapshotPrometheus metrics snapshot taken at incident time
evidence.agent_reasoningLangGraph agent’s step-by-step analysis
timelineOrdered list of status transitions with timestamps
decisionsProposed and executed actions with outcomes
actionsDetailed action execution records
post_mortemPost-mortem Markdown content (if available)
curl -H "Authorization: Bearer $TOKEN" \
  "https://sentinel-softserve.onrender.com/api/incidents/a1b2c3d4-.../export?format=json"

GET /api/incidents//runbooks

Retrieve up to 5 relevant runbooks from the ChromaDB vector store for this incident. Runbooks are matched using semantic similarity against the incident’s incident_type and title. Auth required: Yes
incident_id
string
required
UUID of the incident.
q
string
Optional custom query string to override the default search query ({incident_type} {title}). Useful for targeted runbook lookups.
The runbook collection queried is determined by the incident’s source_type and container_runtime:
SourceRuntimeChromaDB Collection
containerdockerrunbooks-docker
containerpodmanrunbooks-podman
containerkubernetesrunbooks-kubernetes
databaserunbooks-postgres
title
string
Runbook title extracted from the RUNBOOK: <title> line in the document.
content
string
Full runbook text content.
curl -H "Authorization: Bearer $TOKEN" \
  "https://sentinel-softserve.onrender.com/api/incidents/a1b2c3d4-.../runbooks"

GET /api/incidents//similar

Find up to 5 similar past incidents using ChromaDB episodic memory. The query is built from the incident’s incident_type and title. The current incident is excluded from results. Auth required: Yes
incident_id
string
required
UUID of the incident.
Returns an array of incident objects. The collection queried mirrors the runbook collection selection logic (incidents-docker, incidents-postgres, etc.).
curl -H "Authorization: Bearer $TOKEN" \
  https://sentinel-softserve.onrender.com/api/incidents/a1b2c3d4-.../similar

GET /api/incidents//metrics

Fetch the current live Prometheus metrics for the incident’s target resource. If Prometheus is unreachable but a metrics_snapshot was captured at incident creation time, the snapshot is returned as a fallback. Auth required: Yes
incident_id
string
required
UUID of the incident.
Metric source depends on source_type:
source_typeData sourceQuery
databasePrometheus → PostgreSQL exporterQueries using datname extracted from target (postgres/<datname>)
containerPrometheus → cAdvisorQueries using the container name as target
Returns 503 Service Unavailable if Prometheus is unreachable and no metrics_snapshot fallback exists.
curl -H "Authorization: Bearer $TOKEN" \
  https://sentinel-softserve.onrender.com/api/incidents/a1b2c3d4-.../metrics

Build docs developers (and LLMs) love