diff --git a/skills/flashduty/SKILL.md b/skills/flashduty/SKILL.md index 093b655..e0fdbea 100644 --- a/skills/flashduty/SKILL.md +++ b/skills/flashduty/SKILL.md @@ -71,3 +71,4 @@ Some asks span several commands. For those the skill ships a script that fetches | route / 分派路由 / alert routing 告警路由 / integration routing 集成路由 / routing case 路由用例 | **`reference/route.md`** | | RUM / real user monitoring / 真实用户监控 / frontend 前端 / application 应用 / issue | **`reference/rum.md`** | | status page / 状态页 / public incident 公开事件 / public timeline 公开时间线 / maintenance window 维护窗口 / subscriber 订阅者 | **`reference/status-page.md`** | +| AI-SRE platform / customize / 安装配置 MCP server (connector) 连接器 / install mcp / skill upload 上传技能 / A2A agent / session export 会话导出 | **`reference/safari.md`** | diff --git a/skills/flashduty/reference/safari.md b/skills/flashduty/reference/safari.md new file mode 100644 index 0000000..b94ed7e --- /dev/null +++ b/skills/flashduty/reference/safari.md @@ -0,0 +1,231 @@ +# fduty safari — command card + +Prereq: `SKILL.md` read. This is the **AI-SRE platform self-management** group: install/configure the account's own **MCP servers (connectors)**, **skills**, and **A2A agents**, plus inspect **sessions**. Mutating verbs (`create`, `update`, `delete`, `upload`) change account configuration — confirm before running. `delete` is **irreversible**. + +> Registering an MCP server is THIS group (`fduty safari mcp-server-create`) — **not** a tool search. A tool search only discovers callable tools on servers already connected to you; it can neither register nor configure one. + +## Route here when + +"安装 / 添加 / 配置 MCP / connector / 连接器 / install mcp / add mcp server / 上传 skill / 自定义 skill / skill upload / A2A agent / customize / AI-SRE 平台配置 / session 导出" → **safari**. Key IDs: **`server_id`** (`mcp_…`) from `mcp-server-list`; **`skill_id`** from `skill-list`; **`agent_id`** from `a2a-agent-list`; **`session_id`** (`sess_…`). + +## Intent → verb + +| want | verb | +|---|---| +| list MCP servers / connectors | `mcp-server-list` | +| install / register an MCP server | `mcp-server-create` | +| change an MCP server's config | `mcp-server-update` | +| turn an MCP server on / off | `mcp-server-enable` / `mcp-server-disable` | +| inspect one MCP server (+ live tool probe) | `mcp-server-get` | +| remove an MCP server | `mcp-server-delete` | +| list / upload / update a skill | `skill-list` / `skill-upload` / `skill-update` | +| enable / disable / delete a skill | `skill-enable` / `skill-disable` / `skill-delete` | +| list / create / update an A2A agent | `a2a-agent-list` / `a2a-agent-create` / `a2a-agent-update` | +| enable / disable / delete an A2A agent | `a2a-agent-enable` / `a2a-agent-disable` / `a2a-agent-delete` | +| list / get / export / delete a session | `session-list` / `session-get` / `session-export` / `session-delete` | + +## Hot flow — install an MCP server + +Pass the nested `env` / `headers` objects through `--data` (they have no scalar flags); `args` has a repeatable `--args` flag but is shown via `--data` below for one-line copy-paste. + +```bash +# stdio (local process): command + args + secrets via env +fduty safari mcp-server-create --data '{"server_name":"GitHub Tools","transport":"stdio","description":"Read issues and pull requests from GitHub.","command":"npx","args":["-y","@modelcontextprotocol/server-github"],"env":{"GITHUB_TOKEN":"ghp_xxx"},"team_id":0,"status":"enabled"}' + +# remote (streamable-http) with per-user OAuth — oauth_metadata stays empty (auto-discovered + DCR at runtime) +fduty safari mcp-server-create --data '{"server_name":"Aliyun OpenAPI","transport":"streamable-http","description":"Alibaba Cloud OpenAPI MCP.","url":"https://openapi-mcp.example.com/mcp","auth_mode":"per_user_oauth","team_id":0,"status":"enabled"}' + +# confirm it registered, then inspect its live tool catalogue +fduty safari mcp-server-list --output-format toon +fduty safari mcp-server-get --data '{"server_id":"mcp_xxx"}' +``` + + + +### a2a-agent-create +Create A2A agent +- `--agent-name` string (required) — Agent display name. (≤128 chars) +- `--auth-mode` string — Authentication mode: shared (default), per_user_secret, or per_user_oauth. +- `--auth-type` string — Authentication type for the remote agent. +- `--card-url` string (required) — URL of the remote agent card. +- `--description` string — Agent description. +- `--oauth-metadata` string — JSON OAuth metadata; reserved for per_user_oauth. +- `--secret-schema` string — JSON secret schema; required when auth_mode=per_user_secret. +- `--streaming` bool — Whether the remote agent supports streaming. +- `--team-id` int64 — Team scope: 0 = account-wide; >0 = team. +- body-only (`--data`): auth_config (object) + +### a2a-agent-delete +Delete A2A agent +- `` (positional, required) string — Target agent ID. + +### a2a-agent-disable +Disable A2A agent +- `` (positional, required) string — Target agent ID. + +### a2a-agent-enable +Enable A2A agent +- `` (positional, required) string — Target agent ID. + +### a2a-agent-get +Get A2A agent detail +- `` (positional, required) string — Target agent ID. + +### a2a-agent-list +List A2A agents +- `--include-account` bool — Include account-scoped (team_id=0) rows. Defaults to true. +- `--limit` int64 — Page size. +- `--offset` int64 — Row offset for pagination. +- `--team-ids` intSlice — Filter to these team IDs; empty = the caller's visible set. + +### a2a-agent-update +Update A2A agent +- `` (positional, required) string — Target agent ID. +- `--agent-name` string — New display name. Omit to leave unchanged. (≤128 chars) +- `--auth-mode` string — New auth mode: shared, per_user_secret, or per_user_oauth. +- `--auth-type` string — New auth type. Omit to leave unchanged. +- `--card-url` string — New card URL. Omit to leave unchanged. +- `--description` string — New description. Omit to leave unchanged. +- `--oauth-metadata` string — New JSON OAuth metadata. +- `--secret-schema` string — New JSON secret schema. +- `--streaming` bool — Toggle streaming support. Omit to leave unchanged. +- `--team-id` int64 — Reassign team scope. Omit to leave unchanged. +- body-only (`--data`): auth_config (object) + +### mcp-server-create +Create MCP server +- `--args` stringSlice — Command arguments (stdio transport). +- `--auth-mode` string — Authentication mode: shared (default), per_user_secret, or per_user_oauth. +- `--call-timeout` int64 — Tool-call timeout in seconds. 0 = default (60s). +- `--command` string — Executable command (stdio transport). +- `--connect-timeout` int64 — Connection timeout in seconds. 0 = default (10s). +- `--description` string (required) — Server description. (1-1024 chars) +- `--oauth-metadata` string — JSON OAuth metadata; reserved for per_user_oauth. +- `--secret-schema` string — JSON secret schema; required when auth_mode=per_user_secret. +- `--server-name` string (required) — MCP server name, unique within the account. (1-255 chars) +- `--source-template-name` string — Marketplace template name when created from a connector template. +- `--status` string — Initial status. · enum: enabled | disabled +- `--team-id` int64 — Team scope: 0 = account-wide; >0 = team. +- `--transport` string (required) — Transport protocol. · enum: stdio | sse | streamable-http +- `--url` string — Server URL (sse / streamable-http transport). +- body-only (`--data`): env (object); headers (object) + +### mcp-server-delete +Delete MCP server +- `` (positional, required) string — Target MCP server ID. + +### mcp-server-disable +Disable MCP server +- `` (positional, required) string — Target MCP server ID. + +### mcp-server-enable +Enable MCP server +- `` (positional, required) string — Target MCP server ID. + +### mcp-server-get +Get MCP server detail +- `` (positional, required) string — Target MCP server ID. + +### mcp-server-list +List MCP servers +- `--include-account` bool — Include account-scoped (team_id=0) rows. Defaults to true. +- `--limit` int64 — Page size. +- `--page` int64 — Page number, 1-based. +- `--search-after-ctx` string +- `--team-ids` intSlice — Filter to these team IDs; empty = the caller's visible set. + +### mcp-server-update +Update MCP server +- `--args` stringSlice — Command arguments (stdio transport). +- `--auth-mode` string — Authentication mode: shared (default), per_user_secret, or per_user_oauth. +- `--call-timeout` int64 — Tool-call timeout in seconds. 0 = default (60s). +- `--command` string — Executable command (stdio transport). +- `--connect-timeout` int64 — Connection timeout in seconds. 0 = default (10s). +- `--description` string — New description. (1-1024 chars) +- `--oauth-metadata` string — JSON OAuth metadata; reserved for per_user_oauth. +- `--secret-schema` string — JSON secret schema; required when auth_mode=per_user_secret. +- `` (positional, required) string — Target MCP server ID. +- `--server-name` string — New name. (1-255 chars) +- `--team-id` int64 — Reassign team scope: 0 = account-wide; >0 = team. Omit to leave unchanged. +- `--transport` string — Transport protocol. · enum: stdio | sse | streamable-http +- `--url` string — Server URL (sse / streamable-http transport). +- body-only (`--data`): env (object); headers (object) + +### session-delete +Delete session +- `` (positional, required) string — Target session ID. (≥1 chars) + +### session-export +Stream a session's full event transcript as NDJSON +- `--include-subagents` bool + +### session-get +Get session detail +- `--limit` int64 — Page size for events; takes precedence over 'num_recent_events'. 0 uses the server default (100). (0-1000) +- `--num-recent-events` int64 — Legacy page size: number of most-recent events to return. Superseded by 'limit' when both are set; 0 uses the server default (100). (0-1000) +- `--search-after-ctx` string — Opaque keyset cursor from a previous response; pass it back to fetch the next older page. (≤4096 chars) +- `` (positional, required) string — Target session ID. (≥1 chars) + +### session-list +List sessions +- `--app-name` string (required) — Agent app whose sessions to list. · enum: ask-ai | support | support-website | support-flashcat | ai-sre | template-assistant | swe +- `--asc` bool — Ascending order when true; applies only when 'orderby' is set. +- `--entry-kinds` stringSlice — Restrict to sessions produced by these surfaces; empty returns every kind. · enum: web | im | api | automation +- `--include-subagent-sessions` bool — Include subagent-dispatched sessions in the list. +- `--keyword` string — Filter by session-name keyword. (≤64 chars) +- `--limit` int64 — Page size, 1–100. (1-100) +- `--orderby` string — Sort field. · enum: created_at | updated_at +- `--page` int64 — Page number, 1-based. (min 1) +- `--scope` string — Visibility scope: all (own + member-of-team rows, default), personal, or team. · enum: all | personal | team +- `--search-after-ctx` string +- `--status` string — Archive bucket: active (default) returns un-archived, archived returns archived, all returns both. · enum: active | archived | all +- `--team-ids` intSlice — Optional explicit team filter; intersects with 'scope'. + +### skill-delete +Delete skill +- `` (positional, required) string — Target skill ID. + +### skill-disable +Disable skill +- `` (positional, required) string — Target skill ID. + +### skill-enable +Enable skill +- `` (positional, required) string — Target skill ID. + +### skill-get +Get skill detail +- `` (positional, required) string — Target skill ID. + +### skill-list +List skills +- `--include-account` bool — Include account-scoped (team_id=0) rows. Defaults to true. +- `--limit` int64 — Page size. +- `--page` int64 — Page number, 1-based. +- `--search-after-ctx` string +- `--team-ids` intSlice — Filter to these team IDs; empty = the caller's visible set. + +### skill-update +Update skill +- `--description` string — New description. (≤1024 chars) +- `` (positional, required) string — Target skill ID. +- `--team-id` int64 — Reassign team scope: 0 = account-wide; >0 = team. Omit to leave unchanged. + +### skill-upload +Upload skill + + + +## Key concepts + +- **Transport ⇒ which fields matter.** `stdio` uses `command` + `args` + `env`; `sse` / `streamable-http` use `url` + `headers`. The nested `env` / `headers` objects have no scalar flags — pass them through `--data '{...}'`; typed scalar flags (`--server-name`, `--url`, `--args`, …) override matching `--data` keys. +- **Scope (`team_id`).** `0` = account-wide (every team sees it); `>0` = that team only. Same field on every safari verb. +- **Auth mode (`auth_mode`).** `shared` (default) = one credential for everyone, stored on the server. `per_user_secret` = each user supplies a secret matching `secret_schema` (which must carry a `header_name`). `per_user_oauth` = each user authorizes the server via OAuth. +- **`per_user_oauth` needs no OAuth config up front.** Create it with an **empty `oauth_metadata`** — that is the normal, complete state, not a missing prerequisite. The runtime **auto-discovers the OAuth server and dynamically registers a client (DCR)** the first time a user authorizes; you do **not** collect `authorization_url` / `client_id` / `client_secret` / `scopes`. Only pass `oauth_metadata` as a rare fallback, when the endpoint advertises no discovery document. + +## Gotchas + +- **`mcp-server-create` requires `server_name`, `description`, `transport`.** A `stdio` server also needs `command`; a remote (`sse` / `streamable-http`) server needs `url`. +- **`env` / `headers` go through `--data`** — there are no `--env` / `--header` scalar flags for them (`args` does have a repeatable `--args` flag). +- **Don't reach for a tool search to install or configure a server** — that only finds tools on already-connected servers. Registration and configuration are `mcp-server-create` / `mcp-server-update`. +- **`delete` is irreversible** — prefer `disable` to park a server / skill / agent without destroying it. `list` first to confirm the id.