Skip to content

fix(skill): honest rule-enumeration guidance + CONFIGURED≠FIRED guardrail (monit.md) #67

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ysyneu wants to merge 2 commits into
base: feat/ai-sre
Choose a base branch
from
+26 −5
Open

fix(skill): honest rule-enumeration guidance + CONFIGURED≠FIRED guardrail (monit.md) #67

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a8e8d3e
fix(skill): enumerate configured rules via `rule-list-basic --folder-…
ysyneu Jun 26, 2026
3d6e448
fix(skill): correct rule enumeration — folder-0 400s; no account-wide…
ysyneu Jun 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 26 additions & 5 deletions skills/flashduty/reference/monit.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,8 @@ Prereq: `SKILL.md` read. **SKILL.md + this card = full competence on monitors
| create / update a datasource | `datasource-create` / `datasource-update` |
| delete a datasource | `datasource-delete` |
| SLS project/logstore discovery | `datasource-sls-projects` / `datasource-sls-logstores` |
| list alert rules (all or by folder) | `rule-list-basic` |
| list rules directly in ONE folder (needs a real folder-id) | `rule-list-basic` |
| count rules per top-level folder (subtree totals) | `rule-counter-status` |
| full rule config | `rule-info` |
| create / update a rule | `rule-create` / `rule-update` |
| delete one or many rules | `rule-delete` / `rule-delete-batch` |
Expand Down Expand Up @@ -68,6 +69,23 @@ fduty monit tools-invoke --target-locator <hostname-or-ip> --output-format toon
EOF
```

## Hot flow — enumerate configured rules (and its hard limit)

`rule-list-basic --folder-id <id>` lists only the rules **directly in that folder**, NOT its sub-folders; `--folder-id 0` or omitting it **400s "Folder not found"**. There is no "all rules" call, so enumeration means walking the folder tree:

```bash
# 1. top-level folders, each with its whole-subtree rule_total
fduty monit rule-counter-status --output-format toon
# 2. descend a folder to its DIRECT child folders (recurse until a folder has no children)
fduty monit rule-status --folder-id <folder-id> --output-format toon
# 3. list the rules sitting directly in each folder you reach
fduty monit rule-list-basic --folder-id <node-id> --output-format toon
```

**Hard limit — large accounts cannot be fully enumerated.** `rule-counter-status` / `rule-status` abort with 400 "too many rules" past a server cap (default 100 rules; "too many folders" past 500), and no account-wide rule list exists. When you hit that cap you **cannot** enumerate every configured rule from the CLI — say so plainly ("cannot fully enumerate configured rules on this account") instead of fabricating a completeness percentage.

**CONFIGURED ≠ FIRED.** Never infer rule coverage from *fired* alerts (`insight top-alerts`, alert feeds): "not fired in 90d" does **not** mean "not configured", and reporting a rule as missing on that basis is confidently wrong. Fired-alert queries answer "what is noisy", not "what is monitored".

<!-- GENERATED:monit START · 由 fduty __dump-commands 同步 · 勿手改 fence 内 -->

### datasource-create
Expand Down Expand Up @@ -330,17 +348,20 @@ Invoke target tools
- **`tools-catalog` / `tools-invoke` `--target-locator` is required and not guessable.** If the user has not provided a host or IP, ask — do not invent one. Tool names in `invoke` must come from the `tools-catalog` response — never hallucinate them.
- **`rule-delete-batch` and `datasource-delete` are irreversible.** Confirm IDs with `rule-list-basic` / `datasource-info` first.
- **`rule-audit-detail --id` takes the audit record ID**, not the rule ID. Get audit record IDs from `rule-audits --id <rule-id>` first; passing the rule ID returns HTTP 400.
- **`rule-list-basic` needs a REAL `--folder-id` and returns only that folder's *direct* rules.** `--folder-id 0` / omitting it 400s "Folder not found" — the generated `--folder-id` help below ("0 to list all accessible rules") is a known SDK/OpenAPI bug; ignore it. Enumerate by walking the tree (`rule-counter-status` → `rule-status` → `rule-list-basic`); past the server cap the counters 400 "too many rules" and full enumeration isn't possible from the CLI — report that limit, never substitute fired alerts (see the enumerate hot flow).

## Worked example — inspect a firing rule then batch-disable it

```bash
# 1. find triggered rules in folder 0 (all accessible)
fduty monit rule-list-basic --folder-id 0 --output-format toon
# 1. find a folder with triggered rules (top-level folders + subtree counts)
fduty monit rule-counter-status --output-format toon
# 2. list the rules directly in a chosen folder (descend with rule-status if empty)
fduty monit rule-list-basic --folder-id <folder-id> --output-format toon
# look at triggered=true rows; note their ids

# 2. get full config of one rule
# 3. get full config of one rule
fduty monit rule-info --id <rule-id> --output-format toon

# 3. disable several rules at once without touching other fields
# 4. disable several rules at once without touching other fields
fduty monit rule-update-fields --ids <id1>,<id2> --fields enabled --enabled false
```
Loading