@checkstack/incident-backend 1.1.5 → 1.3.0

package/CHANGELOG.md

@@ -1,5 +1,129 @@
 # @checkstack/incident-backend
 
+## 1.3.0
+
+### Minor Changes
+
+- 41c77f4: feat(automation): type enum-able trigger/artifact fields as enums for editor value autocompletion
+
+  The automation editor's staged completion offers concrete values after a
+  comparator (`{{ trigger.payload.severity == "high" }}`) only when the
+  field's JSON Schema carries an `enum`. Several trigger payload + artifact
+  schemas declared closed-set fields as loose `z.string()`, so no values
+  were suggested. Tightened them to the canonical enums that already
+  existed in each plugin's `-common` package (and matched the hook payload
+  types in lockstep so the trigger's `payloadSchema` and `hook` keep the
+  same `TPayload`):
+
+  - **incident** — trigger payloads: `severity` → `IncidentSeverityEnum`,
+    `status` / `statusChange` → `IncidentStatusEnum`.
+  - **healthcheck** — trigger payloads: `previousStatus` / `newStatus` /
+    `status` → `HealthCheckStatusSchema` (across systemDegraded,
+    systemHealthy, systemHealthChanged, checkFailed; plus checkCompleted's
+    hook type).
+  - **dependency** — trigger + artifact: `impactType` → `ImpactTypeSchema`;
+    impactPropagated `previousState` / `newState` → `DerivedStateSchema`.
+    Also deduped the inline `impactTypeSchema` action-config enum to reuse
+    the canonical `ImpactTypeSchema`.
+  - **maintenance** — trigger + artifact: `status` →
+    `MaintenanceStatusEnum`; deduped the inline `maintenanceStatusEnum`
+    (used by `add_update.statusChange`) to the canonical one.
+  - **slo** — `achievement.unlocked` trigger + hook: `achievement` →
+    `AchievementTypeSchema`.
+
+  Runtime behaviour is unchanged — these fields always carried valid enum
+  values (the underlying records are enum-constrained); only the schema
+  types were loose. The hook payload generics are now precise too, which
+  caught one stale test fixture asserting an invalid `impactType: "soft"`.
+
+  Fields that look enum-ish but are genuinely free-form were intentionally
+  left as `z.string()`: satellite `region` (user-entered), Jira issue
+  `status` (per-instance workflow name), notification `strategyQualifiedId`
+  / `errorMessage`, healthcheck collector `result`, and script
+  `stdout` / `stderr`.
+
+- 41c77f4: feat(incident): register incident lifecycle as automation triggers + actions
+
+  Adds three triggers (`incident.created`, `incident.updated`,
+  `incident.resolved`) backed by the existing hooks, each exposing
+  `incidentId` as the context key so `wait_for_trigger` waits match the
+  same incident across the run. Adds four actions (`incident.create`,
+  `incident.resolve`, `incident.add_update`, `incident.update_status`)
+  wrapping the existing `IncidentService` methods so operators can compose
+  incident flows in the Automation editor.
+
+### Patch Changes
+
+- Updated dependencies [e2d6f25]
+- Updated dependencies [41c77f4]
+- Updated dependencies [e1a2077]
+- Updated dependencies [41c77f4]
+- Updated dependencies [41c77f4]
+- Updated dependencies [41c77f4]
+- Updated dependencies [41c77f4]
+- Updated dependencies [41c77f4]
+- Updated dependencies [41c77f4]
+- Updated dependencies [41c77f4]
+- Updated dependencies [41c77f4]
+- Updated dependencies [4832e33]
+- Updated dependencies [6d52276]
+- Updated dependencies [6d52276]
+- Updated dependencies [35bc682]
+  - @checkstack/automation-backend@0.2.0
+  - @checkstack/automation-common@0.2.0
+  - @checkstack/integration-backend@0.2.0
+  - @checkstack/integration-common@0.6.0
+  - @checkstack/catalog-backend@1.2.0
+  - @checkstack/common@0.12.0
+  - @checkstack/backend-api@0.18.0
+  - @checkstack/catalog-common@2.2.3
+  - @checkstack/incident-common@1.3.1
+  - @checkstack/auth-common@0.7.2
+  - @checkstack/command-backend@0.1.31
+  - @checkstack/notification-common@1.2.1
+  - @checkstack/signal-common@0.2.5
+  - @checkstack/cache-api@0.3.6
+  - @checkstack/cache-utils@0.2.11
+
+## 1.2.0
+
+### Minor Changes
+
+- ba07ae2: Quiet down notification spam on flapping systems, auto-open incidents when a check goes critical, and let operators land directly on the broken checks.
+
+  Notification policy lives **per healthcheck assignment** (one row per `system × configuration`). Different checks on the same system are fully independent — disabling a setting on one check does not affect the others. Defaults preserve existing behaviour for `suppressDeEscalations`; **auto-incident defaults to on** for new and existing assignments.
+
+  - **`suppressDeEscalations`** (off by default). When on, transitions from a worse state to a better-but-still-failing state (e.g. `unhealthy → degraded`) no longer fire a notification. Escalations and full recoveries to `healthy` are unaffected. Resolved per assignment (the just-ran check is the one driving any aggregate transition).
+  - **`autoOpenIncidentOnUnhealthy`** (on by default). Either of two independent triggers can open the auto-incident:
+    - **`sustainedUnhealthyTrigger`** (default 30 min) — opens when the check stays continuously unhealthy for the configured duration. Catches real outages.
+    - **`flappingTrigger`** (default 3 transitions in 60 min) — opens when the check flips to unhealthy that many times in the window. Catches persistent flapping where each unhealthy phase is too brief for the sustained trigger.
+      Each trigger can be individually disabled. One incident per system: triggering checks attach to an existing active auto-incident.
+  - **`useNotificationSuppression`** (on by default, only meaningful when auto-open is on). Controls whether the auto-opened incident is created with `suppressNotifications: true` — leaving this off opens the incident but still pings operators on each transition.
+  - **`skipDuringMaintenance`** (on by default). No auto-incident is opened while the system has an active maintenance window with suppression. The system is intentionally down and shouldn't trip the on-call.
+  - **`autoCloseAfterMinutes`** (default 30). Auto-close cooldown is now per-assignment and snapshotted per-incident at open time — later policy edits don't alter in-flight incidents. Setting `null` ("Never auto-close") leaves the incident for manual resolution.
+  - **Require-recovery rule.** After any auto-incident closes (manual or auto), no new auto-incident can open until the check has logged at least one healthy run. Prevents a "operator dismissed but it's still broken" loop.
+  - **Auto-close worker** ticks every 60s and resolves auto-opened incidents whose systems have been healthy for their per-row `cooldownMinutes`. Rows with `null` cooldown are skipped entirely. Per-incident: failed close attempts are logged but never abort the sweep.
+  - **`incidentResolved` hook subscriber** syncs the auto-incident mapping when an operator manually resolves the incident, so the require-recovery rule sees the close immediately.
+  - **Platform-wide defaults.** New admin RPCs `getPlatformNotificationDefaults` / `setPlatformNotificationDefaults` (under the existing `healthcheck.configuration.{read,manage}` access rules) let operators set notification policy once for the whole instance. Per-assignment rows with `notificationPolicy: null` inherit the platform defaults at read time. UI: a "Notification defaults" button in the Assignment IDE opens a modal editor. The per-assignment Notifications panel shows an inheritance banner — "Using platform defaults" (read-only) with an "Override" button, or "Custom override" with a "Use platform defaults" button to revert. The all-or-nothing model keeps the mental model simple: each assignment is either fully inherited or fully overridden.
+  - **New service-level RPCs** on the incident plugin (`createAutoIncident`, `resolveAutoIncident`) let other plugins open/close incidents without a user context. Reused by the healthcheck auto-incident flow.
+  - **Health-state notification CTA** now deep-links to `?filter=failing` on the system detail page for non-recovery transitions (label changes to "View failing checks"). The system overview gains an `All / Failing / Healthy` segmented filter wired to the same `?filter=…` param.
+  - **Notification bell badge** now counts collapse groups instead of raw rows, so the number matches what the user sees in the notifications list. Built on `COUNT(DISTINCT COALESCE(collapse_key, id))` — notifications without a collapse key still each count as one.
+  - **`statusFilter` on `getHistory` / `getDetailedHistory`** lets the run-history page and the drawer's Recent Runs panel filter to `All / Healthy / Failing` via shared pills, with the page resetting to the first page on filter change.
+  - **Pagination defaults aligned with selector options.** Several pages defaulted to a page size (5 or 20) that wasn't in the dropdown's options (`[10, 25, 50, 100]`), so the page-size `<Select>` rendered empty. The drawer's Recent Runs now defaults to 10; the Run History, History List, and Delivery Logs pages now default to 25.
+
+  Includes Drizzle migrations adding the `notification_policy` jsonb column to `system_health_checks`, plus two new tables: `health_check_unhealthy_transitions` (for threshold counting) and `health_check_auto_incidents` (for mapping back to incident ids during auto-close).
+
+### Patch Changes
+
+- Updated dependencies [ba07ae2]
+  - @checkstack/incident-common@1.3.0
+  - @checkstack/backend-api@0.17.1
+  - @checkstack/cache-api@0.3.5
+  - @checkstack/catalog-backend@1.1.6
+  - @checkstack/command-backend@0.1.30
+  - @checkstack/integration-backend@0.1.30
+  - @checkstack/cache-utils@0.2.10
+
 ## 1.1.5
 
 ### Patch Changes

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@checkstack/incident-backend",
-  "version": "1.1.5",
+  "version": "1.3.0",
   "license": "Elastic-2.0",
   "type": "module",
   "main": "src/index.ts",
@@ -14,27 +14,29 @@
     "lint:code": "eslint . --max-warnings 0"
   },
   "dependencies": {
-    "@checkstack/backend-api": "0.16.0",
-    "@checkstack/cache-api": "0.3.3",
-    "@checkstack/cache-utils": "0.2.8",
-    "@checkstack/incident-common": "1.2.1",
-    "@checkstack/catalog-common": "2.2.1",
-    "@checkstack/catalog-backend": "1.1.4",
-    "@checkstack/notification-common": "1.1.1",
-    "@checkstack/auth-common": "0.7.0",
-    "@checkstack/command-backend": "0.1.28",
-    "@checkstack/signal-common": "0.2.3",
-    "@checkstack/integration-backend": "0.1.28",
-    "@checkstack/integration-common": "0.4.0",
-    "@checkstack/common": "0.10.0",
+    "@checkstack/backend-api": "0.17.1",
+    "@checkstack/cache-api": "0.3.5",
+    "@checkstack/cache-utils": "0.2.10",
+    "@checkstack/incident-common": "1.3.0",
+    "@checkstack/catalog-common": "2.2.2",
+    "@checkstack/catalog-backend": "1.1.6",
+    "@checkstack/notification-common": "1.2.0",
+    "@checkstack/auth-common": "0.7.1",
+    "@checkstack/command-backend": "0.1.30",
+    "@checkstack/signal-common": "0.2.4",
+    "@checkstack/integration-backend": "0.1.30",
+    "@checkstack/integration-common": "0.5.0",
+    "@checkstack/automation-backend": "0.1.0",
+    "@checkstack/automation-common": "0.1.0",
+    "@checkstack/common": "0.11.0",
     "drizzle-orm": "^0.45.0",
     "zod": "^4.2.1",
     "@orpc/server": "^1.13.2"
   },
   "devDependencies": {
     "@checkstack/drizzle-helper": "0.0.5",
-    "@checkstack/scripts": "0.3.2",
-    "@checkstack/test-utils-backend": "0.1.28",
+    "@checkstack/scripts": "0.3.3",
+    "@checkstack/test-utils-backend": "0.1.30",
     "@checkstack/tsconfig": "0.0.7",
     "@types/bun": "^1.0.0",
     "drizzle-kit": "^0.31.10",

package/src/automations.test.ts

@@ -0,0 +1,172 @@
+/**
+ * Behaviour tests for the incident automation actions. Triggers don't
+ * need their own tests — they're plain shape declarations against the
+ * existing hooks (`incidentHooks`) and the registry tests in
+ * `core/automation-backend` cover registration validity.
+ */
+import { describe, it, expect, mock } from "bun:test";
+import { createMockLogger } from "@checkstack/test-utils-backend";
+
+import { createIncidentActions } from "./automations";
+import type { IncidentService } from "./service";
+
+const makeServiceStub = (overrides: Partial<IncidentService> = {}) =>
+  ({
+    createIncident: mock(),
+    resolveIncident: mock(),
+    addUpdate: mock(),
+    ...overrides,
+  }) as unknown as IncidentService;
+
+const logger = createMockLogger();
+
+const actionContext = {
+  consumedArtifacts: {},
+  runId: "run-1",
+  automationId: "auto-1",
+  contextKey: "INC-1",
+  logger,
+  getService: async <T,>(): Promise<T> => {
+    throw new Error("not used");
+  },
+};
+
+describe("incident automation actions", () => {
+  describe("incident.create", () => {
+    it("calls service.createIncident with the config payload", async () => {
+      const created = {
+        id: "INC-1",
+        status: "investigating",
+        severity: "critical",
+        systemIds: ["sys-1"],
+      };
+      const service = makeServiceStub({
+        createIncident: mock(
+          async () => created,
+        ) as unknown as IncidentService["createIncident"],
+      });
+      const [createAction] = createIncidentActions({ service });
+      const result = await createAction.execute({
+        ...actionContext,
+        config: {
+          title: "DB down",
+          severity: "critical",
+          systemIds: ["sys-1"],
+          suppressNotifications: false,
+        } as never,
+      });
+      expect(result.success).toBe(true);
+      expect((result.artifact as { incidentId: string }).incidentId).toBe(
+        "INC-1",
+      );
+      expect(service.createIncident).toHaveBeenCalledWith({
+        title: "DB down",
+        description: undefined,
+        severity: "critical",
+        systemIds: ["sys-1"],
+        initialMessage: undefined,
+        suppressNotifications: false,
+      });
+    });
+  });
+
+  describe("incident.resolve", () => {
+    it("returns failure when the incident doesn't exist", async () => {
+      const service = makeServiceStub({
+        resolveIncident: mock(
+          async () => undefined,
+        ) as unknown as IncidentService["resolveIncident"],
+      });
+      const actions = createIncidentActions({ service });
+      const resolveAction = actions[1];
+      const result = await resolveAction.execute({
+        ...actionContext,
+        config: { incidentId: "missing" } as never,
+      });
+      expect(result.success).toBe(false);
+      expect(result.error).toMatch(/not found/i);
+    });
+
+    it("calls service.resolveIncident on the happy path", async () => {
+      const resolved = {
+        id: "INC-1",
+        status: "resolved",
+        severity: "critical",
+        systemIds: ["sys-1"],
+      };
+      const service = makeServiceStub({
+        resolveIncident: mock(
+          async () => resolved,
+        ) as unknown as IncidentService["resolveIncident"],
+      });
+      const actions = createIncidentActions({ service });
+      const resolveAction = actions[1];
+      const result = await resolveAction.execute({
+        ...actionContext,
+        config: { incidentId: "INC-1", message: "Fixed" } as never,
+      });
+      expect(result.success).toBe(true);
+      expect(service.resolveIncident).toHaveBeenCalledWith("INC-1", "Fixed");
+    });
+  });
+
+  describe("incident.add_update", () => {
+    it("forwards message + statusChange to service.addUpdate", async () => {
+      const update = {
+        id: "upd-1",
+        incidentId: "INC-1",
+        message: "msg",
+        createdAt: new Date(),
+      };
+      const service = makeServiceStub({
+        addUpdate: mock(
+          async () => update,
+        ) as unknown as IncidentService["addUpdate"],
+      });
+      const actions = createIncidentActions({ service });
+      const addUpdateAction = actions[2];
+      const result = await addUpdateAction.execute({
+        ...actionContext,
+        config: {
+          incidentId: "INC-1",
+          message: "Investigating",
+          statusChange: "identified",
+        } as never,
+      });
+      expect(result.success).toBe(true);
+      expect(service.addUpdate).toHaveBeenCalledWith({
+        incidentId: "INC-1",
+        message: "Investigating",
+        statusChange: "identified",
+      });
+    });
+  });
+
+  describe("incident.update_status", () => {
+    it("delegates to addUpdate with a generated audit message", async () => {
+      const update = {
+        id: "upd-2",
+        incidentId: "INC-1",
+        message: "Status changed to monitoring",
+        createdAt: new Date(),
+      };
+      const service = makeServiceStub({
+        addUpdate: mock(
+          async () => update,
+        ) as unknown as IncidentService["addUpdate"],
+      });
+      const actions = createIncidentActions({ service });
+      const updateStatusAction = actions[3];
+      const result = await updateStatusAction.execute({
+        ...actionContext,
+        config: { incidentId: "INC-1", status: "monitoring" } as never,
+      });
+      expect(result.success).toBe(true);
+      expect(service.addUpdate).toHaveBeenCalledWith({
+        incidentId: "INC-1",
+        message: "Status changed to monitoring",
+        statusChange: "monitoring",
+      });
+    });
+  });
+});

package/src/automations.ts

@@ -0,0 +1,313 @@
+/**
+ * Incident triggers + actions registered with the Automation platform.
+ *
+ * Triggers re-expose the existing incident hooks as automation entry
+ * points; actions wrap the existing `IncidentService` methods so
+ * operators can compose them into automation flows (e.g. "when an
+ * incident is created, file a Jira ticket and post an update").
+ *
+ * Each trigger declares a `contextKey` extractor returning the
+ * `incidentId` — the dispatch engine uses it to scope artifact lookups
+ * and to match `wait_for_trigger` waits against the same incident.
+ */
+import { z } from "zod";
+import { Versioned } from "@checkstack/backend-api";
+import type {
+  ActionDefinition,
+  TriggerDefinition,
+} from "@checkstack/automation-backend";
+import {
+  IncidentSeverityEnum,
+  IncidentStatusEnum,
+} from "@checkstack/incident-common";
+
+import { incidentHooks } from "./hooks";
+import type { IncidentService } from "./service";
+
+// ─── Payload schemas — match the hook payloads exactly ─────────────────
+
+const incidentCreatedPayloadSchema = z.object({
+  incidentId: z.string(),
+  systemIds: z.array(z.string()),
+  title: z.string(),
+  description: z.string().optional(),
+  severity: IncidentSeverityEnum,
+  status: IncidentStatusEnum,
+  createdAt: z.string(),
+});
+
+const incidentUpdatedPayloadSchema = z.object({
+  incidentId: z.string(),
+  systemIds: z.array(z.string()),
+  title: z.string(),
+  description: z.string().optional(),
+  severity: IncidentSeverityEnum,
+  status: IncidentStatusEnum,
+  statusChange: IncidentStatusEnum.optional(),
+});
+
+const incidentResolvedPayloadSchema = z.object({
+  incidentId: z.string(),
+  systemIds: z.array(z.string()),
+  title: z.string(),
+  severity: IncidentSeverityEnum,
+  resolvedAt: z.string(),
+});
+
+// ─── Triggers ──────────────────────────────────────────────────────────
+
+export const incidentCreatedTrigger: TriggerDefinition<
+  z.infer<typeof incidentCreatedPayloadSchema>
+> = {
+  id: "created",
+  displayName: "Incident Created",
+  description: "Fires when a new incident is created",
+  category: "Incidents",
+  icon: "CircleAlert",
+  payloadSchema: incidentCreatedPayloadSchema,
+  hook: incidentHooks.incidentCreated,
+  contextKey: (p) => p.incidentId,
+};
+
+export const incidentUpdatedTrigger: TriggerDefinition<
+  z.infer<typeof incidentUpdatedPayloadSchema>
+> = {
+  id: "updated",
+  displayName: "Incident Updated",
+  description: "Fires when an incident is updated (info or status change)",
+  category: "Incidents",
+  icon: "CircleAlert",
+  payloadSchema: incidentUpdatedPayloadSchema,
+  hook: incidentHooks.incidentUpdated,
+  contextKey: (p) => p.incidentId,
+};
+
+export const incidentResolvedTrigger: TriggerDefinition<
+  z.infer<typeof incidentResolvedPayloadSchema>
+> = {
+  id: "resolved",
+  displayName: "Incident Resolved",
+  description: "Fires when an incident is marked as resolved",
+  category: "Incidents",
+  icon: "CircleCheck",
+  payloadSchema: incidentResolvedPayloadSchema,
+  hook: incidentHooks.incidentResolved,
+  contextKey: (p) => p.incidentId,
+};
+
+/**
+ * All incident triggers as a heterogeneous list. Typed as
+ * `TriggerDefinition<unknown>[]` so the array can be iterated in the
+ * plugin entry without TypeScript collapsing the union to a single
+ * payload shape.
+ */
+export const incidentTriggers: TriggerDefinition<unknown>[] = [
+  incidentCreatedTrigger as TriggerDefinition<unknown>,
+  incidentUpdatedTrigger as TriggerDefinition<unknown>,
+  incidentResolvedTrigger as TriggerDefinition<unknown>,
+];
+
+// ─── Action configs ────────────────────────────────────────────────────
+
+const incidentCreateConfigSchema = z.object({
+  title: z.string().min(1),
+  description: z.string().optional(),
+  severity: IncidentSeverityEnum,
+  systemIds: z.array(z.string()).min(1),
+  initialMessage: z.string().optional(),
+  suppressNotifications: z.boolean().optional().default(false),
+});
+
+const incidentResolveConfigSchema = z.object({
+  incidentId: z.string().min(1),
+  message: z.string().optional(),
+});
+
+const incidentAddUpdateConfigSchema = z.object({
+  incidentId: z.string().min(1),
+  message: z.string().min(1),
+  statusChange: IncidentStatusEnum.optional(),
+});
+
+const incidentUpdateStatusConfigSchema = z.object({
+  incidentId: z.string().min(1),
+  status: IncidentStatusEnum,
+  /**
+   * Optional accompanying message. Defaults to a generic transition note
+   * so the audit trail is never empty.
+   */
+  message: z.string().optional(),
+});
+
+// ─── Action artifact shapes ────────────────────────────────────────────
+
+interface IncidentArtifact {
+  incidentId: string;
+  status: string;
+  severity: string;
+  systemIds: string[];
+}
+
+interface IncidentUpdateArtifact {
+  updateId: string;
+  incidentId: string;
+}
+
+// ─── Actions ───────────────────────────────────────────────────────────
+
+export interface IncidentActionDeps {
+  service: IncidentService;
+}
+
+export function createIncidentActions(
+  deps: IncidentActionDeps,
+): ActionDefinition<unknown, unknown>[] {
+  const { service } = deps;
+
+  const createAction: ActionDefinition<
+    z.infer<typeof incidentCreateConfigSchema>,
+    IncidentArtifact
+  > = {
+    id: "create",
+    displayName: "Create Incident",
+    description: "Open a new incident affecting one or more systems",
+    category: "Incidents",
+    icon: "CircleAlert",
+    config: new Versioned({
+      version: 1,
+      schema: incidentCreateConfigSchema,
+    }),
+    execute: async ({ config, logger }) => {
+      const incident = await service.createIncident({
+        title: config.title,
+        description: config.description,
+        severity: config.severity,
+        systemIds: config.systemIds,
+        initialMessage: config.initialMessage,
+        suppressNotifications: config.suppressNotifications,
+      });
+      logger.info(`Automation created incident ${incident.id}`);
+      return {
+        success: true,
+        externalId: incident.id,
+        artifact: {
+          incidentId: incident.id,
+          status: incident.status,
+          severity: incident.severity,
+          systemIds: incident.systemIds,
+        },
+      };
+    },
+  };
+
+  const resolveAction: ActionDefinition<
+    z.infer<typeof incidentResolveConfigSchema>,
+    IncidentArtifact
+  > = {
+    id: "resolve",
+    displayName: "Resolve Incident",
+    description: "Mark an existing incident as resolved",
+    category: "Incidents",
+    icon: "CircleCheck",
+    config: new Versioned({
+      version: 1,
+      schema: incidentResolveConfigSchema,
+    }),
+    execute: async ({ config, logger }) => {
+      const incident = await service.resolveIncident(
+        config.incidentId,
+        config.message,
+      );
+      if (!incident) {
+        return {
+          success: false,
+          error: `Incident ${config.incidentId} not found`,
+        };
+      }
+      logger.info(`Automation resolved incident ${incident.id}`);
+      return {
+        success: true,
+        externalId: incident.id,
+        artifact: {
+          incidentId: incident.id,
+          status: incident.status,
+          severity: incident.severity,
+          systemIds: incident.systemIds,
+        },
+      };
+    },
+  };
+
+  const addUpdateAction: ActionDefinition<
+    z.infer<typeof incidentAddUpdateConfigSchema>,
+    IncidentUpdateArtifact
+  > = {
+    id: "add_update",
+    displayName: "Add Incident Update",
+    description: "Post a status update to an existing incident",
+    category: "Incidents",
+    icon: "MessageSquare",
+    config: new Versioned({
+      version: 1,
+      schema: incidentAddUpdateConfigSchema,
+    }),
+    execute: async ({ config, logger }) => {
+      const update = await service.addUpdate({
+        incidentId: config.incidentId,
+        message: config.message,
+        statusChange: config.statusChange,
+      });
+      logger.info(
+        `Automation added update ${update.id} to incident ${config.incidentId}`,
+      );
+      return {
+        success: true,
+        externalId: update.id,
+        artifact: {
+          updateId: update.id,
+          incidentId: update.incidentId,
+        },
+      };
+    },
+  };
+
+  const updateStatusAction: ActionDefinition<
+    z.infer<typeof incidentUpdateStatusConfigSchema>,
+    IncidentUpdateArtifact
+  > = {
+    id: "update_status",
+    displayName: "Update Incident Status",
+    description: "Change an incident's status and post an audit update",
+    category: "Incidents",
+    icon: "Activity",
+    config: new Versioned({
+      version: 1,
+      schema: incidentUpdateStatusConfigSchema,
+    }),
+    execute: async ({ config, logger }) => {
+      const update = await service.addUpdate({
+        incidentId: config.incidentId,
+        message: config.message ?? `Status changed to ${config.status}`,
+        statusChange: config.status,
+      });
+      logger.info(
+        `Automation set incident ${config.incidentId} status → ${config.status}`,
+      );
+      return {
+        success: true,
+        externalId: update.id,
+        artifact: {
+          updateId: update.id,
+          incidentId: update.incidentId,
+        },
+      };
+    },
+  };
+
+  return [
+    createAction as ActionDefinition<unknown, unknown>,
+    resolveAction as ActionDefinition<unknown, unknown>,
+    addUpdateAction as ActionDefinition<unknown, unknown>,
+    updateStatusAction as ActionDefinition<unknown, unknown>,
+  ];
+}

package/src/hooks.ts

@@ -1,8 +1,17 @@
 import { createHook } from "@checkstack/backend-api";
+import type {
+  IncidentSeverity,
+  IncidentStatus,
+} from "@checkstack/incident-common";
 
 /**
  * Incident hooks for cross-plugin communication.
  * Other plugins can subscribe to these hooks to react to incident lifecycle events.
+ *
+ * `severity` / `status` carry the canonical enum values
+ * (`IncidentSeverity` / `IncidentStatus`) rather than loose strings, so
+ * automation triggers built on these hooks can offer the known values
+ * for `==` comparisons in the editor.
  */
 export const incidentHooks = {
   /**
@@ -14,8 +23,8 @@ export const incidentHooks = {
     systemIds: string[];
     title: string;
     description?: string;
-    severity: string;
-    status: string;
+    severity: IncidentSeverity;
+    status: IncidentStatus;
     createdAt: string;
   }>("incident.created"),
 
@@ -28,9 +37,9 @@ export const incidentHooks = {
     systemIds: string[];
     title: string;
     description?: string;
-    severity: string;
-    status: string;
-    statusChange?: string;
+    severity: IncidentSeverity;
+    status: IncidentStatus;
+    statusChange?: IncidentStatus;
   }>("incident.updated"),
 
   /**
@@ -41,7 +50,7 @@ export const incidentHooks = {
     incidentId: string;
     systemIds: string[];
     title: string;
-    severity: string;
+    severity: IncidentSeverity;
     resolvedAt: string;
   }>("incident.resolved"),
 } as const;

package/src/index.ts

@@ -1,6 +1,5 @@
 import * as schema from "./schema";
 import type { SafeDatabase } from "@checkstack/backend-api";
-import { z } from "zod";
 import {
   incidentAccessRules,
   incidentAccess,
@@ -11,7 +10,10 @@ import {
   incidentGroupSubscription,
 } from "@checkstack/incident-common";
 import { createBackendPlugin, coreServices } from "@checkstack/backend-api";
-import { integrationEventExtensionPoint } from "@checkstack/integration-backend";
+import {
+  automationActionExtensionPoint,
+  automationTriggerExtensionPoint,
+} from "@checkstack/automation-backend";
 import {
   NotificationApi,
   specToRegistration,
@@ -23,40 +25,8 @@ import { AuthApi } from "@checkstack/auth-common";
 import { catalogHooks } from "@checkstack/catalog-backend";
 import { registerSearchProvider } from "@checkstack/command-backend";
 import { resolveRoute } from "@checkstack/common";
-import { incidentHooks } from "./hooks";
 import { createIncidentCache } from "./cache";
-
-// =============================================================================
-// Integration Event Payload Schemas
-// =============================================================================
-
-const incidentCreatedPayloadSchema = z.object({
-  incidentId: z.string(),
-  systemIds: z.array(z.string()),
-  title: z.string(),
-  description: z.string().optional(),
-  severity: z.string(),
-  status: z.string(),
-  createdAt: z.string(),
-});
-
-const incidentUpdatedPayloadSchema = z.object({
-  incidentId: z.string(),
-  systemIds: z.array(z.string()),
-  title: z.string(),
-  description: z.string().optional(),
-  severity: z.string(),
-  status: z.string(),
-  statusChange: z.string().optional(),
-});
-
-const incidentResolvedPayloadSchema = z.object({
-  incidentId: z.string(),
-  systemIds: z.array(z.string()),
-  title: z.string(),
-  severity: z.string(),
-  resolvedAt: z.string(),
-});
+import { createIncidentActions, incidentTriggers } from "./automations";
 
 // =============================================================================
 // Plugin Definition
@@ -71,44 +41,16 @@ export default createBackendPlugin({
       incidentGroupSubscription,
     ]);
 
-    // Register hooks as integration events
-    const integrationEvents = env.getExtensionPoint(
-      integrationEventExtensionPoint,
-    );
-
-    integrationEvents.registerEvent(
-      {
-        hook: incidentHooks.incidentCreated,
-        displayName: "Incident Created",
-        description: "Fired when a new incident is created",
-        category: "Incidents",
-        payloadSchema: incidentCreatedPayloadSchema,
-      },
-      pluginMetadata,
-    );
-
-    integrationEvents.registerEvent(
-      {
-        hook: incidentHooks.incidentUpdated,
-        displayName: "Incident Updated",
-        description:
-          "Fired when an incident is updated (info or status change)",
-        category: "Incidents",
-        payloadSchema: incidentUpdatedPayloadSchema,
-      },
-      pluginMetadata,
-    );
-
-    integrationEvents.registerEvent(
-      {
-        hook: incidentHooks.incidentResolved,
-        displayName: "Incident Resolved",
-        description: "Fired when an incident is marked as resolved",
-        category: "Incidents",
-        payloadSchema: incidentResolvedPayloadSchema,
-      },
-      pluginMetadata,
+    // Register hooks as automation triggers — buffered until the
+    // automation plugin's `register()` runs and the extension point
+    // resolves. Triggers expose `contextKey` so wait_for_trigger can
+    // match resume events back to the originating incident.
+    const automationTriggers = env.getExtensionPoint(
+      automationTriggerExtensionPoint,
     );
+    for (const trigger of incidentTriggers) {
+      automationTriggers.registerTrigger(trigger, pluginMetadata);
+    }
 
     let incidentCache:
       | ReturnType<typeof createIncidentCache>
@@ -153,6 +95,18 @@ export default createBackendPlugin({
         );
         rpc.registerRouter(router, incidentContract);
 
+        // Register incident actions with the Automation platform. We
+        // capture the service in closure here (rather than via a
+        // service ref + ctx.getService at execute time) because the
+        // service has no per-request state — one instance for the life
+        // of the plugin is correct.
+        const automationActions = env.getExtensionPoint(
+          automationActionExtensionPoint,
+        );
+        for (const action of createIncidentActions({ service })) {
+          automationActions.registerAction(action, pluginMetadata);
+        }
+
         // Register "Create Incident" command in the command palette
         registerSearchProvider({
           pluginMetadata,

package/src/router.ts

@@ -395,6 +395,96 @@ export function createRouter(
         return { suppressed };
       }),
 
+    createAutoIncident: os.createAutoIncident.handler(
+      async ({ input, context }) => {
+        // No user context for service-initiated incidents; createdBy
+        // stays null and the timeline shows the originating plugin via
+        // the hook payload.
+        const result = await service.createIncident(input);
+
+        await cache.invalidateForMutation({
+          incidentId: result.id,
+          systemIds: result.systemIds,
+        });
+
+        await signalService.broadcast(INCIDENT_UPDATED, {
+          incidentId: result.id,
+          systemIds: result.systemIds,
+          action: "created",
+        });
+
+        await context.emitHook(incidentHooks.incidentCreated, {
+          incidentId: result.id,
+          systemIds: result.systemIds,
+          title: result.title,
+          description: result.description,
+          severity: result.severity,
+          status: result.status,
+          createdAt: result.createdAt.toISOString(),
+        });
+
+        const systemNames = await resolveSystemNames(result.systemIds);
+        await notifyAffectedSystems({
+          catalogClient,
+          notificationClient,
+          logger,
+          incidentId: result.id,
+          incidentTitle: result.title,
+          systemIds: result.systemIds,
+          systemNames,
+          action: "created",
+          severity: result.severity,
+        });
+
+        return { id: result.id };
+      },
+    ),
+
+    resolveAutoIncident: os.resolveAutoIncident.handler(
+      async ({ input, context }) => {
+        const result = await service.resolveIncident(input.id, input.message);
+        // Idempotent: a missing or already-resolved incident is treated
+        // as success so the auto-close worker can be re-run safely.
+        if (!result) {
+          return { success: true };
+        }
+
+        await cache.invalidateForMutation({
+          incidentId: result.id,
+          systemIds: result.systemIds,
+        });
+
+        await signalService.broadcast(INCIDENT_UPDATED, {
+          incidentId: result.id,
+          systemIds: result.systemIds,
+          action: "resolved",
+        });
+
+        await context.emitHook(incidentHooks.incidentResolved, {
+          incidentId: result.id,
+          systemIds: result.systemIds,
+          title: result.title,
+          severity: result.severity,
+          resolvedAt: new Date().toISOString(),
+        });
+
+        const systemNames = await resolveSystemNames(result.systemIds);
+        await notifyAffectedSystems({
+          catalogClient,
+          notificationClient,
+          logger,
+          incidentId: result.id,
+          incidentTitle: result.title,
+          systemIds: result.systemIds,
+          systemNames,
+          action: "resolved",
+          severity: result.severity,
+        });
+
+        return { success: true };
+      },
+    ),
+
     addLink: os.addLink.handler(async ({ input }) => {
       // Verify incident exists so the FK violation surfaces as NOT_FOUND.
       const incident = await service.getIncident(input.incidentId);

package/tsconfig.json

@@ -7,6 +7,12 @@
     {
       "path": "../auth-common"
     },
+    {
+      "path": "../automation-backend"
+    },
+    {
+      "path": "../automation-common"
+    },
     {
       "path": "../backend-api"
     },