Open
Conversation
edospadoni
had a problem deploying
to
mimir-integration - my-mimir-qa PR #42
Render
Failure
Contributor
|
🔗 Redirect URIs Added to Logto The following redirect URIs have been automatically added to the Logto application configuration: Redirect URIs:
Post-logout redirect URIs:
These will be automatically removed when the PR is closed or merged. |
Contributor
🤖 My API structural change detectedStructural change detailsAdded (17)
Powered by Bump.sh |
gsanchietti
force-pushed
the
mimir-integration
branch
from
8b5324c to
9ec5be6
Compare
edospadoni
deployed
to
mimir-integration - my-mimir-qa PR #42
Render
Active
edospadoni
deployed
to
mimir-integration - my-mimir-qa PR #42
Render
Active
edospadoni
temporarily deployed
to
mimir-integration - my-collect-qa PR #42
Render
Destroyed
gsanchietti
force-pushed
the
mimir-integration
branch
from
b10c682 to
08c4b4c
Compare
edospadoni
deployed
to
mimir-integration - my-mimir-qa PR #42
Render
Active
edospadoni
requested a deployment
to
mimir-integration - my-mimir-qa PR #42
Render
In progress
edospadoni
deployed
to
mimir-integration - my-mimir-qa PR #42
Render
Active
edospadoni
had a problem deploying
to
mimir-integration - my-mimir-qa PR #42
Render
Failure
Member
Author
|
update deploy |
Contributor
|
🚀 Build triggers updated! All |
edospadoni
had a problem deploying
to
mimir-integration - my-mimir-qa PR #42
Render
Failure
…end APIs - Rename API routes from /alerting to /alerts for RESTful consistency - Add GET /api/systems/:id/alerts for per-system active alerts - Add GET /api/alerts/totals and GET /api/alerts/trend endpoints - Use RequireResourcePermission on alerts group (read:systems for GET, manage:systems for POST/DELETE) - Fix OpenAPI paths (remove duplicate /api/ prefix), tags, and security scheme names - Add composite index (system_key, created_at) and unique constraint (fingerprint, system_key) - Remove dead code (DeleteConfig), rename alertmanager_history.go to alerting_history.go - Fix collect: http client timeout, endsAt zero-time handling, timing-safe token comparison - Fix collect Redis config: only override ParseURL values when env vars are explicitly set - Add missing env vars to collect .env.example and render.yaml - Add alert history webhook endpoint to OpenAPI spec - Move scripts to services/mimir/scripts, remove hardcoded QA credentials - Add local dev setup: docker-compose.local.yml + my-local.yaml (filesystem storage) - Fix Mimir config: reference runtime_config.yaml, remove emoji from docker-compose - Update copyrights to 2026
- collect/middleware: WebhookAuthMiddleware tests (valid/invalid/missing token, unconfigured, timing-safe) - collect/methods: ReceiveAlertHistory tests (resolved, firing skipped, missing system_key, invalid body, DB error, zero-time endsAt, nullableString) - backend/methods: filterAlerts tests (all filter combinations, missing labels, empty input) - backend/entities: alert history repository tests with sqlmock (query, sort validation, totals owner/non-owner, trend up/down/stable)
…_id injection
- Collect proxy injects system_id (DB UUID) label in addition to system_key
- Backend BuildTemplateFiles substitutes ${APP_URL} placeholder in templates
- Templates use localized annotations: summary_en/it and description_en/it with fallback
- Add "service" label display in all 4 HTML/TXT templates
- Add "View system" / "Visualizza sistema" CTA button linking to app_url/systems/:id
- Rewrite TXT templates with welcome-style separators and footer (info@nethesis.it)
- Align label columns in TXT templates (rename FIRING SINCE→SINCE, STARTED AT→STARTED, etc.)
- Align headers/footers with welcome email style (MSO conditionals, backgroundTable)
- Change alert_history unique constraint to (fingerprint, system_key, starts_at)
- Use ON CONFLICT DO NOTHING to avoid overwriting distinct occurrences of same alert
- Add tests for injectSystemLabels helper
- Merge full alerting integration guide into services/mimir/README.md - Remove separate language files (docs/en/08-alerting.md, docs/it/08-alerting.md) - Document system_id/system_key auto-injection and summary_en/summary_it/description_en/description_it conventions - Update alert catalog examples with localized annotations - Add user-facing alerting guide in docs/docs/features/alerting.md (EN + IT) - Add "Alerting System" link in Docusaurus Developer Docs dropdown and footer pointing to mimir README
The unique index (fingerprint, system_key, starts_at) was only used by the ON CONFLICT clause and never helped any SELECT query. Removing both simplifies the schema and saves index space. If Alertmanager retries a webhook after an error, a duplicate row may occasionally be inserted — acceptable trade-off for a rare edge case.
…th system context Organization lifecycle: - Auto-provision default alerting config on customer/distributor/reseller creation - Use org email from custom_data as default notification recipient - Use org language (en/it) from custom_data for email_template_lang - Retry config push to Mimir with backoff (1s/3s/5s) to tolerate transient errors - Built-in history webhook is always active so alert_history works from day one Collect Mimir proxy: - Inject organization context labels (name, vat, type) in addition to system_id/key - Inject system_name, system_fqdn, system_ipv4 from the systems table - Replace injectSystemLabels with generic injectLabels helper - Join distributors/resellers/customers in the org lookup query Email templates (HTML + TXT, EN + IT): - Two-card layout: alert card (colored) + system info card (neutral) with CTA - Dynamic organization label based on organization_type - IT: CLIENTE/RIVENDITORE/DISTRIBUTORE/ORGANIZZAZIONE - EN: CUSTOMER/RESELLER/DISTRIBUTOR/ORGANIZATION - Dynamic FQDN/IP label (shows whichever is available) - Subject format: [FIRING][AlertName] - SystemKey - Plain-text templates abbreviate long labels (RIVEND./DISTRIB./ORG.) for column alignment - CTA "View system" button linked to APP_URL/systems/<system_id>
- alerting.GetConfig returns (nil, nil) when Mimir responds 404 (no config has ever been pushed for this tenant) - GetAlertingConfig handler returns HTTP 200 with "config": null when the body is empty, so the frontend shows the "no configuration found" empty state instead of a 500 error - Previously the API returned 500 "mimir returned 404: alertmanager storage object not found" for any org without a pushed config, which broke the UI for newly created orgs where auto-provisioning failed
- Update all API calls in lib/alerting.ts to use /alerts instead of /alerting: - GET /alerts/config, POST /alerts/config, DELETE /alerts/config - GET /alerts (list active alerts) - GET /systems/:id/alerts/history - Replace getSystemActiveAlerts helper to use the dedicated GET /systems/:id/alerts endpoint instead of filtering the global alerts list by system_key client-side - SystemActiveAlertsCard: switch from (organizationId, systemKey) to (systemId) so it no longer relies on the sanitized system_key field for unregistered systems
Provides make targets to manage a local Mimir instance with filesystem
storage (no S3 required), wrapping docker-compose.local.yml:
- dev-setup: inject MIMIR_URL and alerting webhook env vars into
backend/.env and collect/.env (idempotent)
- dev-up: start Mimir container and wait for readiness
- dev-down: stop container
- dev-restart: restart container
- dev-logs: follow container logs
- dev-status: show container status and Mimir readiness
- dev-ready: check readiness endpoint
Update README with the local development workflow.
- Update all API paths in alerting_config.py from /alerting/... to /alerts/... to match the backend API rename: - GET/POST/DELETE /alerts/config - GET /alerts (list active alerts) - GET /systems/:id/alerts/history - Document the LOGTO_ENDPOINT, LOGTO_APP_ID and AUTH_BASE_URL environment variables in scripts/README.md, which replaced the hardcoded QA values removed in a previous commit
Short, tool-agnostic reference for AI coding agents working in this monorepo. Covers components actually on the current branch (backend, collect, sync, frontend, proxy, services/mimir) and explicitly marks services/support and services/ssh-gateway as stubs here. API reference defers to openapi.yaml as source of truth. Includes coding patterns, RBAC model, alerting invariants, and a short pitfalls list. Claude Code auto-loads CLAUDE.md; developers who use Claude Code can create a local CLAUDE.md shim that points to this file.
The script was failing with 404 errors because it was using hardcoded default Logto endpoint 'https://your-tenant.logto.app' which doesn't exist. Changes: - Add required CLI arguments: --tenant-id and --app-id - Derive Logto endpoint dynamically from tenant ID - Use the proxy URL as redirect_uri base instead of hardcoded _AUTH_BASE_URL - Update all examples in docstring to include new arguments - Pass tenant_id and app_id to all command functions This allows the script to work with any MY proxy deployment by providing the Logto tenant configuration at runtime. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ments - Add new required arguments to all command examples - Update full example workflow to include Logto configuration - Document the new CLI arguments in the Common arguments table Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Remove required constraint from --app-id argument - Use environment variable LOGTO_APP_ID as default if set - Fall back to standard app ID 'my_frontend_app' if not set - Update all documentation and examples to show --app-id is now optional - Update README table to show required/optional arguments clearly This simplifies the CLI usage for most deployments that use the standard frontend app ID. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Make --tenant-id optional with TENANT_ID environment variable fallback - Add validation to ensure tenant_id is provided (via CLI or env var) - Add detailed debugging in _logto_login() to identify which step fails - Improve error messages to help user troubleshoot authentication issues - Show which endpoint failed and provide guidance for common issues - Display Logto endpoint, tenant ID, and app ID in error output This helps users quickly identify if the issue is: 1. Invalid/missing tenant ID 2. Incorrect app ID 3. Unregistered redirect URI 4. Logto service unavailable Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Fire the alert only for systems that have been inactive for at least 2 check intervals (120 seconds) to avoid flapping
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📋 Description
This pull request adds Alertmanager integration based on Grafana Mimir, backend APIs for alert configuration and inspection, resolved-alert history persistence, automatic HostDown monitoring, and a system-level silence action for active alerts.
Backend API (
/api/alerts)GET /api/alerts/config— retrieve the current alerting configuration from Mimir as structured JSON or redacted YAMLPOST /api/alerts/config— apply a new alerting configurationDELETE /api/alerts/config— replace the tenant configuration with a blackhole-only config while keeping the built-in history webhook activeGET /api/alerts— list active alerts with optional filters (state,severity,system_key)GET /api/alerts/totals— return active alert counters plus resolved-history totalsGET /api/alerts/trend— return resolved-alert trend data for the selected periodGET /api/systems/:id/alerts— list active alerts for a single systemPOST /api/systems/:id/alerts/silences— create a silence for a single active system alertGET /api/systems/:id/alerts/history— return paginated resolved-alert history for a single systemAlerting configuration
AlertingConfigsupports global settings, per-severity overrides, and per-system overridesorganization_idquery parameter where required by the current handlersCollect service
POST /api/alert_historyreceives Alertmanager webhooks and stores resolved alerts in PostgreSQLALERTING_HISTORY_WEBHOOK_SECRETPOST /api/services/mimir/alertmanager/api/v2/alertsproxies authenticated systems to Alertmanager withX-Scope-OrgIDderived server-sidelabels.system_keyis always overwritten with the authenticated system valuePOST /api/services/mimir/alertmanager/api/v2/silencesproxies authenticated systems to Alertmanager with tenant scoping enforced by the serverFrontend
manage:systemsHostDown monitoring
inactiveafter exceedingHEARTBEAT_TIMEOUT_MINUTESHostDownalert is posted when inactivity persists beyond the timeout and one additional monitor intervalTooling and docs
services/mimir/scripts/alerting_config.pymanages alerting config and alert queries through the MY APIservices/mimir/scripts/alert.pyfires, resolves, silences, and lists alerts through the collect proxy🧪 Validation
cd backend && make pre-commitcd collect && make pre-commitcd frontend && npm run pre-commitRelated issue
Implements requirements from #72 (Alarm Management - Alertmanager Integration)