Resolve Incident
curl --request POST \
--url http://{host}:{port}/{basePath}/incidents/{name}/resolve \
--header 'Authorization: <api-key>' \
--header 'Content-Type: application/json' \
--data '
{
"resolution": "Memory leak fixed in payment-service v2.4.1 hotfix deployed manually. Verified stable for 15 minutes."
}
'{
"apiVersion": "v1",
"kind": "Incident",
"metadata": {
"name": "INC-20260319-001",
"namespace": "production",
"annotations": {
"aiops.chatcli.io/resolved-by": "operator",
"aiops.chatcli.io/resolved-at": "2026-03-19T16:45:00Z",
"aiops.chatcli.io/manual-resolution": "true"
}
},
"spec": {
"resourceRef": {
"kind": "Deployment",
"name": "payment-service",
"namespace": "production"
},
"severity": "critical",
"signalType": "oom_kill"
},
"status": {
"state": "Resolved",
"resolution": "Memory leak fixed in payment-service v2.4.1 hotfix deployed manually. Verified stable for 15 minutes.",
"resolvedAt": "2026-03-19T16:45:00Z",
"detectedAt": "2026-03-19T14:30:00Z",
"remediationAttempts": 3,
"escalatedAt": "2026-03-19T15:15:00Z"
}
}
Incidents
Resolve Incident
Manually resolves an incident β essential when the system escalates to human action or when an operator confirms the issue is fixed
POST
/
incidents
/
{name}
/
resolve
Resolve Incident
curl --request POST \
--url http://{host}:{port}/{basePath}/incidents/{name}/resolve \
--header 'Authorization: <api-key>' \
--header 'Content-Type: application/json' \
--data '
{
"resolution": "Memory leak fixed in payment-service v2.4.1 hotfix deployed manually. Verified stable for 15 minutes."
}
'{
"apiVersion": "v1",
"kind": "Incident",
"metadata": {
"name": "INC-20260319-001",
"namespace": "production",
"annotations": {
"aiops.chatcli.io/resolved-by": "operator",
"aiops.chatcli.io/resolved-at": "2026-03-19T16:45:00Z",
"aiops.chatcli.io/manual-resolution": "true"
}
},
"spec": {
"resourceRef": {
"kind": "Deployment",
"name": "payment-service",
"namespace": "production"
},
"severity": "critical",
"signalType": "oom_kill"
},
"status": {
"state": "Resolved",
"resolution": "Memory leak fixed in payment-service v2.4.1 hotfix deployed manually. Verified stable for 15 minutes.",
"resolvedAt": "2026-03-19T16:45:00Z",
"detectedAt": "2026-03-19T14:30:00Z",
"remediationAttempts": 3,
"escalatedAt": "2026-03-19T15:15:00Z"
}
}
Unique incident name (e.g.,
INC-20260319-001)Kubernetes namespace of the incident
Description of how the incident was resolved. If omitted, defaults to
"Manually resolved via dashboard".Best practice: always provide a meaningful resolution message for postmortem and audit trail.When to Use This Endpoint
This endpoint is critical in the following scenarios:1. Escalated Incidents (Human Action Required)
When the AIOps platform exhausts all automatic remediation attempts (default: 3 retries), the incident transitions to the Escalated state. At this point:- The notification system alerts the on-call team via configured channels (Slack, PagerDuty, etc.)
- The escalation policy progresses through levels (L1 β L2 β L3) based on timeouts
- No further automatic remediation will be attempted
- The incident remains in
Escalatedstate until a human resolves it via this endpoint, the web dashboard, or the CLI
2. Manual Verification After Auto-Remediation
Even when automatic remediation succeeds, operators may want to manually verify and close the incident with additional context.3. False Positives
When an incident is detected but the operator determines itβs a false positive, use this endpoint with a resolution like"False positive β metric spike caused by scheduled batch job".
Resolution Flow for Escalated Incidents
Incident Detected
β
AI Analysis β Runbook/Agentic Remediation
β β
Success β Resolved Failure (retry up to 3x)
β
All retries exhausted
β
ESCALATED β You are here
β
βββββββββββββββββββΌβββββββββββββββββββ
β β β
API Resolve Dashboard Button CLI Command
POST /resolve "Resolve" btn (future release)
β β β
βββββββββββββββββββΌβββββββββββββββββββ
β
State: Resolved
PostMortem generated
Dedup cache cleared
Audit event recorded
What Happens After Resolution
- State Change: The incident transitions from
Escalated(or any active state) toResolved - Annotations Added:
aiops.chatcli.io/resolved-byβ the authenticated role/useraiops.chatcli.io/resolved-atβ resolution timestampaiops.chatcli.io/manual-resolutionβ set to"true"
- Dedup Cache Cleared: The resourceβs deduplication entry is invalidated, allowing new anomalies to be detected for the same resource
- PostMortem Generated: An automatic postmortem is created with the resolution details
- Audit Event: An immutable audit event is recorded for compliance
{
"apiVersion": "v1",
"kind": "Incident",
"metadata": {
"name": "INC-20260319-001",
"namespace": "production",
"annotations": {
"aiops.chatcli.io/resolved-by": "operator",
"aiops.chatcli.io/resolved-at": "2026-03-19T16:45:00Z",
"aiops.chatcli.io/manual-resolution": "true"
}
},
"spec": {
"resourceRef": {
"kind": "Deployment",
"name": "payment-service",
"namespace": "production"
},
"severity": "critical",
"signalType": "oom_kill"
},
"status": {
"state": "Resolved",
"resolution": "Memory leak fixed in payment-service v2.4.1 hotfix deployed manually. Verified stable for 15 minutes.",
"resolvedAt": "2026-03-19T16:45:00Z",
"detectedAt": "2026-03-19T14:30:00Z",
"remediationAttempts": 3,
"escalatedAt": "2026-03-19T15:15:00Z"
}
}
{
"apiVersion": "v1",
"kind": "Error",
"error": {
"code": 404,
"message": "Incident not found",
"details": "No incident named 'INC-20260319-999' found in namespace 'production'"
}
}
{
"apiVersion": "v1",
"kind": "Error",
"error": {
"code": 409,
"message": "Incident already resolved",
"details": "The incident 'INC-20260319-001' was already resolved at 2026-03-19T16:45:00Z"
}
}
Authorizations
Bearer token issued by the operator. Format: Authorization: Bearer <token>.
Path Parameters
Unique incident name.
Example:
"INC-20260319-001"
Query Parameters
Kubernetes namespace of the incident.
Body
application/json
Description of how the incident was resolved. Defaults to "Manually resolved via dashboard" when omitted.
βI