Agent - Flashduty Docs

Private beta: AI SRE is currently in private beta and available to invited accounts only. To join the whitelist test, contact the Flashduty sales team to request access; features and the UI may change during the beta.

Overview

Agent is the resource category that connects AI SRE to external agent ecosystems. The currently supported type is A2A (Agent-to-Agent) — a standard protocol that lets different agents call one another (more agent types may be added later). A2A works in two directions:

Outbound

Remote A2A agents registered in the list. AI SRE delegates tasks to them via the standard A2A protocol — for example, an external agent specializing in metrics analysis or integrated with an internal system.

Inbound

AI SRE itself is also an A2A agent and exposes an Agent Card. External A2A clients can fill in that Card URL to call Flashduty’s AI SRE in reverse, enabling incident / war-room integration and bidirectional event streams.

Delegation does not make you wait: after AI SRE hands a task to a remote agent, the conversation continues immediately, so you can keep working or delegate several tasks at once. When the remote agent finishes, its result appears in the conversation as a new message. Each A2A delegation appears in the conversation stream as a task card (🛰️) showing the remote agent name, task intent, run status (initializing / in progress / completed / failed / interrupted), and usage metrics such as tool call count, tokens, and elapsed time. Click the card to view the full delegation trace in the right-hand panel.

The description is the core signal for agent selection. Before delegating, AI SRE sees a list of available agents where each entry is name: description. Write descriptions as prescriptive imperatives (e.g., “USE THIS FIRST for …”, “prefer-over-X when …”) that clearly state when to prefer this agent, what it excels at, and what it is not suited for — the more precise the description, the better AI SRE can delegate the right task to the right agent.

The A2A agent list and management entry point are on the Plugins → Agents page (menu tab labeled Agents).

Registering an Outbound A2A Agent

On the A2A Agents list page, click Add A2A Agent and fill in the form:

Field	Type	Default	Description
Name	string	—	A2A agent identifier (e.g., `metrics-analyzer`). Required
Scope	Account / Team	—	Scope: Account (visible account-wide) or a specific Team (visible and editable only to members of that team). Required — see “Scope” below
Description	string	—	A brief description of this A2A agent’s capabilities. It appears in AI SRE’s available-agent list as the selection signal — write it as a prescriptive imperative
Card URL	string	—	The base URL of the remote A2A agent (e.g., `https://flashai.flashcat.cloud`). Required. The platform validates that it is a legitimate http/https address and rejects loopback, private, link-local, or cloud-metadata addresses
Auth Type	enum	`none`	Credential type attached to outbound requests: `none` / `bearer` (Bearer Token) / `api_key` (custom Header + Key)
Streaming	bool	on	Whether to communicate with the remote agent in streaming mode
User Auth Mode	enum	`shared`	See “Auth Modes” below

Auth Modes

A2A agents support three credential-supply modes that determine how credentials are provided when different users call the same remote agent:

Shared (shared, default)

All users share the same credentials, configured under Auth Type (Bearer Token or API Key). Suitable for teams that share a single remote account.

Per-user secret (per_user_secret)

Each user provides their own key on first use; the key is encrypted and stored at the account level. Configure the Header name (required), placeholder, and help link (optional) in the Secret Schema to guide users on first call.

Per-user OAuth (per_user_oauth)

Each user authorizes via the OAuth 2.1 flow; an authorization window pops up automatically on the first call to this A2A agent, and credentials are stored per user after completion.

For security reasons, saved sensitive fields (such as token, api_key, and client_secret) are returned masked when read. When editing, leaving a sensitive field blank means “keep the current value” — not “clear it.” The stored credential is only overwritten when you explicitly change it.

Inbound: Letting External Agents Call AI SRE

Expand the “Let External Agents Call Flashduty’s AI SRE” panel at the top of the A2A Agents page to get the Agent Card URL for this account’s AI SRE:

https://api.flashcat.cloud/safari/a2a/ai-sre/agent-card

Add that URL to any A2A client to call Flashduty’s AI SRE agent via the A2A protocol. Authentication: add Fd-App-Key: <your app_key> in the request header (or use the ?app_key= query parameter). The capabilities declared on the Agent Card include:

Capability (Skill)	Description
`investigate_incident`	End-to-end root-cause analysis for a Flashduty incident, correlating logs, metrics, and recent changes
`analyze_logs`	Query and summarize logs for a target service within a specified time window
`analyze_metrics`	Query and summarize metrics for a target service within a specified time window

The Agent Card also declares Flashduty’s “run options” A2A extension: callers can override incognito (whether to hide the session from the session list; hidden by default), visibility (private / account), and the environment (cloud / byoc and a specific environment_id) in message.metadata. This extension is optional — plain A2A clients can ignore it and call normally.

Incident and War-Room Integration

When a session enters via an incident route (e.g., AI SRE is triggered from an incident or war room), the platform binds the corresponding incident to the session and brings it in as context, anchoring troubleshooting to the correct incident from the start. Based on this, AI SRE can use built-in skills during the conversation to further act on the incident — reading incident details, querying the timeline, creating / viewing war rooms, linking changes, and more. For automatic war-room diagnosis on the IM side, see IM Integration.

Automatic incident integration for A2A is currently supported conceptually and is under active development: automatic incident binding is not yet fully available, and bidirectional event streams across agents will be progressively completed with each release. Do not treat this as a fully available capability — during private beta, only features that have been explicitly enabled should be relied upon.

Creating and Managing

The full lifecycle of A2A agents is managed on the Plugins → Agents page.

Create

Click Add A2A Agent, fill in the name, scope, Card URL, auth settings, and save. You must select a definite scope (account or team) before submitting — the submit button remains disabled until a scope is chosen.

Enable / Disable

Use the toggle in the list to switch an A2A agent’s enabled state. Only enabled agents appear in AI SRE’s available-agent list and can receive delegated tasks; disabling one makes it immediately invisible to delegation.

Inspect / Edit

Click any row in the list to open the form, where you can view and edit the name, description, scope, Card URL, auth configuration, streaming, and auth mode. The form is read-only when you do not have edit permission.

Delete

Remove an A2A agent from the current scope. Active sessions that delegated to it will fail. Deletion requires confirmation.

Filter by scope

The scope filter bar at the top of the list lets you switch between “All”, “Account only”, and “Specific team”, making it easy to focus on relevant resources when managing many. Each row also has a label showing its scope (account / team name).

Scope

A2A agents share the same two-level scope model as other resources (skills, Knowledge Packs, MCP, environments), divided into account level and team level:

Scope	Visibility
Account level	Visible to all members in the account
Team level	Visible only to members of that team

Edit permissions: the account owner or account admin can edit any agent; team members can edit team-level agents in their own team; there is no creator-retains-rights exception. When you do not have edit permission, the corresponding row in the list is read-only. Runtime visibility: at session start, AI SRE’s available-agent list shows only account-level resources plus resources belonging to the team bound to the current session (e.g., the team carried in by an incident / war room, or explicitly selected in the UI). A team’s skills, MCP servers, and A2A agents are only mounted into the current session on demand after the agent reads that team’s knowledge during an investigation. The account is the only security perimeter at runtime; team is simply an ownership and editing tag.

Console

Observe A2A delegation task cards and their sub-session panels within a session.

MCP (External Tools)

Connect external tools to agents to expand their capability boundary during tasks.

Manage Knowledge

Use DUTY.md and Knowledge Packs to provide agents with team context and troubleshooting experience.

IM Platform

@ AI SRE in an IM group and learn about automatic war-room incident diagnosis.

Overview

Understand AI SRE’s overall capabilities and positioning.

​Overview

Outbound

Inbound

​Registering an Outbound A2A Agent

​Auth Modes

​Inbound: Letting External Agents Call AI SRE

​Incident and War-Room Integration

​Creating and Managing

​Scope

​Related Pages

Console

MCP (External Tools)

Manage Knowledge

IM Platform

Overview

Overview

Registering an Outbound A2A Agent

Auth Modes

Inbound: Letting External Agents Call AI SRE

Incident and War-Room Integration

Creating and Managing

Scope

Related Pages