S Srenix
Try it now
Docs / Integrations

Docs

Integrations

Route findings to Slack, Alertmanager, and ticketing systems. Trigger cycles from Prometheus alerts or external webhooks.

Srenix routes findings to alert channels, ticketing systems, and external triggers. Each integration is optional and independently enabled. Slack and Alertmanager work with the OSS binary; Jira, ServiceNow, and Prometheus metrics require the paid srenix-enterprise binary.

Slack

Srenix routes to three Slack channels — alerts (Srenix acted / auto-fixed), critical (human action required), and healthinfo (daily digest) — each backed by its own incoming-webhook Secret. Create the Secrets before installing (or provision via ESO): 

kubectl create secret generic srenix-slack-alerts \
  --from-literal=WEBHOOK_URL=https://hooks.slack.com/... \
  -n agentic-sre

kubectl create secret generic srenix-slack-critical \
  --from-literal=WEBHOOK_URL=https://hooks.slack.com/... \
  -n agentic-sre

kubectl create secret generic srenix-slack-healthinfo \
  --from-literal=WEBHOOK_URL=https://hooks.slack.com/... \
  -n agentic-sre

Then enable each channel and point it at its Secret in Helm values: 

--set slack.alerts.enabled=true --set slack.alerts.secretName=srenix-slack-alerts \
--set slack.critical.enabled=true --set slack.critical.secretName=srenix-slack-critical \
--set slack.healthinfo.enabled=true --set slack.healthinfo.secretName=srenix-slack-healthinfo

Repeated alerts are deduplicated — the watcher re-posts still-active warnings at watcher.slack.repeatInterval (default 6h, 0 = never) and still-active criticals at watcher.slack.criticalRepeatInterval (default 2h so criticals stay loud; 0 = fall back to repeatInterval).

Alertmanager

Srenix can post findings as Alertmanager alerts and poll Alertmanager for firing alerts to trigger probe cycles (trigger class C). 

# Enable Alertmanager sink
--set alertmanager.enabled=true \
--set alertmanager.url=http://kube-prometheus-stack-alertmanager:9093

# Enable polling (trigger class C) — fires a diagnose cycle on new firing alerts
--set watcher.triggers.prom.url=http://kube-prometheus-stack-alertmanager:9093 \
--set watcher.triggers.prom.interval=30s

Each fired alert carries srenix_severity, srenix_analyzer, and srenix_subject labels for routing in Alertmanager rules.

Ticketing

OpenProject

OSS

MCP-based ticketing sink. Srenix upserts one ticket per open DriftReport — re-detecting the same issue updates the existing ticket rather than creating a duplicate. Enable with ticketing.enabled=true (ticketing.provider defaults to openproject) and set ticketing.mcpURL, ticketing.project, and ticketing.typeID. When the MCP server sits behind Kong, supply the API key via ticketing.auth.enabled=true + an ESO-managed Secret.

Jira & ServiceNow

Paid

Jira and ServiceNow ticketing sinks are available in the paid Enterprise tier. Contact sales for access.

Prometheus metrics

The paid srenix-enterprise aiwatch Deployment exposes srenix_* metric families on /metrics:9090. Enable the listener with ai.metrics.addr=":9090"; the chart then renders the matching port and Service, plus a ServiceMonitor when ai.metrics.serviceMonitor.enabled=true and a PrometheusRule when ai.metrics.prometheusRule.enabled=true.

The full metric set (from cmd/srenix-enterprise/metrics.go): srenix_cycle_total, srenix_diagnostic_total, srenix_outcome_total, srenix_outcome_revert_total, srenix_policy_active, srenix_llm_proposer_total, srenix_autonomy_decision_total, and srenix_breaker_open.

AI providers (paid tiers)

The AI tiers talk to any OpenAI-compatible endpoint via --ai-endpoint — in-cluster vLLM is the BYOM recommendation. Anthropic is supported through a native Anthropic Messages API client: provider selection is automatic by endpoint host (an *.anthropic.com endpoint gets the native client; everything else uses the OpenAI-compatible client). Non-cluster (SaaS) endpoints — api.openai.com, api.anthropic.com, etc. — are refused unless the operator explicitly passes --ai-allow-saas.

Webhook triggers (class E)

External services can trigger an immediate diagnose cycle by posting an HMAC-SHA256-authenticated request. Useful for integrating with Vault, ArgoCD, cert-manager, or Cloudflare change events. 

# Example: trigger on a Vault seal event
BODY='{}'
SIG="sha256=$(printf '%s' "$BODY" | openssl dgst -sha256 -hmac "$HMAC_SECRET" -hex | awk '{print $NF}')"
curl -X POST https://srenix-watcher.cluster/webhook/vault \
  -H "X-Srenix-Signature: $SIG" \
  -H "Content-Type: application/json" \
  -d "$BODY"

Enable the receiver with watcher.triggers.webhook.listen=":8090" and register sources as <source>=<ENV_VAR> pairs via watcher.triggers.webhook.sources (e.g. vault=SRENIX_WEBHOOK_VAULT_SECRET). The HMAC secrets are provisioned via a single K8s Secret referenced by watcher.triggers.webhook.secretName; set watcher.triggers.webhook.service.enabled=true to render a ClusterIP Service for the endpoint.

← Back to docs