Use when working with Rootly — rootly incident management, on-call scheduling, workflows, retrospectives, and service catalog. Covers incident creation and lifecycle, automated workflows, alert routing, status pages, and post-incident analysis. Use when managing active incidents, configuring workflows, reviewing retrospectives, or analyzing incident trends in Rootly.
Manage and analyze incidents, workflows, retrospectives, and services in Rootly.
All API calls use the Authorization: Bearer $ROOTLY_API_KEY header. Never hardcode tokens.
https://api.rootly.com/v1
#!/bin/bash
rootly_api() {
local method="$1"
local endpoint="$2"
local data="${3:-}"
if [ -n "$data" ]; then
curl -s -X "$method" \
-H "Authorization: Bearer $ROOTLY_API_KEY" \
-H "Content-Type: application/json" \
"https://api.rootly.com/v1${endpoint}" \
-d "$data"
else
curl -s -X "$method" \
-H "Authorization: Bearer $ROOTLY_API_KEY" \
-H "Content-Type: application/json" \
"https://api.rootly.com/v1${endpoint}"
fi
}
jq#!/bin/bash
echo "=== Active Incidents ==="
rootly_api GET "/incidents?filter[status]=started,mitigated&page[size]=25" \
| jq -r '.data[] | "\(.attributes.created_at[0:16])\t\(.attributes.severity.data.attributes.name // "none")\t\(.attributes.status)\t\(.attributes.title[0:60])"' \
| column -t
echo ""
echo "=== Incident Count by Severity ==="
rootly_api GET "/incidents?filter[status]=started,mitigated&page[size]=100" \
| jq -r '.data[] | .attributes.severity.data.attributes.name // "none"' | sort | uniq -c | sort -rn
#!/bin/bash
echo "=== Services ==="
rootly_api GET "/services?page[size]=25" \
| jq -r '.data[] | "\(.attributes.name)\t\(.attributes.slug)"' | column -t
echo ""
echo "=== Severities ==="
rootly_api GET "/severities" \
| jq -r '.data[] | "\(.attributes.severity)\t\(.attributes.name)\t\(.attributes.description[0:50])"' | column -t
#!/bin/bash
echo "=== Resolved Incidents (recent) ==="
rootly_api GET "/incidents?filter[status]=resolved&page[size]=50" \
| jq '{
total: (.data | length),
by_severity: (.data | group_by(.attributes.severity.data.attributes.name // "unknown") | map({(.[0].attributes.severity.data.attributes.name // "unknown"): length}) | add)
}'
echo ""
echo "=== Action Items Pending ==="
rootly_api GET "/action_items?filter[status]=open&page[size]=15" \
| jq -r '.data[] | "\(.attributes.priority // "none")\t\(.attributes.summary[0:60])"' | column -t
#!/bin/bash
INCIDENT_ID="${1:?Incident ID required}"
echo "=== Incident Details ==="
rootly_api GET "/incidents/${INCIDENT_ID}" \
| jq '.data.attributes | {title, status, severity: .severity.data.attributes.name, created_at, resolved_at, summary: .summary[0:200]}'
echo ""
echo "=== Timeline Events ==="
rootly_api GET "/incidents/${INCIDENT_ID}/timeline_events?page[size]=15" \
| jq -r '.data[] | "\(.attributes.created_at[0:16])\t\(.attributes.event_type)\t\(.attributes.content[0:60])"' | column -t
column -t--help output.| Shortcut | Counter | Why |
|---|---|---|
| "I'll skip discovery and check known resources" | Always run Phase 1 discovery first | Resource names change, new resources appear — assumed names cause errors |
| "The user only asked for a quick check" | Follow the full discovery → analysis flow | Quick checks miss critical issues; structured analysis catches silent failures |
| "Default configuration is probably fine" | Audit configuration explicitly | Defaults often leave logging, security, and optimization features disabled |
| "Metrics aren't needed for this" | Always check relevant metrics when available | API/CLI responses show current state; metrics reveal trends and intermittent issues |
| "I don't have access to that" | Try the command and report the actual error | Assumed permission failures prevent useful investigation; actual errors are informative |
data, attributes, relationships structurepage[size] and page[number] parametersfilter[field] syntax for query parametersstarted, mitigated, resolved, cancelledX-RateLimit-Remaining header