Private beta: AI SRE is currently in private beta. Pro or higher accounts can apply for free beta access through the AI SRE private beta application form; after approval, Flashduty will add your account to the whitelist. Features and the UI may change during the beta.
Overview
Agent is the resource category that connects AI SRE to external agent ecosystems. The currently supported type is A2A (Agent-to-Agent) — a standard protocol that lets different agents call one another (more agent types may be added later). A2A works in two directions:
Outbound
Remote A2A agents registered in the list. AI SRE delegates tasks to them via the standard A2A protocol — for example, an external agent specializing in metrics analysis or integrated with an internal system.
Inbound
AI SRE itself is also an A2A agent and exposes an Agent Card. External A2A clients can fill in that Card URL to call Flashduty’s AI SRE in reverse, enabling incident / war-room integration and bidirectional event streams.
A2A badge, showing the remote agent name, task intent, run status (initializing / in progress / completed / failed / interrupted), and usage metrics such as tool call count, tokens, and elapsed time. Click the card to view the full delegation trace in the right-hand panel.
The A2A agent list and management entry point are on the Plugins → Agents page (menu tab labeled Agents).
Agents covers two distinct concepts. This page (Agents) currently manages A2A Agents (external agent-to-agent calls). The other concept is the Subagent — a platform-built-in task executor that AI SRE dispatches on demand within a session. Subagents have no create / edit entry point; you only observe their behavior in sessions. See “Subagent” below.
Subagent
A Subagent is a platform built-in task executor. During an investigation, AI SRE can dispatch a self-contained subtask to a Subagent that completes it independently — dispatch always goes through the single long-running tool
agent_dispatch, rather than exposing a separate tool per Subagent.
The platform ships several bootstrap Subagents that work out of the box:
| Name | Role |
|---|---|
general | General-purpose worker with full tool access. Use it to offload work whose intermediate steps would otherwise pollute the parent’s context (long reports, multi-file edits, end-to-end builds, repeated probing). Dispatch several in parallel for independent units of work |
explore | Read-only investigator restricted to grep / glob / read; it cannot write or execute. Returns a compact summary rather than raw search output — ideal for locating evidence inside a codebase or knowledge dump |
Agent badge, whereas an A2A delegation carries an A2A badge.
Runtime limits:
- Concurrency cap: a session runs at most 20 Subagents concurrently (
TaskMaxConcurrentPerSession = 20). This caps how many run at the same instant, not how many a session dispatches over its lifetime — completing one frees a slot, so total work is unbounded. Dispatching past the cap errors (too many active subagents (… running, limit 20)), prompting the model to stop and wait for the running ones to finish before dispatching the rest. - Nesting depth: a dispatch chain nests at most 3 levels deep (
TaskMaxNestingDepth = 3), preventing a Subagent from spawning itself indefinitely.
Subagents currently have no user-facing create / management UI. They are a built-in runtime capability: you can observe Subagent task cards and their sub-session traces within a session, but you cannot add, edit, or delete a Subagent the way you can an A2A Agent. This page (Agents) currently manages only A2A Agents.
Registering an Outbound A2A Agent
On the A2A Agents list page, click Add A2A Agent and fill in the form:
| Field | Type | Default | Description |
|---|---|---|---|
| Name | string | — | A2A agent identifier (e.g., metrics-analyzer). Required |
| Scope | Account / Team | — | Scope: Account (visible account-wide) or a specific Team (visible and editable only to members of that team). Required — see “Scope” below |
| Instructions | string | — | The agent-selection signal shown to AI SRE. It is inserted into AI SRE’s system prompt and available-agent list to decide when to call this A2A agent. Required; write prescriptive guidance that explains when to use the agent, its capability boundaries, and when not to use it. Maximum 2,000 characters |
| Card URL | string | — | The Agent Card URL of the remote A2A agent, or just the service origin for agents that follow the default well-known location (for example, https://agents.example.com). If the URL includes a path, the platform reads that exact URL; if only an origin is provided, it resolves /.well-known/agent-card.json by A2A convention. Required. The platform validates that it is a legitimate http/https address and rejects loopback, private, link-local, or cloud-metadata addresses |
| Auth Type | enum | none | Credential type attached to outbound requests: none / bearer (Bearer Token) / api_key (custom Header + Key) |
| Streaming | bool | on | Whether to communicate with the remote agent in streaming mode |
| User Auth Mode | enum | shared | See “Auth Modes” below |
| Skip TLS certificate verification | bool | off | Shown only when the Card URL uses HTTPS. Enable only when the remote endpoint uses a self-signed certificate inside a controlled network; this skips certificate-chain and hostname verification |
| Allow OAuth discovery over HTTP | bool | off | Required only when “Per-user OAuth” is selected and the Card URL is a non-local HTTP URL. Use only in controlled test environments; after you enable it, the Safari service can fetch OAuth metadata from that host |
Using the FlashAI Template
FlashAI is the observability analysis product in the Flashcat / 快猫星云 family. It can also be connected as a remote A2A agent for AI SRE. On the A2A Agents page, expand the Connect FlashAI observability analysis panel to create an A2A agent from the FlashAI template. The FlashAI template is not a blanket rule that sends every observability question to FlashAI. It configures FlashAI as the delegation target for Flashcat / 快猫星云-originated alert and incident investigation. For alerts or incidents from Flashcat products such as Event Wall / 事件墙, Firemap / 灭火图, and Polaris / 北极星, AI SRE should prefer delegating analysis to FlashAI. The template prefills multi-line instructions. Its core routing rules are:- Prefer FlashAI when the user is investigating an alert, incident, fault, or alert group that clearly originates from Flashcat / 快猫星云.
- Event Wall / 事件墙 alert events, incidents, and alert groups are positive routing signals.
- Firemap / 灭火图 faults are positive routing signals, especially fields such as
fault_type=firemaporrule_prod=firemap. - Polaris / 北极星 faults are positive routing signals, especially fields such as
fault_type=polaris,rule_prod=polaris, or the internal markerrule_prod=northstar. - Flashcat alerts from
n9e.alertshould also be delegated to FlashAI when they carry fault metadata such asrule_prod,rule_config.detail_url,workspace,fault_type,fault_workspace,fault_detail_url, orfault_condition. - Do not use FlashAI by default for generic metrics, logs, traces, topology, or performance questions that do not include Flashcat / 快猫星云 alert context, a Flashcat URL, product markers, or the fault fields above. Use the available local tools or the customer’s actual observability source instead.
Configure FlashAI /config
Open
/config in the FlashAI / Flashcat console (for example, https://demo.flashcat.cloud/config), add a2a_server_base_url, and set it to the current FlashAI access domain, for example https://demo.flashcat.cloud.Confirm network reachability
If FlashAI uses a private-network address, only a BYOC Runner deployed in that network can reach it. If cloud Sandbox also needs to call FlashAI, use a publicly reachable domain and configure an allowlist as needed. This is the same network-reachability rule used for MCP SSE endpoints in Sandbox.
demo.flashcat.cloud) and click Use this template. The page opens the Add A2A Agent form and prefills:
- Name: generated from the domain, for example
flashai-demo - Instructions: multi-line delegation guidance for AI SRE, explaining which Flashcat alerts/incidents should prefer FlashAI and which generic observability questions should not.
- Card URL: generated from the domain:
Auth Modes
A2A agents support three credential-supply modes that determine how credentials are provided when different users call the same remote agent:Shared (shared, default)
Shared (shared, default)
Per-user secret (per_user_secret)
Per-user secret (per_user_secret)
Each user provides their own key on first use; the key is encrypted and stored at the account level. Configure the Header name (required), placeholder, and help link (optional) in the Key Schema to guide users on first call.
Per-user OAuth (per_user_oauth)
Per-user OAuth (per_user_oauth)
Each user authorizes via the OAuth 2.1 flow; an authorization window pops up automatically on the first call to this A2A agent, and credentials are stored per user after completion.
For security reasons, saved sensitive fields (such as
token, api_key, and client_secret) are returned masked when read. When editing, leaving a sensitive field blank means “keep the current value” — not “clear it.” The stored credential is only overwritten when you explicitly change it.Inbound: Letting External Agents Call AI SRE
Expand the “Let External Agents Call Flashduty’s AI SRE” panel at the top of the A2A Agents page to get the Agent Card URL for this account’s AI SRE:
Fd-App-Key: <your app_key> in the request header (or use the ?app_key= query parameter). The capabilities declared on the Agent Card include:
| Capability (Skill) | Description |
|---|---|
investigate_incident | End-to-end root-cause analysis for a Flashduty incident, correlating logs, metrics, and recent changes |
analyze_logs | Query and summarize logs for a target service within a specified time window |
analyze_metrics | Query and summarize metrics for a target service within a specified time window |
Incident and War-Room Integration
When a session enters via an incident route (e.g., AI SRE is triggered from an incident or war room), the platform binds the corresponding incident to the session and brings it in as context, anchoring troubleshooting to the correct incident from the start. Based on this, AI SRE can use built-in skills during the conversation to further act on the incident — reading incident details, querying the timeline, creating / viewing war rooms, linking changes, and more. For automatic war-room diagnosis on the IM side, see IM Integration.Creating and Managing
The full lifecycle of A2A agents is managed on the Plugins → Agents page.
Create
Create
Click Add A2A Agent, fill in the name, scope, instructions, Card URL, auth settings, and save. You must select a definite scope (account or team) before submitting — the submit button remains disabled until a scope is chosen.
Enable / Disable
Enable / Disable
Use the toggle in the list to switch an A2A agent’s enabled state. Only enabled agents appear in AI SRE’s available-agent list and can receive delegated tasks; disabling one makes it immediately invisible to delegation.
Inspect / Edit
Inspect / Edit
Click any row in the list to open the form, where you can view and edit the name, instructions, scope, Card URL, auth configuration, streaming, and auth mode. The form is read-only when you do not have edit permission.
Delete
Delete
Remove an A2A agent from the current scope. Active sessions that delegated to it will fail. Deletion requires confirmation.
Filter by scope
Filter by scope
The scope filter bar at the top of the list lets you switch between “All”, “Account only”, and “Specific team”, making it easy to focus on relevant resources when managing many. Each row also has a label showing its scope (account / team name).
Scope
A2A agents share the same two-level scope model as other resources (skills, Knowledge Packs, MCP, environments), divided into account level and team level:
| Scope | Visibility |
|---|---|
| Account level | Visible to all members in the account |
| Team level | Visible only to members of that team |
Related Pages
Console
Observe A2A delegation task cards and their sub-session panels within a session.
MCP (External Tools)
Connect external tools to agents to expand their capability boundary during tasks.
Manage Knowledge
Use DUTY.md and Knowledge Packs to provide agents with team context and troubleshooting experience.
IM Platform
@ AI SRE in an IM group and learn about automatic war-room incident diagnosis.
Overview
Understand AI SRE’s overall capabilities and positioning.