Skills
NYC
skills/getsentry/agent-skills/sentry-create-alert

sentry-create-alert

SKILL.md

Create Sentry Alert

Create alerts via Sentry's workflow engine API.

Invoke This Skill When

  • User asks to "create a Sentry alert" or "set up notifications"
  • User wants to be emailed or notified when issues match certain conditions
  • User mentions priority alerts, de-escalation alerts, or workflow automations
  • User wants to configure Slack, PagerDuty, or email notifications for Sentry issues

Prerequisites

  • curl available in shell
  • Sentry org auth token with alerts:write scope

Phase 1: Gather Configuration

Ask the user for any missing details:

Detail Required Example
Org slug Yes sentry, my-org
Auth token Yes sntryu_... (needs alerts:write scope)
Region Yes (default: us) usus.sentry.io, dede.sentry.io
Alert name Yes "High Priority De-escalation Alert"
Trigger events Yes Which issue events fire the workflow
Conditions Optional Filter conditions before actions execute
Action type Yes email, slack, or pagerduty
Action target Yes User email, team, channel, or service

Phase 2: Look Up IDs

Use these API calls to resolve names to IDs as needed.

API="https://{region}.sentry.io/api/0/organizations/{org}"
AUTH="Authorization: Bearer {token}"

# Find user ID by email
curl -s "$API/members/" -H "$AUTH" | python3 -c "
import json,sys
for m in json.load(sys.stdin):
  if m.get('email')=='USER_EMAIL' or m.get('user',{}).get('email')=='USER_EMAIL':
    print(m['user']['id']); break"

# List teams
curl -s "$API/teams/" -H "$AUTH" | python3 -c "
import json,sys
for t in json.load(sys.stdin):
  print(t['id'], t['slug'])"

# List integrations (for Slack/PagerDuty)
curl -s "$API/integrations/" -H "$AUTH" | python3 -c "
import json,sys
for i in json.load(sys.stdin):
  print(i['id'], i['provider']['key'], i['name'])"

Phase 3: Build Payload

Trigger Events

Pick which issue events fire the workflow. Use logicType: "any-short" (triggers must always use this).

Type Fires when
first_seen_event New issue created
regression_event Resolved issue recurs
reappeared_event Archived issue reappears

Filter Conditions

Conditions that must pass before actions execute. Use logicType: "all", "any-short", or "none".

Type comparison Description
issue_priority_greater_or_equal 25 / 50 / 75 / 100 Priority >= Low/Medium/High/Critical
issue_priority_deescalating true Priority dropped below peak
event_frequency_count <number> Event count exceeds threshold
event_unique_user_frequency_count <number> Affected users exceed threshold
tagged_event "key:value" Event has specific tag
assigned_to "<user_or_team_id>" Issue assigned to target

Priority scale: Low=25, Medium=50, High=75, Critical=100.

Set conditionResult to false to invert (fire when condition is NOT met).

Actions

Type Key Config
email targetType: "user" / "team" / "issue_owners", targetIdentifier: <id>
slack integrationId: <id>, channel: "#name", channel_id: <id>
pagerduty integrationId: <id>, service: <id>, severity: "critical"

Full Payload Structure

{
  "name": "<Alert Name>",
  "enabled": true,
  "environment": null,
  "config": { "frequency": 0 },
  "triggers": {
    "logicType": "any-short",
    "conditions": [
      { "type": "first_seen_event", "comparison": true, "conditionResult": true }
    ]
  },
  "actionFilters": [{
    "logicType": "all",
    "conditions": [
      { "type": "issue_priority_greater_or_equal", "comparison": 75, "conditionResult": true }
    ],
    "actions": [{
      "type": "email",
      "integrationId": null,
      "data": {},
      "config": {
        "targetType": "user",
        "targetIdentifier": "<user_id>",
        "targetDisplay": null
      }
    }]
  }]
}

frequency: seconds between repeated notifications. 0 = no throttling, 1800 = 30 min.

Phase 4: Create the Alert

curl -s -w "\n%{http_code}" -X POST \
  "https://{region}.sentry.io/api/0/organizations/{org}/workflows/" \
  -H "Authorization: Bearer {token}" \
  -H "Content-Type: application/json" \
  -d '{payload}'

Expect HTTP 201. The response contains the workflow id.

Phase 5: Verify

Confirm the alert was created and provide the UI link:

https://{org_slug}.sentry.io/monitors/alerts/{workflow_id}/

If the org lacks the workflow-engine-ui feature flag, the alert appears at:

https://{org_slug}.sentry.io/alerts/rules/

Managing Alerts

# List all workflows
curl -s "$API/workflows/" -H "$AUTH"

# Get one workflow
curl -s "$API/workflows/{id}/" -H "$AUTH"

# Delete a workflow
curl -s -X DELETE "$API/workflows/{id}/" -H "$AUTH"
# Expect 204

Troubleshooting

Issue Solution
401 Unauthorized Token needs alerts:write scope
403 Forbidden Token must belong to the target org
404 Not Found Check org slug and region (us vs de)
400 Bad Request Validate payload JSON structure, check required fields
User ID not found Verify email matches a member of the org
Weekly Installs
3
Repository
getsentry/agent-skills
First Seen
2 days ago
Security Audits
Gen Agent Trust HubWarn
SocketPass
SnykFail
Installed on
claude-code3
replit3
opencode2
codex2
kiro-cli2
gemini-cli2