Skip to main content
Workflows let you automate repetitive tasks and incident response. When something happens (an incident is created, a monitor goes down, an alert fires), Kodo can automatically take action—notify the right people, update services, or call external webhooks.

Why Use Workflows?

Faster Response

Automate initial incident response so your team can focus on resolution

Consistency

Ensure the same steps happen every time, reducing human error

Integration

Connect Kodo to your existing tools and processes

Escalation

Automatically escalate if incidents aren’t acknowledged

Workflow Components

Every workflow has three parts:

1. Triggers

What starts the workflow:
TriggerDescription
incident.createdNew incident is opened (including drafts)
incident.updatedIncident status or message changes
incident.resolvedIncident is marked resolved
alert.firedAlert is triggered via webhook or integration
alert.resolvedAlert is resolved (auto or manual)
service.status_changedService status updates
uptime.downUptime monitor detects failure
uptime.recoveredUptime monitor recovers
heartbeat.missedHeartbeat monitor misses expected check-in
incident.publishedDraft incident is published to status page
error_threshold_exceededError count exceeds configured threshold
scheduledInterval-based schedule
manualTriggered on-demand via API or dashboard

2. Conditions (Optional)

Filter when the workflow should run: 
{
  "operator": "AND",
  "conditions": [
    { "field": "severity", "operator": "equals", "value": "critical" },
    { "field": "service.name", "operator": "contains", "value": "production" }
  ]
}
Supported operators:
  • equals, not_equals
  • contains, not_contains
  • greater_than, less_than
  • in, not_in

3. Actions

What the workflow does:
ActionDescription
Send NotificationSend to all configured channels (Slack, email)
Send Slack MessageSend a message to a Slack webhook
Send EmailSend an email to specified recipients
Page On-CallTrigger an on-call escalation policy
Create IncidentOpen a new incident automatically
Update IncidentChange incident status, severity, or title
Resolve IncidentMark an incident as resolved
Add Incident UpdatePost a status update to an incident
Assign IncidentAssign an incident to a team member
Add LabelAdd a label to an incident
Update Service StatusChange service status
Send WebhookPOST to an external URL
Acknowledge AlertAuto-acknowledge a firing alert and stop escalation
Run Another WorkflowChain workflows together (max depth: 3)
DelayPause before the next action

Example Workflows

Critical Incident Response

When a critical incident is created, notify the on-call team and update the status page:
  1. Go to Dashboard → Workflows → Create Workflow
  2. Set trigger: incident.created
  3. Add condition: severity equals critical
  4. Add actions:
    • Send notification to PagerDuty
    • Send notification to #incidents Slack channel
    • Execute webhook to your runbook system

Auto-Create Incident on Outage

When uptime monitoring detects a failure, automatically create an incident: 
{
  "name": "Auto-Incident on Outage",
  "trigger": "uptime.down",
  "actions": [
    {
      "type": "create_incident",
      "title": "{{monitor.name}} is unreachable",
      "severity": "major",
      "service_id": "{{monitor.service_id}}",
      "message": "Uptime monitor detected {{monitor.url}} is not responding. Automated incident created."
    }
  ]
}
Incidents created by workflows follow your organization’s auto-incident visibility setting. If you have draft mode enabled, workflow-created incidents will also start as drafts and won’t appear on the public status page until published. Configure this in Settings > Automation or see Incident Safeguards.

Scheduled Health Check Report

Send a daily summary of system health: 
{
  "name": "Daily Health Report",
  "trigger": "scheduled",
  "schedule": "0 9 * * *",
  "actions": [
    {
      "type": "execute_webhook",
      "url": "https://api.example.com/generate-report"
    },
    {
      "type": "send_notification",
      "channel_id": "ch_slack_ops",
      "message": "Daily health report generated. View at https://dashboard.example.com/reports"
    }
  ]
}

Workflow Variables

Use variables in your workflow actions:
VariableDescription
{{incident.id}}Incident ID
{{incident.title}}Incident title
{{incident.severity}}Incident severity
{{incident.status}}Current status
{{incident.source}}How the incident was created: manual, api, auto_uptime, auto_heartbeat, auto_integration, auto_beacon
{{incident.visibility}}draft or public
{{service.id}}Affected service ID
{{service.name}}Service name
{{monitor.name}}Monitor name
{{monitor.url}}Monitored URL
{{alert.message}}Alert message
{{timestamp}}Event timestamp

Workflow Runs

View execution history on each workflow’s detail page (Dashboard → Workflows → Select Workflow):
  • Status: completed, failed, running
  • Duration: How long the workflow took
  • Actions: Which actions succeeded/failed

Workflows and Draft Incidents

If your organization uses draft mode, auto-created incidents start hidden from the public status page. This affects how workflows interact with incidents:
  • incident.created fires for both drafts and public incidents. Use the condition visibility equals draft or visibility equals public to distinguish.

Example: Internal Alert on Draft Creation

Alert your team in Slack when a draft is created so they can review it, without notifying subscribers: 
{
  "name": "Draft Review Alert",
  "trigger": "incident.created",
  "conditions": {
    "operator": "AND",
    "conditions": [
      { "field": "visibility", "operator": "equals", "value": "draft" }
    ]
  },
  "actions": [
    {
      "type": "send_notification",
      "channel_id": "ch_slack_ops",
      "message": "Draft incident created: {{incident.title}} ({{incident.severity}}). Review and publish at https://kodostatus.com/dashboard/incidents"
    }
  ]
}

Incident Safeguards

Learn about draft mode, auto-publish, flap protection, cooldowns, and other safeguards for auto-created incidents.

Best Practices

Begin with basic workflows (notification on critical incident) and add complexity as you understand your needs.
Don’t trigger on every event. Use conditions to filter for actionable situations.
Create a test workflow with manual trigger to validate your actions before connecting to real events.
If one action fails, the workflow can continue executing remaining actions.
Regularly review failed workflows to catch integration issues early.