Automations

Automations let you define rules that execute automatically when something happens across your managed environment. A trigger — a scheduled time, a platform event, an inbound webhook from an external system, or an explicit manual request — causes the automation to run one or more actions against a set of target devices or platform services.

You manage automations from the Automations page in the Breeze dashboard. From there you can create new automations, enable or disable existing ones, run them on demand, and review their execution history.

Creating an Automation

Open the Automations page. Navigate to Automations in the sidebar. Click New Automation in the top-right corner.
Enter a name and description. Give the automation a descriptive name (e.g., “Daily maintenance check”) and an optional description explaining its purpose.
Choose a trigger type. Select one of the four trigger cards:
- Schedule — runs on a recurring cron schedule. Use the cron expression field or click a quick preset (Every 15 min, Every hour, Daily 9 AM, Weekdays 9 AM, Weekly Sunday). A plain-language description of the schedule appears below the field.
- Event — runs when a platform event occurs. Select the event type from the dropdown (Device Online, Device Offline, Alert Triggered, Alert Resolved, Script Completed, Script Failed, Policy Violation).
- Webhook — runs when an external system sends an HTTP POST to the automation’s generated URL. After saving, the webhook URL appears and can be copied with one click. Optionally set a webhook secret for authentication.
- Manual — runs only when you trigger it from the UI or API.
Configure device targeting (optional). Expand the Device Targeting section to filter which devices the automation applies to. Use Simple mode to add conditions (Site is, Group is not, OS contains, Tag is) or switch to Advanced mode for the full filter builder with live device preview.
Add actions. Under Actions, click Add Action and choose the action type:
- Run Script — select a script from the library.
- Send Notification — select a notification channel.
- Create Alert — set a severity level and message.
- Execute Command — enter a raw shell command.
Actions execute in order. Add multiple actions by clicking Add Action again. Each action is numbered and can be removed individually.
Set the failure policy. Choose what happens if an action fails:
- Stop Execution — abort immediately.
- Continue — proceed with remaining actions.
- Notify & Continue — send a failure notification to a selected channel and continue.
Save. Click Create Automation to save and enable the automation.

Managing Automations

The Automations list page displays all automations in a table with columns for name, trigger type, last run time, status, and an enabled toggle.

Search and filter. Use the search bar to find automations by name or description. Filter by trigger type (Schedule, Event, Webhook, Manual) or by status (Enabled / Disabled).
Enable or disable. Toggle the switch in the Enabled column. Disabled automations do not fire on schedule or in response to events.
Run manually. Click the play button next to any enabled automation to trigger it immediately.
Edit. Click the pencil icon to open the automation editor and modify triggers, conditions, actions, or failure policies.
Delete. Open the three-dot menu and select Delete. A confirmation dialog appears before the automation is removed.
View run history. Open the three-dot menu and select Run History, or click “View history” under the status column.

Viewing Run History

To see past executions for an automation, click Run History from the three-dot menu on the automations list. A modal opens with a chronological list of runs.

Each run entry shows:

Status badge — Running (blue), Success (green), Failed (red), or Partial (yellow).
Trigger source — Scheduled, Event Triggered, Webhook, Manual, or API Call.
Device counts — how many devices passed, failed, or were skipped.
Duration — total run time.

Click a run to expand it and view:

Device results — per-device status with hostname, duration, and error messages.
Logs — click View Logs to see a terminal-style log output showing action dispatches and results.
Timestamps — exact start and completion times.

Use the status filter dropdown to narrow results to Success, Failed, Partial, or Running.

Key Concepts

Trigger Types

Type	Fires when
`schedule`	A cron expression matches in the specified timezone
`event`	A platform event occurs (e.g., `alert.created`, `device.offline`)
`webhook`	An HTTP POST is received at the automation’s generated URL
`manual`	An admin explicitly triggers a run via UI or API

Action Types

Type	What it does
`run_script`	Executes a script from the library on target devices
`send_notification`	Sends a message to a notification channel
`create_alert`	Creates a Breeze alert with configured severity and message
`execute_command`	Runs a shell command on target devices

Run Status

Status	Meaning
`running`	The run is actively executing; not all actions have completed
`success`	All target devices executed their actions successfully
`failed`	All actions failed, or the automation could not start
`partial`	Some device targets succeeded and some failed; at least one of each

onFailure Policy

Policy	Behavior
`stop`	Abort the run immediately; remaining actions are not executed
`continue`	Execute all remaining actions regardless of failures
`notify`	Same as `continue`, but also send a failure notification after the run completes

Configuring Automations via Configuration Policies

For organizations that manage automations as part of broader device policy, automations can also be defined as features on a Configuration Policy. Policy-managed automations inherit the policy’s scope — a single automation definition can apply across all devices in an organization, site, or device group without creating separate automations per target.

Adding an automation feature to a policy

POST /configuration-policies/:policyId/features
Content-Type: application/json

{
  "featureType": "automation",
  "inlineSettings": {
    "automations": [
      {
        "name": "Restart nginx on critical alert",
        "enabled": true,
        "triggerType": "event",
        "eventType": "alert.triggered",
        "actions": [
          {
            "type": "execute_command",
            "command": "systemctl restart nginx",
            "shell": "bash"
          },
          {
            "type": "send_notification",
            "notificationChannelId": "uuid",
            "title": "nginx restarted",
            "message": "Auto-restarted nginx after alert",
            "severity": "medium"
          }
        ],
        "onFailure": "notify"
      }
    ]
  }
}

You can define multiple automations per feature link by adding additional items to the automations array.

Automation configuration fields

Field	Type	Required	Description
`name`	string	Yes	Human-readable name
`enabled`	boolean	No	Whether the automation fires automatically. Defaults to `true`
`triggerType`	string	Yes	`schedule`, `event`, `webhook`, or `manual`
`cronExpression`	string	If schedule	Cron expression (5-field format)
`timezone`	string	If schedule	IANA timezone name (e.g., `America/Denver`)
`eventType`	string	If event	Platform event type string (e.g., `alert.created`)
`actions`	array	Yes	Ordered list of action objects
`onFailure`	string	No	`stop`, `continue`, or `notify`. Defaults to `stop`
`sortOrder`	integer	No	Ordering when multiple automations share a feature link

Viewing policy-managed automations

Automations created through Configuration Policies appear in GET /automations alongside legacy standalone automations. Policy-managed automations include a configPolicyId field in the response. Their runs include both configPolicyId and configItemName; the automationId field is null for policy-managed runs.

Trigger Configuration

Schedule

Runs on a recurring schedule using a standard 5-field cron expression. The timezone is required and must be a valid IANA timezone name (e.g., America/Denver, Europe/London, UTC).

{
  "triggerType": "schedule",
  "cronExpression": "0 2 * * 0",
  "timezone": "America/Denver"
}

The example above runs every Sunday at 2:00 AM Mountain Time. Cron fields are: minute, hour, day-of-month, month, day-of-week.

Event

Fires when a matching platform event is emitted. The eventType field is case-sensitive.

{
  "triggerType": "event",
  "eventType": "alert.triggered"
}

Common event types:

Event type	Fires when
`alert.triggered`	A new alert is triggered
`alert.resolved`	An alert is resolved
`device.offline`	A device stops sending heartbeats
`device.enrolled`	A new device completes enrollment
`patch.failed`	A patch deployment fails on a device

Webhook

Exposes a unique HTTP endpoint that external systems can POST to. See Inbound Webhooks for the integration flow.

{
  "triggerType": "webhook"
}

The webhook endpoint uses the automation’s ID:

POST /automations/webhooks/:automationId

Manual

No additional configuration required. The automation only runs when explicitly triggered via POST /automations/:id/trigger.

{
  "triggerType": "manual"
}

Manual automations are useful for runbooks, one-off remediation scripts, or any workflow where human confirmation is required before execution.

Action Configuration

Actions run in the order they are defined. Each action has a type and type-specific fields.

run_script

Executes a script from the Breeze script library on each target device.

{
  "type": "run_script",
  "scriptId": "uuid",
  "parameters": { "param1": "value" },
  "runAs": "system"
}

Field	Required	Description
`scriptId`	Yes	UUID of the script in the library
`parameters`	No	Key-value pairs passed to the script at runtime
`runAs`	No	Execution context: `system`, `user`, or `elevated`. Defaults to `system`

send_notification

Sends a message to a configured notification channel. The channel must be configured in Settings → Notifications.

{
  "type": "send_notification",
  "notificationChannelId": "uuid",
  "title": "Automation fired",
  "message": "Device triggered the automation",
  "severity": "high"
}

Field	Required	Description
`notificationChannelId`	Yes	UUID of the target notification channel
`title`	Yes	Notification title or subject
`message`	Yes	Notification body text
`severity`	No	Severity hint: `low`, `medium`, `high`, or `critical`

create_alert

Creates a Breeze alert record directly from the automation, without requiring a monitoring rule to fire first.

{
  "type": "create_alert",
  "alertSeverity": "critical",
  "alertTitle": "Disk space critical",
  "alertMessage": "Device has less than 5GB free"
}

Field	Required	Description
`alertSeverity`	Yes	Alert severity: `info`, `low`, `medium`, `high`, or `critical`
`alertTitle`	Yes	Alert title displayed in the Alerts view
`alertMessage`	Yes	Detailed message body for the alert

execute_command

Runs a raw shell command on each target device.

{
  "type": "execute_command",
  "command": "systemctl restart nginx",
  "shell": "bash"
}

Field	Required	Description
`command`	Yes	The shell command to execute
`shell`	No	Shell to use: `bash`, `powershell`, or `cmd`. Defaults based on device OS

Viewing Runs via API

Run history is also available through the API for integrations and reporting. Runs are returned newest-first.

List all runs for an automation:

GET /automations/:id/runs?status=&page=&limit=

Get full detail for a single run:

GET /automations/runs/:runId

Run fields

Field	Description
`status`	`running`, `success`, `failed`, or `partial`
`triggeredBy`	How the run was triggered: `schedule`, `event`, `webhook`, or `manual`
`devicesTargeted`	Total number of devices the run was dispatched to
`devicesSucceeded`	Number of devices where all actions completed successfully
`devicesFailed`	Number of devices where at least one action failed
`startedAt`	ISO 8601 timestamp when the run began
`completedAt`	ISO 8601 timestamp when the run finished, or `null` if still running

Run logs

Each run includes a logs array. Logs are returned as formatted strings in the format [level] message (e.g., "[info] Command dispatched to device"). The structured fields (action type, device ID, command ID, etc.) are stored internally but are serialized to this plain-text format in API responses.

Triggering Manually

Any enabled automation can be triggered immediately regardless of its configured trigger type:

POST /automations/:id/trigger

The endpoint returns the runId immediately; the run itself is asynchronous. Poll GET /automations/runs/:runId to check status.

The automation must be enabled. Triggering a disabled automation returns 400 Bad Request.

Inbound Webhooks

Automations with a webhook trigger expose a unique HTTP endpoint that external systems — ticketing platforms, monitoring tools, CI/CD pipelines — can POST to.

Endpoint:

POST /automations/webhooks/:automationId

Request body: Any valid JSON. The body is passed to the automation as event context.

If the automation has a secret configured, pass it as the x-automation-secret header (also accepted: x-webhook-secret header, or ?secret= query parameter):

curl -X POST https://your-breeze-host/automations/webhooks/:id \
  -H "Content-Type: application/json" \
  -H "x-automation-secret: your-secret-here" \
  -d '{"any":"payload"}'

The secret is compared directly — there is no HMAC computation required. If the secret is missing or does not match, the request is rejected with 401 Unauthorized and no run is created.

API Reference

Active endpoints

Method	Path	Description
GET	`/automations`	List automations (`?enabled=true/false&orgId=`)
GET	`/automations/:id`	Get automation with recent runs and statistics
GET	`/automations/:id/runs`	List runs (`?status=&page=&limit=`)
GET	`/automations/runs/:runId`	Get run detail with logs
POST	`/automations/:id/trigger`	Manually trigger a run
POST	`/automations/:id/run`	Alias for trigger
POST	`/automations/webhooks/:id`	(Public) Inbound webhook trigger

Configuration Policy endpoints

Automation configurations are managed through Configuration Policies:

Method	Path	Description
POST	`/configuration-policies/:id/features`	Add automation feature (`featureType: "automation"`)
PATCH	`/configuration-policies/:id/features/:linkId`	Update automation settings
DELETE	`/configuration-policies/:id/features/:linkId`	Remove automation feature

Legacy endpoints (backwards compatibility)

These routes remain active for existing integrations but are deprecated. New integrations should use Configuration Policies.

Method	Path	Description
POST	`/automations`	Create standalone automation
PUT	`/automations/:id`	Replace automation (full update)
PATCH	`/automations/:id`	Partial update
DELETE	`/automations/:id`	Delete automation

Troubleshooting

Schedule not firing. Verify the cron expression is valid and the timezone is a recognized IANA timezone name. Confirm the automation is enabled — disabled automations do not fire on schedule. Use POST /automations/:id/trigger to confirm the actions work correctly independently of the schedule mechanism.

Event automation not firing. The eventType field is case-sensitive — alert.triggered and Alert.Triggered are different values. Confirm the automation is enabled and that its policy assignment covers the device generating the event. Use POST /automations/:id/trigger to verify the action configuration is valid separately from the event matching.

Webhook not received. Verify the URL is /automations/webhooks/:id where :id is the automation’s UUID. If a secret is configured, ensure it is passed as the x-automation-secret header with the exact value.

Run status is partial. Retrieve the full run detail via GET /automations/runs/:runId and examine the logs array for entries with level: "error". If onFailure was continue or notify, later actions may have still executed on devices that had earlier failures — review logs per actionIndex separately.

Script action failing. The script referenced by scriptId must exist in the library and be accessible to the automation’s organization. Target devices must be online when the run executes — offline devices produce a failure entry in the run logs.