sandbox · example data only · not your workspace

Incident Response Demo

Alert → incident → timeline → root cause → postmortem.

Full incident lifecycle with AI-assisted root cause and postmortem generation.

Steps

Est. time

~8 min

Audience

client

Reviewed

2026-05-23

engineer · Incident Engineer

read first

Approval Workflow— Two-person quorum, snapshots, decision audit.

data flow

scenario architecture


   alert ──promote──▶ incident
              │
          timeline (deploys + configs + logs joined on correlationId)
              │
          root-cause hypothesis (Incident Engineer)
              │
              ▼
       two-person approval ──tip──▶ mitigation
              │
          postmortem auto-drafted

step 1/5·No approval needed

Alert becomes incident

Auto-promotion when severity + duration thresholds cross.

visionxixlabs.com/dashboard/incidents

AAxiom· ws_acme_prod

alice@acme.comSign out

incident timeline · corr_ck98zxa9

Severity

high

Duration

2m 14s

Hypothesis

83% conf

T-0Alert fired · cpu_p95 > 92% for 5mcloudwatch
T+12sPromoted to incident · severity=highplatform
T+22sRecent deploys queried · 3 in last 30mgithub
T+34sDeploy correlation hit · sha 4a2b8c (12m ago)incident eng
T+58sTrace surge identified · /orders @ 4.1s p95incident eng
T+1mRoot-cause hypothesis · missing index on user_idincident eng
T+2mMitigation proposed · awaiting approvalplatform

stitchedTimelines are built from real platform rows — alert ingestion, deploys, configs, traces — joined on correlationId. The hypothesis cites the specific rows it's built from, not a hand-wavy summary.

Timelines are stitched, not narrated

The incident timeline is built from real platform events — deploys, audit rows, config changes, alert ingestions — joined on correlationId. The AI proposes a root cause hypothesis with citations to the underlying rows.

safety invariants in play

✓Blast radius capped — Each change is risk-tiered against the number of resources it touches; high tiers force extra approvers.

expected result

Incident page opens with metadata.

platform route

/dashboard/incidents →

use ← / → to navigate

engineering principle

Incidents persist their timeline + their root-cause hypothesis as Prisma rows, not in-memory state. A process restart never loses a postmortem in flight. Approval-gated mitigations show up in the same approvals queue as everything else.

Platform reference →Architecture overview →← Back to all scenarios Set up your real workspace →