The Agentic Bank

Incident Response Agent

⬡ Firewatch Detects, diagnoses and auto-remediates production incidents end to end.
◆ Autonomous Orchestrator

Sits on the telemetry firehose, correlates a spike to a probable cause, and runs the runbook (restart, scale out, roll back, fail over). It writes the timeline as it goes and emits the post-mortem on incident close. On a Sev-1 it convenes the owning service agents and drives the command bridge with a live situation report.

Memory

Working The live incident: alerts firing, hypotheses, actions taken, timeline.
Episodic Past incidents with the same signature and what actually fixed them.
Semantic Service topology, dependency graph, SLOs and the runbook library.
Procedural Remediation playbooks refined from what worked in prior incidents.
Store Vector + service knowledge-graph hybrid + time-series store

Orchestration

orchestrator-worker MCPA2A

Harness · Managed Agents: always-on session over the alert stream; sandboxed code-exec for diagnostics; compaction keeps long incident timelines in scope.

Tools

{ } Observability stack (metrics/logs/traces) API { } Kubernetes control plane API ›_ Diagnostic sandbox Code exec Runbook + post-mortem store Retrieval Sev-1 command bridge (service-owner agents) A2A

Evals & guardrails

  • Hard guardrail: blast-radius cap, cannot restart/roll back beyond N services without an oversight-agent gate.
  • Data-loss-risk actions require a second responder agent to re-derive and approve before commit.
  • Game-day red-teaming: scripted chaos injections it must triage correctly.
  • Every action traced via OpenTelemetry; immutable incident audit log.

Offline reflection

Offline replay of resolved incidents (Reflexion-style) consolidates one-off fixes into reusable runbooks. Strictly an offline memory-consolidation job, not a live-acting process.

Frontier edge

  • World-model simulation: dry-runs a remediation (roll back vs. fail over) against a live service-dependency model to predict blast radius before touching prod.
  • Causal root-cause reasoning: counterfactual 'would the spike have happened without this deploy' instead of correlating symptoms.
  • Self-improving fleet: a confirmed novel fix is consolidated offline and shared as a runbook across every region's responder between runs.

A sample run

Trigger p99 latency on the payments API triples; error rate climbing.
  1. 1Correlate the spike to a deploy 4 minutes prior and a connection-pool exhaustion log pattern.
  2. 2Match the signature to two prior incidents; both fixed by rolling back.
  3. 3Roll back the canary, confirm latency recovers, hold the full fleet.
  4. 4Write the incident timeline and draft the post-mortem.
Output Latency restored via rollback; a completed post-mortem and a flagged regression handed to the owning service agent. No pager fired.

In numbers

90s
Median MTTR
78%
Incidents auto-resolved
0
Pages fired

Handoffs

Fed by ← Fleet Observability Agent
Hands to → Capacity & Cost Agent→ Code Review Agent
Across ⇢ Operations → service-owner agents for the Sev-1 command bridge

More on the Platform & Site Reliability (SRE) desk

Capacity & Cost Agent
Right-sizes infrastructure for performance and spend, continuously.
← Back to Technology, Data & AI Platform