一键在 Manus 中运行任何 Skill

incident-response

星标0

分支0

更新时间2026年3月28日 22:12

Incident investigation protocol — structured debugging with 5-why analysis, evidence gathering, and post-mortem documentation.

安装

用 Codex 或 Claude 帮你安装复制这段 Prompt，粘贴到 Codex、Claude 或其他助手里，让它检查 Skill 页面并帮你完成安装。

在 Manus 中运行

来源

kennedym-ds

kennedym-ds/claudecode-orchestrator

打开 GitHub 仓库查看创作者相关仓库

下载

在 Manus 中运行

Incident Response

Severity Classification

Level	Impact	Response Time	Escalation
SEV1	Service down, data loss	Immediate	Architect + Security
SEV2	Major feature broken	< 1 hour	Lead + Reviewer
SEV3	Minor feature degraded	< 4 hours	Implementer
SEV4	Cosmetic, non-blocking	Next sprint	Doc in backlog

Investigation Protocol

1. Triage (5 minutes)

What is the symptom?
What is the impact radius?
When did it start?
Is it ongoing or resolved?

2. Evidence Gathering

Error logs and stack traces
Recent deployments or changes (git log)
System metrics (CPU, memory, latency)
User reports or reproduction steps

3. Root Cause Analysis (5 Whys)

Why did the service fail? → {direct cause}
  Why did that happen? → {contributing factor}
    Why wasn't it caught? → {detection gap}
      Why wasn't it prevented? → {process gap}
        What systemic change prevents this? → {root cause fix}

4. Fix Categorization

Hotfix: Minimal change to restore service (deploy immediately)
Proper fix: Correct solution with tests (deploy in next cycle)
Systemic fix: Process or architecture change (plan and schedule)

5. Post-Mortem Template

## Incident: {title}
**Date:** {date}
**Severity:** {level}
**Duration:** {start} → {end}
**Impact:** {who/what affected}

### Timeline
- {HH:MM} — {event}

### Root Cause
{5-why chain}

### Resolution
{what was done}

### Action Items
- [ ] {preventive action} — Owner: {name} — Due: {date}

Debugging Guardrail

If 3 fix attempts fail → stop and escalate to architecture review. Don't keep trying random fixes.

同仓库更多 Skills

同仓库

demo-flow

kennedym-ds/claudecode-orchestrator

Demo pipeline state machine — 7-phase autonomous sequence with delegation context templates, phase transition logic, BLOCKED recovery strategies, and demo-state.json schema. Used exclusively by demo-conductor.

2026-03-310

demo-narration

kennedym-ds/claudecode-orchestrator

Cinematic narration style guide for demo-conductor — ANSI-coloured banner formats, live pipeline scoreboard, audience-facing language, phase summaries, and error narration patterns. Keeps the demo presentation-quality throughout.

2026-03-310

completion-protocol

kennedym-ds/claudecode-orchestrator

Standardized completion and escalation protocol for subagent responses. Ensures the conductor can machine-parse every subagent return. Use when reporting completion status back to the orchestrator.

2026-03-300

learnings-mgmt

kennedym-ds/claudecode-orchestrator

Cross-session learnings lifecycle — schema, storage, retrieval, and pruning of lessons learned during orchestrator sessions. Use when managing learnings via the /learn command.

2026-03-300

team-routing

kennedym-ds/claudecode-orchestrator

Agent Teams assembly and task injection — selects appropriate team, validates prerequisites, estimates cost, injects tasks into the shared task list, and manages team lifecycle.

2026-03-300

budget-gatekeeper

kennedym-ds/claudecode-orchestrator

Token and cost tracking with model tier enforcement

2026-03-290

name	incident-response
description	Incident investigation protocol — structured debugging with 5-why analysis, evidence gathering, and post-mortem documentation.
user-invocable	false

Incident Response

Severity Classification

Level	Impact	Response Time	Escalation
SEV1	Service down, data loss	Immediate	Architect + Security
SEV2	Major feature broken	< 1 hour	Lead + Reviewer
SEV3	Minor feature degraded	< 4 hours	Implementer
SEV4	Cosmetic, non-blocking	Next sprint	Doc in backlog

Investigation Protocol

1. Triage (5 minutes)

What is the symptom?
What is the impact radius?
When did it start?
Is it ongoing or resolved?

2. Evidence Gathering

Error logs and stack traces
Recent deployments or changes (git log)
System metrics (CPU, memory, latency)
User reports or reproduction steps

3. Root Cause Analysis (5 Whys)

Why did the service fail? → {direct cause}
  Why did that happen? → {contributing factor}
    Why wasn't it caught? → {detection gap}
      Why wasn't it prevented? → {process gap}
        What systemic change prevents this? → {root cause fix}

4. Fix Categorization

Hotfix: Minimal change to restore service (deploy immediately)
Proper fix: Correct solution with tests (deploy in next cycle)
Systemic fix: Process or architecture change (plan and schedule)

5. Post-Mortem Template

## Incident: {title}
**Date:** {date}
**Severity:** {level}
**Duration:** {start} → {end}
**Impact:** {who/what affected}

### Timeline
- {HH:MM} — {event}

### Root Cause
{5-why chain}

### Resolution
{what was done}

### Action Items
- [ ] {preventive action} — Owner: {name} — Due: {date}

Debugging Guardrail

If 3 fix attempts fail → stop and escalate to architecture review. Don't keep trying random fixes.