Operations
Incident Timeline Reconstruction
Turn incident noise into a usable timeline before the story hardens into folklore.
Use when
An outage, degraded workflow, or operational scare has evidence scattered across alerts, logs, chats, dashboards, and human memory.
Intermediatedifficulty
Operationscategory
Mia daily expansionsource
Cadence
During incidents, after outages, or before writing a postmortem
Verification
A timestamped timeline separates facts from guesses, names owners for open questions, and gates any customer-facing update for approval.
Structured loop spec
| Field | Value |
|---|---|
| Name | Incident Timeline Reconstruction |
| Category | Operations |
| Trigger | During incidents, after outages, or before writing a postmortem |
| Objective | Turn incident noise into a usable timeline before the story hardens into folklore. |
| Allowed inputs | Relevant files, source notes, logs, tests, screenshots, metrics, or task state for this loop |
| Allowed actions | Collect alerts, deploys, logs, dashboards, support reports, chat messages, and human observations for the agreed time window.; Build a timestamped sequence that labels each item as observed fact, likely inference, decision, mitigation, or open question.; Identify the first bad signal, customer impact window, attempted fixes, current status, and owners for unresolved evidence gaps.; Draft internal status, postmortem notes, or customer-update candidates with confidence levels and source links.; Do not publish customer-facing statements, assign blame, disclose sensitive infrastructure details, or claim root cause until approved and evidenced. |
| Verification | A timestamped timeline separates facts from guesses, names owners for open questions, and gates any customer-facing update for approval. |
| Stop condition | Stop when the verifier passes, the budget is exhausted, no progress is made, a blocker appears, or approval is required. |
| Budget | Set a time, turn, token, retry, file, or dollar cap before running the loop. |
| Approval boundary | Human approval required before publishing, sending, deleting, spending, changing accounts, touching production, or making reputational/legal/financial commitments. |
| Safe output | Draft, report, checklist, table, or approval-gated recommendation |
| Works with | Claude, ChatGPT, Gemini, any tool-using AI assistant |
Steps
- Collect alerts, deploys, logs, dashboards, support reports, chat messages, and human observations for the agreed time window.
- Build a timestamped sequence that labels each item as observed fact, likely inference, decision, mitigation, or open question.
- Identify the first bad signal, customer impact window, attempted fixes, current status, and owners for unresolved evidence gaps.
- Draft internal status, postmortem notes, or customer-update candidates with confidence levels and source links.
- Do not publish customer-facing statements, assign blame, disclose sensitive infrastructure details, or claim root cause until approved and evidenced.
Prompt
Run the Incident Timeline Reconstruction loop. Given an incident window, collect alerts, deploys, logs, dashboards, support reports, chat messages, and observations. Create a timestamped timeline that separates facts from inferences, decisions, mitigations, and open questions. Identify impact window, current status, evidence gaps, and owners. Draft internal notes or customer-update candidates, but do not publish external statements, disclose sensitive infrastructure, assign blame, or claim root cause without approval and evidence.Run in Claude Code
Paste this into Claude Code (or any tool-using agent) to run the loop bounded: one change per round, the same verification every round, durable state files, and explicit stop conditions.
Run the "Incident Timeline Reconstruction" loop from AI Loop Library (https://ailooplibrary.com/loops/incident-timeline-reconstruction/) as a bounded loop.
Goal: Turn incident noise into a usable timeline before the story hardens into folklore.
Rules: one change per round; run the same verification every round (A timestamped timeline separates facts from guesses, names owners for open questions, and gates any customer-facing update for approval.); append each round to docs/loops/incident-timeline-reconstruction/progress.md and update docs/loops/incident-timeline-reconstruction/state.json; stop on verifier pass, 8 rounds, 3 consecutive failed verifications, no progress, a blocker, or anything needing human approval (money, production, outbound, deletion). Finish with a proof report: rounds used, changes made, verification output, remaining risk, and the next human decision.