Skip to content
Free first run · no signup

Incident Post-Mortem — by an AI council

Run a blameless post-mortem that finds the real systemic cause. Four rival AIs debate it and hand back: A blameless post-mortem with root causes and concrete preventions.

Your team is ready
🛰️Reliability Engineer🔄Systems Thinker🏛️Software Architect🪦Pre-Mortem Analyst🔬Data Skeptic👥People Lead
Free first run · no signup, no card · verdict in about 2 minutes
What you get back

A blameless post-mortem with root causes and concrete preventions.

Signed off by an independent Final QA audit — with a “verify before you rely on this” list, never a black box.

Why this team

Post-mortems fail in two directions: they find a scapegoat, or they produce a wall of action items nobody does. The Reliability Engineer reconstructs the timeline as systems saw it, the Systems Thinker pushes past the trigger to the conditions that made the trigger matter, and the Pre-Mortem Analyst asks which near-misses foreshadowed this. The Data Skeptic separates real prevention from theatre, the Software Architect owns the blast-radius question, and the People Lead keeps it blameless — because the moment blame enters, information stops.

Each seat runs on a different frontier model — GPT, Claude, Gemini, Grok — so it’s a genuine cross-model review, not one AI in costumes. How a run works →

What the debate sounds like

An illustrative excerpt — A payments service was down for three hours after a routine database migration locked a critical table during peak traffic; the engineer who ran it had followed the documented runbook.

🛰️
The Reliability Engineer

Timeline first, blame never: the migration ran at 14:00 — peak traffic — because the runbook does not specify a window. Lock contention cascaded in four minutes, but the page fired at 14:22, which means eighteen minutes of the outage were a detection gap, not a migration problem. Two separate findings already, and neither is a person.

🔄
The Systems Thinker

The five-whys bottoms out in an incentive, as usual: migrations are the only change class that skips staging because the staging database is a fraction of production size, so lock behaviour is invisible before production. The runbook is a symptom. The system made this failure eventual — this engineer merely collected it.

🔬
The Data Skeptic

On the proposed fixes: “add a migration checklist item” is theatre — the runbook was followed perfectly, so more runbook changes nothing. Production-scale lock testing on a database clone and an automatic migration window guard are mechanical preventions; those two would each have stopped this outage. Fund the mechanical ones, skip the ceremonial ones.

Questions

What should I paste in — how detailed must the timeline be?

What happened in order with rough timestamps, the user impact, how it was detected and resolved, and your current theory of the cause. Gaps are fine and are themselves findings — “we don’t know when it started” is a monitoring gap the synthesis will flag with the rest.

How does this stay blameless when someone clearly made a mistake?

The method assumes a competent person acting reasonably inside the system as it exists — then asks what about the system made the mistake possible, invisible or damaging. In the example above, the engineer followed the runbook exactly; the findings are all structural. That reframe is the entire value of the format.

We already do post-mortems — why put one through a council?

Internal post-mortems inherit internal politics: the infrastructure team writes infrastructure findings, and the first plausible root cause ends the digging. Independent personas have no turf, so the five-whys goes past the comfortable stopping point — and the Data Skeptic culls the action items that exist to look thorough rather than to prevent recurrence.

Your material is used only to run your review — never to train public models. Encrypted in transit and at rest. Security & privacy →