Incident Workspace

Incident response, context, and saved runs in one place.

OnCallAI turns an incoming alert into a clear incident record with likely issue, escalation context, and recent incident history.

Workspace Summary
  1. Incoming alerts are normalized into incidents.
  2. Each incident produces a response and escalation path.
  3. Saved runs remain visible for follow-up and review.

Incident Input

Create incident

Alert source, urgency, and repeat volume for the incident record.

Alert intake
Alert integrations Normalize multiple signal sources into one incident schema.
Ingestion CloudWatch alarm intake

AWS CloudWatch alarms are normalized directly into the hosted incident workflow.

Storage Checking backend status...

Waiting for API health check.

Agent graph Checking analysis mode...

Waiting for API health check.

Latest incident Not created yet

Run a scenario to create an incident record.

Owner Not assigned yet

Escalation target will appear after analysis.

Response Summary

Incident response summary

Latest incident outcome and recommended response.

Awaiting input
Incident brief The latest incident response appears here after alert intake, analysis, and storage.
Alert signal The incoming alert signal will appear here.
Operational impact Expected customer or system impact will appear here.
Recommended next action A clear next action, supporting evidence, and escalation target.
CloudWatch alarm The originating alarm name will appear here.
Metric signal The triggering metric and threshold will appear here.
Log source The CloudWatch log group and stream prefix will appear here.
Awaiting incident activity...

Incident History

Stored incidents

Recent incident records captured by the workspace.

Latest activity
No runs recorded yet.

Expected Incident View

Payment-service latency alert

This is how an alert is expected to appear once an incident is created and enriched with response details.

Critical
Source CloudWatch
Repeat alerts 4x
Escalation Immediate
Alarm payment-service-critical-latency
Region us-east-1
Log group /aws/ecs/payment-service

Latency alarms are firing repeatedly for a tier-1 payment dependency during checkout traffic spikes.

Operator output

Page payments-oncall and validate database readiness.

Confidence 0.86
Likely issue Database connection errors
Root cause hint DB pod not ready or crashed after elevated load.
Recommended action Page payments-oncall and validate DB readiness before rollback.

Why the system thinks this

    What the operator can do next

      Evidence & Reasoning

      Inspect the incident inputs behind the response

      Review the raw alert payload, collected logs, retrieved context, and the agent trace used to build the operator handoff.

      Explainability
      Alert payload CloudWatch Alarm State Change 
      Alert payload will appear here after an incident run.
      Collected logs No log snippets loaded yet
      Run or open an incident to inspect the collected log snippets.
      Retrieved context No grounding documents loaded yet
      Retrieved matches will appear here once the retrieval agent runs.
      Agent trace No graph trace available yet
      The hosted graph trace will appear here after an incident run.