Incident Commander: The Real-Time Incident Response Playbook
<!--tl&dr-->
TL;DR: A structured AI agent for coordinating real-time incident response across your entire stack — with built-in rollback triggers, stakeholder dashboards, and audit trails.
<!--/tl&dr-->
The 10-Second Pitch
- What it is: An AI-powered incident commander that owns the full lifecycle: detect -> triage -> communicate -> resolve -> review.
- Who it's for: SREs, platform engineers, and any team where downtime costs money.
- Why it matters: Manual incident response is slow, error-prone, and creates no institutional memory.
- Stack: Node.js agent, API-key auth, compatible with OpenClaw toolchains.
What It Does
This skill implements a tier-ARCHITECT incident management protocol with five distinct phases:
1. Detection — Monitors your alerting pipeline and fires on-threshold events from your APM 2. Triage — Runs root-cause analysis using your system's existing runbooks 3. Coordination — Assigns tasks, updates status pages, pings on-call via webhooks 4. Resolution — Executes predefined rollback playbooks 5. Review — Generates a postmortem with timeline reconstruction
Setup Directions
Prerequisites
- Node.js >= 18
- API key for your incident management provider (PagerDuty, OpsGenie, or custom webhook)
Step 1 - Install
bash npm install @mrtech/incident-commander
Step 2 - Configure Alert Sources
json { "incidentCommander": { "sources": [ { "type": "pagerduty", "apiKey": "$PD_API_KEY" }, { "type": "prometheus", "url": "http://prometheus:9090" } ] } }
Step 3 - Run Your First Drill
bash npx incident-commander drill --scenario=memory-leak --target=api-service-07
Exact Prompt Example
Run an incident drill for a memory leak scenario targeting api-service-07. Assume full prod access. Generate a postmortem markdown in /tmp/postmortem.md.
Pros / Cons
| Dimension | Rating | Notes |
|---|---|---|
| Speed | 4/5 | Sub-5-minute mean time to respond |
| Coverage | 5/5 | Handles 90%+ of standard SRE playbook scenarios |
| Integrations | 4/5 | Supports major APM tools, webhook-flexible |
| Learning Curve | 3/5 | Requires some YAML config |
| Cost | 4/5 | Open source core |
Verdict
Incident Commander is the agent you want between your alerting system and your human on-call. It removes the cognitive overhead during a P0. The audit trail alone (timestamped decisions, attributed actions, auto-generated postmortems) makes it worth the setup investment.
Skill: incident-commander | Ecosystem: claude-code | Runtime: node | Auth: api-key