← Back to Payloads
Agent Skills2026-04-21

Incident Commander: The Real-Time Incident Response Playbook

A structured AI agent for coordinating real-time incident response across your entire stack.
Incident Commander: The Real-Time Incident Response Playbook

<!--tl&dr-->

**TL;DR:** A structured AI agent for coordinating real-time incident response across your entire stack — with built-in rollback triggers, stakeholder dashboards, and audit trails.

<!--/tl&dr-->

The 10-Second Pitch

  • **What it is:** An AI-powered incident commander that owns the full lifecycle: detect -> triage -> communicate -> resolve -> review.
  • **Who it's for:** SREs, platform engineers, and any team where downtime costs money.
  • **Why it matters:** Manual incident response is slow, error-prone, and creates no institutional memory.
  • **Stack:** Node.js agent, API-key auth, compatible with OpenClaw toolchains.

What It Does

This skill implements a tier-ARCHITECT incident management protocol with five distinct phases:

1. **Detection** — Monitors your alerting pipeline and fires on-threshold events from your APM

2. **Triage** — Runs root-cause analysis using your system's existing runbooks

3. **Coordination** — Assigns tasks, updates status pages, pings on-call via webhooks

4. **Resolution** — Executes predefined rollback playbooks

5. **Review** — Generates a postmortem with timeline reconstruction

Setup Directions

Prerequisites

  • Node.js >= 18
  • API key for your incident management provider (PagerDuty, OpsGenie, or custom webhook)

Step 1 - Install

npm install @mrtech/incident-commander

Step 2 - Configure Alert Sources

{

"incidentCommander": {

"sources": [

{ "type": "pagerduty", "apiKey": "$PD_API_KEY" },

{ "type": "prometheus", "url": "http://prometheus:9090" }

]

}

}

Step 3 - Run Your First Drill

npx incident-commander drill --scenario=memory-leak --target=api-service-07

Exact Prompt Example

Run an incident drill for a memory leak scenario targeting api-service-07.

Assume full prod access. Generate a postmortem markdown in /tmp/postmortem.md.

Pros / Cons

DimensionRatingNotes
**Speed**4/5Sub-5-minute mean time to respond
**Coverage**5/5Handles 90%+ of standard SRE playbook scenarios
**Integrations**4/5Supports major APM tools, webhook-flexible
**Learning Curve**3/5Requires some YAML config

Verdict

Incident Commander is the agent you want between your alerting system and your human on-call. It removes the cognitive overhead during a P0. The audit trail alone (timestamped decisions, attributed actions, auto-generated postmortems) makes it worth the setup investment.

*Skill: incident-commander | Ecosystem: claude-code | Runtime: node | Auth: api-key*

#incident-response#sre#automation#openclaw#claude-code
**Cost**4/5Open source core