Flows category icon
Agent QA & Security
Intermediate

Incident Response Runbook for Agent Mishaps

Prepare for the day your agent does damage: detection, containment, rollback, investigation, and prevention - written before you need it.

4 steps12 verify checks60-90 minutesWorks with: emergent · chatgpt · claude · cursor
Start Guided Walkthrough

The Route

0/4 verified

Context Pack

Paste this first. It briefs the AI on requirements, constraints, and the Definition of Done before your first build prompt.

Context Pack
PROJECT CONTEXT:
When my agent eventually does something harmful - deletes the wrong data, leaks something, runs a destructive command - I have no plan, and improvising during an incident is how small mishaps become disasters. Agent operations needs an incident runbook like any production system.

GOAL:
Write and drill an incident-response runbook for agent mishaps: detection, immediate containment (kill switch), rollback, investigation via audit/traces, and a prevention feedback loop.

REQUIREMENTS:
- Detection signals and reporting paths for agent mishaps
- A kill switch: stop the agent and revoke its authority immediately
- Containment and rollback procedures using checkpoints and audit trails
- An investigation procedure using traces, audit records, and session replay
- A blameless postmortem template feeding fixes back into the harness

CONSTRAINTS:
- Containment speed beats diagnosis - stop the bleeding first, investigate second
- Every incident must produce a concrete prevention (rule, gate, or limit), not just a writeup

DEFINITION OF DONE:
- The kill switch halts agent action and revokes tool authority in seconds
- Rollback restores pre-incident state using existing checkpoints
- An investigation reconstructs the incident from audit trail and traces
- A drill runs the full runbook end to end and produces a prevention item

COMMON FAILURES TO AVOID:
- No kill switch, so a misbehaving agent keeps acting while you scramble
- Improvised response that makes things worse (deleting evidence, partial rollback)
- Investigations that cannot reconstruct what happened for lack of records
- Postmortems that assign blame and change nothing structural

Paste this into your AI builder first. It teaches the AI what you want before you give it the build prompt.

Related routes

More Agent QA & Security flows that share ground with this one.

Flows category icon
Agent QA & Security

Audit Trails for Tool Calls

Record an immutable, queryable trail of every action your agent takes - who, what, when, why, and outcome - for security and accountability.

01Define the audit record and scope
02Write records reliably and scrubbed
03Make the trail tamper-evident

+1 more steps to Done

Best forbuilders who have shipped a basic app before

4 steps60-90 minutesIntermediate
Flows category icon
Agent QA & Security

Build a Command Security Pipeline for Your Agent

Replace scattered if-else safety checks with a layered validator pipeline: single-purpose checks, an allow/ask/deny/passthrough contract, and severity-aware ordering.

01Define the contract and pipeline skeleton
02Implement early validators and input hygiene
03Build the main validator chain and hard path constraints

+1 more steps to Done

Best forproduction-grade builds with strict verification

4 steps120-180 minutesAdvanced
Flows category icon
Agent QA & Security

Dependency and Supply-Chain Scanning for Agents

Guard against the dependencies your agent adds: vulnerability scanning, hallucinated-package detection, and gated installs.

01Intercept dependency additions
02Verify existence and reputation
03Scan for vulnerabilities

+1 more steps to Done

Best forbuilders who have shipped a basic app before

4 steps60-90 minutesIntermediate

Made with Emergent