Problem
Incident response is slow and hard to audit. A single LLM in the loop is opaque and risky to let act on production.
Solution
Five specialized agents each own one step of the incident, from triage to a human-readable evidence dossier. Structured SQL memory replaces vector embeddings so retrieval is explainable, and human approval is enforced at the data-model level so no backend path executes without a prior approval record.
What I Built
Each incident moves through five specialized agents, one per step. A triage agent classifies severity, assigns a causal signature, and extracts the affected service. A root cause agent correlates the errors with recent deploys and config diffs. A remediation agent queries the SQL memory for past incidents and proposes a fix, which a verification agent then runs in a mocked sandbox to assess side effects before anything touches production. A reviewer agent assembles the whole trail into a human-readable evidence dossier. Alongside them, QueenBee offers on-demand chat with the full incident context already loaded.
Technical Details
- React, TypeScript, Vite, Tailwind, Framer Motion
- FastAPI async Python
- Structured SQL memory via the Hex API instead of vector embeddings
- Confidence-based escalation, Claude Haiku to Sonnet below 0.70
- Supabase Postgres with Realtime, WebSockets and SSE
- Deployed on Vercel and Render
What I Learned
- Structured SQL memory buys explainability that vector search cannot.
- Enforcing human approval at the data model, not the UI, closes the unsafe-action gap.
- Splitting an incident across specialized agents makes each step auditable.
