# Agent Incident Postmortem — [INCIDENT-ID]

> Template v1.0 · [Agent Failure Attribution](README.md) · CC BY 4.0
> Rule of the house: the postmortem is finished when exactly **one layer owns the failure** and one structural change makes recurrence impossible. "The AI broke" is not an acceptable final state.

| | |
|---|---|
| **Incident ID** | |
| **Date / time detected** | |
| **Severity** | SEV-1 / SEV-2 / SEV-3 |
| **Agent estate(s) affected** | |
| **Author** | |
| **Status** | draft / reviewed / closed |

## 1. What happened

*Two or three sentences, observable symptoms only — what a user or operator actually saw. No attribution yet.*

## 2. Impact

*Decisions made on bad output, actions executed that shouldn't have been, work lost, dollars, users, downstream systems. Quantify where possible.*

## 3. Timeline

| Time | Event |
|---|---|
| | first bad action / output |
| | detected (how? human, monitor, evaluator?) |
| | mitigated |
| | resolved |

## 4. Symptom classification

Pick the closest match from each row (they answer different questions):

- **Dictionary symptom** (which of the ten failures did it *look like*): `bad tool data / bad world data / bad reasoning / bad evaluation / bad scoring / bad governance / bad continuity / bad grounding / bad or missing registry / bad or unbounded execution`
- **MAST mode** (if multi-agent, optional): `FM-x.y — name`
- **AgentRx category** (optional): `name`

## 5. The attribution walk

Ask **in order**. The first "yes" that survives scrutiny is your primary owner — keep walking only to log secondaries.

| # | Question | Layer if yes | Answer / evidence |
|---|---|---|---|
| 1 | Did an action execute that policy should have denied — or did a deny fire that nobody can explain? | **AGS** | |
| 2 | Was the decision made on an expired, mis-tagged, or un-provenance'd external signal? | **ESF** | |
| 3 | Was the tool call malformed, the tool data wrong/stale, or the tool surface itself the problem (wrong tool, no tool, ambiguous output contract)? | **PDS** | |
| 4 | Did the answer contradict canonical definitions, or did the agent see data its user is not entitled to see? | **GDS** | |
| 5 | Was the agent/tool/model involved unregistered, unknown, or reconciled nowhere? | **ARS** | |
| 6 | Did planning, inter-agent coordination, or evaluation fail — plan unsupported by signals, contract violated, checker rubber-stamped it? | **ACS** | |
| 7 | Did state that should have survived a session/context boundary fail to survive — or did a false "done" persist? | **DCS** | |
| 8 | Did the runtime misbehave — runaway loop, unattributed execution, an agent outliving its bounds? | **SRS** | |
| 9 | Was a score wrong, unexplained, or delivered without confidence bands or method? | **CRI** | |

**Primary owner:** `___`
**Secondary (remediation-sharing) layers:** `___`
**Owning spec + principle(s):** *e.g., DCS principles #2, #7 — link the spec section.*

## 6. Root cause

*Why did the owning layer fail? Was the layer absent (never built), present-but-bypassed, or present-but-misconfigured? Those are three different remediations and three different budgets.*

- [ ] Layer absent — this failure surface had no owner until today
- [ ] Layer bypassed — the control existed and something routed around it
- [ ] Layer misconfigured — the control fired wrong (bad policy, bad threshold, bad schema)

## 7. SLA impact

*Which target from the owning spec's SLA table was violated, and by how much? If the estate doesn't track that SLA yet, say so — that's a finding.*

| SLA (from the owning spec) | Target | Actual during incident |
|---|---|---|
| | | |

## 8. Remediation

- **Immediate (stop the bleeding):**
- **Structural (make it impossible):** *which spec principle gets implemented/fixed, by whom, by when. A remediation that is a prompt tweak is a symptom patch — say so explicitly if that's all that shipped.*

## 9. Prevention test

*State the concrete check that now fails loudly if this exact failure recurs — a policy rule, a schema gate, a ledger verification, a freshness alarm. If you cannot name the check, section 8 isn't done.*

## 10. Attribution ledger entry

*One line for the quarterly rollup:*

`[date] · [incident-id] · [primary layer] · [absent/bypassed/misconfigured] · [SEV] · [one-line description]`

> Quarterly, count the ledger by layer. The layer with the most entries is your estate's real architectural gap — implement that spec next.
