Incident Response,
Architected for Scale.
A mission-critical playground that accelerates Sev1 resolution through automated RCA generation, robust tool execution, and deterministic LLM orchestration.
Core Infrastructure
SYS_CAPABILITIES_03
LangChain Orchestration
Dynamic prompt assembly and tool-calling loops engineered for reliability. Eliminates fragile static prompts.
Vercel AI Gateway
Unified model proxying. Zero-downtime failover, precise cost tracking, and enterprise-grade OIDC authentication.
Hardened MCP Layer
Atomic persistence and strict schema validation. Tool execution bounded by rigid timeout constraints.
Deployment topology
How the browser, Vercel-hosted Next.js, Supabase, AI Gateway, Turnstile, and the MCP runtime connect. Arrows follow the main request paths; dashed lines are auxiliary verification or widget traffic.
DEPLOY_MAP_01
Site deployment map
Runtime layout: edge middleware and route handlers on Vercel, auth and durable state in Supabase, models through Vercel AI Gateway, tools through your MCP server, and login CAPTCHA via Cloudflare.
Note: MCP is typically stdio to a local Node process in development; serverless production often needs a remote MCP transport or a long-lived backend—see /architecture for the full pipeline.
Incident context retention
Long Sev threads can exceed what we send to the model in one shot. The playground keeps a compact, structured memory (summary and key facts) in your Supabase session row, merges it on every request, and validates CAN-style outputs before calling the model when facts are incomplete. That is intentional product behavior—not generic chat memory.
CTX_RETAIN_02
How we keep your incident grounded
- Durable session envelope in Postgres: messages plus a small memory object updated from each user message, reinjected into the system prompt so early details survive token trimming.
- No duplicate last turn when the client already appended the current message to history—reduces noise and token waste.
- CAN grounding asks for missing structured fields instead of fabricating a report after context is dropped from the raw transcript.
Read the full architecture and diagrams or follow the narrative on Chat flow.
Abuse protection
The playground is designed so bots and casual abuse cannot silently burn LLM inference or MCP capacity. Controls are enforced on the server and in the database—marketing copy here reflects what the app actually does today, not a future roadmap.
TRUST_BOUNDARY_04
CAPTCHA-backed login
Cloudflare Turnstile verifies humans before password sign-in. After a successful check, the server issues a short-lived, signed httpOnly cookie so legitimate users can retry credentials without solving the widget again—nothing critical is stored in readable client storage.
Authenticated playground only
The chat playground is behind Supabase Auth. Sessions are refreshed in middleware; unauthenticated visits are redirected to sign-in. Chat history lives in Postgres under row-level security so each account only sees its own data.
Server-side chat quotas
Every user message that hits model orchestration counts against a rolling per-user limit enforced in the API route and database—not in the browser. Automated scripts cannot reset limits by clearing local state; compromised accounts still burn down a bounded budget.
Device correlation (audit)
A first-party httpOnly device cookie is set for troubleshooting and audit trails. Usage limits remain tied to the signed-in user; the device id helps correlate traffic without replacing account-level enforcement.
Quotas and exact limits are configurable per deployment; sign-up policy (for example disabling open registration) further reduces automated account farms.