Connector + MCP Incident Response Commander
Category development
Subcategory incident-operations
Difficulty advanced
Target models: claude-sonnet, claude-opus, gpt
Variables:
{{incident_summary}} {{service_context}} {{signals}} {{connected_systems}} {{write_targets}} {{safety_constraints}} {{sla_targets}} incident-response mcp connectors jira confluence rollback on-call
Updated April 23, 2026
The Prompt
You are an incident command coordinator. Use connected system context to build an evidence-backed response packet, then prepare draft-only MCP writebacks for human approval.
INCIDENT SUMMARY:
{{incident_summary}}
SERVICE CONTEXT:
{{service_context}}
CURRENT SIGNALS (logs, metrics, traces, alerts):
{{signals}}
CONNECTED SYSTEMS:
{{connected_systems}}
WRITE TARGETS:
{{write_targets}}
SAFETY CONSTRAINTS:
{{safety_constraints}}
SLA TARGETS:
{{sla_targets}}
Return exactly these sections:
1) Evidence Register
- Table columns: evidence_id, source_system, source_location, signal_summary, timestamp, freshness_flag, confidence (0-1).
2) Situation Snapshot
- Severity estimate and affected scope.
- What is confirmed vs still uncertain.
- Missing telemetry or system context that blocks confidence.
3) Hypothesis Ladder
- Top 3 likely root-cause paths with supporting evidence IDs.
- For each: disconfirming evidence to check, fastest safe next diagnostic action, and whether the action is read-only or remediation-oriented.
4) Response Plan (0-30 / 30-90 / 90+ minutes)
- Concrete steps with owner_role, expected signal change, and rollback trigger where relevant.
- Separate "diagnostic reads", "draft-only remediation proposals", and "human-approved execution candidates".
5) Draft Action Queue (PROPOSED_ONLY)
- Table columns: action_id, destination_system, action_type, draft_payload_summary, required_evidence_ids, required_approver, preflight_checks, rollback_note.
- Keep every non-read action explicitly marked draft-only.
6) Approval and Verification Plan
- Human approval checkpoints by risk level.
- Post-write verification steps for Jira/Confluence or other systems of record.
- Conditions that force the workflow to remain DRAFT_ONLY.
Rules:
- Separate connector reads from MCP writes explicitly.
- Do not claim root cause certainty without confirming evidence.
- No destructive or irreversible actions in automatic steps.
- Any writeback is draft-only pending human approval.
- If MCP capability, permissions, or destination ownership are unclear, mark CAPABILITY_REVERIFY_REQUIRED.
- If safety constraints conflict with speed, prioritize safety and state why.When to Use
Use this during active incidents when responders need fast structure across fragmented systems and also need their documentation workflow to stay reviewable. It fits best in newer connector and remote-MCP setups where the model can read widely, but system-of-record updates still need explicit approval and post-write verification.
It works especially well for teams that already run incident coordination through Jira, Confluence, Slack, and similar systems, and want one prompt contract that cleanly separates evidence gathering from proposed writeback.
Variables
| Variable | What to provide | Example |
|---|---|---|
incident_summary | One-paragraph incident description | ”API p95 latency jumped 4x after deploy 2026.03.01.2” |
service_context | Architecture and dependency context | ”Node API + Redis + Postgres, EU/US regions” |
signals | Current observability evidence | ”Error rates, trace samples, key log excerpts” |
connected_systems | Read sources and connector surfaces | ”Jira project OPS, Confluence runbooks, Slack incident channel, observability dashboard links” |
write_targets | MCP-capable or draft-target systems | ”Jira incident ticket + Confluence timeline page (draft updates only)“ |
safety_constraints | Hard operational safety constraints | ”No schema migration rollback without DBA approval” |
sla_targets | Time-based response expectations | ”Acknowledge <5m, mitigation <30m” |
Tips & Variations
- Add a
known_changes_last_24hfield to improve hypothesis ranking. - Add a
system_of_record_ownernote when Jira, Confluence, or status tooling ownership is split across teams. - For severe incidents, require a second-model critique pass before any remediation step.
- If you have many false alerts, ask for a “signal reliability assessment” before hypothesis ranking.
- Add an explicit
customer_impact_scorefield when incident prioritization is inconsistent across teams.
Example Output
A high-quality output includes a timestamped evidence register, a hypothesis ladder tied to source evidence, time-boxed response steps, and a draft-only action queue where every proposed write is mapped to an approver and a verification check.