How does IncidentScribe flag critical commands in a timeline?
Severity heuristics match destructive patterns in shell and SQL text — database drops, force pushes, recursive deletes, infrastructure teardown, and similar agent mistakes. Matched events appear as critical in the web viewer and in exported…
How does IncidentScribe flag critical commands in a timeline?
Answer
Severity heuristics match destructive patterns in shell and SQL text — database drops, force pushes, recursive deletes, infrastructure teardown, and similar agent mistakes. Matched events appear as critical in the web viewer and in exported Markdown, HTML, and JSON. Heuristics are conservative: they surface likely harm for human review, not automated verdicts. Unknown or benign commands still appear in order without highlighting.
Related workflows
Pair IncidentScribe timelines with DestructGuard audit logs and the agent safety checklist. Export JSONL from Cursor or Claude Code after an incident, then render a shareable timeline for stakeholders.
Next steps
Open the free timeline viewer to paste or upload a session file, or run `incidentscribe render session.jsonl -o timeline.md` locally. Upgrade to the Postmortem Pack for blameless templates and a GitHub Action that attaches timelines to issues.
FAQ
How does IncidentScribe flag critical commands in a timeline?
Severity heuristics match destructive patterns in shell and SQL text — database drops, force pushes, recursive deletes, infrastructure teardown, and similar agent mistakes. Matched events appear as critical in the web viewer and in exported Markdown, HTML, and JSON. Heuristics are conservative: they surface likely harm for human review, not automated verdicts. Unknown or benign commands still appear in order without highlighting.