Core concepts
Incident A production issue that needs investigation. Incidents are created automatically when a monitoring alert arrives via webhook, or manually by an operator from the dashboard. Investigation The core process. CauseFlow’s AI analyzes different data sources — logs, metrics, infrastructure state, recent code changes, and database health — then synthesizes findings into a root cause analysis. Root cause analysis The synthesized conclusion from the investigation. It explains why the incident occurred, cites the supporting evidence, and includes a confidence score. Remediation A proposed action to resolve the incident. Examples: restart a service, rollback a deployment to a previous version, scale a resource, or create a pull request with a targeted code fix. Remediations require human approval before executing. Pattern A learned root cause pattern extracted from past resolved incidents. Patterns are matched against incoming incidents to accelerate analysis and surface known solutions. Patterns improve over time as your team resolves more incidents. Usage Each plan includes a monthly allowance of investigations and events. One investigation is consumed per full investigation cycle. One event is consumed per incoming alert. See Plans and pricing for limits by plan.Incident lifecycle
| Status | Description |
|---|---|
open | Incident created, awaiting analysis |
triaging | AI classifying severity |
investigating | AI analyzing data sources |
awaiting_approval | Remediation proposed, waiting for human approval |
remediating | Approved remediation being executed |
resolved | Incident resolved successfully |
closed | Incident closed — either resolved or dismissed without remediation |
Severity levels
| Level | Description |
|---|---|
critical | Service outage or data loss affecting all users |
high | Major feature degraded with significant user impact |
medium | Partial degradation with limited user impact |
low | Minor issue with a workaround available |
info | Informational alert — no immediate action needed |
Roles
| Role | Permissions |
|---|---|
admin | Full access to all features and settings across all tenants |
owner | Full access within their own tenant |
operator | Triage, investigate, and approve or reject remediations |
viewer | Read-only access to incidents and investigations |
owner or admin from Dashboard > Team Management. See RBAC for a detailed permissions breakdown.