App·Help

Recommendations

Recommendations are the concrete output of investigations. Every recommendation has a confidence score, an impact statement, safer alternatives, pre-checks, a verification plan, and a rollback plan.

Lifecycle

Every recommendation moves through six states:

  1. open — initial state when an investigation produced it.
  2. acknowledged — an engineer has read it and intends to act.
  3. in_progress — work has started; usually a change ticket is open.
  4. verified — the fix landed AND the originating finding is no longer firing.
  5. resolved — closed out as fixed.
  6. suppressed — explicit "won't fix" — requires a reason.

Every transition writes a RecommendationStatusEvent row with actor + timestamp. Webhooks configured under Settings → Webhooks receive a recommendation.status_changed event per row.

Reading a recommendation card

  • Severity: critical / high / medium / low / info.
  • Confidence: 0-100. Below 60 the orchestrator hedges harder in the summary.
  • Naive fix: what the AI's first instinct would have been — included so you can see what we deliberately decided not to recommend.
  • Safer alternatives: the recommended approach plus 1-2 alternatives with effort / pros / cons.
  • Impacts: every change has ≥1 stated impact (the guardrail G1 enforces this).
  • Pre-checks: things to verify before applying the change.
  • Verification: how to confirm the change worked.
  • Rollback: exact steps to undo if verification fails.

Bulk actions

On the Recommendations list page you can select multiple rows and acknowledge them in one shot. Useful for clearing low-severity noise after a policy fix.

Handoff to Slack / ServiceNow

From a recommendation card, click the handoff button to push to your configured Slack channel or ServiceNow CMDB. The handoff is one-way (we don't poll back state changes); it leaves an audit trail you can replay.

Slack handoff requires a Slack source configured under Sources → Slack. Same for ServiceNow.

Suppression rules

Don't suppress one-off recommendations from the lifecycle dropdown — use a suppression rule instead. Rules match on resource pattern + category + reason and auto-suppress future recommendations of the same shape. The rule itself is auditable and time-bounded.

Trust score (roadmap)

Today confidence is a single number. We plan to break it down into sub-signals: evidence coverage %, guardrail-pass rate, prior-similar-rec success rate. Tracked in the roadmap.

Browse docs