One incident. Two outcomes.

Hours vs. minutes.

Without Runback
3h 48m
Grep through 2,400 log lines.
Guess. Patch. Hope it doesn't recur.
2:47 AM — alert fires
3:00 AM — first engineer online
4:15 AM — found a suspicious log line
5:20 AM — maybe found the prompt issue?
6:35 AM — fix deployed, fingers crossed
same incident
With Runback
4m 23s
Open the run. Root cause is highlighted.
Patch, replay to confirm, seal the record.
2:47 AM — alert fires with run link
2:49 AM — run open, failure step highlighted
2:51 AM — root cause found in messages[]
2:52 AM — fix applied, replay confirms
2:52 AM — sealed. Done.

A loan-approval agent ignores its own $50k limit and calls issue_approval for $85,000. With Runback: policy gate fires before the call executes, root cause is open in 2 minutes, the block is sealed into a tamper-evident cassette. Without Runback: 2,400 log lines, no context, 3 hours and 48 minutes of guessing.

Step 1 of the resolution

Open the run. You're already on the failed step.

Runback opens every failed run on the failure — no hunting. Click agent decidesto see the messages[] array the model received. That's where the root cause is.

loan-approval-agent · run_a3f1b90c · 02:47 AMclick any step ↓
Policy breach · issue_approval — $50k limit ignored
amount
$85,000
policy
max_auto_approve: $50,000
required
human review
call
issue_approval({ applicant_id: "19822", amount: 85000, term_months: 24 })
The model saw the $50k limit in its system prompt and ignored it — then called issue_approval anyway. Policy gate fires before the call executes: blocked. seq: 4 · rule: loan_limit · 85000 > 50000 · sealed into the cassette. Click 'agent decides' above to see the exact messages[] the model was given.

Time from incident to root cause identified: 2 minutes. The logs gave you 2,400 lines and no context. The Context tab gives you the exact prompt.

Step 2 of the resolution

Two ways this incident gets resolved. One is nearly 4 hours faster.

Without Runback
02:47
Agent fails in production
wrong tool called — logs say nothing useful
03:12
Engineer paged and woken up
25 minutes of alert noise before escalation
03:14
Starts reading logs
2,400 lines across 6 services — no context, no thread
04:20
Still in the logs
which call? which step? which message did the model see?
05:31
Maybe reproduced locally
different model version — not sure it's the same bug
06:35
Fix shipped — crossed fingers
MTTR: 3h 48m · confidence: unknown
With Runback
02:47
Agent fails → run captured
automatic, zero config
02:47
Runback opens on the failed step
error-first navigation — no hunting
02:49
Root cause identified
Context tab shows the exact messages[] the model saw
02:51
Fix replayed — confirms it holds
re-ran from step 3 with the patch, same environment
02:51
Incident → golden test in 1 click
permanently in the regression suite
02:51
MTTR: 4 minutes 23 seconds
fix verified · fix confirmed · audit record sealed
illustrative — based on common production patterns
The sealed record

The cassette that sealed this incident.

AI agent decisions have had no equivalent of the git commit — immutable, attributed, tamper-evident. The Runback cassette is that primitive: append-only, hash-chained, sealed at execution. Not a log of what happened — the decision, preserved for replay. This is the cassette for run_a3f1b90c. Each entry extends the chain; add, remove, or alter one byte and verification fails. Why this matters for long-term proof →

runback · cassette · run_a3f1b90c · schema: runback.cassette/v1 · algo: oracle-chain/sha256
entry_count: 5digest: a3f8c2...9d1estatus: sealed
seqkindkeyhash
0nownow8f2a…
1llmllm:gpt-4o:a3f8…c91d…
2tooltool:check_credit:c29a…e7b3…
3llmllm:gpt-4o:b7d1…2a8f…
4tooltool:issue_approval:BLOCKpolicy_block: { rule: "loan_limit", detail: "85000 > 50000" }09c4…
hash[n] = SHA256(hash[n-1] + canonical({kind, key, output}))

This tool call never executed. The block itself is hash-chained — seq: 4, rule: loan_limit, detail: '85000 > 50000' is part of the sealed record. Replay can prove the agent was stopped, not just that it failed.

Policy blocks are first-class cassette entries with their own seq and hash. The policy predicate is purely deterministic — no LLM judge, no probabilistic scoring. If the rule fires, the entry is sealed and the call is blocked.

Step 3 of the resolution

The incident became a permanent test. In one click.

After root-cause and fix, the engineer clicks Save as golden testin the debugger. The run — this exact run, with this exact context — becomes a permanent entry in the regression suite. The next time the same class of failure occurs, the golden suite catches it in CI before it reaches production. The suite builds itself from your actual failures, not from someone's memory of what to test.

1 click
to turn this incident into a permanent regression test
Same class
of failure caught in CI on the next similar run
0 manual work
the golden suite grows with every incident you resolve
5
cassette entries sealed in this demo run
hash-chained, tamper-evident

Reproduce your next incident in under 5 minutes.

Start with the free Community edition — one agent, your own VPC, no data leaves your network. The first incident tells the story.