AI AGENTS
Post-Incident WAF Postmortem Enricher for Linear
After a WAF incident resolves, an agent gathers the Cloudflare rule changes and timeline, writes a structured postmortem in Linear, and posts the draft to Slack for review.
How it runs
The automated pipeline, trigger to output.
- TriggerIncident-resolved webhook receivedHTTP webhook
- ActionRead Cloudflare WAF rule change history for the zoneCloudflare
- ActionFetch applied runbook from MCP serverCustom MCP server
- LogicAssemble timeline and draft postmortem sections
- ActionWrite structured postmortem into the Linear issueLinear
- OutputPost draft link to Slack for reviewSlack
What it does
Closes the loop after a WAF incident. On a resolved-incident signal, an agent pulls the relevant Cloudflare WAF rule history and the runbook that was followed, then assembles a structured Linear postmortem — timeline, root cause hypothesis, actions taken, and follow-ups — instead of leaving an empty stub.
When to use it
Use it when postmortems pile up as unwritten TODOs. This produces a complete first draft from the actual change record so the on-call engineer edits rather than starts from scratch. Pairs well with the remediation agents that opened the stub.
How it works
- 1A webhook fires when an incident is marked resolved.
- 2The agent reads the Cloudflare WAF rule change history for the affected zone.
- 3It fetches the runbook that was applied from the MCP server to reconstruct intent.
- 4A logic step assembles the timeline and drafts the postmortem sections.
- 5It writes the structured postmortem into the existing Linear issue.
- 6It posts the draft link to Slack for the on-call engineer to review and finalize.
Set it up
What you configure once, before turning it on.
- 1Connect CloudflareWorkers, Pages, R2, KV — the edge stack.
- 2Connect LinearIssues, projects, cycles, triage.
- 3Connect Custom MCP serverConnect any MCP-compatible tool you own.
- 4Connect SlackChannels, DMs, threads, mentions.
- 5Connect HTTP webhookTrigger any URL on agent actions.
- 6Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 7Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 8Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More AI Agents workflows
Observability Cost Allocation Report
Monthly, an agent pulls Datadog and Honeycomb usage, allocates spend to teams and services by tags, writes the breakdown to Snowflake, and posts a chargeback summary to Slack.
Vendor Shortlist Matrix from a Buying Brief
An agent reads a buying brief, researches candidate vendors across the live web, and builds a scored comparison matrix in Coda ranking each vendor against your stated criteria.
Split oversized Linear epics into estimated child issues
An agent scans newly created Linear epics, breaks each one above a size threshold into discrete child issues with point estimates and acceptance criteria.
Datadog Bill Spike Attribution Agent
When a daily Datadog cost check detects a spend jump, an agent attributes the increase to the specific services and metric types driving it and posts a ranked breakdown to Slack.
Buying Brief Email to Shortlist Doc in Drive
When a buying brief arrives by email, an agent researches the market and produces a polished narrative shortlist document in Google Drive, then replies to the sender with the link.
Zoom Demo Low-Score Objection Escalation to Manager
Scores how well a rep handled objections in each Zoom demo, and only when the handling score falls below a threshold does it create a coaching task in ClickUp and alert the rep's…
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.