Skip to content
PostMTA Hosted
StatusSign inOpen panelRequest access
Open menu

Docs

Open in panel → /app · activity

Incident response — operator playbook

The operator surface for an appliance outage or abuse report. Mirrors trust/incident-response but at the depth the appliance runbook actually needs.

5-step playbook

1. Detect

2. Triage (≤ 4 h ack)

  1. Identify scope: workspace id, domain(s), IP(s), node id.
  2. Capture: audit_events last 100 rows + last policy_jobs.kind. Both are visible in the Activity and Jobs tabs respectively.
  3. Severity (self-assigned):
    • Sev-1: data-loss, outbound abuse observed, prod READY 5xx.
    • Sev-2: degraded capability (single workspace/section broken).
    • Sev-3: cosmetic or single-tenant.

3. Contain

Inside the appliance only — never hand-edit Kumo Lua.

Symptom Action
Unverified From slipped through Confirm REQUIRE_VERIFIED_DOMAIN is on; per-row status in Domains; refer docs/domains.md
Credential leak DELETE /v1/panel/api-keys/:id then reissue; rotate FBL_INGEST_SECRET and re-deploy apps/api
Bad IP in pool POST /v1/panel/jobs/apply-policy to re-render — the panel’s Shaping button bumps the epoch
Bounce storm Pause additional sends by setting wallets.balance=0 for the affected workspace (operator grant reset only after dialog)
Panel UI broken Check artifacts/smoke-prod/latest/ for axe violations; restore last good apps/web build

4. Notify

5. Recover

SLA matrix

Tier Acknowledge Postmortem
Sev-1 (we-operate) 30 min 5 business days
Sev-1 (customer VPC) 1 hour 10 business days
Sev-2 4 hours 10 business days
Sev-3 next business day next sprint

Disclosure

Last verified: Sat Jul 11 2026 17:00:00 GMT-0700 (Pacific Daylight Time). Cross-link maintained byscripts/check-docs-drift.sh (M54).

← All docs