This document describes when YieldVault writes postmortems, how action items are tracked, and the publication workflow for finalized reports.
Write a postmortem for any of the following:
| Trigger | Examples |
|---|---|
| Severity 1–2 incidents | Full outage, data loss risk, contract pause |
| DR events | Database restore, RPC failover, backend redeploy under pressure |
| Security incidents | Key compromise, unauthorized access, exploit attempt |
| Contract upgrades with issues | Failed upgrade, rollback, unexpected state |
Lower-severity incidents may use a shortened report at the Incident Commander's discretion, but must still capture root cause and action items.
| Phase | Deadline | Deliverable |
|---|---|---|
| During incident | Real-time | Incident Report Template |
| Post-incident | Within 48 hours | Postmortem draft |
| Publication | Within 5 business days | Published report in docs/incidents/ |
These deadlines align with the Quick Reference post-mortem checklist and Incident Response Runbooks.
| Role | Responsibility |
|---|---|
| Incident Commander | Owns timeline accuracy and severity classification |
| Author | Drafts postmortem from incident report and logs |
| Reviewer | DevOps or Security lead validates technical accuracy |
| Release engineer | Ensures security-sensitive details follow disclosure rules |
- Start from template — Copy
docs/runbooks/templates/post-mortem.md. - Optional draft location — Save work-in-progress to
docs/incidents/drafts/INCIDENT-XXX-slug.md(not indexed until published). - Gather inputs:
- Live incident report
- Grafana / PagerDuty timelines
- Backend diagnostics bundle (
/api/diagnostics/bundle) - Relevant runbook steps exercised
- Complete all sections — Summary, impact metrics, timeline, root cause, action items table, lessons learned.
Every postmortem must include an Action Items table with:
| Column | Required |
|---|---|
| ID | Yes (AI-001, AI-002, …) |
| Action | Yes |
| Owner | Yes |
| Priority | Yes (P0/P1/P2) |
| Due Date | Yes |
| Tracking Issue | Yes — link to GitHub issue |
| Status | Yes (Open / In Progress / Done) |
Workflow:
- File each action item as a GitHub issue referencing the incident ID.
- Link the issue number in the postmortem table.
- Review open action items in the quarterly runbook review (runbooks README §Continuous Improvement).
Before publication:
- Incident Commander and Reviewer sign off on timeline and severity
- Remove credentials, PII, and unreleased vulnerability details
- For security incidents, follow the 48-hour minimum disclosure window described in Release Notes Playbook §8
- Confirm customer-facing language is approved if published externally
- Open a PR adding the finalized report to
docs/incidents/using the naming convention:YYYY-MM-DD-INCIDENT-XXX-short-slug.md - Set
Status: Publishedin the report header (drafts must not remain indocs/incidents/root) - Update the index in
docs/incidents/README.md - Link action items — Ensure every
AI-xxxrow has a merged or open GitHub issue - Update runbooks if new failure modes were discovered
- Announce in
#yieldvault-incidents; update status page if user-facing - Merge PR after reviewer approval
CI validates postmortem structure via scripts/validate-postmortem.sh. Install the
workflow from docs/ci/postmortem-docs.workflow.yml
into .github/workflows/ to enable automated PR checks.
Disaster recovery exercises that surface runbook gaps should file a DR Test Report. Significant findings warrant a full postmortem using the same publication flow.
After each published postmortem:
- Identify runbook sections that were unclear or missing
- Open a follow-up PR updating the relevant runbook under
docs/runbooks/ - Record the change in the postmortem's Runbook Updates Required section
Last Updated: June 26, 2026 Maintained By: DevOps Team Issue: #769