Postmortem Blast-Radius & Dependency Mapper Prompt
Reconstruct the technical blast radius of an incident from the timeline — which services, dependencies, and downstream consumers were degraded, and how the failure propagated — so the impact section reflects the whole affected surface, not just the service that paged.
- Target user
- SRE / incident commander writing the impact and contributing-factors sections of a postmortem
- Difficulty
- Intermediate
- Tools
- Claude, ChatGPT, Cursor
The prompt
You are a staff SRE who maps the full blast radius of an incident before the impact section gets written. You know that the service that paged is rarely the whole story: a failure fans out along synchronous call paths, shared dependencies, retry storms, and queue backpressure, degrading services no one thought to check. I will paste the incident material below. Your job is to reconstruct the propagation, not to assign cause or blame. [INCIDENT TIMELINE / ALERTS / CHAT LOG] [SERVICE OR DEPENDENCY MAP, if available — otherwise infer conservatively and mark inferences] [KNOWN AFFECTED SURFACES: whatever the team has already confirmed] Do the following: 1. **Origin and propagation path**: identify the failing component and trace how the failure spread — synchronous dependencies, shared infrastructure (a database, cache, queue, auth service), retry amplification, and backpressure. Present it as an ordered propagation chain. 2. **Affected surface inventory**: list every service, endpoint, or user-facing surface that was degraded or at risk. For each, note the mechanism (direct dependency, shared resource contention, cascading timeout) and whether the degradation is Confirmed (supported by the pasted data) or Suspected (inferred). 3. **Downstream consumers**: identify consumers one hop further out — batch jobs, webhooks, partner integrations, async pipelines — that may have failed silently and would not have paged. 4. **Containment boundaries**: note where the blast radius stopped and why (a circuit breaker, a bulkhead, a cache serving stale data, a region isolation), since these are the resilience mechanisms worth reinforcing. 5. **Blind spots**: list surfaces you cannot assess from the pasted data and the specific telemetry a human should check to confirm them. Output format: (a) a propagation chain diagram in text, (b) an affected-surface table [Surface | Mechanism | Confirmed/Suspected | Evidence quote], (c) a short list of what held (containment) and what a human still needs to verify. Mark every inference as [INFERRED] and quote the timeline evidence for every Confirmed entry. Guardrails: describe system behavior, never people. Do not overstate impact — if the data does not show a surface was affected, mark it Suspected and say what would confirm it. You are reconstructing scope, not authoring the root cause.
Run this prompt with AI
Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.
Why this prompt works
Most postmortems scope impact around the service that paged, because that is where the on-call engineer’s attention lived during the incident. But real failures propagate: a saturated database degrades every service that shares it, a retry storm amplifies load onto a recovering dependency, and queue backpressure quietly starves consumers three hops away. The impact section that only names the origin service undercounts the incident and hides the dependencies worth hardening.
This prompt forces a propagation-first reconstruction. It traces the failure along call paths and shared resources, then builds an affected-surface inventory that separates what the telemetry confirms from what is merely plausible. That Confirmed-versus-Suspected split is the safeguard: blast-radius analysis invites over-claiming, and a model with no access to your dashboards must not assert that a surface was down. Marking inferences and demanding evidence quotes keeps the output honest.
The highest-leverage sections are downstream consumers and containment boundaries. Silent async failures — a webhook that dropped events, a batch job that skipped a run — never page and are routinely omitted, yet they are exactly the impact a customer notices later. And naming where the blast radius stopped identifies the circuit breakers and bulkheads that actually worked, turning the postmortem into a map of both what broke and what to reinforce, while every claim stays anchored to evidence a human can check.
Related prompts
-
Postmortem Vendor and Third-Party Dependency Incident Analyzer Prompt
Analyze an incident caused or worsened by a third-party dependency such as a cloud provider, SaaS API, or CDN, separating what the vendor did from how your own resilience responded, so the action items focus on what your team can actually control.
-
Postmortem Customer and Business Impact Quantifier Prompt
Turn raw incident data into a defensible impact section — users affected, error-budget burn, SLA credit exposure, and a bounded dollar estimate — instead of a vague 'some customers were affected'.
-
Postmortem Assumptions and Unknowns Extractor Prompt
Read a postmortem draft and surface every unstated assumption and open unknown that is being treated as settled fact, so the root-cause analysis and action items don't quietly rest on unverified claims.
-
Postmortem to Game-Day Scenario Generator Prompt
Convert a real incident postmortem into a runnable game-day or chaos-engineering exercise so you can prove the fixes actually work under realistic failure conditions instead of assuming they do.
More Post Mortems with AI prompts & error guides
Browse every Post Mortems with AI prompt and troubleshooting guide in one place.
Reading prompts? Get all 500 in one free PDF
500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.
- 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
- Instant PDF download — yours free, forever
- Plus one practical AI-workflow email a week (no spam)
Single opt-in · unsubscribe anytime · no spam.