Incident Severity Classification with Escalation Logic

The problem

Incident metadata is evaluated by Corules to determine severity and escalation path. P1 incidents auto-page the VP of Engineering. P2 triggers on-call. P3 and below create tickets without paging. Severity is computed dynamically based on current system state — a payment system impact is always P1 regardless of user count. Every classification decision is logged.

Without deterministic enforcement, AI agents either block every edge case (adding manual overhead) or silently approve decisions that violate policy — with no audit trail to show auditors or regulators.

How Corules solves it

Corules sits between your AI agent and the action it wants to take. When the agent proposes a decision, Corules evaluates the full context against your compiled policy set in a single deterministic pass — no LLM, no ambiguity.

The result is a structured outcome: ESCALATE — system_impacted 'payment-service' is in critical_systems. Auto-classified P1. Paging VP Engineering.

Policy example

Corules policies are written in CEL (Common Expression Language). They are compiled once at publish time and evaluated deterministically at request time — no LLM, no variability.

// Incident severity policy (CEL)
context.system_impacted in params.critical_systems
  ? "P1"
  : context.users_affected >= params.p1_user_threshold
    ? "P1"
    : context.users_affected >= params.p2_user_threshold
      ? "P2"
      : "P3"

This expression is evaluated against the structured context your agent sends in the /v1/validate request.

Integration options

Corules integrates with the tools your teams already use. All integrations call the same REST API or MCP server — your policy logic stays in one place.

Frequently Asked Questions