Open Playback · Free & MCP-native
Production failure memory
for your AI coding agent
Real incidents from GitHub, Cloudflare, Linear and others, structured and exposed over MCP. Plug it into Claude or Cursor and ask how production actually breaks
3 encores
Sorted by date
- SEV-1
GitHub
Apr 22, 2026
Copilot Chat and Cloud Agent unavailable after infrastructure config change broke database connectivity
An infrastructure configuration change broke database connectivity for Copilot Chat and Cloud Agent on github.com, leaving users unable to interact with either service. Copilot Memory in preview was also unavailable to agent sessions during the window. Engineers identified the change as the cause and restored connectivity, with github.com recovering first and remaining regional deployments restored incrementally.
4h 2mNot disclosed affectedCopilot Chat and Cloud Agent users globally; staged regional recoveryauthconfiguration errorconfiguration fixcustomer-facing - SEV-1
Linear
Mar 24, 2026
Permission Filter Bypass from Variable Shadowing Bug
A performance optimization deployed to production contained a variable shadowing bug that caused team-level permission filters to be silently skipped. For approximately one hour, workspace members — including guests — could access data belonging to private teams within their own workspace via notification emails, client data sync, mobile sessions, API calls, and background tasks. No data was exposed outside any workspace, and no credentials were compromised. The change was reverted within the hour, all affected client sessions were cleared, and a post-incident audit found no evidence of malicious exploitation.
1h 3mNot disclosed affected—api gatewayauthconfiguration errorcredential rotation - SEV-1
Cloudflare
Aug 23, 2025
Salesforce support-case data exfiltrated via compromised Salesloft Drift OAuth token
An advanced threat actor Cloudflare tracks as GRUB1 (overlapping with Google's UNC6395) exploited the Salesloft Drift integration with Salesforce by using stolen OAuth credentials to access Cloudflare's Salesforce tenant. The actor performed reconnaissance starting August 9, accessed the tenant on August 12, and used Salesforce's Bulk API 2.0 on August 17 to exfiltrate the text of customer support cases in roughly three minutes. The attacker then deleted the Bulk API job to hide evidence. The breach was part of a broader supply-chain campaign affecting hundreds of Salesloft customers; Cloudflare disabled Drift, rotated 104 customer-issued API tokens, and notified affected customers.
14d 9mNot disclosed affectedCloudflare's Salesforce tenant; case-object data including customer contact info and support correspondence (no Cloudflare infrastructure or services)authcredential rotationdata exposuresupply chain
Your own encores
Turn your incidents into structured post-mortems.
Aftermath runs the whole show: Live Stage captures the incident, Encore writes the post-mortem. Private and structured, like these, but yours.
Get early access