Inspiration
Modern data stacks fail in quiet, expensive ways: schema drift, freshness gaps, broken orchestration runs, and upstream changes often surface only after dashboards or downstream apps break. We wanted an MVP that behaves like an on-call data investigator, not just a monitor.
What it does
Autonomous Data Incident Investigator (ADII) continuously observes pipeline and table signals, detects incidents, and produces an incident report with:
- Triage and prioritization
- Root-cause hypotheses (Gemini-powered reasoning)
- Investigation steps and collected evidence
- Verification with confidence scoring
- Persistent incident history and audit events
- Slack/email escalation
- Optional remediation with approval gates and risk assessment
It also ships a dashboard for live status, incidents, actions (archive/delete/bulk), and an incident detail view with a full reasoning trace.
How we built it
- Backend: FastAPI + Gunicorn/Uvicorn with a modular agent architecture (Observer, Reasoner, Investigator, Verifier, Escalator, Historian).
- AI: Google Gemini (
gemini-3-pro-preview) used for structured JSON decisions across triage, planning, verification, policy suggestion, and remediation risk assessment. - Storage: SQLite persistence for incidents, metrics, audit events, and tenant isolation (separate DB per tenant).
- Real-time UX: WebSocket incident stream for live activity and UI updates.
- Frontend: React + TypeScript + MUI dashboard consuming secure APIs.
- Ops: Nginx reverse proxy + TLS, systemd service, production logging.
Challenges we ran into
- Production deployment on a multi-app server (Nginx routing, upstream configuration, and avoiding conflicts).
- Ensuring long-running cycles don’t block requests (background tasks + WebSocket notifications).
- Making Gemini calls reliable and safe: budgets, caching, strict JSON parsing, and fallbacks.
- Getting alerting (Slack/email) working end-to-end and verifying deliverability.
- Keeping demo flow smooth while maintaining real-world architecture.
Accomplishments that we're proud of
- A working end-to-end autonomous loop: Observe → Reason (Gemini) → Investigate → Verify → Persist → Escalate → (Optional) Remediate.
- A “Gemini proof” endpoint that exposes safe runtime metadata for judges.
- A visible reasoning trace/decision log on each incident, showing what the system decided and why.
- Multi-tenant foundations with isolated storage per tenant plus policy and approval endpoints.
- A production deployment with TLS, secure API access, and persistent incident history.
What we learned
- “Agentic” systems need guardrails: deterministic fallbacks, strict schemas, and budget controls are mandatory for reliability.
- Demos succeed when the system exposes internal reasoning clearly (traceability beats raw complexity).
- Productionizing isn’t just code: deployment hygiene, routing, and observability make or break the experience.
What's next for Autonomous Data Incident Investigator (ADII)
- Add a full UI for tenant/policy/approval administration (currently available via API).
- Expand native connectors (Airflow auth, Datadog, Prometheus, dbt, etc.) and richer telemetry ingestion.
- More advanced evidence tracing and root-cause graphing in incident detail views.
- Stronger RBAC, audit trails, and organization-level configuration.
- Smarter remediation orchestration (playbook selection, dynamic safeguards, and cost-aware model routing).
Built With
- audit-events
- build
- built-with-python-3.12-fastapi
- gunicorn-google-gemini-api-(google-genai-sdk
- incident/activity
- isolation)
- live
- management)
- material
- metrics
- model:-`gemini-3-pro-preview`)-sqlite-(persistent-incidents
- mui)
- nginx
- production
- proxy
- pytest
- react
- reverse
- service
- stream)
- systemd
- tenant
- tls)
- tooling)
- tsc
- typescript
- ui
- uvicorn
- vite
- websockets
Log in or sign up for Devpost to join the conversation.