Product

2:47 A.M. in Someone Else's Production — Inside CloudThinker's On-call AgenticOps Team

02:47 — a payment API's error rate jumps. 02:57 — a human SRE approves the fix from her phone. 03:04 — validated against the same telemetry that raised the alarm. Inside CloudThinker's on-call AgenticOps team: the detect–resolve–validate loop, the nights the AI is confidently wrong, the actions agents are never allowed to take, and why SLAs are measured rather than asserted.

·
oncallagenticopssredevopsmanagedcloudslaincidentresponsecloudthinker
Cover Image for 2:47 A.M. in Someone Else's Production — Inside CloudThinker's On-call AgenticOps Team

2:47 A.M. in Someone Else's Production — Inside CloudThinker's On-call AgenticOps Team

This is what one page looked like on a recent night shift:

02:47  [P1] payments-api — 5xx rate 0.4% → 18%, p99 climbing
02:48  DRE acknowledges. Correlating: API errors ↔ DB connection wait time
02:51  Investigation posted: connection pool ceiling lowered in yesterday's
       deploy; saturation began at the overnight traffic uptick.
02:53  Proposed fix: restore pool ceiling + rolling restart. Sent for approval.
02:57  Human on-call (CloudThinker SRE) reviews on her phone. Approves.
02:58  Fix applied inside a sandboxed session. Watching.
03:04  5xx back to 0.4%. p99 recovered. Validation: green.
03:06  Jira ticket resolved. Report attached. Customer still asleep.

Nine minutes of human attention, spent on a phone, in bed. One approval. No laptop, no war room, no "can someone share the dashboard link?" The customer's engineers read the story over coffee.

If you have ever carried a pager, you know the other version of this incident, because you have lived it. The alert with no context. The five dashboards. The deploy nobody mentioned in the channel. Forty minutes to build the picture that the four-minute fix needed. The postmortem you still owe from the last one.

CloudThinker runs on-call for customers every night, with a team that is part human, part agentic — what we call AgenticOps. This post is about how that team actually works: the humans, the loop, the incidents where the AI is wrong, and the actions it will never be allowed to take. Read those last two sections even if you skip the rest. That is where the trust lives.


The pitch we refuse to make

Here is the pitch you will not hear from us: "AI answers your pager. No humans needed."

We operate production systems every day, and we do not believe that pitch — not because the agents are weak, but because production is where trust is either real or it isn't. So CloudThinker's rotation is staffed by an Operation Team of humans: SREs, security engineers, and DevOps engineers. They are not a fallback layer bolted on for the sales deck. They own every shift, and their names are on every approval.

What the agentic platform changes is what those humans spend the shift doing:

  • Before: watching dashboards, triaging duplicate alerts, grepping logs at 3 a.m., writing the postmortem at 9.
  • Now: reviewing investigations that arrive with evidence attached, approving or rejecting proposed fixes, and taking the genuinely novel failures — the ones that deserve a senior engineer's full attention.

The agents carry the toil. The humans carry the judgment. Neither works without the other, and the architecture makes that split structural, not aspirational.


How the team is wired

This is the actual shape of the service — humans on top, customer promises on the right, the agentic engine in between:

CloudThinker on-call AgenticOps team architecture. A human Operation Team of SREs, security engineers, and DevOps engineers oversees the system. Managed surfaces — cloud and infrastructure, observability, SIEM, and ITSM integrations — feed a closed-loop agentic engine that detects, resolves with human approval, and validates. The engine orchestrates the CloudThinker AgenticOps Platform (Oncall SRE AI, Investigation, Agentic Operation, Automation Report, CostOps, AppSec pentesting, On-call SLA), which delivers uptime SLA monitoring, on-call escalation, and Jira ITSM ticket SLAs back to customers.

CloudThinker on-call AgenticOps team architecture. A human Operation Team of SREs, security engineers, and DevOps engineers oversees the system. Managed surfaces — cloud and infrastructure, observability, SIEM, and ITSM integrations — feed a closed-loop agentic engine that detects, resolves with human approval, and validates. The engine orchestrates the CloudThinker AgenticOps Platform (Oncall SRE AI, Investigation, Agentic Operation, Automation Report, CostOps, AppSec pentesting, On-call SLA), which delivers uptime SLA monitoring, on-call escalation, and Jira ITSM ticket SLAs back to customers.

Reading it left to right:

  • Managed surfaces. The platform connects to the customer's cloud and infrastructure, observability stack, SIEM, and ITSM tools through CloudThinker Connections — scoped credentials, nothing installed inside the customer's environment (how connections work).
  • The agentic engine. A closed loop — detect, resolve, validate — running continuously against those surfaces. The ordering of its steps is where the trust lives; more below.
  • The platform. The engine orchestrates the CloudThinker AgenticOps Platform: on-call AI, investigation, operations, reporting, cost, and security capabilities.
  • SLA and service delivery. Everything flows out as three measurable promises: uptime SLA monitoring, on-call escalation, and ticket SLAs in the customer's own Jira.
  • Human oversight, across all of it. The Operation Team sits above the whole diagram — not beside it, not after it.

The loop: Detect → Resolve → Validate

Every run through the engine takes the same three steps, in the same order, with the human gate in the middle by design.

1 — Detect. Signals stream in from the managed surfaces: an alert, a SIEM finding, a threshold breach, a customer ticket. Pulse clusters related signals into one case instead of a page storm, and the investigation opens immediately — evidence gathering starts before any human is interrupted.

2 — Resolve, with human approval. The platform proposes a fix with reasoning and evidence attached. Anything that mutates production waits for a human on the Operation Team. This is not a limitation we apologize for — it is the reason a customer can hand us their pager at all. As specific fix patterns prove themselves across many approvals, Auto Mode lets both sides deliberately promote them toward autonomy. Routine, well-worn remediations graduate; novel or high-blast-radius changes never stop requiring a human.

3 — Validate. The loop does not close on hope. The platform re-checks the same telemetry that raised the alarm, confirms the system is actually healthy, and only then marks the case resolved. If validation fails, the case reopens and escalates to a human. Nothing is "done" because an agent says it is.

Then the loop feeds itself: resolved cases become runbooks with their reasoning and outcome attached, so the next similar incident is detected faster, investigated with prior context, and fixed with a pattern that has already earned trust once.


The part where the agent is wrong

Every vendor shows you the 02:47 timeline. Here are two nights we could leave out of this post, and won't — because if you run production, you already know these nights exist, and a vendor who pretends otherwise is telling you something.

The confident wrong answer. An API starts timing out minutes after a redeploy, and the investigation blames the deploy — plausible, well-evidenced, wrong. The human on-call notices what the correlation missed: a CDN configuration change that went out through a different pipeline at almost the same minute. She rejects the proposed rollback, redirects the investigation, and the real fix ships twenty minutes later. The rejected proposal is recorded next to the correct one, and the root-cause model now checks that second pipeline on every similar case.

The fix that didn't hold. A memory remediation passes validation, metrics recover, everyone moves on — until the next traffic peak, when the symptom returns. Validation catches the regression, reopens the original case with its full history instead of opening a fresh one, and escalates to a human with a note that the first fix was insufficient. The permanent fix goes through the customer's normal change process the next morning.

This is why the loop is shaped the way it is. Step 2 exists because agents are sometimes confidently wrong. Step 3 exists because "it worked when I left" is not a resolution. We designed the system around the assumption of fallibility — which is exactly the assumption you would want your own on-call to make about itself.


What the agents are never allowed to do

Some actions do not graduate, no matter how much trust a fix pattern has earned:

  • Destroy data. No dropping databases, deleting snapshots, or emptying buckets. Ever. Deletion proposals are filed as tickets for humans.
  • Change identity and access alone. IAM policies, security groups, and network exposure changes always require a named human approval.
  • Run schema migrations. Proposed, evidenced, and handed to the customer's change process — never executed autonomously.
  • Cut over traffic. Cross-region failovers and DNS changes are human decisions with an agent-prepared briefing.
  • Touch anything the customer marks off-limits. Customer-defined boundaries are enforced, not advisory.

These rules are code, not a policy document. The Guardrails Engine evaluates every action before it executes, execution happens inside sandbox isolation with scoped credentials and recorded sessions, and the security model is documented down to what each agent can reach. An agent that is structurally unable to delete your database is a very different proposition from one that promises not to.


One platform behind the on-call

The same loop orchestrates different capabilities depending on what the night brings:

Oncall SRE AI (DRE)

First responder, every time.

The Deep Response Engine picks up every page in seconds — clusters the noise, opens the investigation, and briefs the human on-call with a summary instead of a raw alert.

Deep Response Engine

Investigation

Evidence before opinions.

Logs, metrics, traces, recent deploys, and change history are correlated into a root-cause narrative — every claim linked back to the telemetry that supports it.

How RCA works

Agentic Operation

Hands on the fix.

Once a fix is approved, the platform executes it — restart, rollback, scale, patch — inside sandbox isolation, under guardrails, with the full session recorded.

Autonomous agents docs

Automation Report

Receipts for every run.

Every detection, approval, action, and validation lands in a report the customer can read — what happened, who approved it, what changed, how it was verified.

Automation tasks docs

CostOps

The quiet-hours workload.

Between incidents, the same loop hunts cost anomalies and right-sizing candidates, so the morning handoff includes savings proposals — not just uptime.

CloudKeeper

AppSec (Pentesting)

Offense, on the calendar.

Scheduled agentic pentesting probes the same surfaces the team defends, and confirmed findings enter the identical detect–resolve–validate loop as any incident.

CloudThinker AppSec

There is a seventh module in the diagram that is easy to skim past: On-call SLA. It tracks the promise itself — response, escalation, and resolution times — so the SLA is a measured number in a report, not a line in a contract nobody checks.


What the customer sees

All of the machinery above collapses into the three green lines on the right of the diagram — the only three things a customer has to care about:

  • Uptime. Continuous SLA monitoring of the services we manage, reported from measured data.
  • Escalation. A staffed on-call path — when something needs a conversation, a human engineer is on the other end, already briefed by the investigation.
  • Request tickets. Work lands in the customer's own Jira with ticket SLAs, visible inside the tools their team already lives in.

Every run also produces a receipt: the Automation Report shows what was detected, what was proposed, who approved it, what executed, and how recovery was verified — the same artifact pattern we use for SOC 2 Type II audits.

And because the platform speaks natural language, "raising a request" is usually just a message in the shared channel:

"The checkout service felt slow around 9 p.m. last night — can you check whether anything happened and whether we need to scale before the weekend campaign?"

"We leverage CloudThinker to re-organize and standardize our AWS Landing Zone infrastructure, so we can automate 80% of daily operation tasks with CloudThinker."

Tung Nguyen, Infrastructure Leader, F88


A night on shift

Three more moments from a typical rotation:

23:40 — an incident. A Kubernetes node group starts evicting pods. Detect, investigate, propose a scaling change with the eviction timeline attached. The on-call SRE approves; the platform executes and validates; the customer's Jira has a resolved ticket before their morning standup.

02:15 — a security signal. The SIEM flags an unusual login pattern against a staging bastion. The security engineer on shift gets the correlated picture — source, timing, affected identities — instead of a lone log line. It turns out to be a contractor in another timezone; the case closes with the evidence trail preserved, and the finding feeds the next scheduled AppSec run.

06:50 — the handoff. The quiet-hours work surfaces before the shift ends: a CostOps sweep found an oversized database instance and an idle load balancer, both filed as proposals with the evidence attached. The morning shift — and the customer — start the day with a briefing, not a backlog.

No single tool does all three. A team does — one where agents work every minute of the shift and humans decide the moments that matter.


Getting started

Teams usually meet the on-call AgenticOps team one of two ways:

  1. Run the platform yourself. Connect your cloud, observability, and ITSM through CloudThinker Connections (quickstart), start in Notify mode so every detection and proposal is visible before anything acts, and promote autonomy with Auto Mode as the recommendations earn it.
  2. Hand us the pager. The Managed Cloud Service 24/7 is exactly the team described in this post — our Operation Team, our platform, your SLAs — delivered through your existing chat, Jira, and on-call tools.

Either way, the first ask can be a sentence:

"Watch production for me tonight. Tell me everything you see, propose fixes, but don't touch anything without my approval yet."

That "yet" is where the relationship starts.


Related reading


Conclusion

The interesting question about AI in operations was never "can an agent fix a server?" It is "what has to be true before an SRE sleeps through the night while it does?" Our answer is a team: a loop that detects, resolves, and validates; hard limits written as code; receipts for every run; SLAs measured rather than asserted; and human engineers who own the judgment calls — every shift, every night.

If you want that team on your pager, start with the Managed Cloud Service 24/7, explore the platform, or book a discovery call.

— Steve Tran, CTO, CloudThinker