BlameTrail correlates production incidents to the recent deploys most likely to have caused them, scores each candidate commit against the failing service, and drafts a fix PR — reviewer tagged, tests green — through your own GitHub token.
Most incident tools wake you up and hand you a runbook. We wake you up and hand you the guilty commit.
When a production error fires at 3 a.m., the question is never "did something break?" — the dashboard already told you that. The question is: what changed, who shipped it, and how do we undo the damage?
BlameTrail is the answer layer. It correlates alerts with deploys, diffs the releases, pinpoints the offending commit, and drafts a fix — with a PR opened against your repo before an on-call engineer has finished their coffee.
No more bisecting. No more git log archaeology. No more "who touched the checkout service last week?"
The moment Sentry, Grafana, or a custom webhook fires, BlameTrail cross-references your deploy history. Stack trace in. Candidate releases out.
Our commit analysis pipeline diffs the release, scores each change against the failing stack frame, and returns the file, line, and author with a confidence weight.
The patch pipeline drafts a revert or a small fix via an OpenAI model (default gpt-5-mini; configurable). A PR lands in your repo with the commit author auto-requested as reviewer — all before the Slack thread hits ten replies.
A hypothetical refactor strips the accumulator seed from a reduce call in the cart service. An empty-cart session hits production and checkout starts returning 500s.
BlameTrail correlates the Sentry event with the recent release, scores every commit in the range, and returns a ranked candidate with a confidence. The patch pipeline drafts a fix, opens a PR through your GitHub token, and requests the commit author as reviewer. The merge path is yours — BlameTrail does not auto-merge.
NOTE · we're early-stage and don't yet have customer testimonials. When we do, they'll go here — attributed and opt-in.
Alerts ingest from Prometheus, Datadog, Grafana, CloudWatch, Sentry, and the generic webhook. Traces pulled from Tempo, Jaeger, Honeycomb, New Relic, Elastic, X-Ray, and Lightstep. SAML + SCIM via WorkOS on Enterprise. Full list (with honest "planned" flags) on the integrations page →
| Auto-correlate to commit | AI-drafted fix | PR opened automatically | Starts at | |
|---|---|---|---|---|
| BlameTrail | ● yes | ● yes | ● yes | $0 · free tier |
| PagerDuty | ○ no | ○ no | ○ no | $21/user/mo |
| Incident.io | ◐ partial | ○ no | ○ no | $20/responder/mo |
| FireHydrant | ◐ partial | ○ no | ○ no | $20/user/mo |
Pricing reflects publicly listed tiers. BlameTrail is a fraction of the cost — and resolves, not just notifies.
AES-256-GCM for observability credentials, webhook signing secrets, and alert ingest tokens. Tokens returned once, stored as SHA-256 hashes.
GitHub and Google OAuth on every plan. SAML + SCIM via WorkOS on Enterprise — Okta, Azure AD, Google Workspace, JumpCloud, OneLogin.
Owner / Admin / Member / Viewer roles at the tenant level. Per-repo and per-environment granularity is on the roadmap, not shipped.
Every mutation lands in audit_events with a SHA-256 link to the prior event. Export to CSV/NDJSON on demand; verify integrity via /audit-log/verify.
Every outbound URL validated: RFC1918, loopback, link-local, cloud metadata endpoints blocked. DNS re-checked at query time, not just at write.
No SOC 2, no ISO 27001, no HIPAA BAA yet. No executed DPA template. We're early-stage and we're not going to pretend. Email [email protected] if procurement needs to hear it from us directly.
Flat pricing · no per-responder fees · no usage cliff. See the full schedule →
When a commit is a suspect, we fetch its diff through your GitHub access token. We persist the patch excerpts(not whole files) for the suspect-scoring window and commit analysis; retention follows your plan's data-retention schedule. We do not clone your repo and we never train on your data.
Today we install with a github_access_token stored encrypted on the tenant record. It needs contents:write and pull_requests:write (required to open PRs from a branch). A proper GitHub App with scoped permissions is on the roadmap.
We don't have customer benchmarks to cite yet — we are an early-stage product. The blame output is always a ranked list of candidate commits with a confidence score, and it is framed as evidence, not an accusation. The human reviewing the PR makes the call.
No. BlameTrail opens a PR through your token with the commit author auto-requested as reviewer. The merge is always human. We do not bypass branch protection.
The PR body is structured and factual: which file, which hunk, which confidence score, which incident. It cites the diff, not the author. You're simply the person auto-requested as reviewer because you wrote the suspect commit.
Default model is gpt-5-mini, configurable via OPENAI_MODEL. The whole pipeline is OpenAI-only today — we do not yet call Anthropic, AWS Bedrock, Azure OpenAI, or on-prem vLLM. Per-tenant LLM keys and alternative providers are on the roadmap, not shipped.
Free tier includes 2 monitors, 7-day incident history, and Slack notifications. Add a GitHub token, wire a deploy webhook, point Sentry or your Alertmanager at the ingest endpoint. No credit card, no sales call — click through the demo first if you want to see the shape of it.
BlameTrail