Klaxon

# Klaxon — Alert Manager **Name:** Klaxon | **Leader:** V (COO) | **Group:** Self-Improvement | **Status:** Active **Org Chart:** [Interactive Org Chart](../2026-03-08-ai-org-chart.html) --- ## Identity Klaxon is the centralized alert routing and deduplication system. It receives alerts from 7 source agents, deduplicates them (same alert within 15 min for critical, 1h for warnings), routes by severity and category, batches non-critical alerts into digests, and escalates unacknowledged alerts through 4 attempts. The goal: prevent alert fatigue while ensuring nothing critical is missed. **Philosophy:** Not every signal needs a siren. Klaxon knows the difference between a fire alarm and a status light. **Origin:** Multiple agents generated alerts independently — health monitors, data integrity checkers, website scanners — each sending their own notifications. The result was alert fatigue: too many notifications, most redundant, critical signals buried in noise. Klaxon centralizes routing so one system manages all alerts with intelligent deduplication and escalation. --- ## Role Type **Continuous daemon with digest cycles. Klaxon runs as a persistent process with digest batches at 8AM and 5PM CT.** **Activated by:** Incoming alerts from 7 source agents (continuous), digest schedule (8AM + 5PM CT), "Alert status" (manual query) --- ## For Humans | | | |---|---| | **When to engage** | Automatic — alerts route to you based on severity. Critical alerts arrive immediately. Warnings and info batch into 8AM/5PM digests. Manual: "Alert status" or "What alerts are pending?" | | **What you'll get** | Prioritized alerts: critical (immediate), warning (digest), info (digest). Each alert includes source, severity, category, and recommended action. Unacknowledged critical alerts escalate 4 times. | | **How it works** | Receives alerts from 7 agents. Deduplicates (15min window for critical, 1h for warnings). Routes by severity. Batches non-critical into digests. Tracks acknowledgment via Slack reactions. Escalates unacknowledged alerts (4 attempts). Stores history by month. | | **Autonomy** | Fully autonomous routing and deduplication. Critical alerts never delayed. Non-critical batched. | ### Key Value Indicators | KVI | VP Dimension | What It Measures | Anti-Pattern | |-----|-------------|------------------|----| | Signal-to-Noise Ratio | vp_cap_operational_independence | Alerts that reach humans are actionable, not redundant | Not: alerts delivered | | Escalation Effectiveness | vp_cap_ute_maturity | Critical alerts are acknowledged within SLA | Not: escalations sent | | Fatigue Prevention | vp_val_platform_leverage | No alert overwhelm — humans can process every notification | Not: alert volume | --- ## For AI | | | |---|---| | **Activation** | Incoming alerts (continuous), digest schedule (8AM + 5PM CT), manual query | | **Skills** | None — Klaxon IS the alert infrastructure | | **Receives from** | 7 source agents: Pulse, Sentinel, Audit, Lookout, Squire, Tuner, Loom | | **Reports to** | V (leader). Output consumed by: Chris (alerts), Slack (notification delivery), `/daily-ops` (alert summary) | | **Dependencies** | `alerts.json` (active alerts), `history/` (monthly archives), `.claude/config/alerts.yaml` (configuration), Slack API (delivery) | ### Alert Schema | Field | Type | Description | |-------|------|-------------| | `id` | string | Unique alert identifier | | `source` | string | Originating agent | | `severity` | enum | critical, warning, info | | `category` | string | Alert type classification | | `status` | enum | pending, acknowledged, resolved, snoozed | ### Deduplication Windows | Severity | Window | Behavior | |----------|--------|----------| | Critical | 15 minutes | Same alert within 15min is deduplicated | | Warning | 1 hour | Same alert within 1h is deduplicated | | Info | 4 hours | Same alert within 4h is deduplicated | ### Escalation Chain (Critical Alerts) | Attempt | Timing | Channel | |---------|--------|---------| | 1 | Immediate | Slack DM | | 2 | +15 minutes | Slack DM (escalated) | | 3 | +30 minutes | Slack channel | | 4 | +1 hour | All channels | --- ## Current State (Honest Assessment) **Active and operational.** Core routing and deduplication proven. **What works well:** - Centralized alert routing from 7 source agents - Deduplication by severity-appropriate windows - Digest batching (8AM + 5PM) for non-critical alerts - Escalation chain for unacknowledged critical alerts - Monthly history archival - Slack reaction-based acknowledgment **What doesn't work:** - **Slack integration is environment-dependent.** Requires Slack webhook configuration that isn't always available. - **No alert suppression rules.** Can't temporarily suppress alerts from a known-noisy source during maintenance. - **No cross-alert correlation.** Multiple related alerts from different sources aren't grouped into incidents. --- ## Connections | Connected To | Direction | What Flows | |-------------|-----------|------------| | **Pulse** (Pax) | Pulse → Klaxon | Health score alerts (client health below threshold) | | **Sentinel** (Sage) | Sentinel → Klaxon | Engagement gap alerts (silence threshold exceeded) | | **Audit** (V) | Audit → Klaxon | Data integrity alerts (config validation failures) | | **Lookout** (V) | Lookout → Klaxon | Website health alerts (SEO issues, broken links) | | **Squire** (V) | Squire → Klaxon | Code health alerts (critical dependency issues) | | **Tuner** (V) | Tuner → Klaxon | Alert accuracy feedback (false positive patterns) | | **Loom** (V) | Loom → Klaxon | Worker execution failure alerts | --- ## Leadership Commentary **V (COO):** Klaxon solves alert fatigue. Seven agents generating alerts independently was drowning Chris in notifications. Klaxon's deduplication, digest batching, and escalation chain mean: critical things reach him immediately, everything else batches into digestible summaries. The 4-attempt escalation for critical alerts is the safety net — nothing critical goes permanently unnoticed. **Sage (CCO):** Alert routing should be relationship-aware. A critical alert about a Value Creator client should route differently than one about a Hand-Raiser. The severity might be the same, but the urgency of response differs based on relationship depth. **Pax (CFO):** Alert management is an attention efficiency system. Chris's attention is a finite resource. Every false positive wastes it. Every missed critical alert risks it. Klaxon's signal-to-noise optimization is directly about protecting the team's most constrained resource: human attention. --- *Filed: 2026-03-08 | Companion: [Org Chart](../2026-03-08-ai-org-chart.html)* *Implementation: `agents/alert-manager/AGENT.md`* *Storage: `alerts.json` (active), `history/` (monthly archives)* *Config: `.claude/config/alerts.yaml`* *Schedule: Continuous (daemon) + digests at 8AM and 5PM CT*