Fibric. Docs fibric.io →
v0.9 · preview
Guides

Deploy the Operations Analyst

Operations Analyst (op-radar-analyst) answers the questions an operator on shift actually asks: why did response time slip yesterday afternoon, which orders reopened twice this week, who is waiting longest right now. Every number in an answer comes from your governed data and carries its source, and when an answer points at a fix, the operator proposes the action as a validated plan that a human confirms before anything runs. This guide installs it from the marketplace, binds it to your connected systems, walks through asking a question, explains how grounding works, and turns an answer into a vetted, receipted action.

5 steps ~20 minutes Needs 2+ connectors Pack op-radar-analyst
i
Production status

Operations Analyst runs in production today inside BearScope, Fibric's flagship product, answering questions over live specialty-commerce data: Kustomer conversations, Magento orders, and Amazon Connect calls. Operator packs are priced from $49/operator/mo, with action overage at $0.01/action; answering questions meters no actions, because a read is never a side effect.

What the operator does

Most operational questions die in a dashboard scavenger hunt: the number you need exists, but it is three filters and two tabs away, and by the time you find it the standup is over. Operations Analyst sits over the same governed data your dashboards read and answers in plain language instead. It senses three things through the connectors you bind it to:

An answer is not a paragraph of model prose. It is a set of numbers, each traceable to the event envelopes it was computed from, with the reasoning laid out next to them. When the answer points at a fix, the operator goes one step further: it proposes an ExecutionPlan, the same validated shape every Fibric operator produces, and parks it for your confirmation. The deterministic executor carries a confirmed action out exactly once, under the same trust policy, single-flight locks, and idempotency keys that govern every other operator. See Operators for the general model.

The operator holds no credentials of its own. It reads through the connectors you have already authorized, and it can only see your tenant; revoking a connector revokes the analyst's view of that system with it.

Prerequisites

Operations Analyst binds to capabilities, not vendors. It needs at least one read capability to answer questions over, and one write capability if you want answers to become actions. The table shows a typical CX binding; a commerce-only or voice-only binding also works, and the operator answers over what it can see.

RoleCapabilities usedSupported connectorsSetup guide
Support conversation.read, conversation.note.write cn-kustomer or cn-zendesk Connect Kustomer
Commerce order.read, order.hold cn-magento or cn-shopify Connect Magento
Voice call.read cn-amazon-connect Connect Amazon Connect

You also need the CLI installed and authenticated (CLI reference), and permission to apply policy in the workspace if you intend to confirm actions. Check that the capabilities you plan to bind are healthy:

bash
fibric connectors list
fibric capabilities ls
$ fibric capabilities ls CAPABILITY CONNECTOR STATUS conversation.read cn-kustomer ready conversation.note.write cn-kustomer ready order.read cn-magento ready order.hold cn-magento ready call.read cn-amazon-connect ready
i
Missing a connector?

Install it first with fibric connectors add <id> and verify it with fibric connectors test. The analyst answers only over data it can actually reach; a question about calls with no voice capability bound gets an honest refusal, not an invented number.

1

Install from the marketplace

Marketplace operators install as packs. fibric operators create --from pulls the pack, walks capability binding, and asks you to accept the guardrails the pack declares as its floor. Bind every capability you want the analyst to answer over; the write capabilities are what its proposed actions can reach later.

bash
fibric operators create --from op-radar-analyst --name ops-analyst \
  --bind conversation.read=cn-kustomer \
  --bind conversation.note.write=cn-kustomer \
  --bind order.read=cn-magento \
  --bind order.hold=cn-magento \
  --bind call.read=cn-amazon-connect
$ fibric operators create --from op-radar-analyst --name ops-analyst … pack op-radar-analyst@1.4.0 (publisher: Fibric, official) bindings 5 capabilities → 3 connections, all healthy mode on-demand (answers when asked; no schedule) actions confirm-required (every proposed action waits for a human) ✓ operator ops-analyst created

Unlike a scheduled operator such as Order Risk, the analyst has no trigger loop by default: it senses continuously so its picture is current, but it reasons when you ask. And it never executes anything unattended. confirm-required is the pack's floor, not a setting you loosened into existence; the analyst proposes, a person disposes.

2

Ask a question

Ask from the console or the CLI. Questions are plain language; the analyst decides which governed data answers them and shows its work. There is no query language to learn, and no question can cause a side effect: asking is a read, always.

bash
fibric ask ops-analyst "why did first response time slip yesterday afternoon?"
$ fibric ask ops-analyst "why did first response time slip yesterday afternoon?" First response time yesterday 12:00–18:00 was 41m against a 7-day same-window baseline of 18m. Two things moved together: 1. Inbound volume rose 2.1× between 13:00 and 15:30 (184 new conversations vs a baseline of 87), concentrated on order-status intents. 2. Two agents went offline at 13:10 and did not return; effective staffing fell from 9 to 7. The volume spike traces to 62 conversations referencing orders with a carrier exception from the 12:40 EDI batch. sources 3 metrics · 246 envelopes · fibric ask --show-sources to expand proposal none (no action clears this; staffing and carrier are upstream)

Every claim in the answer is a number with a definition, not an impression. If the analyst cannot ground a claim, it does not make the claim: a question about data outside its bindings, or about a window with no envelopes, gets an explicit statement of what it cannot see rather than a plausible guess.

Questions and answers land in the operator's history, so a follow-up like "and the week before?" resolves against the question it follows. The history itself is on the record: your team can read what was asked, what was answered, and what the answer was grounded in.

3

How grounding works

Everything a connector senses becomes an EventEnvelope: one canonical shape carrying event_id, source, event_type, correlation_id, and the payload, stamped with your tenant_id. The analyst computes over envelopes and governed metric definitions, never over free text it retrieved from somewhere it cannot name. That gives every number in an answer a provenance chain you can walk:

bash
fibric ask ops-analyst --show-sources --last
$ fibric ask ops-analyst --show-sources --last claim first response time 12:00–18:00 = 41m metric frt_median (governed: median, business-hours clock, first agent reply) computed over 184 envelopes event_type=conversation.created source=cn-kustomer sample ev_9c02a1 conversation.created 13:04:11 corr=co_88d104 ev_9c02f7 conversation.created 13:04:58 corr=co_88d1b2 claim carrier exceptions in 12:40 batch = 62 computed over 62 envelopes event_type=shipment.exception source=cn-magento
LayerWhat it guarantees
Governed metric definitions One canonical definition per number. When the analyst says "first response time," it is the same frt_median your dashboard reads, not a reinterpretation.
Envelope provenance Every metric value resolves to the set of envelopes it was computed over, each with an event_id and source you can inspect.
Tenancy Envelopes carry tenant_id on every row. The analyst structurally cannot ground an answer in another tenant's data.
Honest gaps No envelopes, no number. A placeholder or fallback value is tagged as such and never presented as a metric.

This is the property that makes the answers usable in an argument: when the analyst's number disagrees with someone's spreadsheet, you expand the sources and settle it against the envelopes, not against who sounds more confident.

4

Turn an answer into an action

When an answer points at something fixable through a bound write capability, the analyst attaches a proposal. The proposal is a full ExecutionPlan: each action names its connector and tool, carries its entity_key for single-flight and its idempotency_key for dedup, and has already been evaluated against your trust policy. Nothing in it has run.

bash
fibric ask ops-analyst "which paid orders have sat unfulfilled past their promise date?"
$ fibric ask ops-analyst "which paid orders have sat unfulfilled past their promise date?" 3 paid orders are past promise with no fulfilment: SO-11418 paid 8d ago promise 2d past customer wrote in yesterday SO-11433 paid 6d ago promise 1d past SO-11440 paid 5d ago promise 1d past proposal plan pl_4e8a02 · 4 actions · awaiting your confirmation order.hold SO-11418 reason: past promise, unfulfilled conversation.note.write SO-11418 finding written to the open conversation order.hold SO-11433 order.hold SO-11440 confirm fibric plans confirm pl_4e8a02 decline fibric plans decline pl_4e8a02 --reason "…"

Confirm it, in whole or in part, and the deterministic executor takes over:

bash
fibric plans confirm pl_4e8a02
# or confirm selectively:
fibric plans confirm pl_4e8a02 --only order.hold:SO-11418
$ fibric plans confirm pl_4e8a02 disposed 4 ALLOW acted 3 holds placed, 1 note written receipts 4 written (fibric receipts tail --operator ops-analyst)

Confirmation is not a bypass. The confirmed plan still passes the trust policy, still takes its single-flight lock per entity_key, and still deduplicates on its idempotency_key; confirming the same plan twice produces DEDUP receipts, not duplicate holds. A declined plan is receipted too, with your reason, so the record shows what was proposed and why it did not run. See Single-flight & idempotency for the mechanics.

5

Read its receipts

Every disposed action leaves a receipt: the proposal exactly as the analyst made it, who confirmed it, the policy decision, the idempotency key, and the outcome. Declines and dedups are receipted with the same fidelity as executed actions.

bash
fibric receipts tail --operator ops-analyst
$ fibric receipts tail --operator ops-analyst 16:02:41 order.hold ALLOW ok key=ops-analyst:SO-11418:hold confirmed-by ops@example.com 16:02:41 conversation.note.write ALLOW ok key=ops-analyst:SO-11418:note 16:02:42 order.hold ALLOW ok key=ops-analyst:SO-11433:hold 16:04:10 order.hold DEDUP ok key=ops-analyst:SO-11418:hold (plan re-confirmed) 16:20:33 plan pl_4e8b17 DECLINED by ops@example.com: "carrier already rerouting"

Because the analyst's answers are also on the record, a receipt is never orphaned: from any receipt you can walk back through the plan to the question that produced it and the envelopes the answer was grounded in. fibric receipts show rc_… --json prints the full chain, and fibric receipts export --since 7d exports the ledger for audit. The receipt's anatomy and immutability guarantees are covered in Receipts & audit; standing queries and alerting are covered in the monitoring guide.

Guardrails that apply

The analyst is governed like any other operator, plus two constraints of its own. The general policy machinery is fail-closed: anything a rule does not explicitly allow is refused, and an empty policy denies everything.

policy.yaml
# policy.yaml: governs the ops-analyst operator
policy: ops-analyst-guardrails
applies_to: ops-analyst

rules:
  # findings written back as internal notes: allowed, capped
  - allow: conversation.note.write
    limit:
      per: hour
      max: 30

  # confirmed holds: allowed, rate-limited, single-flight per order
  - allow: order.hold
    limit:
      per: hour
      max: 15
    single_flight: order_id

# default is deny. nothing not listed above can act, confirmed or not.
default: deny
bash
fibric policy apply ./policy.yaml
fibric policy validate ops-analyst-guardrails --against ops-analyst
!
Confirmation and policy are independent layers

A human confirming a plan answers "should this happen?"; the policy answers "is this allowed to happen, at this rate, at this value?". Both must pass. If a confirmed action exceeds a policy limit, it is blocked and receipted like any other BLOCK; the confirmation does not override the rule. The full model, including value caps and promoting actions between tiers, is in the guardrails guide.

Troubleshooting

SymptomLikely causeFix
The analyst answers "I cannot see that data" The question needs a capability that is not bound, or the bound connector is unhealthy. Run fibric capabilities ls; bind the missing capability or re-authorize the connector. The refusal is the grounding contract working, not a failure.
Numbers disagree with your dashboard The dashboard uses a different metric definition (mean vs median, wall clock vs business hours). Expand with --show-sources and compare definitions. The analyst's number is the governed one; reconcile the dashboard to it, not the reverse.
A proposal never appears for an obvious fix The fix needs a write capability that is not bound, so the analyst cannot propose it. Bind the capability (for example order.hold) and re-ask. The analyst only proposes actions it could actually carry through a binding.
A confirmed action shows BLOCK The action exceeded a policy limit or value ceiling; confirmation does not override policy. Read the receipt for the failed rule. Raise the limit only after reviewing the receipts that hit it.
Repeated DEDUP receipts after confirmation The plan was confirmed more than once, or re-proposed for the same entities. Normal; the idempotency key absorbs it. The hold was placed exactly once.
Answers feel stale A source connector has stopped syncing; the analyst answers over what has arrived. Run fibric connectors test against the connection. The answer's source expansion shows the newest envelope it used.

Next steps