I spent my career in accounting and finance before building infrastructure in Zimbabwe.
In accounting, every transaction has three properties:
Authorization β no entry without approval
Immutability β once recorded, never altered
Reconciliation β every debit has a corresponding credit, provable by audit
When I started building FastAPI AlertEngine, I applied the same discipline to production incidents. The result is not a monitoring tool. It's an operational governance system.
Monitoring tools tell you what broke after it broke. Datadog, Grafana, Sentry β they produce beautiful post-mortems.
Governance tools enforce that nothing executes without authorization, and they prove it afterward.
Most teams conflate the two. They buy monitoring, assume governance, and get surprised when auditors ask: "Who approved that deploy?"
AlertEngine separates them explicitly:
plain
Detection β Policy (deterministic, no AI)
Diagnosis β AI (explains, recommends, does not decide)
Authorization β Human (engineer taps approve)
Execution β Webhook (your infrastructure, your control)
Audit β Ledger (immutable, replayable, actor-attributed) This is not a feature list. It's an architectural hierarchy enforced by code.
Engineers in Zimbabwe aren't always at laptops when things break. WhatsApp is ubiquituous and can be the operational control plane.
That constraint produces something better than a dashboard: alerts that find you, with a single tap to authorise recovery. No SSH. No runbooks. No "log into Grafana and interpret the graph."
Just: "Something broke. Here's why. Tap approve. Nothing runs without you." The Ledger Philosophy
In finance, a ledger has two sides: what happened, and who authorized it.
AlertEngine's audit trail has the same structure:
JSON
{
"timestamp": 1717344000,
"incident_id": "inc-abc123-1685000000",
"stage": "AUTHORIZED",
"actor": "engineer",
"decision": "approve",
"reason": "Database connection pool exhausted β restart recommended",
"confidence": 0.87,
"policy_version": "1.0.0",
"tenant_id": "tenant-xyz789"
}
Every entry is append-only. Every entry has an actor. Every entry is replayable.
This is not logging. Logging tells you what the system did. A ledger tells you who authorized it and why.
Policy Is the Floor. AI Is the Ceiling.
The most important architectural decision in AlertEngine is this:
Claude cannot trigger a state transition.
Policy decides whether an incident exists. Policy decides when a system has recovered. Claude diagnoses and explains β but the state machine doesn't listen to Claude. It listens to incident_policy.py.
When health metrics recover, the pipeline doesn't ask Claude what to do. It calls should_recover(score, err) and if the threshold is met, it transitions to RECOVERED with actor="policy". Claude's recommendation is irrelevant.
A confident wrong AI diagnosis cannot cause an incident to escalate
A policy recovery override is logged as actor: "policy" β auditors can see exactly when and why
Changing thresholds is a one-line edit in one file, versioned, and logged in every subsequent audit entry
The audit trail never lies about who made the decision
Three forces are converging:
I'm also building a payment orchestration platform for the African "hustler" context. Getting infrastructure funding in Zimbabwe is genuinely hard.
So I packaged the operational governance layer as a standalone product. It solves a real problem β I needed it myself at 2am. It also funds the bigger build.
That felt worth being honest about.
The Code
The orchestrator is source-available. Every claim in this post is verifiable:
orchestrator/pipeline.py β policy hierarchy, actor="policy" on recovery override
orchestrator/incident_policy.py β single POLICY dict, versioned, env-configurable
orchestrator/audit.py β append-only Redis LIST, full actor attribution, replayable
Read the code. Audit the architecture. Then decide if your infrastructure deserves the same discipline as your accounting.
GitHub: github.com/Tandem-Media/fastapi-alertengine Install:
bash
pip install fastapi-alertengine
Managed orchestrator: anchorflowalertengine@outlook.com Built in Harare, Zimbabwe. πΏπΌ