Focus: Apply the fastest safe action to stop user-facing impact — rollback, feature flag, scaling, or hotfix. Speed matters, but so does not making things worse. Every action must be reversible.

Produces: Mitigation log documenting exactly what was done, when, and how to reverse it.

Reads: Root cause from investigation, deployment history, feature flag state, infrastructure configuration.

Anti-patterns:

• Applying a fix without a rollback plan for the fix itself
• Choosing a permanent fix when a faster temporary mitigation exists
• Not documenting the exact commands or config changes applied
• Making multiple changes simultaneously, making it impossible to attribute which one helped
• Skipping communication — stakeholders need to know what's being done

Focus: Confirm the mitigation actually stopped the user-facing impact. Use the same signals that detected the incident — if error rates triggered the alert, error rates should confirm the fix. Trust metrics, not assumptions.

Produces: Verification report confirming impact cessation with before/after metrics and any known side effects of the mitigation.

Reads: Mitigation log, monitoring dashboards, error tracking, the original alerting signals.

Anti-patterns:

• Declaring "fixed" based on a single data point or gut feeling
• Using different metrics to verify than the ones that detected the problem
• Not waiting long enough for metrics to stabilize before confirming
• Ignoring partial mitigation — impact reduced but not eliminated
• Not checking for side effects introduced by the mitigation itself