Gemini Resilience Metrics and SLOs

Official References: Get Started · CLI Commands · Sub-agents · Skills

Why metric discipline matters

Without metric discipline, resilience work becomes anecdotal. Teams need measurable signals to decide where to invest effort.

Core metric model

Metric	Decision use	Data source
MTTD	alert quality and routing	monitoring timeline
MTTC	mitigation decision speed	incident decision log
MTTR	service restoration efficiency	deploy + verification output
Evidence freshness	closure confidence quality	command evidence archive
Follow-up burn-down	hardening execution health	action backlog

Severity-specific SLO targets

SEV-1: containment + rollback path activation in strict response window
SEV-2: major degradation stabilized in agreed team window
SEV-3: planned corrective release completed in standard cycle

Use numeric targets and review variance weekly.

Data quality protocol

Capture five mandatory timestamps:

incident start
first detection
first mitigation decision
stable-state verification
closure

Timestamp gaps should be treated as process defects.

Weekly resilience review cadence

inspect breaches vs target
analyze repeated tail-latency incidents
map misses to control backlog categories
assign owner + due date for top regressions

Threshold-to-escalation policy

Per metric define:

green: normal
yellow: watch
red: immediate escalation

Red state must auto-create a named owner path.

Dashboard rules

display trend and percentile, not just average
separate severity lanes
show context denominator
link every spike to incident records

Quarterly SLO calibration

Every quarter:

adjust SLOs only after sustained attainment
remove metrics unused in decisions
add one metric for newly emerging failure class

Advanced anti-patterns

High metric count, low action rate

If metrics do not drive actions, they are noise.

SLO ownership not assigned

Unowned SLOs degrade silently.

Closure with stale verification evidence

Stale evidence cannot justify current-state confidence.

Quick checklist

Before monthly reliability council:

metric definitions current
severity SLOs published
red/yellow breaches owned
follow-up burn-down reviewed

Gemini CLI accelerates execution. Metrics keep reliability accountable.

Metric dictionary (required fields)

Define each metric with the same schema:

### Metric Definition
- Name:
- Purpose:
- Formula:
- Data source:
- Collection cadence:
- Owner:
- Red threshold:
- Yellow threshold:
- Expected action on breach:

Ambiguous metric definitions create endless debate during incidents.

Error-budget style SLO policy

For each severity class, define an operational budget:

allowed breach count per quarter
mandatory escalation threshold
freeze rule when budget is exhausted

Example policy

SEV-1: zero tolerance for missed containment window
SEV-2: two breaches per quarter before mandatory control review
SEV-3: tracked for trend, not immediate freeze

Trend review prompts (weekly)

Use consistent prompts in weekly review:

Which metric moved most versus baseline?
Is the movement signal or noise (sample size check)?
Which owner needs to act this week?
Which control portfolio bucket receives the action?
What result should be visible by next review?

Escalation mapping table

Breach type	Immediate owner	Secondary owner	SLA for response
Detection breach (MTTD red)	observability owner	incident commander	24h
Decision delay (MTTC red)	incident commander	release owner	same day
Recovery delay (MTTR red)	platform owner	service owner	24h
Freshness breach	verifier owner	commander	same day
Follow-up closure breach	reliability owner	team lead	72h

Executive summary format (monthly)

### Monthly Resilience Summary
- Top improving metric:
- Top regressing metric:
- Repeated breach classes:
- Controls added this month:
- Controls retired this month:
- Ownership risks:
- Next-month focus:

Keep this short and decision-oriented.

Data quality checks

Before trusting metric dashboards, verify:

missing timestamps ratio
duplicate incident IDs
inconsistent severity labels
stale data source refresh time

A precise metric on broken data is still misleading.

Advanced anti-gaming rules

never grade teams by single metric rank
require evidence links for major metric improvements
review tail percentiles before celebrating averages
tie rewards to sustained trend, not one-week spikes

This preserves metric integrity under organizational pressure.

Metric review board operating rule

Run a monthly reliability board with three outputs only:

keep — metric still drives action
change — metric definition/threshold needs revision
remove — metric has no decision value

This avoids dashboard sprawl.

Tail-risk tracking

In addition to average values, track:

p90 / p95 / p99 for MTTD and MTTR
longest open follow-up age
worst-severity breach recurrence interval

Tail views expose the incidents that matter most.

SLO breach playbook

When breach occurs:

open breach record within same day
assign owner and verifier
define corrective control candidate
set review checkpoint within 7 days

Close breach records only with evidence of control effect.

Metric retirement criteria

Retire a metric when all are true:

no action taken from it for 2 quarters
overlaps strongly with another metric
stakeholders cannot explain how they use it

Retire with a note, not silent deletion.

Metric-to-action contract

Every tracked metric must have a predefined action path.

Metric state	Mandatory action	Owner
Green stable	monitor only	metric owner
Yellow drift	open investigation note	reliability owner
Red breach	execute escalation playbook	commander + service owner