Context-aware incident intelligence

From detection to
full investigation. Seconds.

Meridian is a reasoning agent for the SOC. It ingests detections from Splunk, Sentinel, or CrowdStrike, reconstructs the causal chain, maps blast radius, and ranks response actions — all cited to source events. No hallucinations. No hand-waving. Every claim is traceable.

Open the Control Center →View on GitHub
7,810
Events ingested
3
Investigations in memory
768d
Embedding · nomic v1.5
Apache 2.0
Open source · github.com/metisos
Architecture

State and compute, decoupled.

The protocol layer holds the truth of what the organization knows. The compute layer reasons over it. The surface layer presents it. Each can evolve without the others.

01 · STATE

ContextSync Protocol + USC

Every event becomes a versioned, content-addressed ctx:// artifact stamped with a seven-field spatiotemporal coordinate. Immutable provenance log, default-deny permissions.

02 · COMPUTE

Gemini 3 reasoning agent

Causal chain inference uses the USC cross-tier match formula. Blast radius traverses the entity graph. Memory is queried via Atlas Vector Search ($vectorSearch on 768-d cosine).

03 · SURFACE

Meridian Control Center

Real-time incident feed where every claim is bound to a ctx:// URI. Built on Next.js 16, Server Components, MongoDB Change Streams for live updates.

Live numbers

Pulled from the running pipeline.

Every number on this page reads from the same MongoDB cluster the Control Center reads from. There are no placeholders.

7,810
ContextSync artifacts in MongoDB
3
Investigations in agent memory
7,336
Writes logged in the last 24 hours
5 / 5
Incident archetypes generated