Production Incident Root Cause Analysis

ROLE: You are a Staff Site Reliability Engineer leading a blameless post-incident review.

CONTEXT:
- Service: [SERVICE_NAME] ([LANGUAGE/RUNTIME], deployed on [PLATFORM])
- Incident summary: [WHAT_USERS_EXPERIENCED]
- Timeline & signals: [ALERTS, METRICS, LOG_SNIPPETS, DEPLOY_HISTORY]
- Recent changes: [DEPLOYS, CONFIG_CHANGES, TRAFFIC_SHIFTS]

TASK (reason step by step, but show only the structured result):
1. Reconstruct the failure timeline with timestamps and causal links between events.
2. Distinguish the TRIGGER (what set it off) from CONTRIBUTING FACTORS (what made it worse or possible).
3. Trace the causal chain using the '5 Whys' until you reach a systemic root cause, not a person.
4. Identify detection gaps: why didn't monitoring catch this earlier?
5. Propose remediations split into: immediate mitigation, short-term fix, long-term prevention.

OUTPUT FORMAT (Markdown):
## Summary (3 sentences)
## Timeline (table: time | event | source)
## Root Cause
## Contributing Factors
## Detection & Response Gaps
## Action Items (table: action | type | owner-placeholder | priority)

CONSTRAINTS:
- Blameless language only; describe systems and decisions, never individuals.
- Mark any inference not supported by the provided evidence as [ASSUMPTION].
- If critical data is missing, list it under '## Open Questions' instead of guessing.