Abstract

Large language model (LLM) assistants are increasingly used during outages and failed deployments, yet their remediation behavior can degrade into long lists of loosely justified changes such as restarts, redeploys, rollbacks, scaling changes, and configuration edits. In practice, this ap- pears as operational search explosion (OSE), where the branching factor of candidate fixes grows faster than teams can validate them, increasing change risk, time-to-recovery, and operator distrust. This paperformulates incident response as a bounded search problem over a constrained library of remediation primitives, where each primitive carries explicit preconditions, risk and cost meta- data, and evidence requirements that must be satisfied beforeexecution. The proposed mechanism, Evidence-Gated Search (EGS), blocks any state-changing action unless the required evidence is present in a normalized incident state. Missing evidence forces bounded read-only evidence gath- ering, such as logs, metrics, traces, deployment diffs, Terraform plan outputs, DNS checks, and access-control verification, before another action is considered. Across 175 incident episodes, EGS reduces executed remediation actions by 13.47% and lowers the action explosion rate (AER) by 16.65%, while maintaining a recovery success rate of 98.86%. The results show that requiring ev- idence before irreversible operational steps can significantly reduce operational search complexity without materially degrading recovery outcomes.